CN114793178A - Network distribution method and device - Google Patents

Network distribution method and device Download PDF

Info

Publication number
CN114793178A
CN114793178A CN202210491438.9A CN202210491438A CN114793178A CN 114793178 A CN114793178 A CN 114793178A CN 202210491438 A CN202210491438 A CN 202210491438A CN 114793178 A CN114793178 A CN 114793178A
Authority
CN
China
Prior art keywords
signature
key
networked device
random number
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210491438.9A
Other languages
Chinese (zh)
Other versions
CN114793178B (en
Inventor
闫晗
柯懂湘
曲乐炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202210491438.9A priority Critical patent/CN114793178B/en
Publication of CN114793178A publication Critical patent/CN114793178A/en
Application granted granted Critical
Publication of CN114793178B publication Critical patent/CN114793178B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The disclosure provides a network distribution method and device, and relates to the field of artificial intelligence, in particular to the field of Internet of things. The specific implementation scheme is as follows: sending slave broadcasting information; in response to receiving a connection request of an unconnected networked device, establishing a wireless connection with the unconnected networked device; negotiating a shared key with the non-networked device; and encrypting the wifi account and the password based on the shared key and then sending the encrypted wifi account and password to the non-networking equipment. According to the implementation method, an attacker can be prevented from sniffing and acquiring the wifi account password, the attacker can be prevented from being disguised as an unconnected device to steal the wifi account password, and the safety of the sharing process is guaranteed.

Description

Network distribution method and device
Technical Field
The disclosure relates to the field of artificial intelligence, in particular to the field of internet of things, and specifically relates to a network distribution method and device.
Background
Along with the continuous development of the technology, intelligent equipment is more and more popularized; the intelligent home system is configured in places such as families, hotels and the like. The intelligent home system can use a house as a platform, and utilizes a wireless local area network, such as a wireless-fidelity (wifi) network, to integrate intelligent devices related to home life for control, so that the home safety, convenience and comfort can be improved. The plurality of intelligent devices can be accessed into the wireless local area network through the router of the home, and then the intelligent home cloud is accessed. The smart home cloud can control and manage the accessed smart devices.
The intelligent device is connected to the intelligent home cloud, receives the service of the intelligent home cloud, and needs to be registered in a distribution network first. At present, the process of network distribution registration of intelligent equipment is complex, and each intelligent equipment needs to be subjected to network distribution registration one by one. The process of configuring the intelligent home system by the user is complex, and particularly, when manufacturers such as hotels configure intelligent equipment in a large batch, the time consumption is long, and the user experience is not good. And as for the wireless terminal equipment distribution network, no matter which wireless mode, the risk of being monitored can be faced.
Disclosure of Invention
The present disclosure provides a network distribution method, apparatus, device, storage medium and computer program product.
According to a first aspect of the present disclosure, a network distribution method is provided, including: sending slave machine broadcast information; in response to receiving a connection request of an unconnected networked device, establishing a wireless connection with the unconnected networked device; negotiating a shared key with the non-networked device; and encrypting the wifi account and the password based on the shared key and then sending the encrypted wifi account and the encrypted password to the non-networked equipment.
According to a second aspect of the present disclosure, a network distribution method is provided, including: in response to receiving slave broadcast information sent by a networked device, sending a connection request to the networked device; establishing a wireless connection with the networked device; negotiating a shared key with the networked device; responding to the received wifi account and the password which are sent by the networked equipment, and decrypting through the shared secret key to obtain the wifi account and the password; and a network is distributed through the wifi account and the password.
According to a third aspect of the present disclosure, there is provided a network distribution apparatus, including: a broadcasting unit configured to transmit slave broadcasting information; a connection unit configured to establish a wireless connection with an unconnected device in response to receiving a connection request of the unconnected device; a negotiation unit configured to negotiate a shared key with the non-networked device; and the encryption unit is configured to encrypt the wifi account and the password and then send the encrypted wifi account and password to the non-networked device based on the shared secret key.
According to a fourth aspect of the present disclosure, there is provided a network distribution apparatus including: a receiving unit configured to transmit a connection request to a networked device in response to receiving slave broadcasting information transmitted by the networked device; a connection unit configured to establish a wireless connection with the networked device; a negotiation unit configured to negotiate a shared key with the networked device; the decryption unit is configured to respond to the received encrypted wifi account and password sent by the networking equipment, and decrypt the wifi account and the password through the shared secret key; and the distribution network unit is configured to carry out distribution network through the wifi account and the password.
According to a fifth aspect of the present disclosure, there is provided an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first or second aspect.
According to a sixth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method according to the first or second aspect.
According to a seventh aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the method of the first or second aspect.
According to the network distribution method and device provided by the embodiment of the disclosure, after the key is negotiated between the networked device and the non-networked device, the wifi account and the password are encrypted and then sent to the non-networked device, so that an attacker can be prevented from sniffing to acquire the wifi account password, the attacker can be prevented from disguising as the non-networked device to steal the wifi account password, and the security of the sharing process is guaranteed.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is an exemplary system architecture diagram in which one embodiment of the present disclosure may be applied;
fig. 2 is a flow diagram of one embodiment of a network distribution method according to the present disclosure;
fig. 3 is a flow diagram of yet another embodiment of a network distribution method according to the present disclosure;
FIG. 4 is a schematic diagram of one application scenario of a distribution network method according to the present disclosure;
fig. 5 is a schematic structural diagram of one embodiment of a distribution network apparatus according to the present disclosure;
fig. 6 is a schematic structural diagram of yet another embodiment of a distribution network apparatus according to the present disclosure;
FIG. 7 is a schematic block diagram of a computer system suitable for use with an electronic device implementing embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of embodiments of the present disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of a distribution network method or distribution network apparatus of the present disclosure may be applied.
