CN109039628A - Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system - Google Patents
Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system Download PDFInfo
- Publication number
- CN109039628A CN109039628A CN201811302500.5A CN201811302500A CN109039628A CN 109039628 A CN109039628 A CN 109039628A CN 201811302500 A CN201811302500 A CN 201811302500A CN 109039628 A CN109039628 A CN 109039628A
- Authority
- CN
- China
- Prior art keywords
- random number
- key
- equipment
- cloud server
- ciphertext data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a kind of cryptographic key negotiation methods, the following steps are included: after Cloud Server receives the key negotiation request message that equipment is sent, according to the first ciphertext of key negotiation request Receive message data, and the first ciphertext data are decrypted by Cloud Server private key, it obtains and saves the first random number;The Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to second random number;The second ciphertext data are back to the equipment, so that the equipment obtains and saves second random number, and the session key according to second random number and first generating random number between Cloud Server and the equipment by decrypting the second ciphertext data.The invention also discloses a kind of Cloud Server, equipment, computer readable storage medium and key agreement systems.The present invention improves the safety of session key between Cloud Server and equipment, and then enhances the safety of Cloud Server and communication between devices.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of cryptographic key negotiation method, Cloud Server, equipment, meters
Calculation machine readable storage medium storing program for executing and key agreement system.
Background technique
With the continuous development of information technology, smart machine is widely used in life, for example user passes through terminal to intelligence
Energy equipment sends instruction, to realize the control to smart machine.Existing equipment and Cloud Server generally pass through fixed key
It is communicated, but this mode safety is lower, for example key, once revealing, entire security system is collapsed.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of cryptographic key negotiation method, Cloud Server, equipment, computer-readable storages
Medium and key agreement system, it is intended to improve the safety of session key between Cloud Server and equipment, and then enhance cloud clothes
The safety of business device and communication between devices.
To achieve the above object, the present invention provides a kind of cryptographic key negotiation method, and the cryptographic key negotiation method includes following step
It is rapid:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message
The first ciphertext data are obtained, and the first ciphertext data are decrypted by Cloud Server private key, obtain and save the first random number,
Wherein, the equipment generates first random number, obtains described the by the first random number described in Cloud Server public key encryption
One ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server;
The Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext number to second random number
According to;
The second ciphertext data are back to the equipment, so that the equipment is by decrypting the second ciphertext data
Obtain and save second random number, and the cloud service according to second random number and first generating random number
Session key between device and the equipment.
Preferably, it is described the step of obtaining the second ciphertext data encrypted to second random number after, further includes:
First key check value is generated to second random number encryption according to preset algorithm;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment exists
When receiving the second ciphertext data and the first key check value, decrypts the second ciphertext data and obtain described the
Two random numbers, and the second keycheck value is generated to second random number encryption according to the preset algorithm, described second
When keycheck value is consistent with the first key check value, then second random number is saved;
According to second random number and first generating random number between Cloud Server and the equipment
Session key.
Preferably, the Cloud Server according to second random number and first generating random number with it is described
The step of session key between equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Preferably, described the step of generating first key check value to second random number encryption according to preset algorithm, wraps
It includes:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Preferably, described the step of obtaining the second ciphertext data encrypted to second random number to include:
Second random number is encrypted using equipment public key to obtain the second ciphertext data.
Preferably, the Cloud Server according to second random number and first generating random number with it is described
After the step of session key between equipment, further includes:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns
It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
To achieve the above object, the present invention also provides a kind of cryptographic key negotiation method, the cryptographic key negotiation method includes following
Step:
Equipment generates the first random number, obtains the first ciphertext number by the first random number described in Cloud Server public key encryption
According to, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, for described
Cloud Server is after receiving the key negotiation request message that the equipment is sent, according to the key negotiation request Receive message
First ciphertext data, and the first ciphertext data are decrypted by Cloud Server private key, obtain and save described first with
Machine number;
The equipment decrypts the second ciphertext data and obtains and save second at random when receiving the second ciphertext data
Number, and the session according to second random number and first generating random number between Cloud Server and the equipment
Key, wherein the Cloud Server generates second random number, and is encrypted to obtain described the to second random number
The second ciphertext data are back to the equipment by two ciphertext data.
Preferably, described that the cloud clothes are sent to according to the first ciphertext data generation key negotiation request message
After the step of business device, further includes:
The equipment decrypts second ciphertext when receiving the second ciphertext data and first key check value
Data obtain second random number, and generate the second keycheck value to second random number encryption according to preset algorithm,
When second keycheck value is consistent with the first key check value, then second random number is saved, wherein described
Cloud Server generates the first key check value to second random number encryption according to the preset algorithm, and by described the
Two ciphertext data and the first key check value are back to the equipment;
According to second random number and first generating random number between Cloud Server and the equipment
Session key.
Preferably, the Cloud Server according to second random number and first generating random number with it is described
The step of session key between equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Preferably, described the step of generating the second keycheck value to second random number encryption according to preset algorithm, wraps
It includes:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Preferably, decryption the second ciphertext data obtain and include: the step of saving the second random number
The second ciphertext data are decrypted using the device private to obtain second random number.
Preferably, the Cloud Server according to second random number and first generating random number with it is described
After the step of session key between equipment, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described
When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in institute
When stating in decrypted result comprising the preset field, then key agreement confirmation message is sent to the equipment.
To achieve the above object, the present invention also provides a kind of Cloud Server, the Cloud Server includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of equipment, the equipment includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages
Key Agreement procedure is stored on medium, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by processor
Step.
To achieve the above object, the present invention also provides a kind of key agreement systems, and the key agreement system includes above-mentioned
Cloud Server and above equipment.
Cryptographic key negotiation method, Cloud Server, equipment, computer readable storage medium and key agreement provided by the invention
System, Cloud Server obtain simultaneously after the key negotiation request message for receiving equipment transmission according to key negotiation request message
The first random number is saved, and Cloud Server generates the second random number, to equipment is back to after the second random number encryption, for setting
It is standby to obtain and save the second random number, according to the meeting between the second random number and the first generating random number Cloud Server and equipment
Talk about key.The present invention improves the safety of session key between Cloud Server and equipment, and then enhances Cloud Server and set
The safety communicated between standby.
Detailed description of the invention
Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key negotiation method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key negotiation method second embodiment of the present invention;
Fig. 4 is the flow diagram of cryptographic key negotiation method 3rd embodiment of the present invention;
Fig. 5 is the flow diagram of cryptographic key negotiation method fourth embodiment of the present invention;
Fig. 6 is the flow diagram of the 5th embodiment of cryptographic key negotiation method of the present invention;
Fig. 7 is the flow diagram of cryptographic key negotiation method sixth embodiment of the present invention;
Fig. 8 is the flow diagram of the 7th embodiment of cryptographic key negotiation method of the present invention;
Fig. 9 is the flow diagram of the 8th embodiment of cryptographic key negotiation method of the present invention;
Figure 10 is the flow diagram of the 9th embodiment of cryptographic key negotiation method of the present invention;
Figure 11 is the flow diagram of the tenth embodiment of cryptographic key negotiation method of the present invention;
Figure 12 is the flow diagram of the 11st embodiment of cryptographic key negotiation method of the present invention;
Figure 13 is the flow diagram of the 12nd embodiment of cryptographic key negotiation method of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of cryptographic key negotiation method, improves the safety of session key between Cloud Server and equipment,
And then enhance the safety of Cloud Server and communication between devices.
As shown in Figure 1, Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to
The terminal of that embodiment of the invention can be server, be also possible to equipment, such as air conditioner, air regulator, electric meal
Pot, intelligent door lock etc..
As shown in Figure 1, the server may include: processor 1001, such as CPU, memory 1002, communication bus
1003.Wherein, communication bus 1003 is for realizing the connection communication between each building block in the server.Memory 1002 can
To be high speed RAM memory, it is also possible to stable memory (non-volatile memory), such as magnetic disk storage.It deposits
Reservoir 1002 optionally can also be the storage device independently of aforementioned processor 1001.
As shown in Figure 1, as may include Key Agreement procedure in a kind of memory 1002 of computer storage medium.
In server shown in Fig. 1, processor 1001 can be used for calling the key agreement stored in memory 1002
Program, and execute following operation:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message
The first ciphertext data are obtained, and the first ciphertext data are decrypted by Cloud Server private key, obtain and save the first random number,
Wherein, the equipment generates first random number, obtains described the by the first random number described in Cloud Server public key encryption
One ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server;
The Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext number to second random number
According to;
The second ciphertext data are back to the equipment, so that the equipment is by decrypting the second ciphertext data
Obtain and save second random number, and the cloud service according to second random number and first generating random number
Session key between device and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
First key check value is generated to second random number encryption according to preset algorithm;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment exists
When receiving the second ciphertext data and the first key check value, decrypts the second ciphertext data and obtain described the
Two random numbers, and the second keycheck value is generated to second random number encryption according to the preset algorithm, described second
When keycheck value is consistent with the first key check value, then second random number is saved;
According to second random number and first generating random number between Cloud Server and the equipment
Session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second random number is encrypted using equipment public key to obtain the second ciphertext data.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns
It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Equipment generates the first random number, obtains the first ciphertext number by the first random number described in Cloud Server public key encryption
According to, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, for described
Cloud Server is after receiving the key negotiation request message that the equipment is sent, according to the key negotiation request Receive message
First ciphertext data, and the first ciphertext data are decrypted by Cloud Server private key, obtain and save described first with
Machine number;
The equipment decrypts the second ciphertext data and obtains and save second at random when receiving the second ciphertext data
Number, and the session according to second random number and first generating random number between Cloud Server and the equipment
Key, wherein the Cloud Server generates second random number, and is encrypted to obtain described the to second random number
The second ciphertext data are back to the equipment by two ciphertext data.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment decrypts second ciphertext when receiving the second ciphertext data and first key check value
Data obtain second random number, and generate the second keycheck value to second random number encryption according to preset algorithm,
When second keycheck value is consistent with the first key check value, then second random number is saved, wherein described
Cloud Server generates the first key check value to second random number encryption according to the preset algorithm, and by described the
Two ciphertext data and the first key check value are back to the equipment;
According to second random number and first generating random number between Cloud Server and the equipment
Session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The second ciphertext data are decrypted using the device private to obtain second random number.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described
When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in institute
When stating in decrypted result comprising the preset field, then key agreement confirmation message is sent to the equipment.
Referring to Fig. 2, in the first embodiment, the cryptographic key negotiation method includes:
Step S10, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key agreement
Request message obtains the first ciphertext data, and decrypts the first ciphertext data by Cloud Server private key, obtains and saves the
One random number, wherein the equipment generates first random number, is obtained by the first random number described in Cloud Server public key encryption
To the first ciphertext data, and the key negotiation request message is generated according to the first ciphertext data and is sent to the cloud
Server;
In the present embodiment, executing subject is Cloud Server.It is a variety of that equipment can be air conditioner, washing machine, intelligent door lock etc.
Smart machine can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be referred to
It enables, to control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
When Cloud Server and equipment carry out key agreement, key negotiation request message that Cloud Server is sent according to equipment
Obtain the first random number, wherein the first random number is equipment generation, and equipment is obtained by the first random number of Cloud Server public key encryption
To the first ciphertext data, and key negotiation request message is generated according to the first ciphertext data and is sent to Cloud Server.
Step S11, the described Cloud Server generates the second random number, and is encrypted to obtain second to second random number
Ciphertext data;
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number.Wherein, may be used
The second random number is encrypted using equipment public key to obtain the second ciphertext data.Equipment public key can be equipment generation, can also
To extract from equipment public key certificate, equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.This kind of mode increases the randomness of certificate.It should be noted that predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool
Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate
Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first
What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset
Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service
Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate
When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash,
When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message
Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with
And session key validity period mark etc..Wherein, equipment generates the first random number, and random by Cloud Server public key encryption first
Number obtains the first ciphertext data, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee that the safety of the first random number passes
It is defeated.
Step S12, the second ciphertext data are back to the equipment, so that the equipment passes through decryption described second
Ciphertext data obtain and save second random number;
Second ciphertext data are back to equipment by Cloud Server, so that equipment decryption the second ciphertext data acquisition second is random
Number.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and the
Session key between one generating random number server and equipment.It should be noted that equipment can utilize device private decryption the
Two ciphertext data.
Step S13, the Cloud Server according to second random number and first generating random number is set with described
Session key between standby.
Preferably, according to the step of the second random number and the first generating random number session key may is that by second with
Machine number is spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and first with
Machine number, which generates session key, can also other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In the first embodiment, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to key
Message of negotiation request obtains and saves the first random number, and Cloud Server generates the second random number, to the second random number encryption
After be back to equipment, so that equipment obtains and save the second random number, according to the second random number and the first generating random number cloud
Session key between server and equipment.In this way, improving the safety of session key between Cloud Server and equipment, in turn
Enhance the safety of Cloud Server and communication between devices.
In a second embodiment, as shown in figure 3, on the basis of above-mentioned embodiment shown in Fig. 2, it is described to described second with
Machine number was encrypted after the step of obtaining the second ciphertext data, further includes:
Step S14, first key check value is generated to second random number encryption according to preset algorithm;
Step S15, the second ciphertext data and the first key check value are back to the equipment, for institute
Equipment is stated when receiving the second ciphertext data and the first key check value, the second ciphertext data is decrypted and obtains
The second keycheck value is generated to second random number encryption to second random number, and according to the preset algorithm,
When second keycheck value is consistent with the first key check value, then second random number is saved;
Step S16, the Cloud Server according to second random number and first generating random number is set with described
Session key between standby.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains the first random number, wherein the first random number is equipment generation, and equipment passes through Cloud Server public key encryption
First random number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to cloud service
Device.Then, Cloud Server generates the second random number, according to preset algorithm to the splicing result of the second random number and the first random number
It carries out encryption and generates first key check value, also, Cloud Server is encrypted to obtain using equipment public key to the second random number
Second ciphertext data.Second ciphertext data and first key check value are back to equipment by Cloud Server, for equipment utilization
Device private decrypts the second ciphertext data to obtain the second random number, and random with first to the second random number according to preset algorithm
Several splicing results encrypts to obtain the second keycheck value, when the second keycheck value is consistent with first key check value, protects
Deposit the second random number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to second with
Session key between machine number and the first generating random number Cloud Server and equipment.Preferably, according to the second random number and
The step of first generating random number session key, which may is that, splices the second random number and the first random number, and splicing is tied
Fruit is as session key.Certainly, other way can also be had according to the second random number and the first generating random number session key,
The present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value are for verifying session key.With first
For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second random number and the first random number and generates first
The step of keycheck value, which may is that, adds predetermined bite according to the splicing result of the second random number and the first random number
It is close, encrypted result is obtained, and using the preset byte of encrypted result as first key check value.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than
Such as, Cloud Server according to splicing result of the SHA256 algorithm to the second random number and the first random number carries out operation and obtains first plucking
Information is wanted, equipment obtains second to the splicing result progress operation of the second random number and the first random number according to SHA256 algorithm and plucks
Information is wanted, when the second summary info is consistent with the first summary info, then equipment saves the second random number, and random according to second
The several and session key between the first generating random number Cloud Server and equipment.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In a second embodiment, after Cloud Server obtains the first random number, the second random number is generated, and to the second random number
It is encrypted to obtain the second ciphertext data, first key check value is generated to the second random number encryption according to preset algorithm, and will
Second ciphertext data and first key check value are sent to equipment, so that equipment is verified by first key check value,
When verification passes through, according to the second random number and the first generating random number session key.In this way, improving Cloud Server and setting
The safety of session key between standby.
In the third embodiment, described as shown in figure 4, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 3
Session key according to second random number and first generating random number between Cloud Server and the equipment
The step of include:
Step S161, second random number and first random number are spliced, obtains splicing result;
Step S162, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second random number and the first generating random number session key by
Two random numbers are spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and
One generating random number session key can also have other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In the third embodiment, the second random number and the first random number are spliced, and is taken splicing result as cloud
The session key being engaged between device and equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
In the fourth embodiment, described as shown in figure 5, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 4
Include: to the step of second random number encryption generation first key check value according to preset algorithm
Step S141, predetermined bite is encrypted according to second random number and first random number, is obtained
Encrypted result;
Step S142, using the preset byte of the encrypted result as the first key check value.
In the present embodiment, first key check value is for verifying session key.According to preset algorithm to the second random number with
The splicing result of first random number, which carries out the step of encryption generates first key check value, may is that according to the second random number and the
The splicing result of one random number encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as
First key check value.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the fourth embodiment, predetermined bite is encrypted according to the second random number and the first random number, is added
It is close as a result, and using the preset byte of encrypted result as first key check value.In this way, improving between Cloud Server and equipment
The safety of session key.
In the 5th embodiment, described as shown in fig. 6, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 5
Being encrypted the step of obtaining the second ciphertext data to second random number includes:
Step S111, second random number is encrypted using equipment public key to obtain the second ciphertext data.
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number.It is available
Equipment public key is encrypted to obtain the second ciphertext data to the second random number, and equipment public key can be equipment generation, can also be from
It is extracted in equipment public key certificate, wherein equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.This kind of mode increases the randomness of certificate, wherein predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool
Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate
Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first
What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset
Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service
Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate
When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash,
When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message
Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with
And session key validity period mark etc..Wherein, the first ciphertext data are that equipment generates the first random number, and passes through Cloud Server public affairs
Key encrypts what the first random number obtained, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee the peace of the first random number
Full transmission.
In the 5th embodiment, the second random number is encrypted using equipment public key to obtain the second ciphertext data, in this way,
It ensure that the safe transmission of the second random number.
In the sixth embodiment, described as shown in fig. 7, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 6
Session key according to second random number and first generating random number between Cloud Server and the equipment
The step of after, further includes:
Step S17, the described Cloud Server is when receiving the key agreement confirmation message that the equipment returns, using described
Session key decrypts the key agreement confirmation message and obtains decrypted result;
Step S18, it when in the decrypted result including preset field, then sends key agreement confirmation message and is set to described
It is standby.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value
The second ciphertext data are decrypted to obtain the second random number, and the splicing according to preset algorithm to the second random number and the first random number
As a result encryption obtain the second keycheck value, when the second keycheck value is consistent with first key check value, preservation second with
Machine number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and
Session key between first generating random number Cloud Server and equipment.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with
Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes
Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result,
When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be
Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the sixth embodiment, Cloud Server is when receiving the key agreement confirmation message of equipment return, decruption key
Negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation message
To equipment.In this way, realizing the key agreement between Cloud Server and equipment.
The present invention also provides a kind of cryptographic key negotiation methods, referring to Fig. 8, in the seventh embodiment, the cryptographic key negotiation method
The following steps are included:
Step S20, equipment generates the first random number, obtains first by the first random number described in Cloud Server public key encryption
Ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, with
For the Cloud Server after receiving the key negotiation request message that the equipment is sent, according to the key negotiation request report
Text obtains the first ciphertext data, and decrypts the first ciphertext data by Cloud Server private key, obtain and save and is described
First random number;
Step S21, the described equipment decrypts the second ciphertext data and obtains and save when receiving the second ciphertext data
Second random number, and the Cloud Server according to second random number and first generating random number and the equipment it
Between session key, wherein the Cloud Server generates second random number, and encrypt to second random number
To the second ciphertext data, the second ciphertext data are back to the equipment.
In the present embodiment, executing subject is Cloud Server.It is a variety of that equipment can be air conditioner, washing machine, intelligent door lock etc.
Smart machine can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be referred to
It enables, to control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
When Cloud Server and equipment carry out key agreement, key negotiation request message that Cloud Server is sent according to equipment
Obtain the first random number, wherein the first random number is equipment generation, and equipment is obtained by the first random number of Cloud Server public key encryption
To the first ciphertext data, and key negotiation request message is generated according to the first ciphertext data and is sent to Cloud Server.
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number.Wherein, may be used
The second random number is encrypted using equipment public key to obtain the second ciphertext data.Equipment public key can be equipment generation, can also
To extract from equipment public key certificate, equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.This kind of mode increases the randomness of certificate.It should be noted that predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool
Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate
Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first
What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset
Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service
Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate
When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash,
When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message
Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with
And session key validity period mark etc..Wherein, equipment generates the first random number, and random by Cloud Server public key encryption first
Number obtains the first ciphertext data, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee that the safety of the first random number passes
It is defeated.
Second ciphertext data are back to equipment by Cloud Server, so that equipment decryption the second ciphertext data acquisition second is random
Number.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and the
Session key between one generating random number server and equipment.It should be noted that equipment can utilize device private decryption the
Two ciphertext data.
Preferably, according to the step of the second random number and the first generating random number session key may is that by second with
Machine number is spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and first with
Machine number, which generates session key, can also other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In the seventh embodiment, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to key
Message of negotiation request obtains and saves the first random number, and Cloud Server generates the second random number, to the second random number encryption
After be back to equipment, so that equipment obtains and save the second random number, according to the second random number and the first generating random number cloud
Session key between server and equipment.In this way, improving the safety of session key between Cloud Server and equipment, in turn
Enhance the safety of Cloud Server and communication between devices.
In the eighth embodiment, described according to described first as shown in figure 9, on the basis of above-mentioned embodiment shown in Fig. 8
Ciphertext data generated after the step of key negotiation request message is sent to the Cloud Server, further includes:
Step S22, the described equipment is when receiving the second ciphertext data and first key check value, described in decryption
Second ciphertext data obtain second random number, and generate the second key to second random number encryption according to preset algorithm
Check value then saves second random number when second keycheck value is consistent with the first key check value,
In, the Cloud Server generates the first key check value to second random number encryption according to the preset algorithm, and
The second ciphertext data and the first key check value are back to the equipment;
Step S23, the Cloud Server according to second random number and first generating random number is set with described
Session key between standby.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains the first random number, wherein the first random number is equipment generation, and equipment passes through Cloud Server public key encryption
First random number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to cloud service
Device.Then, Cloud Server generates the second random number, according to preset algorithm to the splicing result of the second random number and the first random number
It carries out encryption and generates first key check value, also, Cloud Server is encrypted to obtain using equipment public key to the second random number
Second ciphertext data.Second ciphertext data and first key check value are back to equipment by Cloud Server, for equipment utilization
Device private decrypts the second ciphertext data to obtain the second random number, and random with first to the second random number according to preset algorithm
Several splicing results encrypts to obtain the second keycheck value, when the second keycheck value is consistent with first key check value, protects
Deposit the second random number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to second with
Session key between machine number and the first generating random number Cloud Server and equipment.Preferably, according to the second random number and
The step of first generating random number session key, which may is that, splices the second random number and the first random number, and splicing is tied
Fruit is as session key.Certainly, other way can also be had according to the second random number and the first generating random number session key,
The present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value are for verifying session key.With first
For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second random number and the first random number and generates first
The step of keycheck value, which may is that, adds predetermined bite according to the splicing result of the second random number and the first random number
It is close, encrypted result is obtained, and using the preset byte of encrypted result as first key check value.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than
Such as, Cloud Server according to splicing result of the SHA256 algorithm to the second random number and the first random number carries out operation and obtains first plucking
Information is wanted, equipment obtains second to the splicing result progress operation of the second random number and the first random number according to SHA256 algorithm and plucks
Information is wanted, when the second summary info is consistent with the first summary info, then equipment saves the second random number, and random according to second
The several and session key between the first generating random number Cloud Server and equipment.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In the eighth embodiment, after Cloud Server obtains the first random number, the second random number is generated, and to the second random number
It is encrypted to obtain the second ciphertext data, first key check value is generated to the second random number encryption according to preset algorithm, and will
Second ciphertext data and first key check value are sent to equipment, so that equipment is verified by first key check value,
When verification passes through, according to the second random number and the first generating random number session key.In this way, improving Cloud Server and setting
The safety of session key between standby.
It is as shown in Figure 10, described on the basis of the embodiment shown in above-mentioned Fig. 8 to any one of Fig. 9 in the 9th embodiment
Session key according to second random number and first generating random number between Cloud Server and the equipment
The step of include:
Step S231, second random number and first random number are spliced, obtains splicing result;
Step S232, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second random number and the first generating random number session key by
Two random numbers are spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and
One generating random number session key can also have other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public
Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent
Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes
The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key
Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs
Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit
It is fixed.
In the 9th embodiment, the second random number and the first random number are spliced, and taken splicing result as cloud
The session key being engaged between device and equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
In the tenth embodiment, referring to Fig.1 1, it is described on the basis of the embodiment shown in above-mentioned Fig. 8 to any one of Figure 10
Include: to the step of second random number encryption the second keycheck value of generation according to preset algorithm
Step S221, predetermined bite is encrypted according to second random number and first random number, is obtained
Encrypted result;
Step S222, using the preset byte of the encrypted result as second keycheck value.
In the present embodiment, the first default check value is for verifying session key.It is random to described second according to preset algorithm
The step of number encryption generates first key check value may is that according to the second random number and the first random number to predetermined bite into
Row encryption, obtains encrypted result, and using the preset byte of encrypted result as first key check value.It is of course also possible to there is it
Its mode, for example the second random number and the first random number are encrypted using key, using encrypted result as first key check value
Deng the present invention is not especially limited.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the tenth embodiment, predetermined bite is encrypted according to the second random number and the first random number, is added
It is close as a result, and using the preset byte of encrypted result as first key check value.This way it is ensured that Cloud Server and device keys
The safety of negotiation.
In the 11st embodiment, as shown in figure 12, on the basis of the embodiment shown in above-mentioned Fig. 8 to any one of Figure 11,
Decryption the second ciphertext data obtain and include: the step of saving the second random number
Step S211, it is decrypted to obtain described second at random to the second ciphertext data using the device private
Number.
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number.It is available
Equipment public key is encrypted to obtain the second ciphertext data to the second random number, and equipment public key can be equipment generation, can also be from
It is extracted in equipment public key certificate, wherein equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.This kind of mode increases the randomness of certificate, wherein predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool
Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate
Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first
What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset
Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service
Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate
When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash,
When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message
Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with
And session key validity period mark etc..Wherein, the first ciphertext data are that equipment generates the first random number, and passes through Cloud Server public affairs
Key encrypts what the first random number obtained, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee the peace of the first random number
Full transmission.
In the 11st embodiment, the second ciphertext data are decrypted to obtain the second random number using device private, this
Sample ensure that the safe transmission of the second random number.
In the 12nd embodiment, as shown in figure 13, on the basis of the embodiment shown in above-mentioned Fig. 8 to any one of Figure 12,
The session according to second random number and first generating random number between Cloud Server and the equipment
After the step of key, further includes:
Step S24, session key described in the described equipment utilization encrypts preset field, obtains key agreement confirmation letter
Breath;
Step S25, the key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is connecing
When receiving the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decryption knot
Fruit then sends key agreement confirmation message to the equipment when in the decrypted result comprising the preset field.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value
The second ciphertext data are decrypted to obtain the second random number, and the splicing according to preset algorithm to the second random number and the first random number
As a result encryption obtain the second keycheck value, when the second keycheck value is consistent with first key check value, preservation second with
Machine number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and
Session key between first generating random number Cloud Server and equipment.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with
Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes
Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result,
When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be
Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the 12nd embodiment, Cloud Server is decrypted close when receiving the key agreement confirmation message of equipment return
Key negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation report
Text is to equipment.In this way, realizing the key agreement between Cloud Server and equipment.
In addition, the present invention also proposes that a kind of Cloud Server, the Cloud Server include memory, processor and be stored in
On reservoir and the Key Agreement procedure that can run on a processor, it is executing subject that the processor, which executes above-mentioned Cloud Server such as,
Under the cryptographic key negotiation method the step of.
In addition, the present invention also proposes that a kind of equipment, the equipment include memory, processor and stores on a memory simultaneously
The Key Agreement procedure that can be run on a processor, it is the key under executing subject that the processor, which executes above equipment such as,
The step of machinery of consultation.
In addition, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium include close
Key negotiation procedure, the Key Agreement procedure realize cryptographic key negotiation method as described above in Example when being executed by processor
Step.
In addition, the present invention also proposes that a kind of key agreement system, the key agreement system include above-mentioned Cloud Server, with
And above equipment.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be TV
Machine, mobile phone, computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (16)
1. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request Receive message
First ciphertext data, and the first ciphertext data are decrypted by Cloud Server private key, the first random number is obtained and saves,
In, the equipment generates first random number, obtains described first by the first random number described in Cloud Server public key encryption
Ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server;
The Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to second random number;
The second ciphertext data are back to the equipment, so that the equipment is obtained by decrypting the second ciphertext data
And save second random number, and the Cloud Server according to second random number and first generating random number with
Session key between the equipment.
2. cryptographic key negotiation method as described in claim 1, which is characterized in that described encrypt to second random number
After the step of to the second ciphertext data, further includes:
First key check value is generated to second random number encryption according to preset algorithm;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment is receiving
When to the second ciphertext data and the first key check value, decrypt the second ciphertext data obtain described second with
Machine number, and the second keycheck value is generated to second random number encryption according to the preset algorithm, in second key
When check value is consistent with the first key check value, then second random number is saved;
Session according to second random number and first generating random number between Cloud Server and the equipment
Key.
3. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described according to second random number and described
The step of session key between Cloud Server described in first generating random number and the equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
4. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described random to described second according to preset algorithm
Counting the step of encryption generates first key check value includes:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
5. the cryptographic key negotiation method stated such as claim 1, which is characterized in that described to be encrypted to obtain to second random number
The step of second ciphertext data includes:
Second random number is encrypted using equipment public key to obtain the second ciphertext data.
6. cryptographic key negotiation method as described in claim 1, which is characterized in that described according to second random number and described
After the step of session key between Cloud Server described in first generating random number and the equipment, further includes:
The Cloud Server is decrypted when receiving the key agreement confirmation message that the equipment returns using the session key
The key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
7. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Equipment generates the first random number, obtains the first ciphertext data by the first random number described in Cloud Server public key encryption, and
The key negotiation request message is generated according to the first ciphertext data and is sent to the Cloud Server, for the cloud service
Device is after receiving the key negotiation request message that the equipment is sent, the according to the key negotiation request Receive message
One ciphertext data, and the first ciphertext data are decrypted by Cloud Server private key, it obtains and saves first random number;
The equipment decrypts the second ciphertext data and obtains and save the second random number when receiving the second ciphertext data,
And the session according to second random number and first generating random number between Cloud Server and the equipment is close
Key, wherein the Cloud Server generates second random number, and is encrypted to obtain described second to second random number
The second ciphertext data are back to the equipment by ciphertext data.
8. cryptographic key negotiation method as claimed in claim 7, which is characterized in that described to generate institute according to the first ciphertext data
After stating the step of key negotiation request message is sent to the Cloud Server, further includes:
The equipment decrypts the second ciphertext data when receiving the second ciphertext data and first key check value
Second random number is obtained, and the second keycheck value is generated to second random number encryption according to preset algorithm, in institute
State the second keycheck value it is consistent with the first key check value when, then save second random number, wherein cloud clothes
Business device generates the first key check value to second random number encryption according to the preset algorithm, and close by described second
Literary data and the first key check value are back to the equipment;
Session according to second random number and first generating random number between Cloud Server and the equipment
Key.
9. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to second random number and described
The step of session key between Cloud Server described in first generating random number and the equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
10. cryptographic key negotiation method as claimed in claim 8, which is characterized in that it is described according to preset algorithm to described second with
Machine number encryption generate the second keycheck value the step of include:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
11. cryptographic key negotiation method as claimed in claim 7, which is characterized in that decryption the second ciphertext data obtain
And the step of saving the second random number, includes:
The second ciphertext data are decrypted using the device private to obtain second random number.
12. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to second random number and institute
After the step of stating the session key between Cloud Server described in the first generating random number and the equipment, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is receiving the key
When negotiating confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in the solution
When in close result including the preset field, then key agreement confirmation message is sent to the equipment.
13. a kind of Cloud Server, which is characterized in that the Cloud Server includes memory, processor and is stored in the storage
It is real when the Key Agreement procedure is executed by the processor on device and the Key Agreement procedure that can run on the processor
Now such as the step of cryptographic key negotiation method described in any one of claims 1 to 6.
14. a kind of equipment, which is characterized in that the equipment includes memory, processor and is stored on the memory and can
The Key Agreement procedure run on the processor realizes such as right when the Key Agreement procedure is executed by the processor
It is required that the step of cryptographic key negotiation method described in any one of 7 to 12.
15. a kind of computer readable storage medium, which is characterized in that be stored with key association on the computer readable storage medium
Quotient's program realizes the key association as described in any one of claims 1 to 12 when the Key Agreement procedure is executed by processor
The step of quotient's method.
16. a kind of key agreement system, which is characterized in that the key agreement system includes cloud as described in claim 13
Server and equipment as described in claim 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811302500.5A CN109039628A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811302500.5A CN109039628A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109039628A true CN109039628A (en) | 2018-12-18 |
Family
ID=64614367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811302500.5A Pending CN109039628A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109039628A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
| CN110475095A (en) * | 2019-08-21 | 2019-11-19 | 苏州科达科技股份有限公司 | A kind of conference control method, device, equipment and readable storage medium storing program for executing |
| CN111490876A (en) * | 2020-04-03 | 2020-08-04 | 北京达龙上东文化艺术传播有限责任公司 | Communication method based on USB KEY and USB KEY |
| CN111506295A (en) * | 2020-04-14 | 2020-08-07 | 杭州涂鸦信息技术有限公司 | Data processing method, system and related equipment |
| CN111726362A (en) * | 2020-06-23 | 2020-09-29 | 广东博智林机器人有限公司 | Information transmission method, information transmission system, first device and second device |
| CN111756535A (en) * | 2020-06-30 | 2020-10-09 | 北京海泰方圆科技股份有限公司 | Communication key negotiation method, device, storage medium and electronic equipment |
| CN112187458A (en) * | 2020-09-29 | 2021-01-05 | 京东数字科技控股股份有限公司 | Method, device, system and medium for activating session between equipment end and platform end |
| CN112422275A (en) * | 2020-10-26 | 2021-02-26 | 深圳Tcl新技术有限公司 | Key negotiation method, system, equipment and computer storage medium in UART communication |
| CN112769912A (en) * | 2020-12-30 | 2021-05-07 | 厦门市美亚柏科信息股份有限公司 | Data synchronization method of Internet of things equipment and computer readable storage medium |
| CN113452660A (en) * | 2020-03-27 | 2021-09-28 | 瑞昱半导体股份有限公司 | Communication method of mesh network and cloud server, mesh network system and node device thereof |
| CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
| WO2022094936A1 (en) * | 2020-11-06 | 2022-05-12 | Oppo广东移动通信有限公司 | Access method, device, and cloud platform device |
| CN115051871A (en) * | 2022-06-30 | 2022-09-13 | 无锡睿勤科技有限公司 | Authentication method and device, and storage medium |
| CN115065466A (en) * | 2022-06-23 | 2022-09-16 | 中国电信股份有限公司 | Key agreement method, key agreement device, electronic equipment and computer-readable storage medium |
| CN115314204A (en) * | 2022-10-11 | 2022-11-08 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
-
2018
- 2018-11-02 CN CN201811302500.5A patent/CN109039628A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
| CN110475095A (en) * | 2019-08-21 | 2019-11-19 | 苏州科达科技股份有限公司 | A kind of conference control method, device, equipment and readable storage medium storing program for executing |
| CN113452660A (en) * | 2020-03-27 | 2021-09-28 | 瑞昱半导体股份有限公司 | Communication method of mesh network and cloud server, mesh network system and node device thereof |
| CN111490876A (en) * | 2020-04-03 | 2020-08-04 | 北京达龙上东文化艺术传播有限责任公司 | Communication method based on USB KEY and USB KEY |
| CN111506295A (en) * | 2020-04-14 | 2020-08-07 | 杭州涂鸦信息技术有限公司 | Data processing method, system and related equipment |
| CN111726362A (en) * | 2020-06-23 | 2020-09-29 | 广东博智林机器人有限公司 | Information transmission method, information transmission system, first device and second device |
| CN111756535A (en) * | 2020-06-30 | 2020-10-09 | 北京海泰方圆科技股份有限公司 | Communication key negotiation method, device, storage medium and electronic equipment |
| CN112187458A (en) * | 2020-09-29 | 2021-01-05 | 京东数字科技控股股份有限公司 | Method, device, system and medium for activating session between equipment end and platform end |
| CN112422275A (en) * | 2020-10-26 | 2021-02-26 | 深圳Tcl新技术有限公司 | Key negotiation method, system, equipment and computer storage medium in UART communication |
| WO2022094936A1 (en) * | 2020-11-06 | 2022-05-12 | Oppo广东移动通信有限公司 | Access method, device, and cloud platform device |
| CN112769912A (en) * | 2020-12-30 | 2021-05-07 | 厦门市美亚柏科信息股份有限公司 | Data synchronization method of Internet of things equipment and computer readable storage medium |
| CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
| CN114143026B (en) * | 2021-10-26 | 2024-01-23 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
| CN115065466A (en) * | 2022-06-23 | 2022-09-16 | 中国电信股份有限公司 | Key agreement method, key agreement device, electronic equipment and computer-readable storage medium |
| CN115065466B (en) * | 2022-06-23 | 2024-01-19 | 中国电信股份有限公司 | Key negotiation method, device, electronic equipment and computer readable storage medium |
| CN115051871A (en) * | 2022-06-30 | 2022-09-13 | 无锡睿勤科技有限公司 | Authentication method and device, and storage medium |
| CN115314204A (en) * | 2022-10-11 | 2022-11-08 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
| CN115314204B (en) * | 2022-10-11 | 2022-12-16 | 南京易科腾信息技术有限公司 | Random number generation method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109039628A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
| CN109005028A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
| CN109040149A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
| CN109120649A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
| CN109039657A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
| CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| US20170302646A1 (en) | Identity authentication method and apparatus | |
| CN109274503A (en) | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system | |
| CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
| CN110198295A (en) | Safety certifying method and device and storage medium | |
| CN106549940B (en) | Vehicle data transmission method and system | |
| CN103795534A (en) | Password-based authentication method and apparatus executing the method | |
| CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN109257170A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN109728914A (en) | Digital signature authentication method, system, device and computer readable storage medium | |
| CN103095456A (en) | Method and system for processing transaction messages | |
| CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
| CN108964922A (en) | mobile terminal token activation method, terminal device and server | |
| CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
| CN109039627A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |
|
| RJ01 | Rejection of invention patent application after publication |