CN109040149A - Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system - Google Patents
Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system Download PDFInfo
- Publication number
- CN109040149A CN109040149A CN201811302357.XA CN201811302357A CN109040149A CN 109040149 A CN109040149 A CN 109040149A CN 201811302357 A CN201811302357 A CN 201811302357A CN 109040149 A CN109040149 A CN 109040149A
- Authority
- CN
- China
- Prior art keywords
- key
- equipment
- cloud server
- ciphertext data
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The invention discloses a kind of cryptographic key negotiation methods, comprising the following steps: Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request Receive message equipment public key certificate;Sign test is carried out to the signature result in the equipment public key certificate using predetermined server public key, and when sign test passes through, the extract equipment public key from the equipment public key certificate;The Cloud Server generates the second key, and by second key using the equipment is sent to after the equipment public key encryption, to carry out the key agreement between the Cloud Server and the equipment.The invention also discloses a kind of Cloud Server, equipment, computer readable storage medium and key agreement systems.Invention increases the randomnesss of certificate, to increase the difficulty that packet capturing obtains authentication information, strengthen the safety of cipher key agreement process.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of cryptographic key negotiation method, Cloud Server, equipment, meters
Calculation machine readable storage medium storing program for executing and key agreement system.
Background technique
In the prior art, Cloud Server determines that the legitimacy of equipment generally passes through pre-set device certificate in equipment,
Or pre-set public key confirms in equipment, but this mode safety is lower, for example is easy to appear packet capturing and obtains body
The case where part authentication information.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of cryptographic key negotiation method, Cloud Server, equipment, computer-readable storages
Medium and key agreement system, it is intended to increase the randomness of certificate, thus increase the difficulty that packet capturing obtains authentication information,
Reinforce the safety of cipher key agreement process.
To achieve the above object, the present invention provides a kind of cryptographic key negotiation method, and the cryptographic key negotiation method includes following step
It is rapid:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message
Obtain equipment public key certificate;
Sign test is carried out to the signature result in the equipment public key certificate using predetermined server public key, and is passed through in sign test
When, the extract equipment public key from the equipment public key certificate;
The Cloud Server generates the second key, and by second key using obtaining the after the equipment public key encryption
The second ciphertext data are sent to the equipment, to carry out between the Cloud Server and the equipment by two ciphertext data
Key agreement.
Preferably, second key is random number.
Preferably, described that sign test is carried out to the signature result in the equipment public key certificate using predetermined server public key
Step includes:
Using the signature result in equipment public key certificate described in the predetermined server public key decryptions, third Hash is obtained
Value, wherein the signature result is that the Cloud Server encrypts first cryptographic Hash using predetermined server private key
It obtains;
When the third cryptographic Hash is consistent with first cryptographic Hash, to the presupposed information in the equipment public key certificate
Carry out Hash operation, obtain the second cryptographic Hash, the presupposed information include certificate format, certificate serial number, hash algorithm mark,
At least one of equipment public key algorithm mark and the equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then determine that sign test is logical
It crosses.
Preferably, include: the step of progress key agreement between the Cloud Server and the equipment
The Cloud Server passes through Cloud Server private according to the first ciphertext of key negotiation request Receive message data
Key decrypts the first ciphertext data, obtains and saves first key, wherein the equipment generates the first key, passes through
First key described in Cloud Server public key encryption obtains the first ciphertext data, and according to the first ciphertext data and institute
It states the equipment public key certificate generation key negotiation request message and is sent to the Cloud Server;
The second ciphertext data are back to the equipment, so that the equipment is receiving the second ciphertext data
When, it is obtained using device private decryption the second ciphertext data and saves second key;
The session between the Cloud Server and the equipment is generated according to second key and the first key
Key.
Preferably, after described the step of obtaining and saving first key, further includes:
Second key is encrypted according to preset algorithm and generates first key check value;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment exists
When receiving the second ciphertext data and the first key check value, it is close that described second is decrypted using the device private
Literary data obtain second key, and are encrypted according to the preset algorithm to second key and generate the second key verification
Value, when second keycheck value is consistent with the first key check value, then saves second key;
The session between the Cloud Server and the equipment is generated according to second key and the first key
Key.
Preferably, described the step of encrypting generation first key check value to second key according to preset algorithm, wraps
It includes:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Preferably, described that the Cloud Server and the equipment are generated according to second key and the first key
Between session key the step of after, further includes:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns
It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
Preferably, described that the Cloud Server and the equipment are generated according to second key and the first key
Between session key the step of include:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
To achieve the above object, the present invention also provides a kind of cryptographic key negotiation method, the cryptographic key negotiation method includes following
Step:
Equipment generates key negotiation request message according to equipment public key certificate, and the key negotiation request message is sent
To Cloud Server, so that the Cloud Server is after receiving the key negotiation request message that the equipment is sent, according to described
Key negotiation request Receive message equipment public key certificate, using predetermined server public key to the signature in the equipment public key certificate
As a result sign test is carried out, when sign test passes through, the extract equipment public key from the equipment public key certificate, and the Cloud Server is raw
At the second key, and by second key using the second ciphertext data are obtained after the equipment public key encryption, by described second
Ciphertext data are sent to the equipment, to carry out the key agreement between the Cloud Server and the equipment.
Preferably, second key is random number.
Preferably, after the described the step of key negotiation request message is sent to Cloud Server, further includes:
The equipment generates first key, obtains the first ciphertext number by first key described in Cloud Server public key encryption
According to, and the key negotiation request message is generated according to the first ciphertext data and equipment public key certificate and is sent to the cloud
Server, for key negotiation request Receive message the first ciphertext data that the Cloud Server is sent according to the equipment, and
The first ciphertext data are decrypted by Cloud Server private key, obtains and saves first key;
The equipment decrypts the second ciphertext number when receiving the second ciphertext data, using the device private
According to obtaining and save the second key, and according to second key and the first key generate the Cloud Server with it is described
Session key between equipment, wherein it is close to generate described second when obtaining and saving the first key for the Cloud Server
Key, and second key is encrypted using the equipment public key to obtain the second ciphertext data, by the second ciphertext number
According to being back to the equipment.
Preferably, described to generate the key negotiation request report according to the first ciphertext data and equipment public key certificate
Text was sent to after the step of Cloud Server, further includes:
The equipment utilizes the device private when receiving the second ciphertext data and first key check value
It decrypts the second ciphertext data and obtains second key, and second is generated to second key encryption according to preset algorithm
Keycheck value then saves second key when second keycheck value is consistent with the first key check value,
And the session key between the Cloud Server and the equipment is generated according to second key and the first key,
In, the Cloud Server generates the first key check value to second key encryption according to the preset algorithm, and will
The second ciphertext data and the first key check value are back to the equipment.
Preferably, described the step of encrypting the second keycheck value of generation to second key according to preset algorithm, wraps
It includes:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Preferably, described that the Cloud Server and the equipment are generated according to second key and the first key
Between session key the step of after, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described
When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, and
When in the decrypted result including the preset field, then key agreement confirmation message is sent to the equipment.
Preferably, described that the Cloud Server and the equipment are generated according to second key and the first key
Between session key the step of include:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
To achieve the above object, the present invention also provides a kind of Cloud Server, the Cloud Server includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of equipment, the equipment includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages
Key Agreement procedure is stored on medium, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by processor
Step.
To achieve the above object, the present invention also provides a kind of key agreement systems, and the key agreement system includes above-mentioned
Cloud Server and above equipment.
Cryptographic key negotiation method, Cloud Server, equipment, computer readable storage medium and key agreement provided by the invention
System, Cloud Server obtain after the key negotiation request message for receiving equipment transmission according to the key negotiation request message
Equipment public key certificate is taken, sign test is carried out to the signature result in equipment public key certificate using predetermined server public key, and in sign test
By when, the extract equipment public key from equipment public key certificate, and Cloud Server generate the second key, and by the second key use
It is sent to equipment after equipment public key encryption, to carry out the key agreement between Cloud Server and equipment.Invention increases certificates
Randomness, thus increase packet capturing obtain authentication information difficulty, strengthen the safety of cipher key agreement process.
Detailed description of the invention
Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key negotiation method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key negotiation method second embodiment of the present invention;
Fig. 4 is the flow diagram of cryptographic key negotiation method 3rd embodiment of the present invention;
Fig. 5 is the flow diagram of cryptographic key negotiation method fourth embodiment of the present invention;
Fig. 6 is the flow diagram of the 5th embodiment of cryptographic key negotiation method of the present invention;
Fig. 7 is the flow diagram of cryptographic key negotiation method sixth embodiment of the present invention;
Fig. 8 is the flow diagram of the 7th embodiment of cryptographic key negotiation method of the present invention;
Fig. 9 is the flow diagram of the 8th embodiment of cryptographic key negotiation method of the present invention;
Figure 10 is the flow diagram of the 9th embodiment of cryptographic key negotiation method of the present invention;
Figure 11 is the flow diagram of the tenth embodiment of cryptographic key negotiation method of the present invention;
Figure 12 is the flow diagram of the 11st embodiment of cryptographic key negotiation method of the present invention;
Figure 13 is the flow diagram of the 12nd embodiment of cryptographic key negotiation method of the present invention;
Figure 14 is the flow diagram of the 13rd embodiment of cryptographic key negotiation method of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of cryptographic key negotiation method, increases the randomness of certificate, so that increasing packet capturing obtains identity
The difficulty of authentication information strengthens the safety of cipher key agreement process.
As shown in Figure 1, Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be server, be also possible to equipment, such as air conditioner, air regulator, electric meal
Pot, intelligent door lock etc..
As shown in Figure 1, the server may include: processor 1001, such as CPU, memory 1002, communication bus
1003.Wherein, communication bus 1003 is for realizing the connection communication between each building block in the server.Memory 1002 can
To be high speed RAM memory, it is also possible to stable memory (non-volatile memory), such as magnetic disk storage.It deposits
Reservoir 1002 optionally can also be the storage device independently of aforementioned processor 1001.
As shown in Figure 1, as may include Key Agreement procedure in a kind of memory 1002 of computer storage medium.
In server shown in Fig. 1, processor 1001 can be used for calling the key agreement stored in memory 1002
Program, and execute following operation:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message
Obtain equipment public key certificate;
Sign test is carried out to the signature result in the equipment public key certificate using predetermined server public key, and is passed through in sign test
When, the extract equipment public key from the equipment public key certificate;
The Cloud Server generates the second key, and by second key using obtaining the after the equipment public key encryption
The second ciphertext data are sent to the equipment, to carry out between the Cloud Server and the equipment by two ciphertext data
Key agreement.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second key is random number.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Using the signature result in equipment public key certificate described in the predetermined server public key decryptions, third Hash is obtained
Value, wherein the signature result is that the Cloud Server encrypts first cryptographic Hash using predetermined server private key
It obtains;
When the third cryptographic Hash is consistent with first cryptographic Hash, to the presupposed information in the equipment public key certificate
Carry out Hash operation, obtain the second cryptographic Hash, the presupposed information include certificate format, certificate serial number, hash algorithm mark,
At least one of equipment public key algorithm mark and the equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then determine that sign test is logical
It crosses.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The Cloud Server passes through Cloud Server private according to the first ciphertext of key negotiation request Receive message data
Key decrypts the first ciphertext data, obtains and saves first key, wherein the equipment generates the first key, passes through
First key described in Cloud Server public key encryption obtains the first ciphertext data, and according to the first ciphertext data and institute
It states the equipment public key certificate generation key negotiation request message and is sent to the Cloud Server;
The second ciphertext data are back to the equipment, so that the equipment is receiving the second ciphertext data
When, it is obtained using device private decryption the second ciphertext data and saves second key;
The session between the Cloud Server and the equipment is generated according to second key and the first key
Key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second key is encrypted according to preset algorithm and generates first key check value;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment exists
When receiving the second ciphertext data and the first key check value, it is close that described second is decrypted using the device private
Literary data obtain second key, and are encrypted according to the preset algorithm to second key and generate the second key verification
Value, when second keycheck value is consistent with the first key check value, then saves second key;
The session between the Cloud Server and the equipment is generated according to second key and the first key
Key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns
It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Equipment generates key negotiation request message according to equipment public key certificate, and the key negotiation request message is sent
To Cloud Server, so that the Cloud Server is after receiving the key negotiation request message that the equipment is sent, according to described
Key negotiation request Receive message equipment public key certificate, using predetermined server public key to the signature in the equipment public key certificate
As a result sign test is carried out, when sign test passes through, the extract equipment public key from the equipment public key certificate, and the Cloud Server is raw
At the second key, and by second key using the second ciphertext data are obtained after the equipment public key encryption, by described second
Ciphertext data are sent to the equipment, to carry out the key agreement between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second key is random number.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment generates first key, obtains the first ciphertext number by first key described in Cloud Server public key encryption
According to, and the key negotiation request message is generated according to the first ciphertext data and equipment public key certificate and is sent to the cloud
Server, for key negotiation request Receive message the first ciphertext data that the Cloud Server is sent according to the equipment, and
The first ciphertext data are decrypted by Cloud Server private key, obtains and saves first key;
The equipment decrypts the second ciphertext number when receiving the second ciphertext data, using the device private
According to obtaining and save the second key, and according to second key and the first key generate the Cloud Server with it is described
Session key between equipment, wherein it is close to generate described second when obtaining and saving the first key for the Cloud Server
Key, and second key is encrypted using the equipment public key to obtain the second ciphertext data, by the second ciphertext number
According to being back to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment utilizes the device private when receiving the second ciphertext data and first key check value
It decrypts the second ciphertext data and obtains second key, and second is generated to second key encryption according to preset algorithm
Keycheck value then saves second key when second keycheck value is consistent with the first key check value,
And the session key between the Cloud Server and the equipment is generated according to second key and the first key,
In, the Cloud Server generates the first key check value to second key encryption according to the preset algorithm, and will
The second ciphertext data and the first key check value are back to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described
When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, and
When in the decrypted result including the preset field, then key agreement confirmation message is sent to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
Referring to Fig. 2, in the first embodiment, the cryptographic key negotiation method includes:
Step S10, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key agreement
Request message obtains equipment public key certificate;
In the present embodiment, executing subject is Cloud Server.It is a variety of that equipment can be air conditioner, washing machine, intelligent door lock etc.
Smart machine can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be referred to
It enables, to control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
Equipment generates key negotiation request message according to equipment public key certificate, and key negotiation request message is sent to cloud
Server, wherein equipment public key certificate can be obtained by decrypting predetermined server, and predetermined server can be License clothes
Business device, this kind of mode increase the randomness of certificate.
Step S11, using predetermined server public key to the signature result progress sign test in the equipment public key certificate, and
When sign test passes through, the extract equipment public key from the equipment public key certificate;
It specifically, include root public key index, equipment public key certificate etc. in key negotiation request message.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.
Sign test process may is that Cloud Server using the signature knot in predetermined server public key decryptions equipment public key certificate
Fruit obtains third cryptographic Hash, wherein the signature result is that Cloud Server carries out the first cryptographic Hash using predetermined server private key
Encryption obtains.When third cryptographic Hash is consistent with the first cryptographic Hash, Hash fortune is carried out to the presupposed information in equipment public key certificate
Calculation obtains the second cryptographic Hash, and presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark
Knowledge and equipment public key, and when the second cryptographic Hash is consistent with the first cryptographic Hash in equipment public key certificate, then determine that sign test is logical
It crosses.
Step S12, the described Cloud Server generates the second key, and second key is used the equipment public key encryption
After obtain the second ciphertext data, the second ciphertext data are sent to the equipment, with carry out the Cloud Server with it is described
Key agreement between equipment.
In the present embodiment, key negotiation request Receive message first key that Cloud Server is sent according to equipment, wherein
One key is equipment generation, and equipment obtains the first ciphertext data by Cloud Server public key encryption first key, and according to first
Ciphertext data generate key negotiation request message and are sent to Cloud Server.Then, Cloud Server generates the second key, and utilizes and set
Standby public key encrypts the second key to obtain the second ciphertext data, and the second ciphertext data are back to equipment, for equipment
The second ciphertext data are decrypted using device private to obtain the second key.In this way, respectively to possess first with equipment close for Cloud Server
Key and the second key, and according to the session key between the second key and first key generation server and equipment.
It should be noted that the second key can be random number.The key negotiation request that Cloud Server is sent according to equipment
The first random number of Receive message, wherein the first random number is equipment generation, and equipment is random by Cloud Server public key encryption first
Number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.Then,
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number using equipment public key, and
Second ciphertext data are back to equipment, so that equipment utilization device private decrypts the second ciphertext data to obtain second at random
Number.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the first random number and the
Session key between two generating random number Cloud Servers and equipment.
In the first embodiment, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to described
Key negotiation request Receive message equipment public key certificate, using predetermined server public key to the signature result in equipment public key certificate
Sign test is carried out, and when sign test passes through, the extract equipment public key from equipment public key certificate, and Cloud Server generation second is close
Key, and by the second key using equipment is sent to after equipment public key encryption, to carry out the association of the key between Cloud Server and equipment
Quotient.In this way, increasing the randomness of certificate, to increase the difficulty that packet capturing obtains authentication information, key association is strengthened
The safety of quotient's process.
In a second embodiment, described to utilize preset service as shown in figure 3, on the basis of above-mentioned embodiment shown in Fig. 2
Device public key in the equipment public key certificate signature result carry out sign test the step of include:
Step S111, it using the signature result in equipment public key certificate described in the predetermined server public key decryptions, obtains
Third cryptographic Hash, wherein the signature result is that the Cloud Server utilizes predetermined server private key to first cryptographic Hash
It is encrypted to obtain;
Step S112, judge whether the third cryptographic Hash and first cryptographic Hash are consistent;
Step S113, when the third cryptographic Hash is consistent with first cryptographic Hash, in the equipment public key certificate
Presupposed information carry out Hash operation, obtain the second cryptographic Hash, the presupposed information includes certificate format, certificate serial number, Kazakhstan
At least one of uncommon algorithm mark, equipment public key algorithm mark and described equipment public key;
Step S114, judge whether second cryptographic Hash and the first cryptographic Hash in the equipment public key certificate are consistent;
Step S115, when second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then sentence
Determine sign test to pass through.
In the present embodiment, before extract equipment public key in equipment public key certificate, Cloud Server is to equipment public key certificate
It is verified.It specifically, include certificate format, certificate serial number, hash algorithm mark, the calculation of equipment public key in equipment public key certificate
Method mark, equipment public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes preset service
Device private key signs to the first cryptographic Hash, and the first cryptographic Hash is that predetermined server carries out Hash operation to presupposed information
It obtains, presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment
Public key.
Cloud Server obtains third Hash using the signature result in predetermined server public key decryptions equipment public key certificate
Value, when third cryptographic Hash is consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate
The second cryptographic Hash is obtained, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then mentions from device certificate
Take equipment public key.
In a second embodiment, sign test is carried out to the signature result in equipment public key certificate using predetermined server public key,
This way it is ensured that the legitimacy of certificate.
In the third embodiment, described as shown in figure 4, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 3
The step of progress key agreement, includes: between Cloud Server and the equipment
Step S121, the described Cloud Server passes through according to the first ciphertext of key negotiation request Receive message data
Cloud Server private key decrypts the first ciphertext data, obtains and saves first key, wherein the equipment generates described first
Key obtains the first ciphertext data by first key described in Cloud Server public key encryption, and according to first ciphertext
Data and the equipment public key certificate generate the key negotiation request message and are sent to the Cloud Server;
Step S122, the second ciphertext data are back to the equipment, so that the equipment is receiving described
When two ciphertext data, is obtained using device private decryption the second ciphertext data and save second key;
Step S123, according to second key and the first key generate the Cloud Server and the equipment it
Between session key.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains first key, wherein first key is equipment generation, and equipment passes through Cloud Server public key encryption first
Key obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.So
Afterwards, Cloud Server generates the second key, and is encrypted to obtain the second ciphertext data to the second key using equipment public key, and will
Second ciphertext data are back to equipment, so that equipment utilization device private decrypts the second ciphertext data to obtain the second key.This
Sample, Cloud Server and equipment respectively possess first key and the second key, and are generated according to the second key and first key
Session key between server and equipment.
Preferably, the step of session key being generated according to the second key and first key may is that by the second key with
First key is spliced, using splicing result as session key.Certainly, session is generated according to the second key and first key
Key can also have other way, such as equipment generating device public key and a device private, Cloud Server generating device private key with
And equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and passes through preset algorithm to cloud using device private
The first session key is calculated in server public key, and similarly, the equipment public key that Cloud Server receiving device is sent uses cloud service
The second session key is calculated to equipment public key by preset algorithm in device private key, and the first session key and the second session is close
Key is as the session key between Cloud Server and equipment.It should be noted that preset algorithm can be ECDH algorithm, ECC is calculated
Method, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
It should be noted that first key and the second key are also possible to random number.Firstly, Cloud Server is according to equipment
The first random number of key negotiation request Receive message of transmission, wherein the first random number is equipment generation, and equipment passes through cloud service
The first random number of device public key encryption obtains the first ciphertext data, and generates key negotiation request message hair according to the first ciphertext data
It send to Cloud Server.Then, Cloud Server generates the second random number, and encrypt to the second random number using equipment public key
It is back to equipment to the second ciphertext data, and by the second ciphertext data, so that equipment utilization device private decrypts the second ciphertext number
The second random number is obtained accordingly.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to
Session key between first random number and the second generating random number Cloud Server and equipment.Preferably, random according to first
The step of number and session key between the second generating random number Cloud Server and equipment, may is that the first random number and the
Two random numbers are spliced, using splicing result as session key.
In the third embodiment, after Cloud Server obtains first key, the second key is generated, and add to the second key
It is close to obtain the second ciphertext data, the second ciphertext data are back to equipment, so that equipment obtains the second key, and it is close according to second
Key and first key generate the session key between Cloud Server and equipment.In this way, realizing between Cloud Server and equipment
Key agreement.
In the fourth embodiment, as shown in figure 5, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 4,
After described the step of obtaining and saving first key, further includes:
Step S124, second key is encrypted according to preset algorithm and generates first key check value;
Step S125, the second ciphertext data and the first key check value are back to the equipment, for
The equipment is decrypted when receiving the second ciphertext data and the first key check value using the device private
The second ciphertext data obtain second key, and generate second to second key encryption according to the preset algorithm
Keycheck value then saves second key when second keycheck value is consistent with the first key check value;
Step S126, according to second key and the first key generate the Cloud Server and the equipment it
Between session key.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains first key, wherein first key is equipment generation, and equipment passes through Cloud Server public key encryption first
Key obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.So
Afterwards, Cloud Server generates the second key, carries out encryption life according to splicing result of the preset algorithm to the second key and first key
At first key check value, also, Cloud Server encrypts the second key using equipment public key to obtain the second ciphertext data.
Second ciphertext data and first key check value are back to equipment by Cloud Server, for equipment utilization device private decryption the
Two ciphertext data encrypt to obtain to obtain the second key according to splicing result of the preset algorithm to the second key and first key
Second keycheck value saves the second key when the second keycheck value is consistent with first key check value, in this way, cloud takes
Business device and equipment respectively possess first key and the second key, and generate Cloud Server according to the second key and first key
Session key between equipment.Preferably, the step of generating session key according to the second key and first key may is that
Second key is spliced with first key, using splicing result as session key.Certainly, according to the second key and first
Key, which generates session key, can also other way, such as equipment generating device public key and device private, and Cloud Server is raw
Forming apparatus private key and equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and is passed through using device private
The first session key is calculated to Cloud Server public key in preset algorithm, and similarly, the equipment that Cloud Server receiving device is sent is public
The second session key is calculated to equipment public key by preset algorithm using Cloud Server private key, by the first session key in key
And second session key as the session key between Cloud Server and equipment.It should be noted that preset algorithm can be
ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value are for verifying session key.With first
For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second key and first key and generates first key
The step of check value, which may is that, encrypts predetermined bite according to the splicing result of the second key and first key, is added
It is close as a result, and using the preset byte of encrypted result as first key check value.It should be noted that session key can also benefit
It is otherwise verified, the present invention is not specifically limited.For example, Cloud Server according to SHA256 algorithm to the second key with
The splicing result of first key carries out operation and obtains the first summary info, and equipment is according to SHA256 algorithm to the second key and first
The splicing result of key carries out operation and obtains the second summary info, when the second summary info is consistent with the first summary info, then
Equipment saves the second key, and the session key between Cloud Server and equipment is generated according to the second key and first key.
It should be noted that first key and the second key are also possible to random number.Firstly, Cloud Server is sent out according to equipment
The first random number of key negotiation request Receive message sent, wherein the first random number is equipment generation, and equipment passes through Cloud Server
The first random number of public key encryption obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and send
To Cloud Server.Then, Cloud Server generates the second random number, according to preset algorithm to the second random number and the first random number
Splicing result carries out encryption and generates first key check value, also, Cloud Server carries out the second random number using equipment public key
Encryption obtains the second ciphertext data.Second ciphertext data and first key check value are back to equipment by Cloud Server, for
Equipment utilization device private decrypts the second ciphertext data to obtain the second random number, and according to preset algorithm to the second random number with
The splicing result of first random number encrypts to obtain the second keycheck value, in the second keycheck value and first key check value one
When cause, the second random number is saved, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and root
According to the session key between the second random number and the first generating random number Cloud Server and equipment.Preferably, according to second with
The step of machine number and the first generating random number session key, which may is that, splices the second random number and the first random number,
Using splicing result as session key.Certainly, can also be had according to the second random number and the first generating random number session key
Other way, the present invention is not specifically limited.By taking first key check value as an example, according to preset algorithm to the second random number and the
The splicing result of one random number carry out encryption generate first key check value the step of may is that according to the second random number and first
The splicing result of random number encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as
One keycheck value.
In the fourth embodiment, after Cloud Server obtains first key, the second key is generated, and add to the second key
It is close to obtain the second ciphertext data, the second key is encrypted according to preset algorithm and generates first key check value, and by the second ciphertext
Data and first key check value are sent to equipment, logical in verification so that equipment is verified by first key check value
It is out-of-date, session key is generated according to the second key and first key.In this way, it is close to improve session between Cloud Server and equipment
The safety of key.
In the 5th embodiment, described as shown in fig. 6, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 5
Encrypting the step of generating first key check value to second key according to preset algorithm includes:
Step S1251, predetermined bite is encrypted according to second key and the first key, is encrypted
As a result;
Step S1252, using the preset byte of the encrypted result as the first key check value.
In the present embodiment, the first default check value is for verifying session key.According to preset algorithm to second key
The step of encryption generation first key check value, which may is that, adds predetermined bite according to the second key and first key
It is close, encrypted result is obtained, and using the preset byte of encrypted result as first key check value.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the 5th embodiment, predetermined bite is encrypted according to the second key and first key, obtains encryption knot
Fruit, and using the preset byte of encrypted result as first key check value.In this way, improving session between Cloud Server and equipment
The safety of key.
In the sixth embodiment, described as shown in fig. 7, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 6
The step of the session key between the Cloud Server and the equipment is generated according to second key and the first key
After rapid, further includes:
Step S127, the described Cloud Server utilizes institute when receiving the key agreement confirmation message that the equipment returns
It states the session key decryption key agreement confirmation message and obtains decrypted result;
Step S128, when in the decrypted result including preset field, then key agreement confirmation message is sent to described
Equipment.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value
It decrypts the second ciphertext data and obtains the second key, and the second key is encrypted according to preset algorithm and generates the second keycheck value,
When the second keycheck value is consistent with first key check value, then the second key is saved, and according to the second key and first
Key generates the session key between Cloud Server and equipment.It should be noted that first key and the second key can be
Random number.Equipment decrypts the second ciphertext when receiving the second ciphertext data and first key check value, using device private
Data encrypt to obtain to obtain the second random number according to splicing result of the preset algorithm to the second random number and the first random number
Second keycheck value saves the second random number, in this way, cloud when the second keycheck value is consistent with first key check value
Server and equipment respectively possess the first random number and the second random number, and raw according to the second random number and the first random number
At the session key between Cloud Server and equipment.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with
Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes
Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result,
When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be
Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the sixth embodiment, Cloud Server is when receiving the key agreement confirmation message of equipment return, decruption key
Negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation message
To equipment.In this way, realizing the key agreement between Cloud Server and equipment.
In the seventh embodiment, described as shown in figure 8, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 7
The step of the session key between the Cloud Server and the equipment is generated according to second key and the first key
Suddenly include:
Step S1261, second key is spliced with the first key, obtains splicing result;
Step S1262, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second key and first key generation session key by the second key
Spliced with first key, using splicing result as session key.Certainly, meeting is generated according to the second key and first key
Words key can also have other way, and the present invention is not specifically limited.Such as equipment generating device public key and device private, cloud
Server generating device private key and equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and uses equipment
The first session key is calculated to Cloud Server public key by preset algorithm in private key, and similarly, Cloud Server receiving device is sent
Equipment public key, the second session key is calculated to equipment public key by preset algorithm using Cloud Server private key, by first
Session key and the second session key are as the session key between Cloud Server and equipment.It should be noted that pre- imputation
Method can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention is not specifically limited.
It should be noted that first key and the second key are also possible to random number.I.e. by the second random number with first with
Machine number is spliced, using splicing result as session key.Certainly, according to the second random number and the first generating random number session
Key can also have other way, and the present invention is not specifically limited.
In the seventh embodiment, the second key is spliced with first key, and using splicing result as Cloud Server
Session key between equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
The present invention also provides a kind of cryptographic key negotiation methods, referring to Fig. 9, in the eighth embodiment, the cryptographic key negotiation method
The following steps are included:
Step S20, equipment generates key negotiation request message according to equipment public key certificate, and by the key negotiation request
Message is sent to Cloud Server, so that the Cloud Server is after receiving the key negotiation request message that the equipment is sent,
According to the key negotiation request Receive message equipment public key certificate, using predetermined server public key to the equipment public key certificate
In signature result carry out sign test, when sign test passes through, the extract equipment public key from the equipment public key certificate, and the cloud
Server generates the second key, and by second key using the second ciphertext data are obtained after the equipment public key encryption, will
The second ciphertext data are sent to the equipment, to carry out the key agreement between the Cloud Server and the equipment.
In the present embodiment, executing subject is equipment.Wherein, it is a variety of to can be air conditioner, washing machine, intelligent door lock etc. for equipment
Smart machine can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be referred to
It enables, to control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
Equipment generates key negotiation request message according to equipment public key certificate, and key negotiation request message is sent to cloud
Server, wherein equipment public key certificate can be obtained by decrypting predetermined server, and predetermined server can be License clothes
Business device, this kind of mode increase the randomness of certificate.
It specifically, include root public key index, equipment public key certificate etc. in key negotiation request message.Cloud Server is to equipment
Signature result in public key certificate carries out sign test, when sign test passes through, by root public key index come in extract equipment public key certificate
Public key.
Sign test process may is that Cloud Server using the signature knot in predetermined server public key decryptions equipment public key certificate
Fruit obtains third cryptographic Hash, wherein the signature result is that Cloud Server carries out the first cryptographic Hash using predetermined server private key
Encryption obtains.When third cryptographic Hash is consistent with the first cryptographic Hash, Hash fortune is carried out to the presupposed information in equipment public key certificate
Calculation obtains the second cryptographic Hash, and presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark
Knowledge and equipment public key, and when the second cryptographic Hash is consistent with the first cryptographic Hash in equipment public key certificate, then determine that sign test is logical
It crosses.
In the present embodiment, key negotiation request Receive message first key that Cloud Server is sent according to equipment, wherein
One key is equipment generation, and equipment obtains the first ciphertext data by Cloud Server public key encryption first key, and according to first
Ciphertext data generate key negotiation request message and are sent to Cloud Server.Then, Cloud Server generates the second key, and utilizes and set
Standby public key encrypts the second key to obtain the second ciphertext data, and the second ciphertext data are back to equipment, for equipment
The second ciphertext data are decrypted using device private to obtain the second key.In this way, respectively to possess first with equipment close for Cloud Server
Key and the second key, and according to the session key between the second key and first key generation server and equipment.
It should be noted that the second key can be random number.The key negotiation request that Cloud Server is sent according to equipment
The first random number of Receive message, wherein the first random number is equipment generation, and equipment is random by Cloud Server public key encryption first
Number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.Then,
Cloud Server generates the second random number, and is encrypted to obtain the second ciphertext data to the second random number using equipment public key, and
Second ciphertext data are back to equipment, so that equipment utilization device private decrypts the second ciphertext data to obtain second at random
Number.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the first random number and the
Session key between two generating random number Cloud Servers and equipment.
In the eighth embodiment, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to described
Key negotiation request Receive message equipment public key certificate, using predetermined server public key to the signature result in equipment public key certificate
Sign test is carried out, and when sign test passes through, the extract equipment public key from equipment public key certificate, and Cloud Server generation second is close
Key, and by the second key using equipment is sent to after equipment public key encryption, to carry out the association of the key between Cloud Server and equipment
Quotient.In this way, increasing the randomness of certificate, to increase the difficulty that packet capturing obtains authentication information, key association is strengthened
The safety of quotient's process.
It is as shown in Figure 10, described by the key on the basis of above-mentioned embodiment shown in Fig. 9 in the 9th embodiment
Message of negotiation request was sent to after the step of Cloud Server, further includes:
Step S21, the described equipment generates first key, obtains first by first key described in Cloud Server public key encryption
Ciphertext data, and the key negotiation request message is generated according to the first ciphertext data and equipment public key certificate and is sent to
The Cloud Server, key negotiation request Receive message the first ciphertext number sent for the Cloud Server according to the equipment
According to, and the first ciphertext data are decrypted by Cloud Server private key, it obtains and saves first key;
Step S22, the described equipment decrypts described the when receiving the second ciphertext data, using the device private
Two ciphertext data obtain and save the second key, and generate the cloud service according to second key and the first key
Session key between device and the equipment, wherein the Cloud Server generates institute when obtaining and saving the first key
The second key is stated, and second key is encrypted using the equipment public key to obtain the second ciphertext data, by described
Two ciphertext data are back to the equipment.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains first key, wherein first key is equipment generation, and equipment passes through Cloud Server public key encryption first
Key obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.So
Afterwards, Cloud Server generates the second key, and is encrypted to obtain the second ciphertext data to the second key using equipment public key, and will
Second ciphertext data are back to equipment, so that equipment utilization device private decrypts the second ciphertext data to obtain the second key.This
Sample, Cloud Server and equipment respectively possess first key and the second key, and are generated according to the second key and first key
Session key between server and equipment.
Preferably, the step of session key being generated according to the second key and first key may is that by the second key with
First key is spliced, using splicing result as session key.Certainly, session is generated according to the second key and first key
Key can also have other way, such as equipment generating device public key and a device private, Cloud Server generating device private key with
And equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and passes through preset algorithm to cloud using device private
The first session key is calculated in server public key, and similarly, the equipment public key that Cloud Server receiving device is sent uses cloud service
The second session key is calculated to equipment public key by preset algorithm in device private key, and the first session key and the second session is close
Key is as the session key between Cloud Server and equipment.It should be noted that preset algorithm can be ECDH algorithm, ECC is calculated
Method, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
It should be noted that first key and the second key are also possible to random number.Firstly, Cloud Server is according to equipment
The first random number of key negotiation request Receive message of transmission, wherein the first random number is equipment generation, and equipment passes through cloud service
The first random number of device public key encryption obtains the first ciphertext data, and generates key negotiation request message hair according to the first ciphertext data
It send to Cloud Server.Then, Cloud Server generates the second random number, and encrypt to the second random number using equipment public key
It is back to equipment to the second ciphertext data, and by the second ciphertext data, so that equipment utilization device private decrypts the second ciphertext number
The second random number is obtained accordingly.In this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to
Session key between first random number and the second generating random number Cloud Server and equipment.Preferably, random according to first
The step of number and session key between the second generating random number Cloud Server and equipment, may is that the first random number and the
Two random numbers are spliced, using splicing result as session key.
In the 9th embodiment, after Cloud Server obtains first key, the second key is generated, and add to the second key
It is close to obtain the second ciphertext data, the second ciphertext data are back to equipment, so that equipment obtains the second key, and it is close according to second
Key and first key generate the session key between Cloud Server and equipment.In this way, realizing between Cloud Server and equipment
Key agreement.
In the tenth embodiment, as shown in figure 11, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 10, institute
It states and the cloud clothes is sent to according to the first ciphertext data and the equipment public key certificate generation key negotiation request message
After the step of business device, further includes:
Step S23, the described equipment is when receiving the second ciphertext data and first key check value, using described
Device private decrypts the second ciphertext data and obtains second key, and is encrypted according to preset algorithm to second key
The second keycheck value is generated, when second keycheck value is consistent with the first key check value, then described in preservation
Second key, and generate according to second key and the first key meeting between the Cloud Server and the equipment
Talk about key, wherein the Cloud Server generates the first key school to second key encryption according to the preset algorithm
Value is tested, and the second ciphertext data and the first key check value are back to the equipment.
In the present embodiment, Cloud Server and equipment carry out key agreement.Firstly, the key that Cloud Server is sent according to equipment
Message of negotiation request obtains first key, wherein first key is equipment generation, and equipment passes through Cloud Server public key encryption first
Key obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to Cloud Server.So
Afterwards, Cloud Server generates the second key, carries out encryption life according to splicing result of the preset algorithm to the second key and first key
At first key check value, also, Cloud Server encrypts the second key using equipment public key to obtain the second ciphertext data.
Second ciphertext data and first key check value are back to equipment by Cloud Server, for equipment utilization device private decryption the
Two ciphertext data encrypt to obtain to obtain the second key according to splicing result of the preset algorithm to the second key and first key
Second keycheck value saves the second key when the second keycheck value is consistent with first key check value, in this way, cloud takes
Business device and equipment respectively possess first key and the second key, and generate Cloud Server according to the second key and first key
Session key between equipment.Preferably, the step of generating session key according to the second key and first key may is that
Second key is spliced with first key, using splicing result as session key.Certainly, according to the second key and first
Key, which generates session key, can also other way, such as equipment generating device public key and device private, and Cloud Server is raw
Forming apparatus private key and equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and is passed through using device private
The first session key is calculated to Cloud Server public key in preset algorithm, and similarly, the equipment that Cloud Server receiving device is sent is public
The second session key is calculated to equipment public key by preset algorithm using Cloud Server private key, by the first session key in key
And second session key as the session key between Cloud Server and equipment.It should be noted that preset algorithm can be
ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value are for verifying session key.With first
For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second key and first key and generates first key
The step of check value, which may is that, encrypts predetermined bite according to the splicing result of the second key and first key, is added
It is close as a result, and using the preset byte of encrypted result as first key check value.It should be noted that session key can also benefit
It is otherwise verified, the present invention is not specifically limited.For example, Cloud Server according to SHA256 algorithm to the second key with
The splicing result of first key carries out operation and obtains the first summary info, and equipment is according to SHA256 algorithm to the second key and first
The splicing result of key carries out operation and obtains the second summary info, when the second summary info is consistent with the first summary info, then
Equipment saves the second key, and the session key between Cloud Server and equipment is generated according to the second key and first key.
It should be noted that first key and the second key are also possible to random number.Firstly, Cloud Server is sent out according to equipment
The first random number of key negotiation request Receive message sent, wherein the first random number is equipment generation, and equipment passes through Cloud Server
The first random number of public key encryption obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and send
To Cloud Server.Then, Cloud Server generates the second random number, according to preset algorithm to the second random number and the first random number
Splicing result carries out encryption and generates first key check value, also, Cloud Server carries out the second random number using equipment public key
Encryption obtains the second ciphertext data.Second ciphertext data and first key check value are back to equipment by Cloud Server, for
Equipment utilization device private decrypts the second ciphertext data to obtain the second random number, and according to preset algorithm to the second random number with
The splicing result of first random number encrypts to obtain the second keycheck value, in the second keycheck value and first key check value one
When cause, the second random number is saved, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and root
According to the session key between the second random number and the first generating random number Cloud Server and equipment.Preferably, according to second with
The step of machine number and the first generating random number session key, which may is that, splices the second random number and the first random number,
Using splicing result as session key.Certainly, can also be had according to the second random number and the first generating random number session key
Other way, the present invention is not specifically limited.By taking first key check value as an example, according to preset algorithm to the second random number and the
The splicing result of one random number carry out encryption generate first key check value the step of may is that according to the second random number and first
The splicing result of random number encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as
One keycheck value.
In the tenth embodiment, after Cloud Server obtains first key, the second key is generated, and add to the second key
It is close to obtain the second ciphertext data, the second key is encrypted according to preset algorithm and generates first key check value, and by the second ciphertext
Data and first key check value are sent to equipment, logical in verification so that equipment is verified by first key check value
It is out-of-date, session key is generated according to the second key and first key.In this way, it is close to improve session between Cloud Server and equipment
The safety of key.
In the 11st embodiment, referring to Fig.1 2, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 11, institute
Stating the step of encrypting the second keycheck value of generation to second key according to preset algorithm includes:
Step S231, predetermined bite is encrypted according to second key and the first key, is encrypted
As a result;
Step S232, using the preset byte of the encrypted result as second keycheck value.
In the present embodiment, the second default check value is for verifying session key.According to preset algorithm to second key
The step of encryption generation first key check value, which may is that, adds predetermined bite according to the second key and first key
It is close, encrypted result is obtained, and using the preset byte of encrypted result as the second keycheck value.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the 11st embodiment, predetermined bite is encrypted according to the second key and first key, is encrypted
As a result, and using the preset byte of encrypted result as first key check value.This way it is ensured that Cloud Server and device keys are assisted
The safety of quotient.
In the 12nd embodiment, as shown in figure 13, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 12,
The session key generated according to second key and the first key between the Cloud Server and the equipment
The step of after, further includes:
Step S24, session key described in the described equipment utilization encrypts preset field, obtains key agreement confirmation letter
Breath;
Step S25, the key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is connecing
When receiving the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decryption knot
Fruit, and in the decrypted result include the preset field when, then send key agreement confirmation message to the equipment.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value
It decrypts the second ciphertext data and obtains the second key, and the second key is encrypted according to preset algorithm and generates the second keycheck value,
When the second keycheck value is consistent with first key check value, then the second key is saved, and according to the second key and first
Key generates the session key between Cloud Server and equipment.It should be noted that first key and the second key can be
Random number.Equipment decrypts the second ciphertext when receiving the second ciphertext data and first key check value, using device private
Data encrypt to obtain to obtain the second random number according to splicing result of the preset algorithm to the second random number and the first random number
Second keycheck value saves the second random number, in this way, cloud when the second keycheck value is consistent with first key check value
Server and equipment respectively possess the first random number and the second random number, and raw according to the second random number and the first random number
At the session key between Cloud Server and equipment.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with
Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes
Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result,
When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be
Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the 12nd embodiment, Cloud Server is decrypted close when receiving the key agreement confirmation message of equipment return
Key negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation report
Text is to equipment.In this way, realizing the key agreement between Cloud Server and equipment.
In the 13rd embodiment, as shown in figure 14, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 13,
The session key generated according to second key and the first key between the Cloud Server and the equipment
The step of include:
Step S221, second key is spliced with the first key, obtains splicing result;
Step S222, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second key and first key generation session key by the second key
Spliced with first key, using splicing result as session key.Certainly, meeting is generated according to the second key and first key
Words key can also have other way, and the present invention is not specifically limited.Such as equipment generating device public key and device private, cloud
Server generating device private key and equipment public key, equipment receives the Cloud Server public key that Cloud Server is sent, and uses equipment
The first session key is calculated to Cloud Server public key by preset algorithm in private key, and similarly, Cloud Server receiving device is sent
Equipment public key, the second session key is calculated to equipment public key by preset algorithm using Cloud Server private key, by first
Session key and the second session key are as the session key between Cloud Server and equipment.It should be noted that pre- imputation
Method can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention is not specifically limited.
It should be noted that first key and the second key are also possible to random number.I.e. by the second random number with first with
Machine number is spliced, using splicing result as session key.Certainly, according to the second random number and the first generating random number session
Key can also have other way, and the present invention is not specifically limited.
In the 13rd embodiment, the second key is spliced with first key, and using splicing result as cloud service
Session key between device and equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
In addition, the present invention also proposes that a kind of Cloud Server, the Cloud Server include memory, processor and be stored in
On reservoir and the Key Agreement procedure that can run on a processor, it is executing subject that the processor, which executes above-mentioned Cloud Server such as,
Under the cryptographic key negotiation method the step of.
In addition, the present invention also proposes that a kind of equipment, the equipment include memory, processor and stores on a memory simultaneously
The Key Agreement procedure that can be run on a processor, it is the key under executing subject that the processor, which executes above equipment such as,
The step of machinery of consultation.
In addition, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium include close
Key negotiation procedure, the Key Agreement procedure realize cryptographic key negotiation method as described above in Example when being executed by processor
Step.
In addition, the present invention also proposes a kind of key agreement system, the present invention also proposes a kind of key agreement system, described close
Key negotiating system includes above-mentioned Cloud Server and above equipment.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be TV
Machine, mobile phone, computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (19)
1. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request Receive message
Equipment public key certificate;
Sign test is carried out to the signature result in the equipment public key certificate using predetermined server public key, and when sign test passes through,
The extract equipment public key from the equipment public key certificate;
The Cloud Server generates the second key, and second key is close using obtaining second after the equipment public key encryption
The second ciphertext data are sent to the equipment by literary data, close between the Cloud Server and the equipment to carry out
Key is negotiated.
2. cryptographic key negotiation method as described in claim 1, which is characterized in that second key is random number.
3. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described to be set using predetermined server public key to described
The step of signature result in standby public key certificate carries out sign test include:
Using the signature result in equipment public key certificate described in the predetermined server public key decryptions, third cryptographic Hash is obtained,
In, the signature result is that the Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, the presupposed information in the equipment public key certificate is carried out
Hash operation, obtains the second cryptographic Hash, and the presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment
At least one of public key algorithm mark and the equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then determine that sign test passes through.
4. cryptographic key negotiation method as claimed in claim 2, which is characterized in that carried out between the Cloud Server and the equipment
The step of key agreement includes:
The Cloud Server passes through Cloud Server private key solution according to the first ciphertext of key negotiation request Receive message data
The close first ciphertext data, obtain and save first key, wherein the equipment generates the first key, is taken by cloud
First key described in business device public key encryption obtains the first ciphertext data, and according to the first ciphertext data and described sets
Standby public key certificate generates the key negotiation request message and is sent to the Cloud Server;
The second ciphertext data are back to the equipment, so that the equipment is when receiving the second ciphertext data,
It is obtained using device private decryption the second ciphertext data and saves second key;
The session key between the Cloud Server and the equipment is generated according to second key and the first key.
5. cryptographic key negotiation method as claimed in claim 4, which is characterized in that described the step of obtaining and saving first key it
Afterwards, further includes:
Second key is encrypted according to preset algorithm and generates first key check value;
The second ciphertext data and the first key check value are back to the equipment, so that the equipment is receiving
When to the second ciphertext data and the first key check value, the device private is utilized to decrypt the second ciphertext number
According to obtaining second key, and second key is encrypted according to the preset algorithm and generates the second keycheck value,
When second keycheck value is consistent with the first key check value, then second key is saved;
The session key between the Cloud Server and the equipment is generated according to second key and the first key.
It is described that the is generated to second key encryption according to preset algorithm 6. cryptographic key negotiation method as claimed in claim 5
The step of one keycheck value includes:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
7. cryptographic key negotiation method as claimed in claim 5, which is characterized in that described according to second key and described
One key generated after the step of session key between the Cloud Server and the equipment, further includes:
The Cloud Server is decrypted when receiving the key agreement confirmation message that the equipment returns using the session key
The key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
8. cryptographic key negotiation method as claimed in claim 5, which is characterized in that described according to second key and described
One key generates the step of session key between the Cloud Server and the equipment and includes:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
9. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Equipment generates key negotiation request message according to equipment public key certificate, and the key negotiation request message is sent to cloud
Server, so that the Cloud Server is after receiving the key negotiation request message that the equipment is sent, according to the key
Message of negotiation request obtains equipment public key certificate, using predetermined server public key to the signature result in the equipment public key certificate
Sign test is carried out, when sign test passes through, the extract equipment public key from the equipment public key certificate, and the Cloud Server generates the
Two keys, and by second key using the second ciphertext data are obtained after the equipment public key encryption, by second ciphertext
Data are sent to the equipment, to carry out the key agreement between the Cloud Server and the equipment.
10. cryptographic key negotiation method as claimed in claim 9, which is characterized in that second key is random number.
11. cryptographic key negotiation method as claimed in claim 10, which is characterized in that described to send out the key negotiation request message
After the step of sending to Cloud Server, further includes:
The equipment generates first key, obtains the first ciphertext data by first key described in Cloud Server public key encryption, and
The key negotiation request message, which is generated, according to the first ciphertext data and equipment public key certificate is sent to the cloud service
Device for key negotiation request Receive message the first ciphertext data that the Cloud Server is sent according to the equipment, and passes through
Cloud Server private key decrypts the first ciphertext data, obtains and saves first key;
The equipment is decrypted the second ciphertext data using the device private and is obtained when receiving the second ciphertext data
To and save the second key, and the Cloud Server and the equipment are generated according to second key and the first key
Between session key, wherein the Cloud Server generates second key when obtaining and saving the first key,
And second key is encrypted using the equipment public key to obtain the second ciphertext data, the second ciphertext data are returned
It is back to the equipment.
12. cryptographic key negotiation method as claimed in claim 11, which is characterized in that it is described according to the first ciphertext data and
Equipment public key certificate generated after the step of key negotiation request message is sent to the Cloud Server, further includes:
The equipment is decrypted when receiving the second ciphertext data and first key check value using the device private
The second ciphertext data obtain second key, and are encrypted according to preset algorithm to second key and generate the second key
Check value then saves second key, and root when second keycheck value is consistent with the first key check value
The session key between the Cloud Server and the equipment is generated according to second key and the first key, wherein
The Cloud Server generates the first key check value to second key encryption according to the preset algorithm, and will be described
Second ciphertext data and the first key check value are back to the equipment.
13. cryptographic key negotiation method as claimed in claim 12, which is characterized in that described close to described second according to preset algorithm
Key encryption generate the second keycheck value the step of include:
Predetermined bite is encrypted according to second key and the first key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
14. cryptographic key negotiation method as claimed in claim 11, which is characterized in that described according to second key and described
First key generated after the step of session key between the Cloud Server and the equipment, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is receiving the key
When negotiating confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, and described
When in decrypted result including the preset field, then key agreement confirmation message is sent to the equipment.
15. cryptographic key negotiation method as claimed in claim 11, which is characterized in that described according to second key and described
First key generates the step of session key between the Cloud Server and the equipment and includes:
Second key is spliced with the first key, obtains splicing result;
Using the splicing result as the session key between the Cloud Server and the equipment.
16. a kind of Cloud Server, which is characterized in that the Cloud Server includes memory, processor and is stored in the storage
It is real when the Key Agreement procedure is executed by the processor on device and the Key Agreement procedure that can run on the processor
Now such as the step of cryptographic key negotiation method described in any item of the claim 1 to 8.
17. a kind of equipment, which is characterized in that the equipment includes memory, processor and is stored on the memory and can
The Key Agreement procedure run on the processor realizes such as right when the Key Agreement procedure is executed by the processor
It is required that the step of cryptographic key negotiation method described in any one of 9 to 15.
18. a kind of computer readable storage medium, which is characterized in that be stored with key association on the computer readable storage medium
Quotient's program, the Key Agreement procedure are executed by processor the key agreement realized as described in any one of claims 1 to 15
The step of method.
19. a kind of key agreement system, which is characterized in that the key agreement system includes cloud as described in claim 16
Server and equipment as described in claim 17.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302357.XA CN109040149A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302357.XA CN109040149A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109040149A true CN109040149A (en) | 2018-12-18 |
Family
ID=64614353
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811302357.XA Pending CN109040149A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109040149A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842489A (en) * | 2018-12-24 | 2019-06-04 | 福建联迪商用设备有限公司 | A kind of method that realizing secure communication, terminal and system |
CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
CN110213045A (en) * | 2019-05-30 | 2019-09-06 | 全链通有限公司 | Transmission method, equipment and the computer readable storage medium of session key |
CN110266485A (en) * | 2019-06-28 | 2019-09-20 | 宁波奥克斯电气股份有限公司 | A kind of Internet of Things secure communication control method based on NB-IoT |
CN110289956A (en) * | 2019-06-27 | 2019-09-27 | 飞天诚信科技股份有限公司 | A kind of cloud speaker updates the method and system of configuration |
CN111586070A (en) * | 2020-05-15 | 2020-08-25 | 北京中油瑞飞信息技术有限责任公司 | Three-phase metering device communication method and device, three-phase metering device and storage medium |
CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
CN112055071A (en) * | 2020-08-31 | 2020-12-08 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and method based on 5G |
CN112491933A (en) * | 2020-12-25 | 2021-03-12 | 四川虹微技术有限公司 | Local area network encryption communication method and storage medium |
CN112491879A (en) * | 2020-11-26 | 2021-03-12 | 中电金融设备系统(深圳)有限公司 | Method for remotely updating firmware, computer equipment and storage medium |
CN112511295A (en) * | 2020-11-12 | 2021-03-16 | 银联商务股份有限公司 | Authentication method and device for interface calling, micro-service application and key management center |
CN112769789A (en) * | 2020-12-29 | 2021-05-07 | 北京天融信网络安全技术有限公司 | Encryption communication method and system |
CN112769854A (en) * | 2021-01-21 | 2021-05-07 | 北京信安世纪科技股份有限公司 | Security protocol authentication method and system supporting multiple kinds of digital identity information |
CN112787819A (en) * | 2020-12-23 | 2021-05-11 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and communication method |
CN113595742A (en) * | 2021-08-02 | 2021-11-02 | 广东电网有限责任公司佛山供电局 | Data transmission method, system, computer device and storage medium |
CN113645024A (en) * | 2020-05-11 | 2021-11-12 | 华为技术有限公司 | Key distribution method, system, device and readable storage medium and chip |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832397A (en) * | 2005-11-28 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Authorization key, consultation and update method based on common key credentials between interface of electronic equipment |
WO2016053184A1 (en) * | 2014-10-02 | 2016-04-07 | Huawei International Pte. Ltd. | Key generation method and device |
CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
CN106790173A (en) * | 2016-12-29 | 2017-05-31 | 浙江中控技术股份有限公司 | A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications |
-
2018
- 2018-11-02 CN CN201811302357.XA patent/CN109040149A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832397A (en) * | 2005-11-28 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Authorization key, consultation and update method based on common key credentials between interface of electronic equipment |
WO2016053184A1 (en) * | 2014-10-02 | 2016-04-07 | Huawei International Pte. Ltd. | Key generation method and device |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
CN106412883A (en) * | 2016-11-10 | 2017-02-15 | 杭州华三通信技术有限公司 | Method and apparatus for access to wireless network |
CN106790173A (en) * | 2016-12-29 | 2017-05-31 | 浙江中控技术股份有限公司 | A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications |
Non-Patent Citations (1)
Title |
---|
王娜: ""电子商务中的认证技术"", 《山东行政学院山东省经济管理干部学院学报》 * |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842489A (en) * | 2018-12-24 | 2019-06-04 | 福建联迪商用设备有限公司 | A kind of method that realizing secure communication, terminal and system |
CN109842489B (en) * | 2018-12-24 | 2022-07-19 | 福建联迪商用设备有限公司 | Method, terminal and system for realizing secure communication |
CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
CN110213045A (en) * | 2019-05-30 | 2019-09-06 | 全链通有限公司 | Transmission method, equipment and the computer readable storage medium of session key |
CN110289956A (en) * | 2019-06-27 | 2019-09-27 | 飞天诚信科技股份有限公司 | A kind of cloud speaker updates the method and system of configuration |
CN110266485A (en) * | 2019-06-28 | 2019-09-20 | 宁波奥克斯电气股份有限公司 | A kind of Internet of Things secure communication control method based on NB-IoT |
CN110266485B (en) * | 2019-06-28 | 2022-06-24 | 宁波奥克斯电气股份有限公司 | Internet of things safety communication control method based on NB-IoT |
CN111614637A (en) * | 2020-05-08 | 2020-09-01 | 郑州信大捷安信息技术股份有限公司 | Secure communication method and system based on software cryptographic module |
CN113645024A (en) * | 2020-05-11 | 2021-11-12 | 华为技术有限公司 | Key distribution method, system, device and readable storage medium and chip |
CN113645024B (en) * | 2020-05-11 | 2023-03-10 | 华为技术有限公司 | Key distribution method, system, device and readable storage medium and chip |
CN111586070A (en) * | 2020-05-15 | 2020-08-25 | 北京中油瑞飞信息技术有限责任公司 | Three-phase metering device communication method and device, three-phase metering device and storage medium |
CN112055071B (en) * | 2020-08-31 | 2022-02-22 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and method based on 5G |
CN112055071A (en) * | 2020-08-31 | 2020-12-08 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and method based on 5G |
CN112511295A (en) * | 2020-11-12 | 2021-03-16 | 银联商务股份有限公司 | Authentication method and device for interface calling, micro-service application and key management center |
CN112491879A (en) * | 2020-11-26 | 2021-03-12 | 中电金融设备系统(深圳)有限公司 | Method for remotely updating firmware, computer equipment and storage medium |
CN112787819A (en) * | 2020-12-23 | 2021-05-11 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and communication method |
CN112787819B (en) * | 2020-12-23 | 2022-03-15 | 郑州信大捷安信息技术股份有限公司 | Industrial control safety communication system and communication method |
CN112491933A (en) * | 2020-12-25 | 2021-03-12 | 四川虹微技术有限公司 | Local area network encryption communication method and storage medium |
CN112769789A (en) * | 2020-12-29 | 2021-05-07 | 北京天融信网络安全技术有限公司 | Encryption communication method and system |
CN112769789B (en) * | 2020-12-29 | 2022-06-24 | 北京天融信网络安全技术有限公司 | Encryption communication method and system |
CN112769854A (en) * | 2021-01-21 | 2021-05-07 | 北京信安世纪科技股份有限公司 | Security protocol authentication method and system supporting multiple kinds of digital identity information |
CN113595742A (en) * | 2021-08-02 | 2021-11-02 | 广东电网有限责任公司佛山供电局 | Data transmission method, system, computer device and storage medium |
CN113595742B (en) * | 2021-08-02 | 2023-06-30 | 广东电网有限责任公司佛山供电局 | Data transmission method, system, computer device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109040149A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109005028A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109039628A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109120649A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN110380852B (en) | Bidirectional authentication method and communication system | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
CN109067539B (en) | Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium | |
CN109039657A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN109274503A (en) | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system | |
CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN110198295A (en) | Safety certifying method and device and storage medium | |
CN110474898A (en) | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing | |
CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
CN102394749B (en) | Line protection method, system, information safety equipment and application equipment for data transmission | |
CN109257170A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
CN112087428B (en) | Anti-quantum computing identity authentication system and method based on digital certificate | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN112351037B (en) | Information processing method and device for secure communication | |
CN113806772A (en) | Information encryption transmission method and device based on block chain | |
CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |