CN105959189A

CN105959189A - Home appliance equipment, communication system and method of cloud server and terminal, and terminal

Info

Publication number: CN105959189A
Application number: CN201610403145.5A
Authority: CN
Inventors: 刘复鑫
Original assignee: Midea Group Co Ltd
Current assignee: Midea Group Co Ltd
Priority date: 2016-06-08
Filing date: 2016-06-08
Publication date: 2016-09-21
Anticipated expiration: 2036-06-08
Also published as: CN105959189B

Abstract

The invention discloses home appliance equipment, a cloud server, and a communication method of a terminal. The method comprises the steps that when the terminal is powered on, the terminal and the cloud server carry out key negotiation to confirm the validity of the terminal and the cloud server; when terminal and the cloud server are confirmed to be valid and a distribution network command is received, the terminal carries out network configuration of the home appliance equipment; when the network configuration of the home appliance equipment is successful, the home appliance equipment and the cloud server carry out key negotiation to confirm the validity of the home appliance equipment and the cloud server; and when the home appliance equipment and the cloud server are confirmed to be valid, the home appliance equipment communicates with the terminal through the cloud server based on a preset communication protocol. The invention also discloses a communication system, the home appliance equipment and the terminal. According to the invention, the safety of the process that the home appliance equipment carries out information exchange with the terminal through the cloud server is improved.

Description

Home appliance and with Cloud Server and the communication system of terminal and method, terminal

Technical field

The present invention relates to Smart Home technical field, particularly relate to a kind of home appliance and and Cloud Server thereof Communication system and method, terminal with terminal.

Background technology

Quantity and the growth of category along with intelligent appliance equipment so that the connection of equipment room and collaborative become In the urgent need to, the framework of wisdom life to connecting and the advance of collaborative direction, occurs in that intelligence therewith Household.Smart Home refers to house as platform, utilizes comprehensive wiring technology, the network communications technology, peace Full precautionary technology, automatic control technology, audio frequency and video technology, by integrated for facility relevant for life staying idle at home, build Efficient housing facilities and the management system of family's schedule affairs, promote house security, convenience, relax Adaptive, artistry, and realize the living environment of environmental protection and energy saving.

In the system of home appliance-Cloud Server-terminal, home appliance is entered with terminal by Cloud Server During row information is mutual, it is essentially all after establishing a connection, directly carries out the logical of information News, do not consider home appliance by Cloud Server and terminal carry out information alternately during, information The problem of communication security, but, if home appliance directly carries out information by Cloud Server and terminal Communication, and do not carry out bidirectional identity authentication, it is easily caused the leakage of the communication information, thus reduces letter The safety of breath communication.

Summary of the invention

Present invention is primarily targeted at offer a kind of home appliance and with Cloud Server and the communication of terminal System and method, terminal, it is intended to solve existing home appliance and carry out information by Cloud Server and terminal The technical problem that safety in interaction is low.

For achieving the above object, a kind of communication system that the present invention provides, described communication system includes household electrical appliances Equipment, terminal and Cloud Server；

Described terminal, after being used for powering on, carries out key agreement with described Cloud Server, to confirm described end End and the legitimacy of described Cloud Server；When described terminal and described Cloud Server all confirm legal, and connect When receiving distribution instruction, described home appliance is carried out network configuration；

Described home appliance, for when after network configuration success, carrying out key agreement with described Cloud Server, To confirm the legitimacy of home appliance and Cloud Server；When described home appliance all confirms to close with Cloud Server After method, based on default communications protocol, carry out communication by described Cloud Server and described terminal.

Preferably, described terminal is additionally operable to after powering on, and uses the Cloud Server PKI prestored, to described The first random number and terminal public key that terminal generates are encrypted, and generate the first ciphertext, and are sent to described Cloud Server, deciphers described first ciphertext for described Cloud Server, by the first solution secret letter of deciphering gained Breath is encrypted with the second random number generated, and obtains the second ciphertext, and is sent to described terminal；

Receive described second ciphertext, when confirming that described Cloud Server is legal cloud according to described second ciphertext During server, generate the first confirmation message, and use the first confirmation message described in predetermined encryption algorithm for encryption, Will encryption after described first confirm message be sent to described Cloud Server, for described Cloud Server according to After encryption described first confirms the legitimacy of terminal described in message authentication.

Preferably, described home appliance is additionally operable to, when after network configuration success, use the Cloud Server prestored PKI, the 3rd random number generating described home appliance and the MAC address prestored enter Row encryption, generates the 3rd ciphertext, and is sent to described Cloud Server, deciphers institute for described Cloud Server State the 3rd ciphertext, the second decryption information of deciphering gained be encrypted with the 4th random number generated, Obtain the 4th ciphertext, and be sent to described home appliance；

Receive described 4th ciphertext, when confirming that described Cloud Server is legal cloud according to described 4th ciphertext During server, generate the second confirmation message, and use the second confirmation message described in predetermined encryption algorithm for encryption, Will encryption after described second confirm message be sent to described Cloud Server, for described Cloud Server according to After encryption described second confirms the legitimacy of home appliance described in message authentication.

Preferably, described terminal is additionally operable to all confirm legal when described terminal and described Cloud Server, and connects When receiving distribution instruction, obtain service set SSID of router according to described distribution instruction, by described The password that terminal generates is in plain text and described SSID is sent to described home appliance；

Described home appliance is additionally operable to receive described password plaintext and described SSID, by described password in plain text It is connected to described router with described SSID, carries out Local network communication with described terminal.

Additionally, for achieving the above object, the present invention also provides for a kind of terminal, and described terminal includes:

First key negotiation module, for after powering on, carries out key agreement with Cloud Server, to confirm Described terminal and the legitimacy of described Cloud Server；

Distribution module, for all confirming legal when described terminal and described Cloud Server, and receives distribution During instruction, home appliance is carried out network configuration, for described home appliance after network configuration success, Carry out key agreement with described Cloud Server, to confirm the legitimacy of home appliance and Cloud Server, work as institute State home appliance and Cloud Server all confirm legal after, based on default communications protocol, taken by described cloud Business device carries out communication with described terminal.

Preferably, described first key negotiation module includes:

First ciphering unit, after being used for powering on, uses the Cloud Server PKI prestored, raw to described terminal The first random number and the terminal public key that become are encrypted, and generate the first ciphertext, and are sent to described cloud service Device, deciphers described first ciphertext for described Cloud Server, by the first decryption information and the institute of deciphering gained The second random number generated is encrypted, and obtains the second ciphertext, and is sent to described terminal；

First receives unit, is used for receiving described second ciphertext, when confirming described according to described second ciphertext When Cloud Server is legal Cloud Server, generates the first confirmation message, and use predetermined encryption algorithm to add Close described first confirms message, and described first after encryption being confirmed, message is sent to described Cloud Server, The legitimacy of terminal described in message authentication is confirmed according to described first after encryption for described Cloud Server.

Preferably, described distribution module be additionally operable to when described terminal and described Cloud Server all confirm legal, And when receiving distribution instruction, obtain service set SSID of router according to described distribution instruction, will The password that described terminal generates is in plain text and described SSID is sent to described home appliance, sets for described household electrical appliances Standby reception described password plaintext and described SSID, by described password, in plain text and described SSID is connected to institute State router, carry out Local network communication with described terminal.

Additionally, for achieving the above object, the present invention also provides for a kind of home appliance, described home appliance bag Include:

Second key negotiation module, for when after network configuration success, carrying out key with described Cloud Server Consult, to confirm the legitimacy of home appliance and Cloud Server；

Communication module, for when described home appliance and Cloud Server all confirm legal after, based on default Communications protocol, carries out communication by described Cloud Server and terminal.

Preferably, described second key negotiation module includes:

Second ciphering unit, for when, after network configuration success, using the Cloud Server PKI prestored, right The 3rd random number and the MAC address prestored that described home appliance generates are encrypted, Generate the 3rd ciphertext, and be sent to described Cloud Server, described 3rd close for the deciphering of described Cloud Server Literary composition, is encrypted the second decryption information of deciphering gained with the 4th random number generated, obtains the 4th Ciphertext, and it is sent to described home appliance；

Second receives unit, is used for receiving described 4th ciphertext, when confirming described according to described 4th ciphertext When Cloud Server is legal Cloud Server, generates the second confirmation message, and use predetermined encryption algorithm to add Close described second confirms message, and described second after encryption being confirmed, message is sent to described Cloud Server, The legal of home appliance described in message authentication is confirmed according to described second after encryption for described Cloud Server Property.

Preferably, described communication module is additionally operable to receive password plaintext and the services set mark that described terminal sends Knowing SSID, by described password, in plain text and described SSID is connected to described router, enters with described terminal Row Local network communication.

Additionally, for achieving the above object, the present invention also provides for a kind of home appliance, Cloud Server and terminal The means of communication, the means of communication of described home appliance, Cloud Server and terminal include:

After described terminal powers on, described terminal and described Cloud Server carry out key agreement, to confirm State terminal and the legitimacy of described Cloud Server；

When described terminal and described Cloud Server all confirm legal, and receive distribution instruction time, described end End carries out network configuration to described home appliance；

When, after the success of described home appliance network configuration, described home appliance carries out close with described Cloud Server Key is consulted, to confirm the legitimacy of home appliance and Cloud Server；

When described home appliance and Cloud Server all confirm legal after, described home appliance is based on default logical News agreement, carries out communication by described Cloud Server and described terminal.

Preferably, described after described terminal powers on, described terminal and described Cloud Server carry out key association Business, to confirm that the step of the legitimacy of described terminal and described Cloud Server includes:

After described terminal powers on, described terminal uses the Cloud Server PKI prestored, raw to described terminal The first random number and the terminal public key that become are encrypted, and generate the first ciphertext, and are sent to described cloud service Device, deciphers described first ciphertext for described Cloud Server, by the first decryption information and the institute of deciphering gained The second random number generated is encrypted, and obtains the second ciphertext, and is sent to described terminal；

Described terminal receives described second ciphertext, when described terminal confirms described cloud according to described second ciphertext When server is legal Cloud Server, described terminal generates the first confirmation message, and uses predetermined encryption Described in algorithm for encryption, first confirms message, and described first after encryption being confirmed, message is sent to described cloud clothes Business device, confirms the conjunction of terminal described in message authentication for described Cloud Server according to described first after encryption Method.

Preferably, described after described home appliance network configuration is successful, described home appliance and described cloud Server carries out key agreement, to confirm that home appliance includes with the step of the legitimacy of Cloud Server:

When, after the success of described home appliance network configuration, described home appliance uses the Cloud Server prestored public Key, the 3rd random number generating described home appliance and the MAC address prestored are carried out Encryption, generates the 3rd ciphertext, and is sent to described Cloud Server, described for the deciphering of described Cloud Server 3rd ciphertext, is encrypted the second decryption information of deciphering gained with the 4th random number generated, To the 4th ciphertext, and it is sent to described home appliance；

Described home appliance receives described 4th ciphertext, when described home appliance is true according to described 4th ciphertext Recognizing described Cloud Server when being legal Cloud Server, described home appliance generates the second confirmation message, and Using the second confirmation message described in predetermined encryption algorithm for encryption, described second after encrypting confirms that message is sent out Give described Cloud Server, confirm message authentication for described Cloud Server according to described second after encryption The legitimacy of described home appliance.

Preferably, described all confirm legal when described terminal and described Cloud Server, and receive distribution and refer to When making, the step that described terminal carries out network configuration to described home appliance includes:

When described terminal and described Cloud Server all confirm legal, and receive distribution instruction time, described end Hold service set SSID obtaining router according to described distribution instruction, the password described terminal generated It is sent to described home appliance in plain text with described SSID；

Described home appliance receives described password plaintext and described SSID, by described password in plain text with described SSID is connected to described router, carries out Local network communication with described terminal.

The present invention propose a kind of home appliance and with Cloud Server and the communication system of terminal and method, end End, the means of communication of described home appliance, Cloud Server and terminal particularly as follows: after described terminal powers on, Described terminal and described Cloud Server carry out key agreement, to confirm described terminal and described Cloud Server Legitimacy；When described terminal and described Cloud Server all confirm legal, and receive distribution instruction time, institute State terminal and described home appliance is carried out network configuration；After described home appliance network configuration is successful, institute State home appliance and carry out key agreement, to confirm the conjunction of home appliance and Cloud Server with described Cloud Server Method；When described home appliance and Cloud Server all confirm legal after, described home appliance is based on default Communications protocol, carries out communication by described Cloud Server and described terminal.By taking with described cloud when terminal After business device carries out mutual authentication, terminal carries out network configuration to home appliance.Work as home appliance After network configuration success, home appliance and Cloud Server carry out mutual authentication.When home appliance and After Cloud Server authentication success, home appliance carries out the logical of wide area network by Cloud Server and terminal News, improve home appliance and carry out the safety in information interactive process by Cloud Server and terminal.

Accompanying drawing explanation

Fig. 1 is the preferably enforcement scene schematic diagram of communication system of the present invention；

Fig. 2 is the high-level schematic functional block diagram of terminal preferred embodiment of the present invention；

Fig. 3 is the high-level schematic functional block diagram of home appliance preferred embodiment of the present invention；

Fig. 4 is that the flow process of the means of communication preferred embodiment of home appliance of the present invention, Cloud Server and terminal is shown It is intended to.

The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, do referring to the drawings further Explanation.

Detailed description of the invention

Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to limit Determine the present invention.

The present invention provides a kind of communication system.

With reference to the preferably enforcement scene schematic diagram that Fig. 1, Fig. 1 are communication system of the present invention.

Communication between described home appliance 10, Cloud Server 20 and terminal 30 is preferably applied to Internet of Things Home appliance control in scene, wherein, described communication system includes home appliance 10, Cloud Server 20 With terminal 30, described terminal 30 can be mobile phone, PAD (Portable Android Device, flat board electricity Brain) or remote controller etc., and described home appliance 10 includes various home appliance, as air-conditioning, refrigerator or Audio amplifier etc..Specifically, described terminal 30 first sets up communication link, then with described Cloud Server 20 Described home appliance 10 sets up communication link with described Cloud Server 20.After setting up communication link, institute State home appliance 10 to be interacted with described terminal 30 by described Cloud Server 20, concrete mutual side Formula is: described home appliance 10 receives the control that described terminal 30 sent by described Cloud Server 20 and refers to Order, to perform corresponding operation, when as described in home appliance 10 be air-conditioning time, according to described control instruction Open heating mode, or regulation heats temperature etc..

In the present embodiment, described terminal 30, after being used for powering on, carry out key with described Cloud Server 20 Consult, to confirm described terminal 30 and the legitimacy of described Cloud Server 20；

After described terminal 30 powers on, described terminal 30 carries out key agreement with described Cloud Server 20, To confirm described terminal 30 and the legitimacy of described Cloud Server 20.During key agreement, institute Stating terminal 30 and described Cloud Server 20 is confirmed each other identity, the most described terminal 30 confirms described cloud service Whether device 20 is legal Cloud Server, and described Cloud Server 20 confirms whether described terminal 30 is legal Terminal.It should be noted that described terminal 30 and described Cloud Server 20 carry out cipher key agreement process Key involved by is terminal public key, terminal secret key, Cloud Server PKI and Cloud Server private key.

Further, described terminal 30 is additionally operable to after powering on, and uses the Cloud Server PKI prestored, right The first random number and terminal public key that described terminal 30 generates are encrypted, and generate the first ciphertext, and send To described Cloud Server 20, decipher described first ciphertext for described Cloud Server 20, by deciphering gained First decryption information is encrypted with the second random number generated, and obtains the second ciphertext, and is sent to institute State terminal 30；

After described terminal 30 powers on, described terminal 30 is led to Cloud Server 20 by presetting application News, described default application refers to the control that the home appliance 10 in Internet of things system is controlled by terminal 30 System application, such as remote control applications, presets application for APP (Application, application described in the present embodiment Program), described terminal 30 set up with Cloud Server 20 network be connected time, described terminal 30 generates One random number.After described terminal 30 generates the first random number, described terminal 30 by described first with The terminal public key prestored in machine number and described terminal 30 splices, and uses the cloud clothes prestored Business spliced described first random number of device public key encryption and described terminal public key, generate the first ciphertext, and The first ciphertext generated is sent to described Cloud Server 20.

Described Cloud Server 20 receives described first ciphertext that described terminal 30 sends, and employing prestores Cloud Server private key deciphering encryption after described first ciphertext, described first ciphertext after described deciphering Middle extraction the first random number, the first random number extracted from described first ciphertext is the of deciphering gained One decryption information.When described Cloud Server 20 extracts the first random number in described first ciphertext, institute State Cloud Server 20 and generate the second random number.Described Cloud Server 20 is by described first random number and described Second random number splices, and uses the terminal public key prestored to spliced first random number Be encrypted with the second random number, will encryption after the first random number and the second random number as the second ciphertext It is sent to described terminal 30.

It should be noted that in the present embodiment, described first random number and the word of described second random number Save a length of 16 bytes, but the byte length of described first random number and described second random number does not limit It is formed on above-mentioned described byte length, other byte length can be set to according to specific needs, as Be set to 8 bytes or 24 bytes, but if selecting 8 bytes, by described second random number with described It is next relative to the result that the random number of 16 bytes splices gained that first random number carries out the result splicing gained Saying, the most simply, safety does not has the safety height of the random number acquired results of 16 bytes；If selecting 24 The random number of byte, owing to byte number is long, can compare in splicing and lose time, be unfavorable for carrying The efficiency of high whole workflow.And, described first random number and described terminal public key are spliced, Can also for described first random number and described terminal public key being carried out XOR, or select described first with In machine number and described terminal public key, part byte number splices.If selecting described first random number and described Terminal public key carries out XOR, for described first random number and described terminal public key are spliced, Process is more complicated, needs the long period；And select in the middle part of described first random number and described terminal public key Byte number is divided to splice, for described first random number and described terminal public key are spliced, Due to byte number partly, causing the result splicing gained relatively simple, safety can not get enough Guarantee, therefore, in the present embodiment, be preferably described first random number and described terminal public key are entered Row splicing；Described second random number is spliced with described first random number, it is also possible to for by described Two randoms number and described first random number carry out XOR, or select described second random number and described first In random number, part byte number splices.The Cloud Server PKI that described terminal 30 prestores is solidificated in In SDK (software development kit, SDK) in described terminal 30, institute State the terminal public key that Cloud Server 20 prestores to be solidificated in the SDK in described Cloud Server 20.

Described terminal 30 is additionally operable to receive described second ciphertext, when confirming described cloud according to described second ciphertext When server 20 is legal Cloud Server, generates the first confirmation message, and use predetermined encryption algorithm to add Close described first confirms message, and described first after encryption being confirmed, message is sent to described Cloud Server 20, The conjunction of terminal 30 described in message authentication is confirmed according to described first after encryption for described Cloud Server 20 Method.

Described terminal 30 receives the second ciphertext that described Cloud Server 20 sends, and uses public with described terminal The terminal secret key that key is corresponding deciphers described second ciphertext, extracts described from described second ciphertext after deciphering First random number and described second random number.If the first random number extracted from described second ciphertext and institute Stating the first random number that terminal 30 generated identical, described terminal 30 then confirms that described Cloud Server 20 is Legal Cloud Server.If the first random number and the described terminal 30 extracted from described second ciphertext are given birth to The first random number become is different, and described terminal 30 then confirms that described Cloud Server 20 is illegal cloud service Device.

When described terminal 30 confirms that described Cloud Server 20 is legal Cloud Server, described terminal 30 Described first random number is spliced with described second random number, obtains the key of encryption.Described terminal 30 generate the first confirmation message, according to described key, use predetermined encryption algorithm to confirm to disappear to described first Breath is encrypted, and the first confirmation message after encryption is sent to described Cloud Server 20.

In the present embodiment, described default AES is AES (Advanced Encryption Standard, Advanced Encryption Standard), concrete employing AES-256 algorithm.But described default encryption is calculated Method is not restricted to AES-256 algorithm, it would however also be possible to employ other existing AES, the most superfluous at this State.Encrypt described first and confirm that the key of message is not restricted to described first random number and described second Random number splices, it is also possible on the basis of described first random number and described second random number, adopt Obtain described encryption described first by other method and confirm the key of message, do not repeat them here.

After described Cloud Server 20 receives the encryption that described terminal 30 sends described first confirms to disappear After breath, described Cloud Server 20 uses gained after described second random number and described first random number splicing Described in secret key decryption, first confirms message, extracts the described first the second random number confirming in message.If institute State Cloud Server 20 and confirm the second random number of extraction and described Cloud Server 20 message from described first The second random number generated is identical, and described Cloud Server 20 then determines described terminal 30 successful decryption institute Stating the second ciphertext, obtain the first random number in described second ciphertext, the most described Cloud Server 20 confirms Described terminal 30 is legal terminal, sets up the connection between described terminal 30.When as described in first When confirming the character string that message is " OK ", if described Cloud Server 20 successfully obtains described " OK's " Character string, described Cloud Server 20 then confirms that described terminal 30 is legal terminal.Described first confirms Message includes but not limited to the character string of " OK ", it is also possible to for " terminal 30 is legal " etc..When described Cloud Server 20 and described terminal 30 are confirmed each other the other side when being all legal, described Cloud Server 20 and institute State and between terminal 30, set up wide area network communication connection.

If from described first, described Cloud Server 20 confirms that the second random number extracted message takes with described cloud The second random number that business device 20 generates is different, and described Cloud Server 20 then confirms that described terminal 30 is illegal Terminal time, do not set up wide area network with described terminal 30 and be connected.

Described terminal 30 is additionally operable to all confirm legal when described terminal 30 and described Cloud Server 20, and connects When receiving distribution instruction, described home appliance 10 is carried out network configuration；

When described terminal 30 confirms that described Cloud Server 20 is legal Cloud Server, described Cloud Server After 20 confirm that described terminal 30 is legal terminal, the most described terminal 30 is built with described Cloud Server 20 After vertical wide area network communication, when described terminal 30 receives distribution instruction, described terminal 30 is to described family Electricity equipment 10 carries out network configuration, makes described home appliance 10 and described terminal 30 access same route In device, so that described terminal 30 and described home appliance 10 communication in a local network.

Described home appliance 10, for when after network configuration success, carrying out key with described Cloud Server 20 Consult, to confirm the legitimacy of home appliance 10 and Cloud Server 20；

After described home appliance 10 network configuration is successful, the most described home appliance 10 and described terminal 30 Can be when Local network communication, described home appliance 10 carries out key agreement with described Cloud Server 20. During key agreement, described home appliance 10 and described Cloud Server 20 are confirmed each other identity, The most described home appliance 10 confirms whether described Cloud Server 20 is legal Cloud Server, and described cloud takes Business device 20 confirms whether described home appliance 10 is legal home appliance.It should be noted that it is described Key involved in home appliance 10 and described Cloud Server 20 cipher key agreement process is that home appliance is public Key, home appliance private key, Cloud Server PKI and Cloud Server private key.

Further, described home appliance 10 is additionally operable to when, after network configuration success, using the cloud clothes prestored Business device PKI, the 3rd random number generating described home appliance 10 and the media interviews prestored control MAC Address is encrypted, and generates the 3rd ciphertext, and is sent to described Cloud Server 20, for described cloud service Described 3rd ciphertext deciphered by device 20, by the second decryption information and the 4th random number generated of deciphering gained It is encrypted, obtains the 4th ciphertext, and be sent to described home appliance 10；

After described home appliance 10 network configuration is successful, the most described home appliance 10 and described terminal 30 After setting up Local network communication, described home appliance 10 generates the 3rd random number of 16 bytes.Described household electrical appliances Equipment 10 obtains its 6 bytes MAC prestored (Media Access Control, media interviews control System) address, described MAC Address is spliced with described 3rd random number, uses the cloud prestored Spliced described 3rd random number and described MAC Address are encrypted by server public key, obtain the 3rd Ciphertext, and described 3rd ciphertext is sent to described Cloud Server 20.

When described Cloud Server 20 receives three ciphertext that described home appliance 10 sends, described cloud Server 20 uses the Cloud Server private key corresponding with described Cloud Server PKI to decipher described 3rd ciphertext, Described 3rd random number is extracted, it is to be understood that in described 3rd ciphertext in described 3rd ciphertext The 3rd random number extracted is described Cloud Server 20 and deciphers the second decryption information of gained.Described cloud Server 20 generates the 4th random number of 16 bytes, and described 4th random number is 3rd random with described After number splicing, use the home appliance PKI prestored to spliced described 4th random number with described 3rd random number is encrypted, and obtains the 4th ciphertext, and described 4th ciphertext is sent to described household electrical appliances sets Standby 10.

It should be noted that the byte length of described 3rd random number, the 4th random number and MAC Address is also It is not restricted to above-mentioned described byte length, other byte length can be set to according to specific needs. The home appliance PKI that described Cloud Server 20 prestores is solidificated in the SDK in described Cloud Server 20 In；The Cloud Server PKI that described home appliance 10 prestores is solidificated in the SDK of described home appliance 10 In.

Described home appliance 10 is additionally operable to receive described 4th ciphertext, when confirming institute according to described 4th ciphertext State Cloud Server 20 when being legal Cloud Server, generate the second confirmation message, and use predetermined encryption to calculate Method encryption described second confirms message, and described second after encryption being confirmed, message is sent to described cloud service According to described second after encryption, device 20, confirms that household electrical appliances described in message authentication set for described Cloud Server 20 The legitimacy of standby 10.

After described home appliance 10 receives described 4th ciphertext that described Cloud Server 20 sends, institute Stating home appliance 10, to use the home appliance private key corresponding with described home appliance PKI to decipher described 4th close Literary composition, extracts the 3rd random number and the 4th random number in described 4th ciphertext.If from described 4th ciphertext The 3rd random number extracted is identical with the 3rd random number that described home appliance 10 generates, described home appliance 10 judge that described Cloud Server 20 is as legal Cloud Server.If extract from described 4th ciphertext the The 3rd random number that three randoms number generate from described home appliance 10 is different, and described home appliance 10 is then sentenced Fixed described Cloud Server 20 is illegal Cloud Server.When described home appliance 10 judges described cloud service When device 20 is legal Cloud Server, the 3rd random number that described home appliance 10 is generated is with described 4th random number splices, as the key of encryption.Described home appliance 10 generates the second confirmation message, According to described key, predetermined encryption algorithm is used to confirm that message is encrypted to described second, after encrypting Second confirmation message be sent to described Cloud Server 20.

After after described Cloud Server 20 receives encryption described second confirms message, by the described 4th Second confirmation message described in the secret key decryption of gained after random number and described 3rd random number splicing.If it is described Cloud Server 20 can correctly be deciphered described second and confirm message, and described Cloud Server 20 then determines described family 4th ciphertext described in electricity equipment 10 successful decryption, obtains described 4th random number, described Cloud Server 20 confirm that described home appliance 10 is legal home appliance.When as described in second confirm message be " OK " Character string time, if described Cloud Server 20 successfully obtains the character string of described " OK ", described cloud takes Business device 20 then confirms that described home appliance 10 is legal home appliance.Described second confirms that message includes But it is not limited to the character string of " OK ", it is also possible to for " home appliance 10 is legal " etc..When described cloud takes Business device 20 and described home appliance 10 are confirmed each other the other side when being all legal, described Cloud Server 20 and institute State and between home appliance 10, set up wide area network communication.

It should be noted that described above spells described MAC Address with described 3rd random number Connect, it is also possible to for described MAC Address and described 3rd random number being carried out XOR, or select described MAC Address splices with part byte number in described 3rd random number；By described 4th random number and institute State the 3rd random number to splice, it is also possible to for being carried out with described 3rd random number by described 4th random number XOR, or select described 4th random number to splice with part byte number in described 3rd random number. Described default AES is aes algorithm, concrete employing AES-256 algorithm.

Described terminal 30 be additionally operable to when described home appliance 10 and Cloud Server 20 all confirm legal after, base In default communications protocol, carry out communication by described Cloud Server 20 with described terminal 30.

When described home appliance 10 confirms that described Cloud Server 20 is legal Cloud Server, and described cloud Server 20 confirms when described home appliance 10 is legal home appliance, described home appliance 10 based on The communications protocol preset, carries out wide area network communication by described Cloud Server 20 with described terminal 30.Institute Stating default communications protocol is between described home appliance 10, described Cloud Server 20 and described terminal 30 The communications protocol consulted in advance.When described terminal 30 sends an instruction to described Cloud Server 20 Time, described instruction is transmitted to corresponding home appliance 10 by described communication protocol by described Cloud Server 20. When described home appliance 10 receives described instruction, described home appliance 10 performs according to described instruction Corresponding operation.When as described in terminal 30 be sent to as described in the instruction of Cloud Server 20 be out code time, According to described communications protocol, described Cloud Server 20 learns that described out code is destined to the instruction of refrigerator, Described instruction is then sent to described refrigerator by described Cloud Server 20.Described refrigerator receives described out code, Corresponding operation is performed according to out code.

After the present embodiment is by carrying out mutual authentication when terminal 30 with described Cloud Server 20, Terminal 30 carries out network configuration to home appliance 10.After home appliance 10 network configuration is successful, household electrical appliances Equipment 10 and Cloud Server 20 carry out mutual authentication.When home appliance 10 and Cloud Server 20 After authentication success, home appliance 10 carries out the logical of wide area network by Cloud Server 20 and terminal 30 News, improve the peace that home appliance 10 carries out in information interactive process by Cloud Server 20 and terminal 30 Quan Xing.

Further, in order to improve described home appliance 10, Cloud Server 20 and terminal 30 communication it Between carry out the safety in information interactive process, based on first embodiment, the present embodiment is proposed.

In the present embodiment, described terminal 30 is additionally operable to when described terminal 30 is equal with described Cloud Server 20 It is legal to confirm, and when receiving distribution instruction, obtains the services set mark of router according to described distribution instruction Knowing SSID, the password described terminal 30 generated is in plain text and described SSID is sent to described home appliance 10；

Described home appliance 10 is additionally operable to receive described password plaintext and described SSID, by described password It is connected to described router with described SSID in plain text, carries out Local network communication with described terminal 30.

When described terminal 30 and described Cloud Server 20 all confirm legal after, described terminal 30 receives joins During net instruction, described terminal 30 obtains the SSID of its router connected according to described distribution instruction (Service Set Identifier, service set), and generate password in plain text.Described terminal 30 is by described SSID and described password are sent to and the home appliance 10 of described terminal 30 binding in plain text.

When described home appliance 10 receives described password plaintext and the described SSID that described terminal 30 sends, By described password, in plain text and described SSID is connected to described router, carries out local with described terminal 30 Netcom interrogates.

Further, described terminal 30 sets by scanning the Quick Response Code acquisition household electrical appliances of described home appliance 10 The SN (Serial Number, serial number) of standby 10 binds with described home appliance 10.

Further, when the start for the first time of described home appliance 10, described home appliance 10 passes through PCI (Payment Card Industry, payment card industry) encrypted card automatically generates home appliance PKI and household electrical appliances Device private, and described home appliance PKI and described home appliance private key are stored in flash.Work as institute Stating after the default application in terminal 30 installs successfully, described terminal 30 is automatically generated by PCI encrypted card Terminal public key and terminal secret key, i.e. preset application and generate PKI and the private key of this application, and by described terminal PKI and terminal secret key are stored in the secure storage areas of described default application.Set by previously generating household electrical appliances Standby PKI, home appliance private key, terminal public key and terminal secret key, in order to described home appliance 10, institute State terminal 30 and carry out key agreement with described Cloud Server 20 respectively, be confirmed each other identity, improve described The safety in information interactive process is carried out between home appliance 10, Cloud Server 20 and the communication of terminal 30 Property.

The present invention further provides a kind of terminal 30.

With reference to the preferable high-level schematic functional block diagram that Fig. 2, Fig. 2 are terminal 30 of the present invention.

In the present embodiment, described terminal 30 includes:

First key negotiation module 31, for after powering on, carries out key agreement with Cloud Server 20, with Confirm described terminal 30 and the legitimacy of described Cloud Server 20；

After described terminal 30 powers on, the first key negotiation module 31 in described terminal 30 and described cloud Server 20 carries out key agreement, to confirm described terminal 30 and the legitimacy of described Cloud Server 20. During key agreement, described terminal 30 and described Cloud Server 20 are confirmed each other identity, i.e. institute State terminal 30 and confirm whether described Cloud Server 20 is legal Cloud Server, and described Cloud Server 20 is true Recognize whether described terminal 30 is legal terminal.It should be noted that described terminal 30 and described cloud clothes It is terminal public key, terminal secret key, Cloud Server that business device 20 carries out key involved in cipher key agreement process PKI and Cloud Server private key.

Further, described first key negotiation module 31 includes:

First ciphering unit, after being used for powering on, uses the Cloud Server PKI prestored, to described terminal 30 The first random number and the terminal public key that generate are encrypted, and generate the first ciphertext, and are sent to described cloud clothes Business device 20, deciphers described first ciphertext for described Cloud Server 20, by the first solution secret letter of deciphering gained Breath is encrypted with the second random number generated, and obtains the second ciphertext, and is sent to described terminal 30； After described terminal 30 powers on, described terminal 30 carries out communication by presetting application with Cloud Server 20, Described default application refers to that the control that the home appliance 10 in Internet of things system is controlled by terminal 30 should With, such as remote control applications, presetting application described in the present embodiment is APP (Application, application program), Described terminal 30 set up with Cloud Server 20 network be connected time, the first encryption in described terminal 30 is single Unit generates the first random number.After described first ciphering unit generates the first random number, described first adds Described first random number and the terminal public key prestored are spliced by close unit, and employing prestores Spliced described first random number of Cloud Server public key encryption and described terminal public key, generate first close Literary composition, and the first ciphertext generated is sent to described Cloud Server 20, decipher for described Cloud Server 20 Described first ciphertext, is encrypted the first decryption information of deciphering gained with the second random number generated, Obtain the second ciphertext, and be sent to described terminal 30.

Described Cloud Server 20 deciphers described first ciphertext, will decipher the first decryption information of gained and is given birth to The second random number become is encrypted, and obtains the second ciphertext, and is sent to described terminal 30 detailed process and is: Described Cloud Server 20 receives described first ciphertext that described terminal 30 sends, and uses the cloud prestored Described first ciphertext after privacy key deciphering encryption, carries described first ciphertext after described deciphering Taking the first random number, the first random number extracted from described first ciphertext is the first solution of deciphering gained Confidential information.When described Cloud Server 20 extracts the first random number in described first ciphertext, described cloud Server 20 generates the second random number.Described Cloud Server 20 is by described first random number and described second Random number splices, and uses the terminal public key that prestores to spliced first random number and the Two randoms number are encrypted, and the first random number after encryption and the second random number are sent as the second ciphertext To described terminal 30.

First receives unit, is used for receiving described second ciphertext, when confirming described according to described second ciphertext When Cloud Server 20 is legal Cloud Server, generates the first confirmation message, and use predetermined encryption algorithm Encrypt described first and confirm message, described first after encryption is confirmed that message is sent to described Cloud Server 20, confirm terminal 30 described in message authentication for described Cloud Server 20 according to described first after encryption Legitimacy.

The first reception unit in described terminal 30 receives the second ciphertext that described Cloud Server 20 sends, The terminal secret key corresponding with described terminal public key is used to decipher described second ciphertext, described the after deciphering Two ciphertexts are extracted described first random number and described second random number.If extracting from described second ciphertext The first random number identical with the first random number that described terminal 30 is generated, described first receive unit then Confirm that described Cloud Server 20 is legal Cloud Server.If from described second ciphertext extract first with The first random number that machine number is generated with described terminal 30 is different, and described first receives unit then confirms described Cloud Server 20 is illegal Cloud Server, for described Cloud Server 20 according to described the after encryption One confirms the legitimacy of terminal 30 described in message authentication.

When described first receive unit confirm that described Cloud Server 20 is legal Cloud Server time, described the One receives unit splices described first random number with described second random number, obtains the key of encryption. Described terminal 30 generates the first confirmation message, according to described key, uses predetermined encryption algorithm to described the One confirms that message is encrypted, and the first confirmation message after encryption is sent to described Cloud Server 20.

Described Cloud Server 20 confirms the conjunction of terminal 30 described in message authentication according to described first after encryption The detailed process of method is: receive, when described Cloud Server 20 receives described first, the encryption that unit sends After described first confirm after message, described Cloud Server 20 uses described second random number and described first After random number splicing, the first confirmation message described in the secret key decryption of gained, extracts described first and confirms in message The second random number.If described Cloud Server 20 confirms the second random number of extraction message from described first Identical with the second random number that described Cloud Server 20 generates, described Cloud Server 20 then determines described the One receives the second ciphertext described in unit successful decryption, obtains the first random number in described second ciphertext, The most described Cloud Server 20 confirms that described terminal 30 is legal terminal, sets up between described terminal 30 Connection.When as described in first confirm that message is the character string of " OK " time, if described Cloud Server 20 Successfully obtaining the character string of described " OK ", described Cloud Server 20 then confirms that described terminal 30 is for legal Terminal.Described first confirms that message includes but not limited to the character string of " OK ", it is also possible to for " terminal 30 is legal " etc..When described Cloud Server 20 and described terminal 30 be confirmed each other the other side be all legal time, Set up wide area network communication between described Cloud Server 20 and described terminal 30 to connect.

Distribution module 32, for all confirming legal when described terminal 30 and described Cloud Server 20, and connects When receiving distribution instruction, home appliance 10 is carried out network configuration, for described home appliance 10 at net After network configuration successful, carry out key agreement with described Cloud Server 20, to confirm home appliance 10 and cloud The legitimacy of server 20, when described home appliance 10 and Cloud Server 20 all confirm legal after, based on The communications protocol preset, carries out communication by described Cloud Server 20 with described terminal 30.

When described terminal 30 confirms that described Cloud Server 20 is legal Cloud Server, described Cloud Server After 20 confirm that described terminal 30 is legal terminal, the most described terminal 30 is built with described Cloud Server 20 After vertical wide area network communication, when in described terminal 30, distribution module 32 receives distribution instruction, described in join Net module 32 carries out network configuration to described home appliance 10, makes described home appliance 10 and described terminal 30 access in same router, for described home appliance 10 after network configuration success, with described cloud Server 20 carries out key agreement, to confirm the legitimacy of home appliance 10 and Cloud Server 20, works as institute State home appliance 10 and Cloud Server 20 all confirm legal after, based on default communications protocol, by institute State Cloud Server 20 and carry out communication with described terminal 30.

In the present embodiment, described distribution module 32 is additionally operable to when described terminal 30 and described Cloud Server 20 all confirm legal, and receive distribution instruction time, according to described distribution instruction obtain router service Set identifier SSID, the password described terminal 30 generated is sent to described household electrical appliances sets with described SSID in plain text Standby 10, receive described password plaintext and described SSID for described home appliance 10, by described password It is connected to described router with described SSID in plain text, carries out Local network communication with described terminal 30.

When described terminal 30 and described Cloud Server 20 all confirm legal after, the distribution in described terminal 30 When module 32 receives distribution instruction, described distribution module 32 obtains it according to described distribution instruction and connects The SSID (Service Set Identifier, service set) of router, and generate password in plain text.Institute State the household electrical appliances that described SSID and described password are sent to bind by distribution module 32 in plain text with described terminal 30 Equipment 10, receives described password plaintext and described SSID for described home appliance 10, by described mouth Order is in plain text and described SSID is connected to described router, carries out Local network communication with described terminal 30.

Further, described terminal 30 sets by scanning the Quick Response Code acquisition household electrical appliances of described home appliance 10 The SN (Serial Number, serial number) of standby 10 binds with described home appliance 10.When described After default application in terminal 30 is installed successfully, described terminal 30 is by PCI (Payment Card Industry, payment card industry) encrypted card automatically generates terminal public key and terminal secret key, i.e. presets application raw Become PKI and the private key of this application, and described terminal public key and terminal secret key are stored in described default application Secure storage areas in.By previously generating terminal public key and terminal secret key, in order to described terminal 30 He Described Cloud Server 20 carries out key agreement, is confirmed each other identity, improves described terminal 30 by described Cloud Server 20 carries out, with described terminal 30, the safety that information is mutual.

The present invention further provides a kind of home appliance 10.

With reference to the preferable high-level schematic functional block diagram that Fig. 3, Fig. 3 are home appliance 10 of the present invention.

In the present embodiment, described home appliance 10 includes:

Second key negotiation module 11, for when after network configuration success, carrying out with described Cloud Server 20 Key agreement, to confirm the legitimacy of home appliance 10 and Cloud Server 20；

After described home appliance 10 network configuration is successful, the most described home appliance 10 and described terminal 30 Can be when Local network communication, the second key negotiation module 11 in described home appliance 10 and described cloud Server 20 carries out key agreement.During key agreement, described home appliance 10 and described cloud Server 20 is confirmed each other identity, and the most described home appliance 10 confirms whether described Cloud Server 20 is conjunction The Cloud Server of method, described Cloud Server 20 confirms that the household electrical appliances whether described home appliance 10 is legal set Standby.It should be noted that institute in described home appliance 10 and described Cloud Server 20 cipher key agreement process The key related to is home appliance PKI, home appliance private key, Cloud Server PKI and Cloud Server private key.

Further, described second key negotiation module 11 includes:

Second ciphering unit, for when, after network configuration success, using the Cloud Server PKI prestored, right The 3rd random number and the MAC address prestored that described home appliance 10 generates add Close, generate the 3rd ciphertext, and be sent to described Cloud Server 20, decipher institute for described Cloud Server 20 State the 3rd ciphertext, the second decryption information of deciphering gained be encrypted with the 4th random number generated, Obtain the 4th ciphertext, and be sent to described home appliance 10；

After described home appliance 10 network configuration is successful, the most described home appliance 10 and described terminal 30 After setting up Local network communication, the second ciphering unit in described second key negotiation module 11 generates 16 words 3rd random number of joint.Described second ciphering unit obtains its 6 byte MAC (Media prestored Access Control, media interviews control) address, by described MAC Address and described 3rd random number Splice, use the Cloud Server PKI that prestores to spliced described 3rd random number and described MAC Address is encrypted, and obtains the 3rd ciphertext, and described 3rd ciphertext is sent to described Cloud Server 20, decipher described 3rd ciphertext for described Cloud Server 20, by deciphering gained the second decryption information with The 4th random number generated is encrypted, and obtains the 4th ciphertext, and is sent to described home appliance 10.

Described Cloud Server 20 deciphers described 3rd ciphertext, will decipher the second decryption information of gained and is given birth to The 4th random number become is encrypted, and obtains the 4th ciphertext, and is sent to the described concrete mistake of home appliance 10 Cheng Wei: when described Cloud Server 20 receives three ciphertext that described home appliance 10 sends, described It is described 3rd close that Cloud Server 20 uses the Cloud Server private key corresponding with described Cloud Server PKI to decipher Literary composition, extracts described 3rd random number in described 3rd ciphertext, it is to be understood that described 3rd close The 3rd random number extracted in literary composition is described Cloud Server 20 and deciphers the second decryption information of gained.Institute State Cloud Server 20 and generate the 4th random number of 16 bytes, and by described 4th random number and the described 3rd After random number splicing, use the home appliance PKI that prestores to spliced described 4th random number with Described 3rd random number is encrypted, and obtains the 4th ciphertext, and described 4th ciphertext is sent to described family Electricity equipment 10.

Second receives unit, is used for receiving described 4th ciphertext, when confirming described according to described 4th ciphertext When Cloud Server 20 is legal Cloud Server, generates the second confirmation message, and use predetermined encryption algorithm Encrypt described second and confirm message, and described second after encryption is confirmed that message is sent to described cloud service According to described second after encryption, device 20, confirms that household electrical appliances described in message authentication set for described Cloud Server 20 The legitimacy of standby 10.

When the second reception unit in described second key negotiation module 11 receives described Cloud Server 20 After described 4th ciphertext sent, described second receives unit uses corresponding with described home appliance PKI Home appliance private key deciphers described 4th ciphertext, extracts the 3rd random number and the 4th in described 4th ciphertext Random number.If the 3rd random number and the described home appliance 10 that extract from described 4th ciphertext generate the Three randoms number are identical, and described second receives unit then judges that described Cloud Server 20 is as legal Cloud Server. If the 3rd random number that the 3rd random number extracted from described 4th ciphertext generates with described home appliance 10 Difference, described second receives unit then judges that described Cloud Server 20 is as illegal Cloud Server.When described Second receives unit when judging described Cloud Server 20 as legal Cloud Server, described second reception unit The 3rd random number generated splices with described 4th random number, as the key of encryption.Described Second receives unit generates the second confirmation message, according to described key, uses predetermined encryption algorithm to described Second confirms that message is encrypted, and the second confirmation message after encryption is sent to described Cloud Server 20, Home appliance 10 described in message authentication is confirmed according to described second after encryption for described Cloud Server 20 Legitimacy.

Described Cloud Server 20 confirms home appliance 10 described in message authentication according to described second after encryption Legitimacy detailed process be: after described Cloud Server 20 receives encryption described second confirm message After, by described in the secret key decryption of gained after described 4th random number and described 3rd random number splicing second Confirm message.If described Cloud Server 20 can correctly decipher described second confirms message, described Cloud Server 20 determine the 4th ciphertext described in described home appliance 10 successful decryption, obtain described 4th random number, Described Cloud Server 20 confirms that described home appliance 10 is legal home appliance.When as described in second true When recognizing the character string that message is " OK ", if described Cloud Server 20 successfully obtains the word of described " OK " Symbol string, described Cloud Server 20 then confirms that described home appliance 10 is legal home appliance.Described Two confirm that message includes but not limited to the character string of " OK ", it is also possible to for " home appliance 10 is legal " Deng.When described Cloud Server 20 and described home appliance 10 be confirmed each other the other side be all legal time, described Wide area network communication is set up between Cloud Server 20 and described home appliance 10.

Communication module 12, for when described home appliance 10 and Cloud Server 20 all confirm legal after, base In default communications protocol, carry out communication by described Cloud Server 20 with terminal 30.

When described home appliance 10 confirms that described Cloud Server 20 is legal Cloud Server, and described cloud Server 20 confirms when described home appliance 10 is legal home appliance, in described home appliance 10 Communication module 12, based on default communications protocol, is carried out with described terminal 30 by described Cloud Server 20 Wide area network communication.Described default communications protocol is described home appliance 10, described Cloud Server 20 and institute State the communications protocol consulted in advance between terminal 30.When described terminal 30 sends an instruction to institute When stating Cloud Server 20, described instruction is transmitted to phase by described communication protocol by described Cloud Server 20 The communication module 12 of the home appliance 10 answered.When the communication module 12 of described home appliance 10 receives institute When stating instruction, described communication module 12 performs corresponding operation according to described instruction.When as described in terminal 30 Being sent to the instruction of described Cloud Server 20 when being out code, described Cloud Server 20 is according to described logical News agreement learns that described out code is destined to the instruction of refrigerator, and described Cloud Server 20 is then by described finger Order is sent to described refrigerator.Described refrigerator receives described out code, performs correspondence according to out code Operation.

In the present embodiment, to be additionally operable to receive the password that described terminal 30 sends bright for described communication module 12 Literary composition and service set SSID, by described password, in plain text and described SSID is connected to described router, Local network communication is carried out with described terminal 30.

When the communication module 12 in described home appliance 10 receives the described password that described terminal 30 sends In plain text and described SSID (Service Set Identifier, service set), by described password in plain text and Described SSID is connected to described router, carries out Local network communication with described terminal 30.Further, When the start for the first time of described home appliance 10, described home appliance 10 is by PCI (Payment Card Industry, payment card industry) encrypted card automatically generates home appliance PKI and home appliance private key, and will Described home appliance PKI and described home appliance private key are stored in flash.Set by previously generating household electrical appliances Standby PKI and home appliance private key, in order to described home appliance 10 and described Cloud Server 20 carry out close Key is consulted, and is confirmed each other identity, improves described home appliance 10 by described Cloud Server 20 and terminal 30 carry out the safety that information is mutual.

The present invention further provides a kind of home appliance 10, Cloud Server 20 and the means of communication of terminal 30.

It is home appliance 10 of the present invention, Cloud Server 20 and the communication side of terminal 30 with reference to Fig. 4, Fig. 4 The schematic flow sheet of method preferred embodiment.

In the present embodiment, the means of communication bag of described home appliance 10, Cloud Server 20 and terminal 30 Include:

Step S10, after described terminal 30 powers on, described terminal 30 is carried out with described Cloud Server 20 Key agreement, to confirm described terminal 30 and the legitimacy of described Cloud Server 20；

Further, described step S10 includes:

Step a, after described terminal 30 powers on, described terminal 30 uses the Cloud Server PKI prestored, The first random number and the terminal public key that generate described terminal 30 are encrypted, and generate the first ciphertext, concurrently Give described Cloud Server 20, decipher described first ciphertext for described Cloud Server 20, gained will be deciphered The first decryption information be encrypted with the second random number generated, obtain the second ciphertext, and be sent to Described terminal 30；

Step b, described terminal 30 receives described second ciphertext, when described terminal 30 is according to described second close Literary composition confirms that when described Cloud Server 20 is legal Cloud Server, described terminal 30 generates the first confirmation and disappears Breath, and use the first confirmation message described in predetermined encryption algorithm for encryption, described first after encrypting confirms Message is sent to described Cloud Server 20, for described first true according to after encryption of described Cloud Server 20 Recognize the legitimacy of terminal 30 described in message authentication.

Step S20, when described terminal 30 and described Cloud Server 20 all confirm legal, and receives distribution During instruction, described terminal 30 carries out network configuration to described home appliance 10；

Step S30, when, after the success of described home appliance 10 network configuration, described home appliance 10 is with described Cloud Server 20 carries out key agreement, to confirm the legitimacy of home appliance 10 and Cloud Server 20；

Further, described step S30 includes:

Step c, when, after the success of described home appliance 10 network configuration, described home appliance 10 uses and prestores Cloud Server PKI, the 3rd random number that described home appliance 10 is generated and the media interviews control that prestores MAC Address processed is encrypted, and generates the 3rd ciphertext, and is sent to described Cloud Server 20, for institute State Cloud Server 20 and decipher described 3rd ciphertext, by the second decryption information and the generated of deciphering gained Four randoms number are encrypted, and obtain the 4th ciphertext, and are sent to described home appliance 10；

Step d, described home appliance 10 receives described 4th ciphertext, when described home appliance 10 is according to institute State the 4th ciphertext and confirm that, when described Cloud Server 20 is legal Cloud Server, described home appliance 10 is raw Become the second confirmation message, and use the second confirmation message described in predetermined encryption algorithm for encryption, after encryption Described second confirm message be sent to described Cloud Server 20, for described Cloud Server 20 according to encryption after The described second legitimacy confirming home appliance 10 described in message authentication.

Step S40, when described home appliance 10 and Cloud Server 20 all confirm legal after, described household electrical appliances set Standby 10, based on default communications protocol, carry out communication by described Cloud Server 20 with described terminal 30.

In the present embodiment, described step S20 includes:

Step e, when described terminal 30 and described Cloud Server 20 all confirm legal, and receives distribution and refers to When making, described terminal 30 obtains service set SSID of router according to described distribution instruction, by institute The password stating terminal 30 generation is sent to described home appliance 10 with described SSID in plain text；

Step f, described home appliance 10 receives described password plaintext and described SSID, by described password It is connected to described router with described SSID in plain text, carries out Local network communication with described terminal 30.

It should be noted that in this article, term " include ", " comprising " or its any other variant Be intended to comprising of nonexcludability so that include the process of a series of key element, method, article or Person's device not only includes those key elements, but also includes other key elements being not expressly set out, or also Including the key element intrinsic for this process, method, article or device.In the feelings not having more restriction Under condition, statement " including ... " key element limited, it is not excluded that include this key element process, Method, article or device there is also other identical element.

The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.

Through the above description of the embodiments, those skilled in the art is it can be understood that arrive above-mentioned Embodiment method can add the mode of required general hardware platform by software and realize, naturally it is also possible to logical Cross hardware, but a lot of in the case of the former is more preferably embodiment.Based on such understanding, the present invention's The part that prior art is contributed by technical scheme the most in other words can be with the form body of software product Revealing to come, this computer software product is stored in a storage medium (such as ROM/RAM, magnetic disc, light Dish) in, including some instructions with so that a station terminal equipment (can be mobile phone, computer, service Device, air-conditioner, or the network equipment etc.) perform the method described in each embodiment of the present invention.

These are only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention, every Utilize equivalent structure or equivalence flow process conversion that description of the invention and accompanying drawing content made, or directly or Connect and be used in other relevant technical fields, be the most in like manner included in the scope of patent protection of the present invention.

Claims

1. a communication system, it is characterised in that described communication system includes home appliance, terminal and cloud Server；

2. communication system as claimed in claim 1, it is characterised in that described terminal is additionally operable to when powering on After, using the Cloud Server PKI prestored, the first random number and the terminal public key that generate described terminal enter Row encryption, generates the first ciphertext, and is sent to described Cloud Server, deciphers institute for described Cloud Server State the first ciphertext, the first decryption information of deciphering gained be encrypted with the second random number generated, Obtain the second ciphertext, and be sent to described terminal；

3. communication system as claimed in claim 1, it is characterised in that described home appliance is additionally operable to work as After network configuration success, use the Cloud Server PKI that prestores, the 3rd that described home appliance is generated with Machine number and the MAC address prestored are encrypted, and generate the 3rd ciphertext, and are sent to Described Cloud Server, deciphers described 3rd ciphertext for described Cloud Server, by the second solution of deciphering gained Confidential information is encrypted with the 4th random number generated, and obtains the 4th ciphertext, and is sent to described household electrical appliances Equipment；

4. the communication system as described in any one of claims 1 to 3, it is characterised in that described terminal is also For when described terminal and described Cloud Server all confirm legal, and receive distribution instruction time, according to institute State distribution instruction and obtain service set SSID of router, the password described terminal generated plaintext and institute State SSID and be sent to described home appliance；

5. a terminal, it is characterised in that described terminal includes:

6. terminal as claimed in claim 5, it is characterised in that described first key negotiation module includes:

7. the terminal as described in claim 5 or 6, it is characterised in that described distribution module is additionally operable to work as It is legal that described terminal and described Cloud Server all confirm, and when receiving distribution instruction, according to described distribution Instruction obtains service set SSID of router, and the password described terminal generated is in plain text with described SSID is sent to described home appliance, receives described password in plain text with described for described home appliance SSID, by described password, in plain text and described SSID is connected to described router, carries out with described terminal Local network communication.

8. a home appliance, it is characterised in that described home appliance includes:

9. home appliance as claimed in claim 8, it is characterised in that described second key negotiation module Including:

Second ciphering unit, for when, after network configuration success, using the Cloud Server PKI prestored, right The 3rd random number and the MAC address prestored that described home appliance generates add Close, generate the 3rd ciphertext, and be sent to described Cloud Server, for described Cloud Server deciphering described the Three ciphertexts, are encrypted the second decryption information of deciphering gained with the 4th random number generated, obtain 4th ciphertext, and it is sent to described home appliance；

10. home appliance as claimed in claim 8 or 9, it is characterised in that described communication module is also For receiving password that described terminal sends in plain text and service set SSID, by described password in plain text and Described SSID is connected to described router, carries out Local network communication with described terminal.

11. 1 kinds of home appliances, Cloud Server and the means of communication of terminal, it is characterised in that described family The means of communication of electricity equipment, Cloud Server and terminal include:

12. home appliances as claimed in claim 11, Cloud Server and the means of communication of terminal, it is special Levying and be, described after described terminal powers on, described terminal and described Cloud Server carry out key agreement, To confirm that the step of the legitimacy of described terminal and described Cloud Server includes:

13. home appliances as claimed in claim 11, Cloud Server and the means of communication of terminal, it is special Levy and be, described after described home appliance network configuration is successful, described home appliance and described cloud service Device carries out key agreement, to confirm that home appliance includes with the step of the legitimacy of Cloud Server:

When, after the success of described home appliance network configuration, described home appliance uses the Cloud Server prestored public Key, the 3rd random number generating described home appliance and the MAC address prestored enter Row encryption, generates the 3rd ciphertext, and is sent to described Cloud Server, deciphers institute for described Cloud Server State the 3rd ciphertext, the second decryption information of deciphering gained be encrypted with the 4th random number generated, Obtain the 4th ciphertext, and be sent to described home appliance；

14. communications of home appliance, Cloud Server and terminal as described in any one of claim 11 to 13 Method, it is characterised in that described all confirm legal when described terminal and described Cloud Server, and receives During distribution instruction, the step that described terminal carries out network configuration to described home appliance includes: