CN106789013A - Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK - Google Patents

Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK Download PDF

Info

Publication number
CN106789013A
CN106789013A CN201611195997.6A CN201611195997A CN106789013A CN 106789013 A CN106789013 A CN 106789013A CN 201611195997 A CN201611195997 A CN 201611195997A CN 106789013 A CN106789013 A CN 106789013A
Authority
CN
China
Prior art keywords
sdk
ble
key
data
mutual trust
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201611195997.6A
Other languages
Chinese (zh)
Inventor
金山
王强
何宇
卢苇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhongcheng Science And Technology Co Ltd
Original Assignee
Shenzhen Zhongcheng Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhongcheng Science And Technology Co Ltd filed Critical Shenzhen Zhongcheng Science And Technology Co Ltd
Priority to CN201611195997.6A priority Critical patent/CN106789013A/en
Publication of CN106789013A publication Critical patent/CN106789013A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

The invention discloses mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK.Methods described includes:SDK is set up with the BLE of door lock by bluetooth and is connected;SDK and BLE carries out mutual trust certification:SDK transfers data to BLE according to the encryption key and cipher mode made an appointment after setting up connection, BLE carries out data deciphering according to the key made an appointment, data according to obtaining are verified and are returned to the mutual letter datas of SDK, SDK is authenticated to the data for returning, and certification mutual trust certification after connects and completes to set up;BLE cachings and " return " key";SDK receives the key of return and caches, for subsequent data transmission encryption provides key;SDK is based on the current data transfer being connected with BLE:Be connected in data transmission procedure based on the mutual trust for pre-building carries out Data Encryption Transmission by all data according to the key that SDK receives return.

Description

Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK
Technical field
The present invention relates to a kind of mutual trust and encipher-decipher method and its mutual trust and ciphering and deciphering device, more particularly to a kind of door lock Mutual trust based on bluetooth and encipher-decipher method and device between encryption chip and SDK.
Background technology
With the development of science and technology, the especially appearance of cloud computing, Internet of Things, concept the regarding also into the public of smart home Line.With society, the development of economic level, people are to the pursuit of household quality also more and more higher, it is desirable to home comfort, safety Change, life staying idle at home comfortableization, intellectuality, the demand to intelligent domestic system are also more and more stronger.Wireless intelligent house at this stage It is showing it is a technical advantage that be equipped with based on BLE technologies smart home, as long as holding mobile phone can just carry out remote control home Occupy equipment.Satisfactory, it need not push wall aside, arrange the circuit of numerous and complicated, convenient to install;Facilitate networking, if Standby autgmentability is strong;Low cost, it is low in energy consumption, meet Modern Family's green living theory;It is easy to maintenance, can timely and effectively find Failure and maintenance.
Current to pursue market operation, many enterprises are the reason for considering each side to safety during researching and developing product Consideration be not very perfect, so as to can be caused damage to the privacy of user and property.The Internet of Things based on BLE sets at this stage It is standby to be asked using the common internet based on https agreements in networking process in the terminal that internet is connected by mobile phone etc. Ask to obtain the data of internet;Carried out data transmission based on BLE technologies, the two ends for being typically due to connection can disconnect net Network, in the case where not encrypting, data transfer is safe relatively, and transmission every time is all built upon entering on the basis of current connection Capable.
The existing Internet of Things network service based on bluetooth only relies only on https and BLE connections and carries out data transmission, Although https solves the encryption in transmitting procedure, but the two ends of transmission are still plaintext, and BLE is then plaintext transmission.Base It is plaintext in two end datas of request in the request of https, exists in terminals such as mobile phones and obtain privacy of user or secure data Danger;The appearance of terminal Bluetooth sniffer is intercepted and captured based on the transmission of BLE technical data so that passed using not encryption data Data can be trapped and maliciously be used when defeated, can cause than more serious consequence.
Wherein, abbreviation and Key Term are defined as follows.
BLE:Bluetooth low energy consumption technologies are the robustness wireless technologys of low cost, short distance, interoperable, are operated in and exempt to be permitted Can 2.4GHz ISM radio frequency bands.BLE technologies use very quick connected mode, therefore usually may be at " disconnected " State (save energy), now both link ends are each other to know other side, link are only just opened when necessary, then to the greatest extent Link is closed in time that may be short.
HTTPS:HTTPS (full name:Hyper Text Transfer Protocol over Secure Socket Layer), it is HTTP passages with safety as target, is briefly the safe version of HTTP.That is SSL layers, HTTPS are added under HTTP Foundation for security be SSL, therefore encryption detailed content be accomplished by SSL.
Authentication:Authentication is also referred to as " authentication " or " identity discriminating ", refers in computer and computer network The process of operator's identity is confirmed in network system, so that it is determined that whether the user has access and the right to use to certain resource Limit, and then the access strategy of cyber-net system is reliably and efficiently performed, prevent attacker from palming off validated user Obtain the access rights of resource, it is ensured that the safety of system and data, and authorize the legitimate interests of visitor.
The content of the invention
In order to solve the above-mentioned technical problem, based on bluetooth between the encryption chip and SDK for proposing a kind of door lock of the invention Mutual trust and encipher-decipher method and device, the present invention can be between the encryption chip of door lock and SDK between, will from data storage, Data two ends are authenticated and encrypted during data transfer, data use, thus solve data being stolen in storage, The potential safety hazards such as usurping in data transfer, data distorting in.
Solution of the invention is:Mutual trust based on bluetooth and encryption and decryption between the encryption chip and SDK of a kind of door lock Method, it is comprised the following steps:
SDK sets up with BLE and is connected:SDK is set up with the BLE of door lock by bluetooth and is connected;
SDK and BLE carries out mutual trust certification:SDK is according to the encryption key and encryption side made an appointment after setting up connection Formula transfers data to BLE, and BLE carries out data deciphering according to the key made an appointment, and is verified simultaneously according to the data for obtaining The mutual letter datas of SDK are returned to, SDK is authenticated to the data for returning, certification mutual trust certification after connects and completes to set up;
BLE cachings and " return " key":The mutual trust for BLE pre-build in mutual trust certification according to SDK is connected, and BLE will Cipher key cache is simultaneously transferred to SDK;
SDK receives the key of return and caches:SDK receives the key that BLE is returned, and encryption is buffered in locally, is follow-up Data transfer encryption provides key;
SDK is based on the current data transfer being connected with BLE:It is connected in data transmission procedure based on the mutual trust for pre-building All data are received the key for returning according to SDK carries out Data Encryption Transmission.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is It is no legal.
Used as the further improvement of such scheme, SDK is arranged on communication terminal.
Further, communication terminal is mobile phone.
Mutual trust based on bluetooth and ciphering and deciphering device, institute between the encryption chip and SDK that a kind of door lock is also provided of the invention Stating mutual trust and ciphering and deciphering device also includes:
Connection establishment module, is connected for making SDK be set up with BLE:SDK is set up with the BLE of door lock by bluetooth and is connected;
Mutual trust authentication module, for making SDK and BLE carry out mutual trust certification:SDK is according to making an appointment after setting up connection Encryption key and cipher mode transfer data to BLE, BLE carries out data deciphering according to the key made an appointment, according to obtaining The data for obtaining are verified and are returned to the mutual letter datas of SDK, and SDK is authenticated to the data for returning, certification mutual trust after Certification connection completes to set up;
BLE cachings and " return " key" module, for making BLE cache and " return " key":Mutual trust is carried out according to SDK and BLE to recognize The mutual trust connection pre-build in card, BLE is by cipher key cache and is transferred to SDK;
Receiver module, for making SDK receive the key of return and cache:SDK receives the key that BLE is returned, and encrypts slow In the presence of local, for subsequent data transmission encryption provides key;
Data transmission module, for making SDK be based on the current data transfer being connected with BLE:Based on the mutual trust for pre-building It is connected in data transmission procedure and all data are received the key for returning according to SDK carries out Data Encryption Transmission.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is It is no legal.
Used as the further improvement of such scheme, SDK is arranged on communication terminal.
Further, communication terminal is mobile phone.
The stolen that will more effectively ensure the safety of data transfer and avoid during user's use using the present invention.
Brief description of the drawings
Fig. 1 is the integral frame figure of inventive network safe communication system.
Fig. 2 is the flow chart of the secure communication of network method between operation system and electronic certificate system.
Fig. 3 is the flow chart of the secure communication of network method between SDK and electronic certificate system.
Fig. 4 is the flow of the identity identifying method of the secure communication of network method between operation system and electronic certificate system Figure.
Fig. 5 is the flow chart of mutual trust and encipher-decipher method based on bluetooth between the encryption chip of door lock and SDK.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Inventive network safe communication system will be from during data storage, data transfer, data use to data two ends It is authenticated and encrypts, so that usurping in solving data being stolen in storage, data transfer, data distorts in Etc. potential safety hazard.It is therefore an object of the present invention to from network data storage, transmission, using solving safety problem in whole process, A full set of security solution is provided.
Fig. 1 is referred to, secure communication of network system of the invention is used to coordinate operation system, electronic certificate system, movement Secure communication between communication terminal (such as mobile phone), secure communication of network system of the invention can be used as software APP or plug-in unit etc. It is attached in electronic certificate system etc. form, realizes the secure communication between operation system, electronic certificate system, mobile phone.
The present invention can be applied on communication terminal such as mobile phone, and it to the offer of APP is that some services are used that SDK is Part, realizes that information is exchanged with the encryption chip of interior of mobile phone.Electronic certificate system generate beyond the clouds safety encryption electronics with Card data, are transmitted by network encryption, are encrypted in SDK sides and stored, and are then transferred to encryption chip by SDK and are decrypted and test Card.Electronic certificate system can be comprising Sever, api interface, Json interfaces, ID authentication mechanism and with supporting self-defined number According to electronic certificate data data storage.
Operation system can be to the application program being arranged on based on SDK on communication terminal, to provide the backstage of service System.Operation system is verified, to user's request after the trust for obtaining electronic certificate system to the data of user's request Legitimacy carries out authentication;And electronic certificate system can just perform corresponding industry after operation system completes checking and certification Business logic simultaneously returns to operation system its result.
Electronic certificate system itself provides the safety storage of data, and data encryption storage only has electronic certificate system to pass through Interface routine can be decrypted normally when obtaining data, and other approach cannot view encryption data original contents.
The initial encryption key that can negotiate with one another that the network communication being related in the present invention is set up in communication connection every time, Data in data exchange process are encrypted and decrypted for communicating two ends and used, even if other links have intercepted and captured data Encryption key cannot be obtained, so as to the risk that the data prevented in transmitting procedure are stolen.Mistake of the present invention in network communication Mutual identity can be verified when first connection is set up in journey, only can just be carried out after authentication success Subsequent communications, so as to prevent the risk that non-legally user steals data.The present invention is also in operation system and electronic certificate system Between add by operation system participate in certification verification mode so that the Information Security between system reaches highest.
Electronic certificate system generates the electronic certificate data of safety encryption beyond the clouds, is transmitted by network encryption, in mobile phone On the encryption storage of SDK sides, the encryption chip being then transferred on mobile phone by SDK is decrypted checking.
Secure communication of network system can set mutual trust and encryption and decryption mechanism one between api interface and operation system, be formed Secure communication of network device between operation system and electronic certificate system, realizes corresponding secure communication of network method.
As shown in Fig. 2 the communication mechanism between the api interface of operation system and electronic certificate system, operation system The data asked are verified after to the trust of electronic certificate system, the legitimacy to asking carries out authentication;Work as system Corresponding service logic can be just performed after completion checking and certification and return to operation system result.
Secure communication of network system can also set a mutual trust and encryption and decryption mechanism two, shape between Json interfaces and SDK Into secure communication of network device between SDK and electronic certificate system, corresponding secure communication of network method is realized.
As shown in figure 3, the communication mechanism between SDK and the JSON interfaces of electronic certificate system, SDK is obtaining electronic certificate After the trust of system, electronic certificate system is verified to the data asked, the legitimacy to asking carries out authentication;Work as electricity Corresponding service logic can be just performed after sub- certificate system's completion checking and certification and return to SDK results.
Secure communication of network system can also using the HTTPS business authentications interface of operation system operation system and electronics with ID authentication mechanism is set between card system, the body of secure communication of network method between operation system and electronic certificate system is formed Part authentication device, realizes the identity identifying method of secure communication of network method.
As shown in figure 4, electronic certificate system carries out authentication to the request that operation system and SDK are initiated, identity is recognized The basis source of card opens interface of the Third party system to user's validity check, third party in operation system, i.e. operation system System judges whether to meet condition by interface return value.
Secure communication of network system can also be set between SDK and encryption chip one based on bluetooth Internet of Things mutual trust and Encryption and decryption mechanism three, forms the mutual trust between the encryption chip and SDK of door lock and ciphering and deciphering device, realizes the encryption chip of door lock And the mutual trust between SDK (SDK such as on mobile phone) and encipher-decipher method.
As shown in figure 5, the communication mechanism between SDK and encryption chip, SDK set up with encryption chip every time be connected when Wait and complete certification;Corresponding service logic can be just performed after the completion of certification and SDK is returned result to carries out subsequent treatment.
Explanation is subsequently developed in details one by one to above designing points of the invention.
First, mutual trust and encryption and decryption mechanism one (i.e. between operation system and electronic certificate system secure communication of network method and Its device)
Fig. 2 is referred to, secure communication of network device includes 10 big modules between operation system and electronic certificate system, per big Module performs a corresponding step.According to this 10 big module, secure communication of network between operation system and electronic certificate system The key step description of method:
1st, cipher key module is asked, for making operation system ask cipher key function.
Operation system makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronics with Card system initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification after receiving the request key request that operation system is initiated to request, needs Whether legal checking request is wanted to originate, whether required parameter legal etc..Subsequent step is performed if certification success, otherwise directly Perform the 10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption key of the electronic certificate system-computed operation system after current connection is set up, and to key Data carry out timeliness setting and encryption storage, in case subsequently using.
5th, receiver module, for making operation system receive the key of return and cache.
Operation system receives the key of return, and storage is realized in operation system, to use this in subsequent request Key enters line parameter encryption, and otherwise subsequent request cannot correctly be recognized in mutual trust certification (the 7th step) and authentication (the 8th step) Card.
6th, service request module, service request is carried out for making operation system make requests on parameter encryption according to key.
Operation system is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and passes through Https mode initiating business requests.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the service request that operation system is initiated to request Whether card request source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..If certification success Subsequent step is performed, the 10th step is otherwise directly performed.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of operation system carries out electronic certificate system, With the end value asked.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
2nd, mutual trust and encryption and decryption mechanism two (i.e. secure communication of network method and its dress between SDK and electronic certificate system Put)
Fig. 3 is referred to, the secure communication of network device between SDK and electronic certificate system also includes 10 big modules, per big Module performs a corresponding step.According to this 10 big module, the secure communication of network between mobile phone SDK and electronic certificate system The key step description of method:
1st, SDK requests cipher key module, for making SDK ask key.
SDK makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronic certificate system System initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the request key request that SDK is initiated to request Whether card request source is legal, and whether required parameter is legal etc..Subsequent step is performed if certification success, is otherwise directly performed 10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption keys of the electronic certificate system-computed SDK after current connection is set up, and to key data Timeliness setting and encryption storage are carried out, in case subsequently using.
5th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key of return, and storage is realized in SDK, to be joined with this key in subsequent request Number encryption, otherwise subsequent request cannot correctly be certified in mutual trust certification (the 7th step) and authentication (the 8th step).It may be noted that , the app if based on SDK exits, and key also directly fails, and whole flow process needs to restart.
6th, service request module, service request is carried out for making SDK make requests on parameter encryption according to key.
SDK is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and by https Mode initiating business request.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system receive SDK initiation service request after to request carry out mutual trust certification, it is necessary to verify please Ask whether source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..Performed if certification success Subsequent step, otherwise directly performs the 10th step.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of SDK carries out electronic certificate system, with To the end value of request.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
3rd, mutual trust encryption and decryption mechanism three (is based on the Internet of Things mutual trust of bluetooth and adds i.e. between the encryption chip and SDK of door lock Decryption method and its device)
Fig. 4 is referred to, the mutual trust and ciphering and deciphering device between the encryption chip and SDK of door lock based on bluetooth include 5 big moulds Block, a corresponding step is performed per big module.According to this 5 big module, mutual trust between the encryption chip and SDK of door lock and add The key step description of decryption method:
1st, connection establishment module, is connected for making SDK be set up with BLE.
SDK is set up with BLE by bluetooth and is connected.
2nd, mutual trust authentication module, for making SDK and BLE carry out mutual trust certification.
SDK transfers data to BLE, BLE according to the encryption key and cipher mode made an appointment after setting up connection Data deciphering is carried out according to the key made an appointment, is verified and is returned to the mutual letter datas of SDK, SDK according to the data for obtaining Data to returning are authenticated, and certification mutual trust certification after connects and completes to set up.
3rd, BLE cachings and " return " key" module, for making BLE cache and " return " key" module.
By cipher key cache and SDK is transferred to according to mutual trust connection (the 1st, the connection set up of the 2 steps) BLE for pre-building.
4th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key that BLE is returned, and encryption is buffered in locally, for subsequent data transmission encryption provides key.
5th, data transmission module, for making SDK be based on the current data transfer being connected with BLE.
Based on pre-build mutual trust connection (the 1st, 2 steps set up connection) in data transmission procedure by all data roots Data Encryption Transmission is carried out according to key (key that the 4th step is cached).
It is pointed out that during any, as long as bluetooth disconnects, the key of SDK storages directly resets, whole flow process Needs restart.
4th, ID authentication mechanism (i.e. recognize between operation system and electronic certificate system by the identity of secure communication of network method Card method and its device)
Fig. 5 is referred to, the identification authentication system bag of secure communication of network method between operation system and electronic certificate system 5 big modules are included, a corresponding step is performed per big module.According to this 5 big module, between operation system and electronic certificate system The key step description of the identity identifying method of secure communication of network method:
1st, request head data modules are obtained, for obtaining request head data.
The data for asking head to carry are separated from request, and is verified from the data to isolating, if It is legal, subsequent operation is carried out, if not conforming to rule directly performs the 5th step.
2nd, decrypt and verify head data modules, for decrypting and verify head data.
The data that 1st step is separate are decrypted, whether certificate parameter is legal after decryption, is subsequently grasped if legal Make, if not conforming to rule directly performs the 5th step.
3rd, calling operation system carries out subscriber authentication module, for calling operation system to carry out user's checking.
To after decryption and verifying after successful data process, the user's checking interface for calling operation system to open is verified Whether user is legal, is continued executing with if legal, otherwise directly performs the 5th step.
4th, certificate system's business module is performed, for performing certificate system's business.
Service logic is performed to request after completing user's checking, business organizes returned data after the completion of performing.
5th, returning result module, for returning result.
Request implementing result is returned into interface interchange to put.
In sum, the present invention is from network data storage, transmission, using solving safety problem in whole process, there is provided complete The security solution of set.Electronic certificate system itself provides the safety storage of data, and data encryption storage only has system to lead to Crossing when interface routine obtains data normally to decrypt, and other approach cannot view encryption data original contents.
The features of the present invention is as follows:
1st, based on the security mechanism on https agreements, SDK will be carried out first before carrying out data interaction with electronic certificate system Mutual trust checking and key agreement, complete to carry out data encryption biography using based on arranging key after mutual trust Authentication and Key Agreement It is defeated, complete encryption at the two ends of https;
2nd, the Credential data of electronic certificate storage and transmission is made up of two parts, i.e. communication data and self-defining data, leads to News data are the data for being interacted with Bluetooth chip mutual trust;Self-defining data is the user using electronic certificate system according to certainly The data structure that body needs and designs, this data are to be directly passed to Bluetooth chip after SDK and Bluetooth chip complete mutual trust;
3rd, bluetooth connection mutual confidence-building mechanism, SDK first carries out mutual trust checking and key after setting up initial connection with Bluetooth chip Consult, complete to carry out Data Encryption Transmission using based on arranging key after mutual trust Authentication and Key Agreement;
4th, this programme overall description secure communication of network mechanism.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.

Claims (8)

1. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of a kind of door lock, it is characterised in that:It includes Following steps:
SDK sets up with BLE and is connected:SDK is set up with the BLE of door lock by bluetooth and is connected;
SDK and BLE carries out mutual trust certification:SDK will according to the encryption key and cipher mode made an appointment after setting up connection Data are transferred to BLE, and BLE carries out data deciphering according to the key made an appointment, and are verified and are returned according to the data for obtaining Give SDK mutual letter datas, SDK is authenticated to the data for returning, certification mutual trust certification after connects and completes to set up;
BLE cachings and " return " key":The mutual trust for BLE pre-build in mutual trust certification according to SDK is connected, and BLE is by key Cache and be transferred to SDK;
SDK receives the key of return and caches:SDK receives the key that BLE is returned, and encryption is buffered in locally, is follow-up data Transmission encryption provides key;
SDK is based on the current data transfer being connected with BLE:It is connected to institute in data transmission procedure based on the mutual trust for pre-building Having data that the key for returning is received according to SDK carries out Data Encryption Transmission.
2. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 1, and it is special Levy and be:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
3. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 1, and it is special Levy and be:SDK is arranged on communication terminal.
4. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 3, and it is special Levy and be:Communication terminal is mobile phone.
5. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of a kind of door lock, it is characterised in that:It is described mutual Letter and ciphering and deciphering device also include:
Connection establishment module, is connected for making SDK be set up with BLE:SDK is set up with the BLE of door lock by bluetooth and is connected;
Mutual trust authentication module, for making SDK and BLE carry out mutual trust certification:SDK is according to adding for making an appointment after setting up connection Key and cipher mode transfer data to BLE, and BLE carries out data deciphering according to the key made an appointment, according to what is obtained Data are verified and are returned to the mutual letter datas of SDK, and SDK is authenticated to the data for returning, certification mutual trust certification after Connection completes to set up;
BLE cachings and " return " key" module, for making BLE cache and " return " key":Foundation SDK and BLE is carried out in mutual trust certification The mutual trust connection for pre-building, BLE is by cipher key cache and is transferred to SDK;
Receiver module, for making SDK receive the key of return and cache:SDK receives the key that BLE is returned, and encryption is buffered in Locally, for subsequent data transmission encryption provides key;
Data transmission module, for making SDK be based on the current data transfer being connected with BLE:Based on the mutual trust connection for pre-building All data are carried out into Data Encryption Transmission according to the key that SDK receives return in data transmission procedure.
6. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 5, and it is special Levy and be:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
7. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 5, and it is special Levy and be:SDK is arranged on communication terminal.
8. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 7, and it is special Levy and be:Communication terminal is mobile phone.
CN201611195997.6A 2016-12-22 2016-12-22 Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK Withdrawn CN106789013A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611195997.6A CN106789013A (en) 2016-12-22 2016-12-22 Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611195997.6A CN106789013A (en) 2016-12-22 2016-12-22 Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK

Publications (1)

Publication Number Publication Date
CN106789013A true CN106789013A (en) 2017-05-31

Family

ID=58899280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611195997.6A Withdrawn CN106789013A (en) 2016-12-22 2016-12-22 Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK

Country Status (1)

Country Link
CN (1) CN106789013A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108230511A (en) * 2018-01-17 2018-06-29 北京锐拓时代科技有限公司 Realize that the method and system for management of checking out are moved in unattended hotel's intelligence offline
CN114745134A (en) * 2022-03-30 2022-07-12 恒玄科技(上海)股份有限公司 Method, system, equipment and computer readable medium for transferring media data stream

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108230511A (en) * 2018-01-17 2018-06-29 北京锐拓时代科技有限公司 Realize that the method and system for management of checking out are moved in unattended hotel's intelligence offline
CN114745134A (en) * 2022-03-30 2022-07-12 恒玄科技(上海)股份有限公司 Method, system, equipment and computer readable medium for transferring media data stream

Similar Documents

Publication Publication Date Title
CN106790080A (en) Secure communication of network method and apparatus between operation system and electronic certificate system
CN104205891B (en) Virtual SIM card cloud platform
CN108347729B (en) Network is sliced interior method for authenticating, slice authentication agent entity and session management entity
CN108259164B (en) Identity authentication method and equipment of Internet of things equipment
US10050791B2 (en) Method for verifying the identity of a user of a communicating terminal and associated system
CN111783068B (en) Device authentication method, system, electronic device and storage medium
KR20160124648A (en) Method and apparatus for downloading and installing a profile
CN106230838A (en) A kind of third-party application accesses the method and apparatus of resource
KR20190004499A (en) Apparatus and methods for esim device and server to negociate digital certificates
US9319882B2 (en) Method for mutual authentication between a terminal and a remote server by means of a third-party portal
JP2005504459A (en) Authentication method between portable article for telecommunication and public access terminal
CN105871777A (en) Wireless router access processing method, wireless router access method and device
WO2017185450A1 (en) Method and system for authenticating terminal
CN107612949B (en) Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint
CN105282179A (en) Family Internet of things security control method based on CPK
CN105635062A (en) Network access equipment verification method and device
CN106790078A (en) Safety communicating method and device between a kind of SDK and electronic certificate system
US20200067904A1 (en) Method for authenticating a user and corresponding device, first and second servers and system
JP2016519873A (en) Establishing secure voice communication using a generic bootstrapping architecture
CN107733652A (en) For sharing the method for unlocking and system and lock of the vehicles
CN110278084B (en) eID establishing method, related device and system
CN103957521B (en) A kind of cell visitor authentication method and system based on NFC technique
KR101348079B1 (en) System for digital signing using portable terminal
CN107786978B (en) NFC authentication system based on quantum encryption
CN105873059A (en) United identity authentication method and system for power distribution communication wireless private network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20180628

Address after: 518052 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong

Applicant after: Shenzhen Qianhai Sheng Tai Industrial Co., Ltd.

Address before: 518066 room 2407, Oriental Science and technology building, 16 Keyuan Road, Nanshan District, Shenzhen, Guangdong

Applicant before: Shenzhen Zhongcheng science and Technology Co. Ltd

WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20170531