As shown in fig. 1, system architecture 100 may include networked device 101, wireless router 102, non-networked devices 103 (e.g., 1031, 1032, 1033), and cloud server 104. The networked device 101 and the non-networked device 103 are both intelligent devices, the networked device 101 is an intelligent device completed in a distributed network, the non-networked device 103 is an intelligent device not yet distributed in the network, and if the distribution network is completed, the non-networked device 103 is converted into the networked device 101.
The networked device 101 has been previously connected to the wireless router 102, manually or otherwise, and may then be registered with the cloud server 104. The networked device 101 is aware of the wifi account number and password of the wireless router 102. While the non-networked device 103 does not know the wifi account and password of the wireless router 102. The networked device 101 may negotiate a shared key with any one of the non-networked devices 103 through a wireless connection mode except wifi, and then encrypt a wifi account and a password through the shared key and send the encrypted wifi account and password to any one of the non-networked devices 103, so that one of the non-networked devices can be connected to a network, and the network becomes a networked device. Similarly, the networked device 101 may be used to continue sending encrypted wifi accounts and passwords to other non-networked devices 103. The encrypted wifi account and password may also be sent by a device in the non-networked device 103 that becomes a networked device. For example, if the networked device 101 shares a wifi account number and password with the non-networked device 1031, the non-networked device 1031 becomes the networked device. The networked device 1031 may share a wifi account number and password with the non-networked device 1032 and the non-networked device 1033.
Various communication client applications, such as an intelligent platform-like application, a web browser application, a shopping-like application, a search-like application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the networked device 101 and the non-networked device 103.
The networked device 101 and the non-networked device 103 may support a variety of wireless communication protocols, including wifi, bluetooth, infrared, near field communication, and the like.
Cloud server 104 may be a server that provides various services, such as a smart home cloud server that provides control over networked devices 101. The smart home cloud server may control operations such as timed startup and shutdown of the networked device 101.
It should be noted that the cloud server 104 may be hardware or software. When the cloud server 104 is hardware, it may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the cloud server 104 is software, it may be implemented as multiple pieces of software or software modules (e.g., multiple pieces of software or software modules for providing distributed services), or as a single piece of software or software module. And is not particularly limited herein. Cloud server 104 may also be a server of a distributed system, or a server incorporating a blockchain.
It should be noted that the network distribution method provided by the embodiment of the present disclosure is generally performed by the networked device 101 and the non-networked device 103, and accordingly, the network distribution apparatus is generally disposed in the networked device 101 and the non-networked device 103.
It should be noted that the network distribution method provided by the embodiment of the present disclosure may be executed by the terminal devices 101, 102, and 103, or may be executed by the server 105. Accordingly, the distribution network device may be disposed in the terminal devices 101, 102, and 103, or may be disposed in the server 105. And is not particularly limited herein.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Continuing with reference to fig. 2, one embodiment flow 200 of a method of configuring a network applied to a networked device in accordance with the present disclosure is shown. The network distribution method comprises the following steps:
step 201, slave broadcasting information is sent.
In this embodiment, an execution main body of the network distribution method (for example, the networked device shown in fig. 1) may be used as a peripheral device to perform slave broadcasting. The non-networked device is used as a central device for host scanning.
The slave (peripheral) is to be connected by the master and must first be discovered by the master. At this time, the slave device transmits its own information in a broadcast form. The slave broadcasting information may be sent by a bluetooth method, or other wireless communication methods supported by the device may also be used, which is not limited herein.
For example, device a needs to broadcast first, that is, device a (advertisement) continuously transmits the following broadcast signal, where t is a broadcast interval. Each time a broadcast packet is sent, we call it an advertising event (hence t is also called a broadcast event interval), as shown in the following figure. The broadcast event is an array, each time the broadcast event has a duration, the Bluetooth chip turns on the radio frequency module to transmit the broadcast only during the broadcast event, the power consumption is high at this time, and the Bluetooth chip is in an idle standby state at the rest of time, so the average power consumption is very low.
In response to receiving a connection request from an unconnected network-connected device, a wireless connection is established with the unconnected network-connected device, step 202.
In this embodiment, after an unconnected networked device scans for slave broadcasts of a networked device, a wireless connection (e.g., a bluetooth connection) is established with the networked device in accordance with a wireless communication protocol (e.g., the bluetooth specification).
Step 203, negotiate a shared key with the non-networked device.
In this embodiment, the shared key is used for encrypting and decrypting the communication data, that is, the symmetric encryption algorithm can use the shared key for encryption and decryption.
But before encrypting and decrypting communication data, the networked device and the non-networked device need to negotiate out a shared key, and the shared key can only be known by the networked device and the non-networked device and cannot be revealed, so that the problem can be solved by adopting a key negotiation algorithm.
The shared key means that the key is not stored, and the key disappears once the connection between the networked device and the non-networked device is closed, that is, the key is stored in the memories of the networked device and the non-networked device, and the security is greatly guaranteed because the key is not stored.
Common key agreement algorithms such as RSA key agreement algorithm, ECDH (Elliptic current Diffie-Hellman key Exchange, Elliptic Curve Diffie-Hellman) key agreement algorithm, etc. may be employed.
And step 204, encrypting the wifi account and the password based on the shared key and then sending the encrypted wifi account and the password to the non-networked equipment.
In this embodiment, the networked device encrypts the wifi account and the password based on the shared key using an AES (Advanced Encryption Standard) algorithm, and sends the ciphertext to the non-networked device through wireless connection. The wifi account and the password can be encrypted respectively, and ciphertexts are generated respectively and then spliced together through the preset separators. The wifi account and the password can be spliced through a preset separator and then encrypted into a ciphertext. The format of the ciphertext may be pre-negotiated. The equipment which is not connected to the network can decrypt according to the format of the ciphertext to analyze the wifi account and the password.
And the equipment which is not connected to the network receives the ciphertext through wireless connection, decrypts the ciphertext based on the shared key by using an AES algorithm, acquires the wifi account password and then joins the network.
According to the method provided by the embodiment of the disclosure, the wifi account and the password are encrypted, so that an attacker can be prevented from sniffing to acquire the wifi account and the password. The risk of information leakage in the account number and password sharing process can be effectively prevented, and the safety of the sharing process is guaranteed.
In some optional implementations of this embodiment, the negotiating a shared key with the non-networked device includes: receiving a first signature sent by the non-networked device, wherein the first signature is generated by the non-networked device according to a first user identification of a login account acquired from a local place based on a preset signature algorithm; acquiring a second user identification of the current login account from the cloud; generating a first check signature according to the second user identification based on the preset signature algorithm; and if the first signature is the same as the first verification signature, performing key agreement through a preset key agreement algorithm to obtain a shared key. The non-networked device may generate a first signature sign1 based on the first user identification userid using a signature algorithm such as MD5, SHA1, SHA224, SHA256, SHA384, and so on. userid is the identification of an account number that has been used locally by an unconnected device. And the networking device acquires a second user identifier userid' of the current login account from the cloud. The non-networked device computes a signature using userid, named first signature sign1, and sends the first signature to the networked device. The networked device computes a signature using userid ', named first check signature sign 1'. The networked device checks whether the first signature sent by the non-networked device is the same as the first check signature calculated by the device, if so, the non-networked device is a legal device, and can share a secret key with the non-networked device. Otherwise, the non-networking device is an illegal device and cannot tell the account password of accessing the wifi network. Optionally, an alarm message with an illegal device connection may also be output.
Common key agreement algorithms, such as RSA key agreement algorithm, ECDH key agreement algorithm, etc., may be employed.
The technical means ensures that the networked equipment and the legal non-networked equipment share the key, and can prevent an attacker from disguising the non-networked equipment to steal the wifi account password. An attacker neither knows the specific signature algorithm nor the userid ' on the networked device, and therefore cannot compute the same signature as sign1 ', and therefore cannot pass the check of the networked device on whether sign1 and sign1 ' are the same. In addition, userid 'used by the networked device to verify the signature is obtained from the cloud and not submitted by the non-networked device, so an attacker cannot bypass the check by using a user identification other than userid'.
In some optional implementations of this embodiment, the negotiating a shared key with the non-networked device includes: receiving a first signature, a first public key and a first random number which are sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier, the first public key and the first random number which are obtained from a local place by the unconnected device based on a preset signature algorithm; acquiring a second user identification of the current login account from the cloud; generating a first verification signature according to the second user identification, the first public key and the first random number based on the preset signature algorithm; if the first signature is the same as the first verification signature, generating a second public key, a second private key and a second random number; generating a second signature according to the second public key, the second private key and the second random number; sending the second public key, the second random number and the second signature to the non-networked device, so that the non-networked device performs second signature verification; and if the second signature is verified successfully, performing key agreement on the basis of the first public key and the second private key through an elliptic curve Diffie-Hellman key exchange algorithm to obtain a shared key.
This implementation differs from the previous one in that not only userid but also a public key and a random number are used in generating the signature.
The non-networked device firstly generates a public key-private key pair < pub1, priv1>, generates a random number random1, reads the identification userid of the account which is logged in from the device locally, and generates a signature sign1 which is SHA256(random1+ pub1+ userid). Pub1, random1, sign1 are then sent over the established wireless connection to the networked device.
After the networked device receives pub1, random1 and sign1 through wireless connection, firstly reading the identification userid ' of the current login account from the cloud, then calculating sign1 ═ SHA256(random1+ pub1+ userid '), and if sign1 ' and sign1 are different, terminating the processing. The networked device then generates a public-private key pair < pub2, priv2>, generates a random number 2, generates a signature sign2 ═ SHA256(random2+ pub2), and sends pub2, random2, sign2 over the wireless connection to the non-networked device. Finally, the networked device generates a symmetric encryption key shared key (shared key) based on pub1 and priv2 using the ECDH algorithm.
After the non-networked device receives pub2, random2 and sign2 through wireless connection, first, sign 2' is calculated as SHA256(random2+ pub 2). If sign 2' and sign2 are different, the process is terminated. Then, the unconnected device generates a symmetric encryption key shared _ key based on pub2 and priv1 using the ECDH algorithm.
The implementation mode introduces the random number and the public key to calculate the signature, so that the confidentiality can be increased, an attacker cannot know a specific signature algorithm, and therefore cannot calculate the signature identical to sign1 ', and therefore cannot check whether sign1 and sign 1' are identical through a networked device. The method can prevent an attacker from sniffing and acquiring the wifi account password, and can prevent the attacker from disguising as an unconnected device to steal the wifi account password.
In some optional implementations of this embodiment, the first signature is generated according to the first user identifier, the first public key, the first random number, and a device vendor preset random string, and the second signature is generated according to the second public key, the second random number, and the device vendor preset random string.
The signature can be calculated by the equation:
sign1=SHA256(random1+“w9Fa1cp6esSHELU”+pub1+userid)
sign1’=SHA256(random1+“w9Fa1cp6esSHELU”+pub1+userid’)
sign2=SHA256(random2+“w9Fa1cp6esSHELU”+pub2)
sign2’=SHA256(random2+“w9Fa1cp6esSHELU”+pub2)
here, random1 denotes a first random number, random2 denotes a second random number, pub1 denotes a first public key, pub2 denotes a second public key, userid denotes a first user id, userid' denotes a second user id, and w9Fa1cp6 eshell is an example of a device vendor preset random character string, and is set as shipped from the factory. The attacker cannot get the vendor-preset random string and therefore cannot forge the same signature. Therefore, an attacker can be prevented from sniffing and acquiring the wifi account password, and the attacker can be prevented from disguising as an unconnected device to steal the wifi account password.
With continued reference to fig. 3, one embodiment flow 300 of a method of configuring a network according to the present disclosure is shown as applied to an unconnected network device. The network distribution method comprises the following steps:
step 301, in response to receiving the slave broadcast information sent by the networked device, sending a connection request to the networked device.
In this embodiment, an execution main body of the network distribution method (for example, an unconnected network device shown in fig. 1) may receive slave broadcast information sent by a network connected device through a wireless connection. A wireless communication means is then selected to send a connection request to the networked device. Wireless communication means include, but are not limited to, bluetooth, infrared, near field communication, and the like.
Step 302, establish a wireless connection with a networked device.
In this embodiment, the wireless connection is established according to a commonly supported wireless communication protocol, for example, a bluetooth connection.
Step 303, negotiate a shared key with the networked device.
In the present embodiment, a common key agreement algorithm, such as RSA key agreement algorithm, ECDH (Elliptic current Diffie-Hellman key Exchange, Elliptic Curve Diffie-Hellman) key agreement algorithm, etc., may be adopted. After the shared key is negotiated, the networked device can send the wifi account and the password to the non-networked device through wireless connection after being encrypted by the shared key.
And 304, in response to receiving the encrypted wifi account and password sent by the networking device, decrypting the wifi account and password by using the shared secret key to obtain the wifi account and password.
In this embodiment, the ciphertext of the symmetric encryption manner may be decrypted using the same shared key, so as to obtain the wifi account and the password.
And 305, carrying out distribution through the wifi account and the password.
In this embodiment, the equipment that does not network is connected to wireless router after automatic input wifi account and password, then is connected to the high in the clouds server again, joins in marriage the net.
The method provided by the above embodiment of the present disclosure embodies the operation process of the non-networked device. And obtaining a wifi account and a password to carry out distribution network with the help of the networked equipment. The wifi account password is encrypted, so that an attacker can be prevented from sniffing to acquire the wifi account password. The information leakage risk faced in the account password sharing process can be effectively prevented, and the safety of the sharing process is guaranteed.
In some optional implementations of this embodiment, the negotiating the shared key with the networked device includes: acquiring a first user identifier of a login account from local; generating a first signature according to the first user identification based on a preset signature algorithm; sending the first signature to the networked device to enable the networked device to perform a first signature check; and if the first signature is successfully verified, performing key agreement through a preset key agreement algorithm to obtain a shared key. The non-networked device may generate a first signature sign1 based on the first user identification userid using a signature algorithm such as MD5, SHA1, SHA224, SHA256, SHA384, and so on. userid is the identification of an account number that has been used locally by an unconnected device. The first signature verification process is performed by the networked device, as described above. The networked device checks whether the first signature sent by the non-networked device is the same as the first check signature calculated by the device, if so, the non-networked device is a legal device, and can share a secret key with the non-networked device. Otherwise, the non-networked device is indicated to be an illegal device and cannot be told to access the account password of the wifi network.
In some optional implementations of this embodiment, the negotiating a shared key with the networked device includes: acquiring a first user identifier of a login account from local; generating a first public key, a first private key and a first random number; generating a first signature according to the first user identifier, the first public key and the first random number based on a preset signature algorithm; sending the first signature, the first public key and the first random number to the networked device so that the networked device performs first signature verification; if the first signature is verified successfully, receiving a second public key, a second random number and a second signature which are sent by the networked equipment; generating a second verification signature according to the second public key and the second random number; and if the second signature is the same as the second verification signature, performing key agreement on the basis of a second public key and a first private key through an elliptic curve diffie-hellman key exchange algorithm to obtain a shared key. The unconnected device first generates a public-private key pair < pub1, priv1>, generates a random number random1, reads the identity userid of the account logged in from the device locally, and generates a signature sign1 ═ SHA256(random1+ pub1+ userid). Pub1, random1, sign1 are then sent over the established wireless connection to the networked device. The operations performed by the networked devices are as previously described. After the non-networked device receives pub2, random2 and sign2 through wireless connection, first, sign 2' is calculated as SHA256(random2+ pub 2). If sign 2' and sign2 are different, the process is terminated. Then, the unconnected device generates a symmetric encryption key shared _ key based on pub2 and priv1 using the ECDH algorithm.
The realization mode introduces the random number and the public key to calculate the signature, thereby increasing the confidentiality and preventing an attacker from masquerading as legal non-networked equipment.
In some optional implementations of this embodiment, the first signature is generated according to the first user identifier, the first public key, the first random number, and a device vendor preset random string, and the second signature is generated according to the second public key, the second random number, and the device vendor preset random string. The signature can be calculated by the equation:
sign1=SHA256(random1+“w9Fa1cp6esSHELU”+pub1+userid)
sign1’=SHA256(random1+“w9Fa1cp6esSHELU”+pub1+userid’)
sign2=SHA256(random2+“w9Fa1cp6esSHELU”+pub2)
sign2’=SHA256(random2+“w9Fa1cp6esSHELU”+pub2)
w9Fa1cp6esSHELU is an example of a random character string preset by a device manufacturer, and is set as it is when shipped from a factory. The attacker cannot get the vendor-preset random string and therefore cannot forge the same signature. Therefore, an attacker can be prevented from sniffing and acquiring the wifi account password, and the attacker can be prevented from disguising as an unconnected device to steal the wifi account password.
With continued reference to fig. 4, fig. 4 is a schematic diagram of an application scenario of the distribution network method according to the present embodiment. The overall scheme in the application scenario of fig. 4 includes the following key technologies: 1. establishing Bluetooth connection, 2 negotiating a symmetric encryption key, 3, carrying out encryption transmission on wifi account passwords based on the symmetric encryption key
1. Establishing a Bluetooth connection
The networked devices act as peripheral devices, performing slave broadcasting. And the non-networked equipment is used as central equipment for host scanning. After the non-networked device scans the slave machine broadcast of the networked device, the non-networked device establishes Bluetooth connection with the networked device according to the Bluetooth specification.
2. Negotiating symmetric encryption keys
The first step is as follows: the unconnected device first generates a public-private key pair < pub1, priv1>, generates a random number random1, reads the identity userid of the account that was logged in locally from the device, and generates a signature sign1 ═ SHA256(random1+ "w 9Fa1cp6 eshhellu" + pub1+ userid). Pub1, random1, sign1 are then sent to the networked devices over a bluetooth connection.
The second step: after the networked device receives pub1, random1 and sign1 through the Bluetooth connection, firstly reading the identification userid ' of the current login account from the cloud, then calculating sign1 ═ SHA256(random1+ "w 9Fa1cp6 eshELU" + pub1+ userid '), and if the sign1 ' and the sign1 are different, terminating the processing. The networked device then generates a public-private key pair < pub2, priv2>, generates a random number, random2, generates a signature, sign2 ═ SHA256(random2+ "w 9Fa1cp6 eshell u" + pub2), and sends pub2, random2, sign2 to the non-networked device over the bluetooth connection. Finally, the networked device generates a symmetric encryption key shared _ key based on pub1 and priv2 using the ECDH algorithm.
The third step: after the unconnected device receives pub2, random2, sign2 via bluetooth, it first calculates sign2 ═ SHA256(random2+ "w 9Fa1cp6 eshell u" + pub 2). If sign 2' and sign2 are different, the process is terminated. Then, the unconnected device generates a symmetric encryption key shared _ key based on pub2 and priv1 using the ECDH algorithm.
The technical means ensures that the networked equipment and the legal non-networked equipment share the symmetric encryption key, and can prevent an attacker from disguising non-networked equipment to steal a wifi account password. The specific reasons are: in step 1, the attacker neither knows the specific signature algorithm nor the userid ' on the networked device, and therefore cannot calculate the same signature as sign1 ', and therefore cannot check whether sign1 and sign1 ' are the same through the networked device. In addition, the userid 'used by the networked device to verify the signature is obtained from the cloud instead of being submitted by the non-networked device, so an attacker cannot bypass the check by using a user identification other than userid'.
3. Based on symmetric encryption key, wifi account password is encrypted and transmitted
The first step is as follows: the networked equipment encrypts a wifi account password based on a symmetric encryption key shared _ key by using an AES algorithm and sends a ciphertext to the non-networked equipment through Bluetooth connection.
The second step is that: and the equipment which is not connected with the network receives the ciphertext through Bluetooth connection, decrypts the ciphertext based on the shared _ key by using an AES algorithm, acquires a wifi account password and then joins the network.
With further reference to fig. 5, as an implementation of the methods shown in the above figures, the present disclosure provides an embodiment in which a network distribution apparatus is applied to a networked device, where the apparatus embodiment corresponds to the method embodiment shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the distribution network apparatus 500 of the present embodiment includes: a broadcasting unit 501, a connection unit 502, a negotiation unit 503, and an encryption unit 504. Wherein, the broadcasting unit 501 is configured to transmit slave broadcasting information; a connection unit 502 configured to establish a wireless connection with an unconnected network-connected device in response to receiving a connection request of the unconnected network-connected device; a negotiation unit 503 configured to negotiate a shared key with the non-networked device; an encryption unit 504 configured to encrypt the wifi account and the password based on the shared key and then send the encrypted wifi account and password to the non-networked device.
In this embodiment, the specific processing of the broadcasting unit 501, the connection unit 502, the negotiation unit 503, and the encryption unit 504 of the distribution network device 500 may refer to step 201, step 202, step 203, and step 204 in the corresponding embodiment of fig. 2.
In some optional implementations of this embodiment, the negotiation unit 503 is further configured to: receiving a first signature sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier of a locally acquired login account on the basis of a preset signature algorithm; acquiring a second user identification of the current login account from the cloud; generating a first verification signature according to the second user identification based on the preset signature algorithm; and if the first signature is the same as the first verification signature, carrying out key agreement through a preset key agreement algorithm to obtain a shared key.
In some optional implementations of this embodiment, the negotiation unit 503 is further configured to: receiving a first signature, a first public key and a first random number which are sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier, the first public key and the first random number which are obtained from a local place by a login account and based on a preset signature algorithm; acquiring a second user identification of the current login account from the cloud; generating a first verification signature according to the second user identification, the first public key and the first random number based on the preset signature algorithm; if the first signature is the same as the first verification signature, generating a second public key, a second private key and a second random number; generating a second signature according to the second public key, the second private key and the second random number; sending the second public key, the second random number and the second signature to the non-networked device so that the non-networked device performs second signature verification; and if the second signature is verified successfully, performing key agreement on the basis of the first public key and the second private key through an elliptic curve Diffie-Hellman key exchange algorithm to obtain a shared key.
In some optional implementations of this embodiment, the first signature is generated according to a first user identifier, a first public key, a first random number, and a device vendor preset random string, and the second signature is generated according to a second public key, a second random number, and the device vendor preset random string.
With further reference to fig. 6, as an implementation of the methods shown in the above figures, the present disclosure provides an embodiment in which a network distribution apparatus is applied to an unconnected network device, where the apparatus embodiment corresponds to the method embodiment shown in fig. 3, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 6, the distribution network apparatus 600 of the present embodiment includes: a receiving unit 601, a connecting unit 602, a negotiating unit 603, a decrypting unit 604 and a distribution network unit 605. The receiving unit 601 is configured to send a connection request to a networked device in response to receiving slave broadcast information sent by the networked device; a connection unit 602 configured to establish a wireless connection with the networked device; a negotiating unit 603 configured to negotiate a shared key with the networked device; a decryption unit 604 configured to decrypt, by using the shared key, a wifi account and a password in response to receiving the encrypted wifi account and password sent by the networked device; and the distribution network unit 605 is configured to perform distribution network through the wifi account and the password.
In this embodiment, the specific processing of the receiving unit 601, the connection unit 602, the negotiation unit 603, the decryption unit 604 and the distribution network unit 605 of the distribution network device 600 may refer to step 201, step 202, step 203, step 204 and step 205 in the corresponding embodiment of fig. 2.
In some optional implementations of this embodiment, the negotiation unit 603 is further configured to: acquiring a first user identification of a login account from the local; generating a first signature according to the first user identification based on a preset signature algorithm; sending the first signature to the networked device to enable the networked device to perform a first signature check; and if the first signature is successfully verified, performing key agreement through a preset key agreement algorithm to obtain a shared key.
In some optional implementations of this embodiment, the negotiation unit 603 is further configured to: acquiring a first user identification of a login account from the local; generating a first public key, a first private key and a first random number; generating a first signature according to the first user identifier, the first public key and the first random number based on a preset signature algorithm; sending the first signature, the first public key and the first random number to the networked device so that the networked device performs first signature verification; if the first signature is verified successfully, receiving a second public key, a second random number and a second signature which are sent by the networking equipment; generating a second check signature according to the second public key and the second random number; and if the second signature is the same as the second verification signature, performing key agreement on the basis of a second public key and a first private key through an elliptic curve diffie-hellman key exchange algorithm to obtain a shared key.
In some optional implementations of this embodiment, the first signature is generated according to a first user identifier, a first public key, a first random number, and a device vendor preset random string, and the second signature is generated according to a second public key, a second random number, and the device vendor preset random string.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of flow 200 or 300.
A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of flows 200 or 300.
A computer program product comprising a computer program which, when executed by a processor, implements the method of flow 200 or 300.
FIG. 7 shows a schematic block diagram of an example electronic device 700 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not intended to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 7, the device 700 comprises a computing unit 701 which may perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM)702 or a computer program loaded from a storage unit 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the device 700 can also be stored. The computing unit 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
A number of components in the device 700 are connected to the I/O interface 705, including: an input unit 706 such as a keyboard, a mouse, or the like; an output unit 707 such as various types of displays, speakers, and the like; a storage unit 708 such as a magnetic disk, optical disk, or the like; and a communication unit 709 such as a network card, modem, wireless communication transceiver, etc. The communication unit 709 allows the device 700 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Computing unit 701 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 701 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 701 performs the various methods and processes described above, such as the distribution network method. For example, in some embodiments, the distribution network method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 708. In some embodiments, part or all of a computer program may be loaded onto and/or installed onto device 700 via ROM 702 and/or communications unit 709. When the computer program is loaded into the RAM 703 and executed by the computing unit 701, one or more steps of the distribution network method described above may be performed. Alternatively, in other embodiments, the computing unit 701 may be configured to perform the distribution network method in any other suitable manner (e.g., by way of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, causes the functions/acts specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server combining a blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (19)

1. A network distribution method comprises the following steps:
sending slave machine broadcast information;
in response to receiving a connection request of an unconnected networked device, establishing a wireless connection with the unconnected networked device;
negotiating a shared key with the non-networked device;
and encrypting the wifi account and the password based on the shared key and then sending the encrypted wifi account and the encrypted password to the non-networked equipment.
2. The method of claim 1, wherein the negotiating a shared key with the non-networked device comprises:
receiving a first signature sent by the non-networked device, wherein the first signature is generated by the non-networked device according to a first user identification of a locally acquired login account on the basis of a preset signature algorithm;
acquiring a second user identification of the current login account from the cloud;
generating a first verification signature according to the second user identification based on the preset signature algorithm;
and if the first signature is the same as the first verification signature, carrying out key agreement through a preset key agreement algorithm to obtain a shared key.
3. The method of claim 1, wherein the negotiating a shared key with the non-networked device comprises:
receiving a first signature, a first public key and a first random number which are sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier, the first public key and the first random number which are obtained from a local place by the unconnected device based on a preset signature algorithm;
acquiring a second user identification of the current login account from the cloud;
generating a first verification signature according to the second user identification, the first public key and the first random number based on the preset signature algorithm;
if the first signature is the same as the first verification signature, generating a second public key, a second private key and a second random number;
generating a second signature according to the second public key, the second private key and the second random number;
sending the second public key, the second random number and the second signature to the non-networked device, so that the non-networked device performs second signature verification;
and if the second signature is verified successfully, performing key agreement on the basis of the first public key and the second private key through an elliptic curve Diffie-Hellman key exchange algorithm to obtain a shared key.
4. The method of claim 3, wherein the first signature is generated from the first user identification, the first public key, the first random number, and a device vendor preset random string, and the second signature is generated from the second public key, the second random number, and the device vendor preset random string.
5. A network distribution method comprises the following steps:
in response to receiving slave broadcast information sent by a networked device, sending a connection request to the networked device;
establishing a wireless connection with the networked device;
negotiating a shared key with the networked device;
responding to the received wifi account and the password which are sent by the networked equipment, and decrypting through the shared secret key to obtain the wifi account and the password;
and a network is distributed through the wifi account and the password.
6. The method of claim 5, wherein the negotiating a shared key with the networked device comprises:
acquiring a first user identifier of a login account from local;
generating a first signature according to the first user identification based on a preset signature algorithm;
sending the first signature to the networked device to enable the networked device to perform a first signature check;
and if the first signature is successfully verified, performing key agreement through a preset key agreement algorithm to obtain a shared key.
7. The method of claim 5, wherein the negotiating a shared key with the networked device comprises:
acquiring a first user identifier of a login account from local;
generating a first public key, a first private key and a first random number;
generating a first signature according to the first user identifier, the first public key and the first random number based on a preset signature algorithm;
sending the first signature, the first public key and the first random number to the networked device so that the networked device performs first signature verification;
if the first signature is verified successfully, receiving a second public key, a second random number and a second signature which are sent by the networked equipment;
generating a second check signature according to the second public key and the second random number;
and if the second signature is the same as the second verification signature, performing key agreement on a second public key and a first private key through an elliptic curve diffie-hellman key exchange algorithm to obtain a shared key.
8. The method of claim 7, wherein the first signature is generated from the first user identification, the first public key, the first random number, and a device vendor preset random string, and the second signature is generated from the second public key, the second random number, and the device vendor preset random string.
9. A network-distribution apparatus, comprising:
a broadcasting unit configured to transmit slave broadcasting information;
a connection unit configured to establish a wireless connection with an unconnected device in response to receiving a connection request of the unconnected device;
a negotiation unit configured to negotiate a shared key with the non-networked device;
and the encryption unit is configured to encrypt the wifi account and the password based on the shared secret key and then send the encrypted wifi account and password to the non-networking equipment.
10. The apparatus of claim 9, wherein the negotiation unit is further configured to:
receiving a first signature sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier of a locally acquired login account on the basis of a preset signature algorithm;
acquiring a second user identification of the current login account from the cloud;
generating a first check signature according to the second user identification based on the preset signature algorithm;
and if the first signature is the same as the first verification signature, performing key agreement through a preset key agreement algorithm to obtain a shared key.
11. The apparatus of claim 9, wherein the negotiation unit is further configured to:
receiving a first signature, a first public key and a first random number which are sent by an unconnected device, wherein the first signature is generated by the unconnected device according to a first user identifier, the first public key and the first random number which are obtained from a local place by the unconnected device based on a preset signature algorithm;
acquiring a second user identification of the current login account from the cloud;
generating a first verification signature according to the second user identification, the first public key and the first random number based on the preset signature algorithm;
if the first signature is the same as the first verification signature, generating a second public key, a second private key and a second random number;
generating a second signature according to the second public key, the second private key and the second random number;
sending the second public key, the second random number and the second signature to the non-networked device so that the non-networked device performs second signature verification;
and if the second signature is verified successfully, performing key agreement on the basis of the first public key and the second private key through an elliptic curve Diffie-Hellman key exchange algorithm to obtain a shared key.
12. The apparatus of claim 11, wherein the first signature is generated from a first user identification, a first public key, a first random number, and a device vendor preset random string, and the second signature is generated from a second public key, a second random number, and the device vendor preset random string.
13. A network distribution apparatus comprising:
a receiving unit configured to transmit a connection request to a networked device in response to receiving slave broadcasting information transmitted by the networked device;
a connection unit configured to establish a wireless connection with the networked device;
a negotiation unit configured to negotiate a shared key with the networked device;
the decryption unit is configured to respond to the received wifi account and the password which are sent by the networking equipment, and decrypt the wifi account and the password through the shared secret key;
and the distribution network unit is configured to carry out distribution network through the wifi account and the password.
14. The apparatus of claim 13, wherein the negotiation unit is further configured to:
acquiring a first user identifier of a login account from local;
generating a first signature according to the first user identification based on a preset signature algorithm;
sending the first signature to the networked device to enable the networked device to perform a first signature check;
and if the first signature is successfully verified, performing key agreement through a preset key agreement algorithm to obtain a shared key.
15. The apparatus of claim 13, wherein the negotiation unit is further configured to:
acquiring a first user identification of a login account from the local;
generating a first public key, a first private key and a first random number;
generating a first signature according to the first user identifier, the first public key and the first random number based on a preset signature algorithm;
sending the first signature, the first public key and the first random number to the networked device so that the networked device performs first signature verification;
if the first signature is verified successfully, receiving a second public key, a second random number and a second signature which are sent by the networking equipment;
generating a second verification signature according to the second public key and the second random number;
and if the second signature is the same as the second verification signature, performing key agreement on a second public key and a first private key through an elliptic curve diffie-hellman key exchange algorithm to obtain a shared key.
16. The apparatus of claim 15, wherein the first signature is generated from a first user identification, a first public key, a first random number, and a device vendor preset random string, and the second signature is generated from a second public key, a second random number, and the device vendor preset random string.
17. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
18. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-8.
19. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-8.
CN202210491438.9A 2022-05-07 2022-05-07 Network distribution method, device, equipment and storage medium Active CN114793178B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210491438.9A CN114793178B (en) 2022-05-07 2022-05-07 Network distribution method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210491438.9A CN114793178B (en) 2022-05-07 2022-05-07 Network distribution method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114793178A true CN114793178A (en) 2022-07-26
CN114793178B CN114793178B (en) 2023-02-17

Family

ID=82462628

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210491438.9A Active CN114793178B (en) 2022-05-07 2022-05-07 Network distribution method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114793178B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396247A (en) * 2022-08-24 2022-11-25 杭州涂鸦信息技术有限公司 Network distribution method, device and system of Matter equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109245886A (en) * 2018-11-02 2019-01-18 美的集团股份有限公司 Cryptographic key negotiation method, equipment, storage medium and system
CN109245885A (en) * 2018-11-02 2019-01-18 美的集团股份有限公司 Cryptographic key negotiation method, equipment, storage medium and system
US20190261168A1 (en) * 2016-11-04 2019-08-22 Huawei International Pte. Ltd. System and method for configuring a wireless device for wireless network access
CN114125832A (en) * 2020-08-31 2022-03-01 Oppo广东移动通信有限公司 Network connection method and terminal, network device to be configured and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190261168A1 (en) * 2016-11-04 2019-08-22 Huawei International Pte. Ltd. System and method for configuring a wireless device for wireless network access
CN109245886A (en) * 2018-11-02 2019-01-18 美的集团股份有限公司 Cryptographic key negotiation method, equipment, storage medium and system
CN109245885A (en) * 2018-11-02 2019-01-18 美的集团股份有限公司 Cryptographic key negotiation method, equipment, storage medium and system
CN114125832A (en) * 2020-08-31 2022-03-01 Oppo广东移动通信有限公司 Network connection method and terminal, network device to be configured and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396247A (en) * 2022-08-24 2022-11-25 杭州涂鸦信息技术有限公司 Network distribution method, device and system of Matter equipment
CN115396247B (en) * 2022-08-24 2023-12-19 杭州涂鸦信息技术有限公司 Distribution network method, device and system of Matter equipment

Also Published As

Publication number Publication date
CN114793178B (en) 2023-02-17

Similar Documents

Publication Publication Date Title
US11509485B2 (en) Identity authentication method and system, and computing device
WO2022206349A1 (en) Information verification method, related apparatus, device, and storage medium
EP3518458B1 (en) Method and device for secure communications over a network using a hardware security engine
EP3308519B1 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
US20160269176A1 (en) Key Configuration Method, System, and Apparatus
CN113099443B (en) Equipment authentication method, device, equipment and system
CN112019541B (en) Data transmission method and device, computer equipment and storage medium
US10680835B2 (en) Secure authentication of remote equipment
WO2016008344A1 (en) Wireless connection establishing methods and wireless connection establishing apparatuses
US20210211293A1 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN112966287A (en) Method, system, device and computer readable medium for acquiring user data
CN112769868A (en) Communication method, communication device, electronic device and storage medium
CN107872315B (en) Data processing method and intelligent terminal
CN114793178B (en) Network distribution method, device, equipment and storage medium
CN113992427A (en) Data encryption sending method and device based on adjacent nodes
CN114139176A (en) Industrial internet core data protection method and system based on state secret
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
US10972912B1 (en) Dynamic establishment of trust between locally connected devices
CN113422832B (en) File transmission method, device, equipment and storage medium
CN115334480A (en) Bluetooth peripheral and central equipment and verification method
CN112422275A (en) Key negotiation method, system, equipment and computer storage medium in UART communication
CN112134874A (en) Data transmission method, terminal device, server, system and storage medium
CN107623571B (en) Handshake processing method, client and server
US20230198966A1 (en) Protecting sensitive data in internet-of-things (iot) device
CN113676482B (en) Data transmission system and method and data transmission system and method based on double-layer SSL

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant