CN106028319A - Method and device for resisting illegal connection attack in slave Bluetooth device - Google Patents

Method and device for resisting illegal connection attack in slave Bluetooth device Download PDF

Info

Publication number
CN106028319A
CN106028319A CN201610563344.2A CN201610563344A CN106028319A CN 106028319 A CN106028319 A CN 106028319A CN 201610563344 A CN201610563344 A CN 201610563344A CN 106028319 A CN106028319 A CN 106028319A
Authority
CN
China
Prior art keywords
bluetooth equipment
main bluetooth
slave
illegal
main
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610563344.2A
Other languages
Chinese (zh)
Other versions
CN106028319B (en
Inventor
张华�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201610563344.2A priority Critical patent/CN106028319B/en
Publication of CN106028319A publication Critical patent/CN106028319A/en
Application granted granted Critical
Publication of CN106028319B publication Critical patent/CN106028319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method and device for resisting an illegal connection attack in a slave Bluetooth device. The method provided by the invention comprises the steps of setting the value of the switch parameter of the slave Bluetooth device to be the fact that the identity of a master Bluetooth device is illegal when the slave Bluetooth device is connected with any one master Bluetooth device, starting a timer, and carrying out identity authentication on the master Bluetooth device; setting the value of the switch parameter to be the fact that the identity of the master Bluetooth device is legal when it is determined that the master Bluetooth device is legal through the identity authentication; or otherwise cancelling the connection with the master Bluetooth device; immediately detecting the value of the switch parameter after a set period is over according to the timer, when the value of the switch parameter is the fact that the identity of the master Bluetooth device is illegal, cancelling the connection with the master Bluetooth device; and when the master Bluetooth device accesses the data in the slave Bluetooth device, if the value of the switch parameter is the fact that the identity of the master Bluetooth device is legal, allowing the access, otherwise cancelling the connection with the master Bluetooth device.

Description

A kind of method and apparatus resisting illegal connection attack at slave Bluetooth equipment
Technical field
The present invention relates to field of information security technology, particularly a kind of at slave Bluetooth equipment Resist the method and apparatus that illegal connection is attacked.
Background technology
Low-power consumption bluetooth, also known as BLE (Bluetooth Low Energy).It is being in connection shape In a pair BLE equipment of state, necessarily having one is Master (leading role's color), and another is Slave (from role).Before entering connection status, Slave is always in broadcast message, and Master sweeps It can be initiated connection request after retouching the broadcast message of Slave, and accept at Slave After request, both sides establish a connection.
Slave refuses nobody for connection request, and any one scans Slave broadcast BLE Master equipment can initiate connection request to Slave, as long as Slave receives connection and asks Ask and will be immediately subjected to.As it is shown in figure 1, be the connection status schematic diagram of low-power consumption bluetooth equipment, Because a slave can only connect a master, if so in an illegal master connection Slave, the most legal master just cannot connect this slave, thus the most just cannot be with this Individual slave realizes bluetooth communication.Illegal master and slave connect during this period of time in legal Master cannot set up with slave always and connect, and more cannot communicate with.Constitute and refuse Service attack absolutely.
Want to allow legal master have an opportunity to connect slave, slave must be made to reenter broadcast State, at present conventional way is slave power-off to be re-powered, or make slave away from Illegal master.
But at present conventional method, due to it cannot be guaranteed that legal master can the very first time with In slave connection, it is thus possible to need, frequently by slave power-off be powered back up, to cause user Experience Degree is poor.It is additionally, since slave and can not record illegal master, therefore cannot be avoided same The repeatedly connection of illegal master.
Summary of the invention
In order to solve the problems referred to above at least in part, the present invention provides a kind of at slave Bluetooth equipment Resist the method and apparatus that illegal connection is attacked, it is possible to ensure to be connected by illegal master as slave Afterwards, need not power-off or away from slave being made automatically to disconnect within the shortest time again With the connection of illegal master, and illegal master can be carried out record, with more quickly Disconnect same illegal master with slave repeat be connected, to legal master with again with slave Set up the chance of legal connection.
For achieving the above object, according to an aspect of the invention, it is provided one is blue in subordinate Tooth equipment resists the method that illegal connection is attacked.
A kind of slave Bluetooth equipment resist illegal connection attack method, including: when described from When genus bluetooth equipment is connected with arbitrary main bluetooth equipment, the switch of described slave Bluetooth equipment is joined The value of number is set to " main bluetooth equipment identity is illegal ", starts intervalometer, and performs this The authentication of main bluetooth equipment;Wherein, described main bluetooth equipment is determined when described authentication Legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ", otherwise Disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, in the time set The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main bluetooth after Qi Maning Equipment identities is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, as described master Bluetooth equipment accesses the data in described slave Bluetooth equipment, if the value of described switch parameter is " main bluetooth equipment identity is legal ", then allow to access, otherwise disconnect and this main bluetooth equipment Connect.
Alternatively, check that the value of described switch parameter sends Interruption by described intervalometer Triggering, wherein after the time of described setting expires, described intervalometer sends described timing immediately Interrupt.
Alternatively, the time of described setting be hardware capabilities according to described slave Bluetooth equipment and Product demand is arranged.
Alternatively, described switch parameter does not has label, and can not be by main Bluetooth device operation.
Alternatively, described authentication includes: slave Bluetooth equipment generates random number, and should Random number is sent to main bluetooth equipment;Described main bluetooth equipment use oneself private key to described with Machine number is digitally signed, and described digital signature is sent to described slave Bluetooth equipment;Institute Stating slave Bluetooth equipment uses the PKI of described main bluetooth equipment to test described digital signature Card, if it is possible to restore described random number, then described in certification, main bluetooth equipment identity is legal, Otherwise described in certification, main bluetooth equipment identity is illegal.
Alternatively, also include: by making described random number the most random and long enough, and/or By using symmetric encipherment algorithm that random number and digital signature thereof are encrypted, do not conform to resist The eavesdropping to identification authentication data of the main bluetooth equipment of method.
Alternatively, also include: by arranging blacklist, blue with described subordinate before preserving The illegal main bluetooth equipment of identity that tooth equipment connected so that illegal main bluetooth equipment Can directly disconnect after being again coupled to described slave Bluetooth equipment.
According to a further aspect in the invention, it is provided that a kind of resisting at slave Bluetooth equipment illegally connects Connect the device of attack.
A kind of resist the device that illegal connection is attacked at slave Bluetooth equipment, including: memorizer and Processor, wherein, described memory store instruction;Described processor performs described instruction and is used for: When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth equipment The value of switch parameter be set to " main bluetooth equipment identity is illegal ", start intervalometer, and Perform the authentication to this main bluetooth equipment;Wherein, described master is determined when described authentication Bluetooth equipment is legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ", Otherwise disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, set The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main after time is expired Bluetooth equipment identity is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, institute is worked as State main bluetooth equipment and access the data in described slave Bluetooth equipment, if described switch parameter Value is " main bluetooth equipment identity is legal ", then allow to access, and otherwise disconnects and setting with this main bluetooth Standby connection.
Alternatively, described processor checks that the value of described switch parameter is sent by described intervalometer Interruption triggers, and wherein after the time of described setting expires, described intervalometer is sent out immediately Go out described Interruption.
Alternatively, the time of described setting be hardware capabilities according to described slave Bluetooth equipment and Product demand is arranged.
Alternatively, described switch parameter does not has label, and can not be by main Bluetooth device operation.
Alternatively, described processor carries out described authentication and includes: slave Bluetooth equipment generates Random number, and this random number is sent to main bluetooth equipment;Described main bluetooth equipment uses oneself Private key described random number is digitally signed, and described digital signature is sent to described from Belong to bluetooth equipment;Described slave Bluetooth equipment uses described main bluetooth equipment to described digital signature PKI verify, if it is possible to restore described random number, then described in certification, main bluetooth sets Standby identity is legal, and otherwise described in certification, main bluetooth equipment identity is illegal.
Alternatively, described processor is additionally operable to: by making described random number the most random and foot Enough long, and/or by using symmetric encipherment algorithm that random number and digital signature thereof are encrypted, To resist the eavesdropping to identification authentication data of the illegal main bluetooth equipment.
Alternatively, described processor is additionally operable to: by arranging blacklist, for preserve before with The illegal main bluetooth equipment of identity that described slave Bluetooth equipment connected so that illegal Main bluetooth equipment can directly disconnect after being again coupled to described slave Bluetooth equipment.
According to technical scheme, by for slave Bluetooth equipment insertion switch parameter switch The identity identifying main bluetooth equipment is the most legal, and recognizes by main bluetooth equipment is carried out identity Demonstrate,prove to revise the value of switch parameter, and determine according to the value of switch parameter and be to maintain or disconnected Open and the connection of main bluetooth equipment, it is possible to ensure after slave is connected by illegal master, no With power-off again or away from, at most set short time expire after make slave from dynamic circuit breaker at once Open and the connection of illegal master.Meanwhile, the authentication to main bluetooth equipment is encrypted, Illegal master passively eavesdropping identification authentication data can be resisted, improve bluetooth equipment and connect Safety.It addition, illegal master can be carried out record by the way of arranging blacklist, With disconnect more quickly same illegal master with slave repeat be connected, thus give legal Master again to set up the legal chance being connected with slave.
Accompanying drawing explanation
Accompanying drawing is used for being more fully understood that the present invention, does not constitute inappropriate limitation of the present invention.Wherein:
Fig. 1 is the connection status schematic diagram of low-power consumption bluetooth equipment;
Fig. 2 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack The key step schematic diagram of method;
Fig. 3 is the authentication procedures schematic diagram of the embodiment of the present invention;
Fig. 4 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack The main modular schematic diagram of device.
Detailed description of the invention
Below in conjunction with accompanying drawing, the one exemplary embodiment of the present invention is explained, including this The various details of bright embodiment are to help understanding, it should they are thought the most exemplary. Therefore, those of ordinary skill in the art are it should be appreciated that can do the embodiments described herein Go out various changes and modifications, without departing from scope and spirit of the present invention.Equally, in order to clearly Chu, with simple and clear, eliminates the description to known function and structure in description below.
Fig. 2 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack The key step schematic diagram of method.According to embodiments of the invention, the present invention mainly can include Two parts content: one is the authentication to main bluetooth equipment;Two is the knot according to authentication Fruit determines whether to disconnect the connection with main bluetooth equipment.As in figure 2 it is shown, the present invention in subordinate Bluetooth equipment is resisted the method for illegal connection attack and is mainly included steps S21 and step S22。
Step S21: when slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, slave Bluetooth The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", and to start fixed simultaneously Time device, and perform the authentication to this main bluetooth equipment;
Step S22: when authentication determines that main bluetooth equipment is legal, then the value of switch parameter is set It is set to " main bluetooth equipment identity is legal ", otherwise disconnects the connection with this main bluetooth equipment;Root According to intervalometer, after the time set expires, it is immediately checked for the value of switch parameter, works as switch parameter Value be " main bluetooth equipment identity is illegal ", then disconnect and the connection of this main bluetooth equipment; Data in main bluetooth equipment accesses slave Bluetooth equipment, if the value of switch parameter is " main Bluetooth equipment identity is legal ", then allow to access, otherwise disconnect the connection with this main bluetooth equipment.
On slave Bluetooth equipment slave, service a service, this service are at least set At least to include no matter characteristic characteristic that can write write (is write with Response or write without response).The most main bluetooth equipment master can Write the data of slave, slave can be controlled.Of course, if slave equipment wants to allow master If reading the data of oneself, then an Indication Characteristics should be set under service Indication characteristic or notification characteristic notification characteristic.
In the present invention, introduce a switch parameter switch for slave Bluetooth equipment slave to be used for The identity recording main bluetooth equipment master is the most legal.This switch parameter switch does not has label, And can not be by main Bluetooth device operation.Owing to switch data do not work out label Tag, therefore lead It cannot be addressed by bluetooth equipment master, the most just cannot read and write these data.Wherein.This In bright slave equipment, the mode of data storage will be in rear detailed description.
When slave Bluetooth equipment slave begins to power up and runs, will switch initial value arrange Become " Master identity is illegal ".Similarly, when slave is connected with arbitrary master, also Immediately the value of switch can be arranged to " Master identity is illegal ", enable immediately meanwhile One intervalometer, and perform this master is carried out the program of authentication.
According to embodiments of the invention, master is carried out authentication and mainly can include following Step:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed Method, otherwise described in certification, main bluetooth equipment identity is illegal.
Fig. 3 is the authentication procedures schematic diagram of the embodiment of the present invention.As it is shown on figure 3, when having Master with slave sets up after being connected, and pressure master is carried out authentication by slave.Recognize Card process is as follows:
1, slave equipment end generates random number random, and is sent to by random number random Master, it is to note that the most immediately random number random is sent to once after enabling intervalometer Master is to carry out authentication;
2, master uses the private key priv_key of oneself to be digitally signed random, and Digital signature is sent to slave;
3, digital signature is used the PKI pub_key of master to verify by slave;
4 if able to restore random, then illustrates that master identity is legal, if also Former do not go out random, then illustrate that master identity is illegal.
If the identity of certification master is legal, the value of switch is set to " Master identity conjunction Method ";If the identity of certification master is illegal, then keep initial value " the Master body of switch Part is illegal " constant.
When determining whether to disconnect the connection with main bluetooth equipment according to the result of authentication, main If the value according to global variable switch is carried out.
As it was previously stated, after authentication, if the value of switch is " Master identity is legal " Time, by keeping the connection of slave and this master, if the value of switch is " Master identity Illegal " time, will be switched off the connection with master.
After slave is connected with arbitrary master, enable an intervalometer immediately.Can not be timely In the case of determining that the identity of master is the most legal, utilize intervalometer according to the time set Whether time_x expires the connection deciding whether to disconnect slave and master.Owing to entering The when of row authentication, it may appear that network delay or master malice delay turnaround time etc. Situation, causes can not completing authentication in time.In order to ensure safety, in the time set When expiring, the connection of possible illegal master is disconnected, hence with intervalometer according to setting Time time_x by may illegal master connection disconnect.
The time of above-mentioned setting is the hardware capabilities according to described slave Bluetooth equipment and product demand Arrange.
According to embodiments of the invention, check that the value of described switch parameter can be by described timing Device sends Interruption and triggers, wherein after the time of described setting expires, and described intervalometer Send described Interruption immediately.Such as: intervalometer can be set time_x (such as: 1 second) An Interruption is sent time expired, in the process function of the Interruption to this intervalometer, Master authentication result to be checked:
(if switch==Master identity is legal)
Do not perform any operation
Otherwise
Disconnect and the connection of illegal Master.
It addition, after master with slave is connected, although authentication does not also carry out or has opened In the case of beginning but being not fully complete, can also be for main bluetooth equipment master and access slave Bluetooth equipment The fact that data in slave disconnect the connection of slave and master, thus prevent may be non- The master of method obtains the data of slave.When main bluetooth equipment master accesses slave Bluetooth equipment Data in slave, if the value of switch parameter switch is " main bluetooth equipment identity is legal ", Then allow to access, otherwise turn off and the connection of this main bluetooth equipment.It is to say, utilize Global variable switch protects other data in slave.Protected mode is as follows:
(if switch==Master identity is legal)
Data in Slave allow to access
Otherwise
Disconnect and the connection of illegal Master.
Take above scheme, after slave with master is connected, if master is illegal If master, the time time_x (such as 1 second) up to set expires, and slave equipment is just Can actively disconnect and the connection of master.If master has access slave before time_x expires The action of data in equipment, then slave equipment will be directly resulted in and this master disconnects; If master authentication failure before time_x expires, authentication authorization and accounting result is that master is illegal, The most also can directly result in slave equipment and illegal master disconnects.
Therefore, if be not fully complete the authentication to master when time_x expires, then disconnect Connection with this master;If master does not carry out authentication directly accesses the data of slave, Then can directly be disconnected the connection with this master;If to the result of master authentication being This master is illegal, the most directly disconnects the connection with this master.
If completing authentication before time_x expires and authentication result being that master is legal, that This master can normally access data.In this case, timing when time_x expires has been arrived Device can still send Interruption.Now, interrupt processing function checks the value of switch, this value Should be " Master identity is legal ".
According to technical scheme, attack to preferably resist illegal connection, it is also possible to Take below scheme:
Scheme 1, resist and passively eavesdrop to obtain identification authentication data
By making described random number the most random and long enough, and/or by using symmetric cryptography Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair The eavesdropping of identification authentication data.
In conjunction with Fig. 3, if there being illegal master eavesdropping to obtain < random, the number of legal master Word signature priv_key (random) > data pair, and set up list.The most once it is eavesdropped again After random, although it cannot calculate digital signature priv_key (random), but By acquisition digital signature priv_key (random) of tabling look-up, thus legal identity can be pretended to be.For Resist this attack, can take two kinds of measures:
Measure one: the generation of random number random to be tried one's best at random, and long enough, so occurs The probability of random number collision is close to 0;
Measure two:<random, digital signature priv_key (random)>data can be transmitted into Row symmetric cryptography, uses the symmetric key that master and slave shares, and uses symmetry algorithm to carry out Encryption and decryption.
Scheme 2, blacklist system can be set up
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth Can directly disconnect for after being again coupled to.
Because comprise the physical address mac address of master in a connection request, so right In being disconnected the master connected by slave equipment, can preserve a illegal in slave The physical address mac address list of master.So another as the master in blacklist In secondary reconnect after slave, slave need not verify the identity of this master, directly breaks Open the connection with it.So, can disconnect more quickly and the connection of illegal master.
Data storage format in of the present invention slave equipment is explained below.
The organizational form that data in slave equipment can be taked is shown in Table 1.
Table 1
Communication mode Storage mode Data name
TLV Value Name
Switch_ value Switch
TLV_1 Property_1_ value property_1
TLV_2 Property_2_ value property_2
TLV_3 Property_3_ value property_3
TLV_4 Property_4_ value property_4
…… …… ……
TLV_n Property_n_ value property_n
Wherein, name represents the title of data, and value represents the value of data.
Wherein, switch is in the present invention switch parameter arranged for slave, property_x (x=1,2 ..., n) it is the data that slave and master can communicate.The present invention adopts The communication mode encoded by label length value TLV (Tag+Length+Value), make slave and Master carries out data communication.
Wherein, the form of each label length value TLV coding is as shown in table 2.
Table 2
Tag ID Length Value
2Byte 1Byte x Byte
Wherein, label Tag is the Tag that data Property_x that present communications is to be operated are corresponding, Can number flexibly;Length Length is the length of Value, namely data Property_x_ value Corresponding length;Value Value is that the Property_x of current operation is in this communication process Value.
As can be seen from Table 1, data switch are not work out label Tag value, such master Just switch cannot be addressed, thus these data cannot be read and write, that is switch cannot be revised Value.Thereby may be ensured that the objective correctness of the value of switch.
Fig. 4 be according to embodiments of the present invention slave Bluetooth equipment resist illegal connection attack The main modular schematic diagram of device.As shown in Figure 4, the resisting at slave Bluetooth equipment of the present invention The device 40 that illegal connection is attacked mainly includes memorizer 41 and processor 42.
Wherein, memorizer 41 storage instruction;Processor 42 performs described instruction and is used for: work as institute State slave Bluetooth equipment when being connected with arbitrary main bluetooth equipment, opening of described slave Bluetooth equipment The value of related parameter is set to " main bluetooth equipment identity is illegal ", starts intervalometer, and performs Authentication to this main bluetooth equipment;Wherein, described main bluetooth is determined when described authentication Equipment is legal, then the value of described switch parameter is set to " main bluetooth equipment identity is legal ", Otherwise disconnect the connection with this main bluetooth equipment;Wherein, according to described intervalometer, set The value of described switch parameter it is immediately checked for, when the value of described switch parameter is " main after time is expired Bluetooth equipment identity is illegal ", then disconnect the connection with this main bluetooth equipment;Wherein, institute is worked as State main bluetooth equipment and access the data in described slave Bluetooth equipment, if described switch parameter Value is " main bluetooth equipment identity is legal ", then allow to access, and otherwise disconnects and setting with this main bluetooth Standby connection.
Processor 42 checks that the value of described switch parameter sends Interruption by described intervalometer Triggering, wherein after the time of described setting expires, described intervalometer sends described timing immediately Interrupt.
In the present invention, the time of described setting is the hardware capabilities according to described slave Bluetooth equipment With product demand setting.
Described switch parameter does not has label, and can not be by main Bluetooth device operation.
According to technical scheme, processor 42 carries out described authentication and includes: subordinate Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;Described main bluetooth Equipment uses the private key of oneself to be digitally signed described random number, and by described digital signature It is sent to described slave Bluetooth equipment;Described slave Bluetooth equipment uses institute to described digital signature The PKI stating main bluetooth equipment is verified, if it is possible to restore described random number, then certification Described main bluetooth equipment identity is legal, and otherwise described in certification, main bluetooth equipment identity is illegal.
Processor 42 can be also used for: by making described random number the most random and long enough, And/or by using symmetric encipherment algorithm random number and digital signature thereof to be encrypted, to resist The eavesdropping to identification authentication data of the illegal main bluetooth equipment.
Processor 42 can be also used for: by arranging blacklist, for preserve before with described from Belong to the illegal main bluetooth equipment of identity that bluetooth equipment connected so that illegal main bluetooth Equipment can directly disconnect after being again coupled to described slave Bluetooth equipment.
Technical scheme according to embodiments of the present invention, by joining for slave Bluetooth equipment insertion switch The identity that number switch identifies main bluetooth equipment is the most legal, and by main bluetooth equipment is entered Row authentication is to revise the value of switch parameter, and determines it is to protect according to the value of switch parameter Hold and be also off and the connection of main bluetooth equipment, it is possible to ensure to be connected by illegal master as slave Afterwards, need not again power-off or away from, at most set short time expire after make slave immediately Automatically the connection with illegal master is disconnected.Meanwhile, the authentication to main bluetooth equipment is carried out Encryption, can resist illegal master passively eavesdropping identification authentication data, improves bluetooth and sets The standby safety connected.It addition, illegal master can be entered by the way of arranging blacklist Row record, with disconnect more quickly same illegal master with slave repeat be connected, thus give Legal master again to set up the legal chance being connected with slave.
Above-mentioned detailed description of the invention, is not intended that limiting the scope of the invention.This area Technical staff, it is to be understood that depend on that design requires and other factors, can occur various The amendment of various kinds, combination, sub-portfolio and replacement.Any within the spirit and principles in the present invention Amendment, equivalent and the improvement etc. made, within should be included in scope.

Claims (14)

1. the method resisting illegal connection attack at slave Bluetooth equipment, it is characterised in that Including:
When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", starts intervalometer, And perform the authentication to this main bluetooth equipment;
Wherein, determine that described main bluetooth equipment is legal, then described switch when described authentication The value of parameter is set to " main bluetooth equipment identity is legal ", otherwise disconnects and this main bluetooth equipment Connection;
Wherein, according to described intervalometer, after the time set expires, it is immediately checked for described switch The value of parameter, when the value of described switch parameter is " main bluetooth equipment identity is illegal ", then breaks Open and the connection of this main bluetooth equipment;
Wherein, the data in described main bluetooth equipment accesses described slave Bluetooth equipment, if The value of described switch parameter is " main bluetooth equipment identity is legal ", then allow to access, otherwise break Open and the connection of this main bluetooth equipment.
Method the most according to claim 1, it is characterised in that check described switch parameter Value send Interruption by described intervalometer and trigger, wherein when phase time of described setting Man Hou, described intervalometer sends described Interruption immediately.
Method the most according to claim 1, it is characterised in that the time of described setting is Hardware capabilities according to described slave Bluetooth equipment and product demand are arranged.
Method the most according to claim 1, it is characterised in that described switch parameter does not has Label, and can not be by main Bluetooth device operation.
Method the most according to claim 1, it is characterised in that described authentication includes:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed Method, otherwise described in certification, main bluetooth equipment identity is illegal.
Method the most according to claim 5, it is characterised in that also include:
By making described random number the most random and long enough, and/or by using symmetric cryptography Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair The eavesdropping of identification authentication data.
Method the most according to claim 1, it is characterised in that also include:
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth Can directly disconnect for after being again coupled to.
8. the device resisting illegal connection attack at slave Bluetooth equipment, it is characterised in that Including:
Memorizer and processor, wherein,
Described memory store instruction;
Described processor performs described instruction and is used for:
When described slave Bluetooth equipment is connected with arbitrary main bluetooth equipment, described slave Bluetooth The value of the switch parameter of equipment is set to " main bluetooth equipment identity is illegal ", starts intervalometer, And perform the authentication to this main bluetooth equipment;
Wherein, determine that described main bluetooth equipment is legal, then described switch when described authentication The value of parameter is set to " main bluetooth equipment identity is legal ", otherwise disconnects and this main bluetooth equipment Connection;
Wherein, according to described intervalometer, after the time set expires, it is immediately checked for described switch The value of parameter, when the value of described switch parameter is " main bluetooth equipment identity is illegal ", then breaks Open and the connection of this main bluetooth equipment;
Wherein, the data in described main bluetooth equipment accesses described slave Bluetooth equipment, if The value of described switch parameter is " main bluetooth equipment identity is legal ", then allow to access, otherwise break Open and the connection of this main bluetooth equipment.
Device the most according to claim 8, it is characterised in that described processor checks institute State the value of switch parameter to send Interruption by described intervalometer and trigger, wherein set when described After the fixed time expires, described intervalometer sends described Interruption immediately.
Device the most according to claim 8, it is characterised in that the time of described setting is Hardware capabilities according to described slave Bluetooth equipment and product demand are arranged.
11. devices according to claim 8, it is characterised in that described switch parameter does not has Label, and can not be by main Bluetooth device operation.
12. devices according to claim 8, it is characterised in that described processor carries out institute State authentication to include:
Slave Bluetooth equipment generates random number, and this random number is sent to main bluetooth equipment;
Described main bluetooth equipment uses the private key of oneself to be digitally signed described random number, and Described digital signature is sent to described slave Bluetooth equipment;
Described digital signature is used the PKI of described main bluetooth equipment to enter by described slave Bluetooth equipment Row checking, if it is possible to restore described random number, then main bluetooth equipment identity described in certification is closed Method, otherwise described in certification, main bluetooth equipment identity is illegal.
13. devices according to claim 12, it is characterised in that described processor is also used In:
By making described random number the most random and long enough, and/or by using symmetric cryptography Random number and digital signature thereof are encrypted by algorithm, to resist illegal main bluetooth equipment pair The eavesdropping of identification authentication data.
14. devices according to claim 8, it is characterised in that described processor is additionally operable to:
By arranging blacklist, the body being connected with described slave Bluetooth equipment before preserving The illegal main bluetooth equipment of part so that illegal main bluetooth equipment sets with described slave Bluetooth Can directly disconnect for after being again coupled to.
CN201610563344.2A 2016-07-18 2016-07-18 A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment Active CN106028319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610563344.2A CN106028319B (en) 2016-07-18 2016-07-18 A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610563344.2A CN106028319B (en) 2016-07-18 2016-07-18 A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment

Publications (2)

Publication Number Publication Date
CN106028319A true CN106028319A (en) 2016-10-12
CN106028319B CN106028319B (en) 2019-06-04

Family

ID=57118443

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610563344.2A Active CN106028319B (en) 2016-07-18 2016-07-18 A kind of method and apparatus for resisting illegal connection attack in slave Bluetooth equipment

Country Status (1)

Country Link
CN (1) CN106028319B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107105398A (en) * 2017-05-25 2017-08-29 北京京东尚科信息技术有限公司 A kind of method and apparatus of communication
CN110505609A (en) * 2018-09-19 2019-11-26 深圳市文鼎创数据科技有限公司 A kind of bluetooth exchange method, bluetooth interactive device and terminal device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187369A (en) * 2015-06-05 2015-12-23 杭州华三通信技术有限公司 Data access method and data access device
CN105430603A (en) * 2015-12-03 2016-03-23 北京握奇智能科技有限公司 Secure connection method and system for Bluetooth equipment
CN105610832A (en) * 2015-12-30 2016-05-25 北京华大智宝电子系统有限公司 Bluetooth device pairing method and Bluetooth device
CN105722013A (en) * 2016-02-02 2016-06-29 深圳市文鼎创数据科技有限公司 Bluetooth pairing method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187369A (en) * 2015-06-05 2015-12-23 杭州华三通信技术有限公司 Data access method and data access device
CN105430603A (en) * 2015-12-03 2016-03-23 北京握奇智能科技有限公司 Secure connection method and system for Bluetooth equipment
CN105610832A (en) * 2015-12-30 2016-05-25 北京华大智宝电子系统有限公司 Bluetooth device pairing method and Bluetooth device
CN105722013A (en) * 2016-02-02 2016-06-29 深圳市文鼎创数据科技有限公司 Bluetooth pairing method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107105398A (en) * 2017-05-25 2017-08-29 北京京东尚科信息技术有限公司 A kind of method and apparatus of communication
CN110505609A (en) * 2018-09-19 2019-11-26 深圳市文鼎创数据科技有限公司 A kind of bluetooth exchange method, bluetooth interactive device and terminal device

Also Published As

Publication number Publication date
CN106028319B (en) 2019-06-04

Similar Documents

Publication Publication Date Title
US11335144B2 (en) Method for unlocking intelligent lock, mobile terminal, intelligent lock and server
CN111209334B (en) Power terminal data security management method based on block chain
US9107069B2 (en) Addressable radio device
CN100590639C (en) System and method for managing multiple smart card sessions
CN104539420B (en) A kind of safety key managing method of general Intelligent hardware
CN111355684B (en) Internet of things data transmission method, device and system, electronic equipment and medium
CN103795541B (en) Secure communication method of electricity information acquisition system of 230M wireless private network channel
KR101410764B1 (en) Apparatus and method for remotely deleting important information
CN109905869A (en) Data transmission method between a kind of charging equipment and smart machine
CN104980449B (en) The safety certifying method and system of network request
CN101296136B (en) Method and system for information distribution of server information, and management device
CN109729000B (en) Instant messaging method and device
CN104539517A (en) Chatting method and system based on intelligent terminal local server
GB2494550A (en) Dynamic address allocation to a radio device
CN103595529B (en) The changing method of a kind of one-pass key and realize device
CN106028319A (en) Method and device for resisting illegal connection attack in slave Bluetooth device
CN102957704A (en) Method, device and system for determining MITM (Man-In-The-Middle) attack
US20130227173A1 (en) Information notification apparatus, method, and program product
CN109743319A (en) A kind of credible starting of network type private server and method for safe operation
CN109104385A (en) A kind of method and apparatus preventing MACSEC exit passageway failure
CN103188084B (en) Method, system and the broadcasting server of a kind of broadcasting user picture
CN103501298B (en) A kind of non-interrupting service escalation process ensures the method and apparatus that link does not stop
CN112350823B (en) CAN FD communication method between vehicle-mounted controllers
WO2020140926A1 (en) Key generation method, terminal device and network device
CN103634292A (en) Method and system for communication information transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant