CN106789013A - Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK - Google Patents
Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK Download PDFInfo
- Publication number
- CN106789013A CN106789013A CN201611195997.6A CN201611195997A CN106789013A CN 106789013 A CN106789013 A CN 106789013A CN 201611195997 A CN201611195997 A CN 201611195997A CN 106789013 A CN106789013 A CN 106789013A
- Authority
- CN
- China
- Prior art keywords
- sdk
- ble
- key
- data
- mutual trust
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention discloses mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK.Methods described includes:SDK is set up with the BLE of door lock by bluetooth and is connected;SDK and BLE carries out mutual trust certification:SDK transfers data to BLE according to the encryption key and cipher mode made an appointment after setting up connection, BLE carries out data deciphering according to the key made an appointment, data according to obtaining are verified and are returned to the mutual letter datas of SDK, SDK is authenticated to the data for returning, and certification mutual trust certification after connects and completes to set up;BLE cachings and " return " key";SDK receives the key of return and caches, for subsequent data transmission encryption provides key;SDK is based on the current data transfer being connected with BLE:Be connected in data transmission procedure based on the mutual trust for pre-building carries out Data Encryption Transmission by all data according to the key that SDK receives return.
Description
Technical field
The present invention relates to a kind of mutual trust and encipher-decipher method and its mutual trust and ciphering and deciphering device, more particularly to a kind of door lock
Mutual trust based on bluetooth and encipher-decipher method and device between encryption chip and SDK.
Background technology
With the development of science and technology, the especially appearance of cloud computing, Internet of Things, concept the regarding also into the public of smart home
Line.With society, the development of economic level, people are to the pursuit of household quality also more and more higher, it is desirable to home comfort, safety
Change, life staying idle at home comfortableization, intellectuality, the demand to intelligent domestic system are also more and more stronger.Wireless intelligent house at this stage
It is showing it is a technical advantage that be equipped with based on BLE technologies smart home, as long as holding mobile phone can just carry out remote control home
Occupy equipment.Satisfactory, it need not push wall aside, arrange the circuit of numerous and complicated, convenient to install;Facilitate networking, if
Standby autgmentability is strong;Low cost, it is low in energy consumption, meet Modern Family's green living theory;It is easy to maintenance, can timely and effectively find
Failure and maintenance.
Current to pursue market operation, many enterprises are the reason for considering each side to safety during researching and developing product
Consideration be not very perfect, so as to can be caused damage to the privacy of user and property.The Internet of Things based on BLE sets at this stage
It is standby to be asked using the common internet based on https agreements in networking process in the terminal that internet is connected by mobile phone etc.
Ask to obtain the data of internet;Carried out data transmission based on BLE technologies, the two ends for being typically due to connection can disconnect net
Network, in the case where not encrypting, data transfer is safe relatively, and transmission every time is all built upon entering on the basis of current connection
Capable.
The existing Internet of Things network service based on bluetooth only relies only on https and BLE connections and carries out data transmission,
Although https solves the encryption in transmitting procedure, but the two ends of transmission are still plaintext, and BLE is then plaintext transmission.Base
It is plaintext in two end datas of request in the request of https, exists in terminals such as mobile phones and obtain privacy of user or secure data
Danger;The appearance of terminal Bluetooth sniffer is intercepted and captured based on the transmission of BLE technical data so that passed using not encryption data
Data can be trapped and maliciously be used when defeated, can cause than more serious consequence.
Wherein, abbreviation and Key Term are defined as follows.
BLE:Bluetooth low energy consumption technologies are the robustness wireless technologys of low cost, short distance, interoperable, are operated in and exempt to be permitted
Can 2.4GHz ISM radio frequency bands.BLE technologies use very quick connected mode, therefore usually may be at " disconnected "
State (save energy), now both link ends are each other to know other side, link are only just opened when necessary, then to the greatest extent
Link is closed in time that may be short.
HTTPS:HTTPS (full name:Hyper Text Transfer Protocol over Secure Socket
Layer), it is HTTP passages with safety as target, is briefly the safe version of HTTP.That is SSL layers, HTTPS are added under HTTP
Foundation for security be SSL, therefore encryption detailed content be accomplished by SSL.
Authentication:Authentication is also referred to as " authentication " or " identity discriminating ", refers in computer and computer network
The process of operator's identity is confirmed in network system, so that it is determined that whether the user has access and the right to use to certain resource
Limit, and then the access strategy of cyber-net system is reliably and efficiently performed, prevent attacker from palming off validated user
Obtain the access rights of resource, it is ensured that the safety of system and data, and authorize the legitimate interests of visitor.
The content of the invention
In order to solve the above-mentioned technical problem, based on bluetooth between the encryption chip and SDK for proposing a kind of door lock of the invention
Mutual trust and encipher-decipher method and device, the present invention can be between the encryption chip of door lock and SDK between, will from data storage,
Data two ends are authenticated and encrypted during data transfer, data use, thus solve data being stolen in storage,
The potential safety hazards such as usurping in data transfer, data distorting in.
Solution of the invention is:Mutual trust based on bluetooth and encryption and decryption between the encryption chip and SDK of a kind of door lock
Method, it is comprised the following steps:
SDK sets up with BLE and is connected:SDK is set up with the BLE of door lock by bluetooth and is connected;
SDK and BLE carries out mutual trust certification:SDK is according to the encryption key and encryption side made an appointment after setting up connection
Formula transfers data to BLE, and BLE carries out data deciphering according to the key made an appointment, and is verified simultaneously according to the data for obtaining
The mutual letter datas of SDK are returned to, SDK is authenticated to the data for returning, certification mutual trust certification after connects and completes to set up;
BLE cachings and " return " key":The mutual trust for BLE pre-build in mutual trust certification according to SDK is connected, and BLE will
Cipher key cache is simultaneously transferred to SDK;
SDK receives the key of return and caches:SDK receives the key that BLE is returned, and encryption is buffered in locally, is follow-up
Data transfer encryption provides key;
SDK is based on the current data transfer being connected with BLE:It is connected in data transmission procedure based on the mutual trust for pre-building
All data are received the key for returning according to SDK carries out Data Encryption Transmission.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is
It is no legal.
Used as the further improvement of such scheme, SDK is arranged on communication terminal.
Further, communication terminal is mobile phone.
Mutual trust based on bluetooth and ciphering and deciphering device, institute between the encryption chip and SDK that a kind of door lock is also provided of the invention
Stating mutual trust and ciphering and deciphering device also includes:
Connection establishment module, is connected for making SDK be set up with BLE:SDK is set up with the BLE of door lock by bluetooth and is connected;
Mutual trust authentication module, for making SDK and BLE carry out mutual trust certification:SDK is according to making an appointment after setting up connection
Encryption key and cipher mode transfer data to BLE, BLE carries out data deciphering according to the key made an appointment, according to obtaining
The data for obtaining are verified and are returned to the mutual letter datas of SDK, and SDK is authenticated to the data for returning, certification mutual trust after
Certification connection completes to set up;
BLE cachings and " return " key" module, for making BLE cache and " return " key":Mutual trust is carried out according to SDK and BLE to recognize
The mutual trust connection pre-build in card, BLE is by cipher key cache and is transferred to SDK;
Receiver module, for making SDK receive the key of return and cache:SDK receives the key that BLE is returned, and encrypts slow
In the presence of local, for subsequent data transmission encryption provides key;
Data transmission module, for making SDK be based on the current data transfer being connected with BLE:Based on the mutual trust for pre-building
It is connected in data transmission procedure and all data are received the key for returning according to SDK carries out Data Encryption Transmission.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is
It is no legal.
Used as the further improvement of such scheme, SDK is arranged on communication terminal.
Further, communication terminal is mobile phone.
The stolen that will more effectively ensure the safety of data transfer and avoid during user's use using the present invention.
Brief description of the drawings
Fig. 1 is the integral frame figure of inventive network safe communication system.
Fig. 2 is the flow chart of the secure communication of network method between operation system and electronic certificate system.
Fig. 3 is the flow chart of the secure communication of network method between SDK and electronic certificate system.
Fig. 4 is the flow of the identity identifying method of the secure communication of network method between operation system and electronic certificate system
Figure.
Fig. 5 is the flow chart of mutual trust and encipher-decipher method based on bluetooth between the encryption chip of door lock and SDK.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Inventive network safe communication system will be from during data storage, data transfer, data use to data two ends
It is authenticated and encrypts, so that usurping in solving data being stolen in storage, data transfer, data distorts in
Etc. potential safety hazard.It is therefore an object of the present invention to from network data storage, transmission, using solving safety problem in whole process,
A full set of security solution is provided.
Fig. 1 is referred to, secure communication of network system of the invention is used to coordinate operation system, electronic certificate system, movement
Secure communication between communication terminal (such as mobile phone), secure communication of network system of the invention can be used as software APP or plug-in unit etc.
It is attached in electronic certificate system etc. form, realizes the secure communication between operation system, electronic certificate system, mobile phone.
The present invention can be applied on communication terminal such as mobile phone, and it to the offer of APP is that some services are used that SDK is
Part, realizes that information is exchanged with the encryption chip of interior of mobile phone.Electronic certificate system generate beyond the clouds safety encryption electronics with
Card data, are transmitted by network encryption, are encrypted in SDK sides and stored, and are then transferred to encryption chip by SDK and are decrypted and test
Card.Electronic certificate system can be comprising Sever, api interface, Json interfaces, ID authentication mechanism and with supporting self-defined number
According to electronic certificate data data storage.
Operation system can be to the application program being arranged on based on SDK on communication terminal, to provide the backstage of service
System.Operation system is verified, to user's request after the trust for obtaining electronic certificate system to the data of user's request
Legitimacy carries out authentication;And electronic certificate system can just perform corresponding industry after operation system completes checking and certification
Business logic simultaneously returns to operation system its result.
Electronic certificate system itself provides the safety storage of data, and data encryption storage only has electronic certificate system to pass through
Interface routine can be decrypted normally when obtaining data, and other approach cannot view encryption data original contents.
The initial encryption key that can negotiate with one another that the network communication being related in the present invention is set up in communication connection every time,
Data in data exchange process are encrypted and decrypted for communicating two ends and used, even if other links have intercepted and captured data
Encryption key cannot be obtained, so as to the risk that the data prevented in transmitting procedure are stolen.Mistake of the present invention in network communication
Mutual identity can be verified when first connection is set up in journey, only can just be carried out after authentication success
Subsequent communications, so as to prevent the risk that non-legally user steals data.The present invention is also in operation system and electronic certificate system
Between add by operation system participate in certification verification mode so that the Information Security between system reaches highest.
Electronic certificate system generates the electronic certificate data of safety encryption beyond the clouds, is transmitted by network encryption, in mobile phone
On the encryption storage of SDK sides, the encryption chip being then transferred on mobile phone by SDK is decrypted checking.
Secure communication of network system can set mutual trust and encryption and decryption mechanism one between api interface and operation system, be formed
Secure communication of network device between operation system and electronic certificate system, realizes corresponding secure communication of network method.
As shown in Fig. 2 the communication mechanism between the api interface of operation system and electronic certificate system, operation system
The data asked are verified after to the trust of electronic certificate system, the legitimacy to asking carries out authentication;Work as system
Corresponding service logic can be just performed after completion checking and certification and return to operation system result.
Secure communication of network system can also set a mutual trust and encryption and decryption mechanism two, shape between Json interfaces and SDK
Into secure communication of network device between SDK and electronic certificate system, corresponding secure communication of network method is realized.
As shown in figure 3, the communication mechanism between SDK and the JSON interfaces of electronic certificate system, SDK is obtaining electronic certificate
After the trust of system, electronic certificate system is verified to the data asked, the legitimacy to asking carries out authentication;Work as electricity
Corresponding service logic can be just performed after sub- certificate system's completion checking and certification and return to SDK results.
Secure communication of network system can also using the HTTPS business authentications interface of operation system operation system and electronics with
ID authentication mechanism is set between card system, the body of secure communication of network method between operation system and electronic certificate system is formed
Part authentication device, realizes the identity identifying method of secure communication of network method.
As shown in figure 4, electronic certificate system carries out authentication to the request that operation system and SDK are initiated, identity is recognized
The basis source of card opens interface of the Third party system to user's validity check, third party in operation system, i.e. operation system
System judges whether to meet condition by interface return value.
Secure communication of network system can also be set between SDK and encryption chip one based on bluetooth Internet of Things mutual trust and
Encryption and decryption mechanism three, forms the mutual trust between the encryption chip and SDK of door lock and ciphering and deciphering device, realizes the encryption chip of door lock
And the mutual trust between SDK (SDK such as on mobile phone) and encipher-decipher method.
As shown in figure 5, the communication mechanism between SDK and encryption chip, SDK set up with encryption chip every time be connected when
Wait and complete certification;Corresponding service logic can be just performed after the completion of certification and SDK is returned result to carries out subsequent treatment.
Explanation is subsequently developed in details one by one to above designing points of the invention.
First, mutual trust and encryption and decryption mechanism one (i.e. between operation system and electronic certificate system secure communication of network method and
Its device)
Fig. 2 is referred to, secure communication of network device includes 10 big modules between operation system and electronic certificate system, per big
Module performs a corresponding step.According to this 10 big module, secure communication of network between operation system and electronic certificate system
The key step description of method:
1st, cipher key module is asked, for making operation system ask cipher key function.
Operation system makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronics with
Card system initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification after receiving the request key request that operation system is initiated to request, needs
Whether legal checking request is wanted to originate, whether required parameter legal etc..Subsequent step is performed if certification success, otherwise directly
Perform the 10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter
The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption key of the electronic certificate system-computed operation system after current connection is set up, and to key
Data carry out timeliness setting and encryption storage, in case subsequently using.
5th, receiver module, for making operation system receive the key of return and cache.
Operation system receives the key of return, and storage is realized in operation system, to use this in subsequent request
Key enters line parameter encryption, and otherwise subsequent request cannot correctly be recognized in mutual trust certification (the 7th step) and authentication (the 8th step)
Card.
6th, service request module, service request is carried out for making operation system make requests on parameter encryption according to key.
Operation system is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and passes through
Https mode initiating business requests.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the service request that operation system is initiated to request
Whether card request source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..If certification success
Subsequent step is performed, the 10th step is otherwise directly performed.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter
The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of operation system carries out electronic certificate system,
With the end value asked.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
2nd, mutual trust and encryption and decryption mechanism two (i.e. secure communication of network method and its dress between SDK and electronic certificate system
Put)
Fig. 3 is referred to, the secure communication of network device between SDK and electronic certificate system also includes 10 big modules, per big
Module performs a corresponding step.According to this 10 big module, the secure communication of network between mobile phone SDK and electronic certificate system
The key step description of method:
1st, SDK requests cipher key module, for making SDK ask key.
SDK makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronic certificate system
System initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the request key request that SDK is initiated to request
Whether card request source is legal, and whether required parameter is legal etc..Subsequent step is performed if certification success, is otherwise directly performed
10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter
The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption keys of the electronic certificate system-computed SDK after current connection is set up, and to key data
Timeliness setting and encryption storage are carried out, in case subsequently using.
5th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key of return, and storage is realized in SDK, to be joined with this key in subsequent request
Number encryption, otherwise subsequent request cannot correctly be certified in mutual trust certification (the 7th step) and authentication (the 8th step).It may be noted that
, the app if based on SDK exits, and key also directly fails, and whole flow process needs to restart.
6th, service request module, service request is carried out for making SDK make requests on parameter encryption according to key.
SDK is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and by https
Mode initiating business request.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system receive SDK initiation service request after to request carry out mutual trust certification, it is necessary to verify please
Ask whether source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..Performed if certification success
Subsequent step, otherwise directly performs the 10th step.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter
The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of SDK carries out electronic certificate system, with
To the end value of request.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
3rd, mutual trust encryption and decryption mechanism three (is based on the Internet of Things mutual trust of bluetooth and adds i.e. between the encryption chip and SDK of door lock
Decryption method and its device)
Fig. 4 is referred to, the mutual trust and ciphering and deciphering device between the encryption chip and SDK of door lock based on bluetooth include 5 big moulds
Block, a corresponding step is performed per big module.According to this 5 big module, mutual trust between the encryption chip and SDK of door lock and add
The key step description of decryption method:
1st, connection establishment module, is connected for making SDK be set up with BLE.
SDK is set up with BLE by bluetooth and is connected.
2nd, mutual trust authentication module, for making SDK and BLE carry out mutual trust certification.
SDK transfers data to BLE, BLE according to the encryption key and cipher mode made an appointment after setting up connection
Data deciphering is carried out according to the key made an appointment, is verified and is returned to the mutual letter datas of SDK, SDK according to the data for obtaining
Data to returning are authenticated, and certification mutual trust certification after connects and completes to set up.
3rd, BLE cachings and " return " key" module, for making BLE cache and " return " key" module.
By cipher key cache and SDK is transferred to according to mutual trust connection (the 1st, the connection set up of the 2 steps) BLE for pre-building.
4th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key that BLE is returned, and encryption is buffered in locally, for subsequent data transmission encryption provides key.
5th, data transmission module, for making SDK be based on the current data transfer being connected with BLE.
Based on pre-build mutual trust connection (the 1st, 2 steps set up connection) in data transmission procedure by all data roots
Data Encryption Transmission is carried out according to key (key that the 4th step is cached).
It is pointed out that during any, as long as bluetooth disconnects, the key of SDK storages directly resets, whole flow process
Needs restart.
4th, ID authentication mechanism (i.e. recognize between operation system and electronic certificate system by the identity of secure communication of network method
Card method and its device)
Fig. 5 is referred to, the identification authentication system bag of secure communication of network method between operation system and electronic certificate system
5 big modules are included, a corresponding step is performed per big module.According to this 5 big module, between operation system and electronic certificate system
The key step description of the identity identifying method of secure communication of network method:
1st, request head data modules are obtained, for obtaining request head data.
The data for asking head to carry are separated from request, and is verified from the data to isolating, if
It is legal, subsequent operation is carried out, if not conforming to rule directly performs the 5th step.
2nd, decrypt and verify head data modules, for decrypting and verify head data.
The data that 1st step is separate are decrypted, whether certificate parameter is legal after decryption, is subsequently grasped if legal
Make, if not conforming to rule directly performs the 5th step.
3rd, calling operation system carries out subscriber authentication module, for calling operation system to carry out user's checking.
To after decryption and verifying after successful data process, the user's checking interface for calling operation system to open is verified
Whether user is legal, is continued executing with if legal, otherwise directly performs the 5th step.
4th, certificate system's business module is performed, for performing certificate system's business.
Service logic is performed to request after completing user's checking, business organizes returned data after the completion of performing.
5th, returning result module, for returning result.
Request implementing result is returned into interface interchange to put.
In sum, the present invention is from network data storage, transmission, using solving safety problem in whole process, there is provided complete
The security solution of set.Electronic certificate system itself provides the safety storage of data, and data encryption storage only has system to lead to
Crossing when interface routine obtains data normally to decrypt, and other approach cannot view encryption data original contents.
The features of the present invention is as follows:
1st, based on the security mechanism on https agreements, SDK will be carried out first before carrying out data interaction with electronic certificate system
Mutual trust checking and key agreement, complete to carry out data encryption biography using based on arranging key after mutual trust Authentication and Key Agreement
It is defeated, complete encryption at the two ends of https;
2nd, the Credential data of electronic certificate storage and transmission is made up of two parts, i.e. communication data and self-defining data, leads to
News data are the data for being interacted with Bluetooth chip mutual trust;Self-defining data is the user using electronic certificate system according to certainly
The data structure that body needs and designs, this data are to be directly passed to Bluetooth chip after SDK and Bluetooth chip complete mutual trust;
3rd, bluetooth connection mutual confidence-building mechanism, SDK first carries out mutual trust checking and key after setting up initial connection with Bluetooth chip
Consult, complete to carry out Data Encryption Transmission using based on arranging key after mutual trust Authentication and Key Agreement;
4th, this programme overall description secure communication of network mechanism.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (8)
1. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of a kind of door lock, it is characterised in that:It includes
Following steps:
SDK sets up with BLE and is connected:SDK is set up with the BLE of door lock by bluetooth and is connected;
SDK and BLE carries out mutual trust certification:SDK will according to the encryption key and cipher mode made an appointment after setting up connection
Data are transferred to BLE, and BLE carries out data deciphering according to the key made an appointment, and are verified and are returned according to the data for obtaining
Give SDK mutual letter datas, SDK is authenticated to the data for returning, certification mutual trust certification after connects and completes to set up;
BLE cachings and " return " key":The mutual trust for BLE pre-build in mutual trust certification according to SDK is connected, and BLE is by key
Cache and be transferred to SDK;
SDK receives the key of return and caches:SDK receives the key that BLE is returned, and encryption is buffered in locally, is follow-up data
Transmission encryption provides key;
SDK is based on the current data transfer being connected with BLE:It is connected to institute in data transmission procedure based on the mutual trust for pre-building
Having data that the key for returning is received according to SDK carries out Data Encryption Transmission.
2. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 1, and it is special
Levy and be:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
3. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 1, and it is special
Levy and be:SDK is arranged on communication terminal.
4. mutual trust and the encipher-decipher method of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 3, and it is special
Levy and be:Communication terminal is mobile phone.
5. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of a kind of door lock, it is characterised in that:It is described mutual
Letter and ciphering and deciphering device also include:
Connection establishment module, is connected for making SDK be set up with BLE:SDK is set up with the BLE of door lock by bluetooth and is connected;
Mutual trust authentication module, for making SDK and BLE carry out mutual trust certification:SDK is according to adding for making an appointment after setting up connection
Key and cipher mode transfer data to BLE, and BLE carries out data deciphering according to the key made an appointment, according to what is obtained
Data are verified and are returned to the mutual letter datas of SDK, and SDK is authenticated to the data for returning, certification mutual trust certification after
Connection completes to set up;
BLE cachings and " return " key" module, for making BLE cache and " return " key":Foundation SDK and BLE is carried out in mutual trust certification
The mutual trust connection for pre-building, BLE is by cipher key cache and is transferred to SDK;
Receiver module, for making SDK receive the key of return and cache:SDK receives the key that BLE is returned, and encryption is buffered in
Locally, for subsequent data transmission encryption provides key;
Data transmission module, for making SDK be based on the current data transfer being connected with BLE:Based on the mutual trust connection for pre-building
All data are carried out into Data Encryption Transmission according to the key that SDK receives return in data transmission procedure.
6. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 5, and it is special
Levy and be:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
7. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 5, and it is special
Levy and be:SDK is arranged on communication terminal.
8. mutual trust and the ciphering and deciphering device of bluetooth are based between the encryption chip and SDK of door lock as claimed in claim 7, and it is special
Levy and be:Communication terminal is mobile phone.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611195997.6A CN106789013A (en) | 2016-12-22 | 2016-12-22 | Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611195997.6A CN106789013A (en) | 2016-12-22 | 2016-12-22 | Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106789013A true CN106789013A (en) | 2017-05-31 |
Family
ID=58899280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611195997.6A Withdrawn CN106789013A (en) | 2016-12-22 | 2016-12-22 | Mutual trust and encipher-decipher method and device between a kind of door lock encryption chip and SDK |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789013A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108230511A (en) * | 2018-01-17 | 2018-06-29 | 北京锐拓时代科技有限公司 | Realize that the method and system for management of checking out are moved in unattended hotel's intelligence offline |
CN114745134A (en) * | 2022-03-30 | 2022-07-12 | 恒玄科技(上海)股份有限公司 | Method, system, equipment and computer readable medium for transferring media data stream |
-
2016
- 2016-12-22 CN CN201611195997.6A patent/CN106789013A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108230511A (en) * | 2018-01-17 | 2018-06-29 | 北京锐拓时代科技有限公司 | Realize that the method and system for management of checking out are moved in unattended hotel's intelligence offline |
CN114745134A (en) * | 2022-03-30 | 2022-07-12 | 恒玄科技(上海)股份有限公司 | Method, system, equipment and computer readable medium for transferring media data stream |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106790080A (en) | Secure communication of network method and apparatus between operation system and electronic certificate system | |
CN104205891B (en) | Virtual SIM card cloud platform | |
CN108347729B (en) | Network is sliced interior method for authenticating, slice authentication agent entity and session management entity | |
CN108259164B (en) | Identity authentication method and equipment of Internet of things equipment | |
US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
KR20160124648A (en) | Method and apparatus for downloading and installing a profile | |
CN106230838A (en) | A kind of third-party application accesses the method and apparatus of resource | |
KR20190004499A (en) | Apparatus and methods for esim device and server to negociate digital certificates | |
US9319882B2 (en) | Method for mutual authentication between a terminal and a remote server by means of a third-party portal | |
JP2005504459A (en) | Authentication method between portable article for telecommunication and public access terminal | |
CN105871777A (en) | Wireless router access processing method, wireless router access method and device | |
WO2017185450A1 (en) | Method and system for authenticating terminal | |
CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
CN105282179A (en) | Family Internet of things security control method based on CPK | |
CN105635062A (en) | Network access equipment verification method and device | |
CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
US20200067904A1 (en) | Method for authenticating a user and corresponding device, first and second servers and system | |
JP2016519873A (en) | Establishing secure voice communication using a generic bootstrapping architecture | |
CN107733652A (en) | For sharing the method for unlocking and system and lock of the vehicles | |
CN110278084B (en) | eID establishing method, related device and system | |
CN103957521B (en) | A kind of cell visitor authentication method and system based on NFC technique | |
KR101348079B1 (en) | System for digital signing using portable terminal | |
CN107786978B (en) | NFC authentication system based on quantum encryption | |
CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20180628 Address after: 518052 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong Applicant after: Shenzhen Qianhai Sheng Tai Industrial Co., Ltd. Address before: 518066 room 2407, Oriental Science and technology building, 16 Keyuan Road, Nanshan District, Shenzhen, Guangdong Applicant before: Shenzhen Zhongcheng science and Technology Co. Ltd |
|
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170531 |