CN109245886A - Cryptographic key negotiation method, equipment, storage medium and system - Google Patents
Cryptographic key negotiation method, equipment, storage medium and system Download PDFInfo
- Publication number
- CN109245886A CN109245886A CN201811302227.6A CN201811302227A CN109245886A CN 109245886 A CN109245886 A CN 109245886A CN 201811302227 A CN201811302227 A CN 201811302227A CN 109245886 A CN109245886 A CN 109245886A
- Authority
- CN
- China
- Prior art keywords
- key
- distribution net
- net equipment
- public key
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of cryptographic key negotiation methods, the following steps are included: the key negotiation request message that distribution net equipment has been sent according to non-distribution net equipment generates and saves the first session key, first key check value is generated according to the first session key, and key negotiation response message is generated according to first key check value, key negotiation response message is back to the non-distribution net equipment, wherein, non- distribution net equipment generates the second session key according to key negotiation response message, and obtain first key check value, the second check value is generated according to the second session key, when the second check value is consistent with the first check value, save the second session key.The invention also discloses a kind of distribution net equipment, non-distribution net equipment, computer readable storage medium and key agreement systems.The present invention realizes that non-distribution net equipment connects network automatically, to improve the communications security of home equipment.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of cryptographic key negotiation method, distribution net equipment, non-distribution
Equipment, computer readable storage medium and key agreement system.
Background technique
With the continuous development of information technology, smart machine is widely used in life.In new equipment distribution, usually
The direct broadcast key of distribution net equipment, and distribution information is sent to new equipment, so that new equipment addition network, but this side
Formula safety is lower.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of cryptographic key negotiation method, distribution net equipment, non-distribution net equipment, computer
Readable storage medium storing program for executing and key agreement system, it is intended to realize that distribution net equipment searches for non-distribution net equipment automatically, and with non-distribution
Equipment carries out key agreement and obtains session key, is sent to non-distribution net equipment after distribution information is encrypted by session key, real
Now non-distribution net equipment connects network automatically, to improve the communications security of home equipment.
To achieve the above object, the present invention provides a kind of cryptographic key negotiation method, and the cryptographic key negotiation method includes following step
It is rapid:
Distribution net equipment is after receiving the key negotiation request message that non-distribution net equipment is sent, according to the key agreement
Request message generates and saves the first session key;
First key check value is generated according to first session key;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is returned
To the non-distribution net equipment, wherein the non-distribution net equipment is when receiving the key negotiation response message, according to described close
Key negotiates response message and generates the second session key, and obtains the first key check value, according to second session key
The second check value is generated, when second check value is consistent with first check value, saves second session key, institute
It states the second session key and first session key is that the session between distribution net equipment and the non-distribution net equipment is close
Key.
Preferably, described the step of generating the first session key according to the key negotiation request message, includes:
According to the non-distribution net equipment public key of the key negotiation request Receive message;
According to the non-distribution net equipment public key and first session key of distribution net equipment private key generation.
Preferably, the step of distribution net equipment public key non-according to the key negotiation request Receive message includes:
The distribution net equipment extracts non-distribution net equipment public key certificate from the key negotiation request message and root is public
Key index;
The non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
Preferably, described that the non-distribution is extracted from the non-distribution net equipment public key certificate according to root public key index
Before the step of equipment public key, further includes:
Hash operation is carried out to the presupposed information in the non-distribution net equipment public key certificate, obtains the second cryptographic Hash, it is described
Presupposed information include certificate format, certificate serial number, hash algorithm mark, non-distribution net equipment public key algorithm mark and it is described not
At least one of distribution net equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the non-distribution net equipment public key certificate, then institute is executed
State the step of non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
Preferably, the step of presupposed information in the non-distribution net equipment public key certificate carries out Hash operation it
Before, further includes:
Using the signature result in non-distribution net equipment public key certificate described in predetermined server public key decryptions, third Hash is obtained
Value, wherein the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described to the non-distribution net equipment public key card
The step of presupposed information in book carries out Hash operation.
Preferably, the distribution net equipment public key non-according to and first session of distribution net equipment private key generation are close
The step of key includes:
The non-distribution net equipment public key and the private key of distribution net equipment are spliced, splicing result is obtained;
Using the splicing result as first session key.
Preferably, described the step of generating first key check value according to first session key, includes:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Preferably, it after the described the step of key negotiation response message is back to the non-distribution net equipment, also wraps
It includes:
The distribution net equipment is when receiving the key agreement confirmation message that the non-distribution net equipment returns, using described
Session key decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then sends key agreement confirmation message to the non-distribution and set
It is standby.
To achieve the above object, the present invention also provides a kind of cryptographic key negotiation method, the cryptographic key negotiation method includes following
Step:
Non- distribution net equipment sends key negotiation request message to distribution net equipment, so that the distribution net equipment is receiving
After the key negotiation request message, the first session key is generated and saved according to the key negotiation request message, and according to
First session key generates first key check value, generates key negotiation response report according to the first key check value
The key negotiation response message is back to the non-distribution net equipment by text;
The non-distribution net equipment is when receiving the key negotiation response message, according to the key negotiation response message
The second session key is generated, and obtains the first key check value, the second check value is generated according to second session key,
When second check value is consistent with first check value, second session key, second session key are saved
It is the session key between distribution net equipment and the non-distribution net equipment with first session key.
Preferably, described the step of generating the second session key according to the key negotiation response message, includes:
According to key negotiation response Receive message distribution net equipment public key;
Second session key is generated according to the public key of distribution net equipment and non-distribution net equipment private key.
Preferably, it is described according to the key negotiation response Receive message distribution net equipment public key the step of include:
The non-distribution net equipment extracts distribution net equipment public key certificate and root public key from the key negotiation response message
Index;
The distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
Preferably, described that the distribution is extracted from the public key certificate of distribution net equipment according to root public key index
Before the step of equipment public key, further includes:
Hash operation is carried out to the presupposed information in the public key certificate of distribution net equipment, obtains the 5th cryptographic Hash, it is described
Presupposed information include certificate format, certificate serial number, hash algorithm mark, distribution net equipment public key algorithm mark and it is described
At least one of distribution net equipment public key;
When the 5th cryptographic Hash is consistent with the 4th cryptographic Hash in the public key certificate of distribution net equipment, then institute is executed
State the step of distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
Preferably, the step of presupposed information in the public key certificate of distribution net equipment carries out Hash operation it
Before, further includes:
Using the signature result in distribution net equipment public key certificate described in predetermined server public key decryptions, the 6th Hash is obtained
Value, wherein the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to the 4th cryptographic Hash;
When the 6th cryptographic Hash is consistent with the 4th cryptographic Hash, execute described to the public key of distribution net equipment card
The step of presupposed information in book carries out Hash operation.
It is preferably, described that distribution net equipment public key and non-distribution net equipment private key generation second session are close according to
The step of key includes:
The public key of distribution net equipment and the non-distribution net equipment private key are spliced, splicing result is obtained;
Using the splicing result as second session key.
Preferably, described the step of generating the second check value according to second session key, includes:
Predetermined bite is encrypted according to second session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Preferably, second session key and first session key are the distribution net equipment and the non-distribution
After the step of session key between equipment, further includes:
The non-distribution net equipment encrypts preset field using the session key, obtains key agreement confirmation letter
Breath;
The key agreement confirmation message is sent to the distribution net equipment, so that the distribution net equipment is receiving
When the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result,
When including the preset field in the decrypted result, then key agreement confirmation message is sent to the non-distribution net equipment.
To achieve the above object, the present invention also provides one kind, distribution net equipment, the distribution net equipment have included:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of non-distribution net equipment, the non-distribution net equipment includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages
Key Agreement procedure is stored on medium, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by processor
Step.
To achieve the above object, the present invention also provides a kind of key agreement systems, and the key agreement system includes above-mentioned
Distribution net equipment and above-mentioned non-distribution net equipment.
Cryptographic key negotiation method provided by the invention, distribution net equipment, non-distribution net equipment, computer readable storage medium and
Key agreement system, the key negotiation request message that distribution net equipment has been sent according to non-distribution net equipment generate and save the first session
Key generates first key check value according to the first session key, and generates key negotiation response according to first key check value
Key negotiation response message is back to the non-distribution net equipment, wherein non-distribution net equipment is according to key negotiation response report by message
Text generates the second session key, and obtains first key check value, the second check value is generated according to the second session key, second
When check value is consistent with the first check value, the second session key is saved.The present invention realizes that distribution net equipment searches for non-distribution automatically
Equipment, and carry out key agreement with non-distribution net equipment and obtain session key, it is sent after distribution information is encrypted by session key
To non-distribution net equipment, realize that non-distribution net equipment connects network automatically, to improve the communications security of home equipment.
Detailed description of the invention
Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key negotiation method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key negotiation method second embodiment of the present invention;
Fig. 4 is the flow diagram of cryptographic key negotiation method 3rd embodiment of the present invention;
Fig. 5 is the flow diagram of cryptographic key negotiation method fourth embodiment of the present invention;
Fig. 6 is the flow diagram of the 5th embodiment of cryptographic key negotiation method of the present invention;
Fig. 7 is the flow diagram of cryptographic key negotiation method sixth embodiment of the present invention;
Fig. 8 is the flow diagram of the 7th embodiment of cryptographic key negotiation method of the present invention;
Fig. 9 is the flow diagram of the 8th embodiment of cryptographic key negotiation method of the present invention;
Figure 10 is the flow diagram of the 9th embodiment of cryptographic key negotiation method of the present invention;
Figure 11 is the flow diagram of the tenth embodiment of cryptographic key negotiation method of the present invention;
Figure 12 is the flow diagram of the 11st embodiment of cryptographic key negotiation method of the present invention;
Figure 13 is the flow diagram of the 12nd embodiment of cryptographic key negotiation method of the present invention;
Figure 14 is the flow diagram of the 13rd embodiment of cryptographic key negotiation method of the present invention;
Figure 15 is the flow diagram of the 14th embodiment of cryptographic key negotiation method of the present invention;
Figure 16 is the flow diagram of the 15th embodiment of cryptographic key negotiation method of the present invention;
Figure 17 is the flow diagram of the 16th embodiment of cryptographic key negotiation method of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of cryptographic key negotiation method, and distribution net equipment searches for non-distribution net equipment automatically, and sets with non-distribution
The standby key agreement that carries out obtains session key, is sent to non-distribution net equipment after distribution information is encrypted by session key, realizes
Non- distribution net equipment connects network automatically, to improve the communications security of home equipment.
As shown in Figure 1, Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be smart machine, such as air conditioner, air regulator, electric cooker, intelligent door lock
Deng.
As shown in Figure 1, the embodiment terminal may include: processor 1001, such as CPU, memory 1002, communication bus
1003.Wherein, communication bus 1003 is for realizing the connection communication between each building block in the server.Memory 1002 can
To be high speed RAM memory, it is also possible to stable memory (non-volatile memory), such as magnetic disk storage.It deposits
Reservoir 1002 optionally can also be the storage device independently of aforementioned processor 1001.
As shown in Figure 1, as may include Key Agreement procedure in a kind of memory 1002 of computer storage medium.
In embodiment terminal shown in Fig. 1, processor 1001 can be used for calling the key stored in memory 1002
Negotiation procedure, and execute following operation:
Distribution net equipment is after receiving the key negotiation request message that non-distribution net equipment is sent, according to the key agreement
Request message generates and saves the first session key;
First key check value is generated according to first session key;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is returned
To the non-distribution net equipment, wherein the non-distribution net equipment is when receiving the key negotiation response message, according to described close
Key negotiates response message and generates the second session key, and obtains the first key check value, according to second session key
The second check value is generated, when second check value is consistent with first check value, saves second session key, institute
It states the second session key and first session key is that the session between distribution net equipment and the non-distribution net equipment is close
Key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
According to the non-distribution net equipment public key of the key negotiation request Receive message;
According to the non-distribution net equipment public key and first session key of distribution net equipment private key generation.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The distribution net equipment extracts non-distribution net equipment public key certificate from the key negotiation request message and root is public
Key index;
The non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Hash operation is carried out to the presupposed information in the non-distribution net equipment public key certificate, obtains the second cryptographic Hash, it is described
Presupposed information include certificate format, certificate serial number, hash algorithm mark, non-distribution net equipment public key algorithm mark and it is described not
At least one of distribution net equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the non-distribution net equipment public key certificate, then institute is executed
State the step of non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Using the signature result in non-distribution net equipment public key certificate described in predetermined server public key decryptions, third Hash is obtained
Value, wherein the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described to the non-distribution net equipment public key card
The step of presupposed information in book carries out Hash operation.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The non-distribution net equipment public key and the private key of distribution net equipment are spliced, splicing result is obtained;
Using the splicing result as first session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The distribution net equipment is when receiving the key agreement confirmation message that the non-distribution net equipment returns, using described
Session key decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then sends key agreement confirmation message to the non-distribution and set
It is standby.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Non- distribution net equipment sends key negotiation request message to distribution net equipment, so that the distribution net equipment is receiving
After the key negotiation request message, the first session key is generated and saved according to the key negotiation request message, and according to
First session key generates first key check value, generates key negotiation response report according to the first key check value
The key negotiation response message is back to the non-distribution net equipment by text;
The non-distribution net equipment is when receiving the key negotiation response message, according to the key negotiation response message
The second session key is generated, and obtains the first key check value, the second check value is generated according to second session key,
When second check value is consistent with first check value, second session key, second session key are saved
It is the session key between distribution net equipment and the non-distribution net equipment with first session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
According to key negotiation response Receive message distribution net equipment public key;
Second session key is generated according to the public key of distribution net equipment and non-distribution net equipment private key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The non-distribution net equipment extracts distribution net equipment public key certificate and root public key from the key negotiation response message
Index;
The distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Hash operation is carried out to the presupposed information in the public key certificate of distribution net equipment, obtains the 5th cryptographic Hash, it is described
Presupposed information include certificate format, certificate serial number, hash algorithm mark, distribution net equipment public key algorithm mark and it is described
At least one of distribution net equipment public key;
When the 5th cryptographic Hash is consistent with the 4th cryptographic Hash in the public key certificate of distribution net equipment, then institute is executed
State the step of distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Using the signature result in distribution net equipment public key certificate described in predetermined server public key decryptions, the 6th Hash is obtained
Value, wherein the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to the 4th cryptographic Hash;
When the 6th cryptographic Hash is consistent with the 4th cryptographic Hash, execute described to the public key of distribution net equipment card
The step of presupposed information in book carries out Hash operation.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The public key of distribution net equipment and the non-distribution net equipment private key are spliced, splicing result is obtained;
Using the splicing result as second session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to second session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The non-distribution net equipment encrypts preset field using the session key, obtains key agreement confirmation letter
Breath;
The key agreement confirmation message is sent to the distribution net equipment, so that the distribution net equipment is receiving
When the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result,
When including the preset field in the decrypted result, then key agreement confirmation message is sent to the non-distribution net equipment.
Referring to Fig. 2, in the first embodiment, the cryptographic key negotiation method includes:
Step S10, distribution net equipment is after receiving the key negotiation request message that non-distribution net equipment is sent, according to described
Key negotiation request message generates and saves the first session key;
In the present embodiment, executing subject is distribution net equipment.Distribution net equipment can be air conditioner, air regulator, wash
A variety of smart machines such as the mechanical, electrical rice cooker of clothing, intelligent door lock, the APP in terminal can be communicated by Cloud Server with equipment,
I.e. user can be sent by APP and be instructed, to control smart machine.Under LAN environment, distribution net equipment can pass through
The non-distribution net equipment being powered in WiFi module search preset range, examines the legitimacy of non-distribution net equipment, in non-distribution first
When equipment is legal, then with non-distribution net equipment consult session key, and distribution information is sent to not by session key through consultation
Distribution net equipment, so that non-distribution net equipment connects local area network automatically.
In the present embodiment, key negotiation request message is generated by non-distribution net equipment, and is sent to distribution net equipment, to
Distribution net equipment initiates key negotiation request.It wherein, may include non-distribution net equipment public key etc. in key negotiation request message, it can also
To include root public key index, non-distribution net equipment public key certificate etc., i.e., non-distribution net equipment public key can be non-distribution net equipment and generate,
It can never extract in distribution net equipment public key certificate.It should be noted that non-distribution net equipment public key certificate can be pre- by decrypting
If server obtains, predetermined server can be License server.Distribution net equipment is in non-distribution net equipment public key certificate
Signature result carries out sign test and extracts not matching in non-distribution net equipment public key certificate by root public key index when sign test passes through
Net equipment public key.This kind of mode increases the randomness of certificate.
Step S11, first key check value is generated according to first session key;
In the present embodiment, distribution net equipment encrypts the first session key according to preset algorithm and generates first key verification
Value, wherein the first default check value is for verifying session key.Preferably, the first session key is encrypted according to preset algorithm
The step of generating first key check value, which may is that, encrypts predetermined bite according to the first session key, obtains encryption knot
Fruit, and using the preset byte of encrypted result as first key check value.
Step S12, key negotiation response message is generated according to the first key check value, by the key negotiation response
Message is back to the non-distribution net equipment, wherein the non-distribution net equipment is when receiving the key negotiation response message, root
The second session key is generated according to the key negotiation response message, and obtains the first key check value, according to described second
Session key generates the second check value, when second check value is consistent with first check value, saves second meeting
Words key, second session key and first session key are for described between distribution net equipment and the non-distribution net equipment
Session key.
In the present embodiment, key negotiation response message may include first key check value and distribution net equipment public key
Deng, or including first key check value, distribution net equipment public key certificate and root public key index etc..Distribution net equipment is by key
Negotiate response message and be back to non-distribution net equipment, so that non-distribution net equipment utilizes non-distribution net equipment private key to distribution net equipment public key
It carries out that the second session key is calculated, and the second session key is encrypted according to preset algorithm and generates the second keycheck value,
When the second keycheck value is consistent with first key check value, the second session key is saved.Preferably, using non-distribution net equipment
The second session key is calculated to distribution net equipment public key by ECDH algorithm in private key.Also, non-distribution net equipment is according to default
Algorithm encrypts the second session key and generates the second keycheck value, wherein the second keycheck value is for verifying session key.
Preferably, encrypting the step of generating the second keycheck value to the second session key according to preset algorithm may is that according to second
Session key encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as the second key school
Test value.
It should be noted that the first session key is consistent with the second session key due to the characteristic of ECDH algorithm, because
This first session key and the second session key are the session key between distribution net equipment and non-distribution net equipment.First session is close
The generating mode of key and the second session key is not limited to ECDH algorithm, is also possible to other algorithms, for example ECC algorithm, RSA are calculated
Method, ECDSA algorithm etc., the present invention is not specifically limited.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than
Such as, operation is carried out to the first session key according to SHA256 algorithm and obtains the first summary info, non-distribution net equipment is according to SHA256
Algorithm carries out operation to the second session key and obtains the second summary info, consistent with the first summary info in the second summary info
When, then the first session key and the second session key are the session key between distribution net equipment and non-distribution net equipment.
In the first embodiment, the key negotiation request message that distribution net equipment has been sent according to non-distribution net equipment is generated and is protected
The first session key is deposited, first key check value is generated according to the first session key, and close according to the generation of first key check value
Key negotiates response message, key negotiation response message is back to the non-distribution net equipment, wherein non-distribution net equipment is according to key
Negotiate response message and generate the second session key, and obtain first key check value, the second school is generated according to the second session key
Value is tested, when the second check value is consistent with the first check value, saves the second session key.The present invention realizes that distribution net equipment is automatic
Non- distribution net equipment is searched for, and carries out key agreement with non-distribution net equipment and obtains session key, distribution information is passed through into session key
It is sent to non-distribution net equipment after encryption, realizes that non-distribution net equipment connects network automatically, to improve the communication peace of home equipment
Quan Xing.
In a second embodiment, described according to the key as shown in figure 3, on the basis of above-mentioned embodiment shown in Fig. 2
Message of negotiation request generate the first session key the step of include:
Step S101, according to the non-distribution net equipment public key of the key negotiation request Receive message;
Step S102, close according to the non-distribution net equipment public key and first session of distribution net equipment private key generation
Key.
In the present embodiment, distribution net equipment carries out non-distribution net equipment public key using distribution net equipment private key to be calculated
One session key, it is preferable that first is calculated to non-distribution net equipment public key by ECDH algorithm using distribution net equipment private key
Session key.It should be noted that the generating mode of the first session key is not limited to ECDH algorithm, it is also possible to other algorithms,
Such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In a second embodiment, using the splicing result of non-distribution net equipment public key and distribution net equipment private key as the first session
Key, this way it is ensured that the safety communicated between non-distribution net equipment public key and distribution net equipment public key.
In the third embodiment, described as shown in figure 4, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 3
The step of distribution net equipment public key non-according to the key negotiation request Receive message includes:
Step S1011, the described distribution net equipment extracts non-distribution net equipment public key card from the key negotiation request message
Book and root public key index;
Step S1012, the non-distribution is extracted from the non-distribution net equipment public key certificate according to root public key index
Equipment public key.
In the present embodiment, key negotiation request message is generated by non-distribution net equipment, and is sent to distribution net equipment, to
Distribution net equipment initiates key negotiation request.It wherein, may include non-distribution net equipment public key etc. in key negotiation request message, it can also
To include root public key index, non-distribution net equipment public key certificate etc..
Non- distribution net equipment public key can be non-distribution net equipment and generate, and can also never extract in distribution net equipment public key certificate,
Wherein, non-distribution net equipment public key certificate can be obtained by decrypting predetermined server.Distribution net equipment is to non-distribution net equipment public key
Signature result in certificate carries out sign test and extracts non-distribution net equipment public key certificate by root public key index when sign test passes through
In public key.This kind of mode increases the randomness of certificate, it should be noted that predetermined server can be License service
Device.
In the third embodiment, distribution net equipment extract equipment public key certificate and root from key negotiation request message is public
Key index, and non-distribution net equipment public key is extracted according in root public key index never distribution net equipment certificate.In this way, increasing certificate
Randomness further improves the communications security of home equipment.
In the fourth embodiment, described as shown in figure 5, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 4
According to root public key index before the step of extracting the non-distribution net equipment public key in the non-distribution net equipment public key certificate,
Further include:
Step S1013, Hash operation is carried out to the presupposed information in the non-distribution net equipment public key certificate, obtains the second Kazakhstan
Uncommon value, the presupposed information include certificate format, certificate serial number, hash algorithm mark, non-distribution net equipment public key algorithm mark
And at least one of described non-distribution net equipment public key;
Step S1014, judge second cryptographic Hash whether with the first Hash in the non-distribution net equipment public key certificate
Value is consistent;
Step S1015, consistent with the first cryptographic Hash in the non-distribution net equipment public key certificate in second cryptographic Hash
When, then it executes described index according to the root public key and extracts the non-distribution net equipment public affairs from the non-distribution net equipment public key certificate
The step of key.
In the present embodiment, before non-distribution net equipment public key is extracted in never distribution net equipment public key certificate, distribution net equipment
Non- distribution net equipment public key certificate is verified.It specifically, include certificate format, certificate sequence in non-distribution net equipment public key certificate
Number, hash algorithm mark, non-distribution net equipment public key algorithm mark, non-distribution net equipment public key, signature result and the first cryptographic Hash,
Wherein, signature result is what predetermined server signed to the first cryptographic Hash using predetermined server private key, and first breathes out
Uncommon value, which is predetermined server, to be carried out Hash operation to presupposed information and obtains, presupposed information include certificate format, certificate serial number,
Hash algorithm mark, non-distribution net equipment public key algorithm mark and non-distribution net equipment public key.
Distribution net equipment carries out Hash operation to the presupposed information in non-distribution net equipment public key certificate and obtains the second cryptographic Hash,
When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that non-distribution net equipment public key certificate is legal, then never distribution net equipment is public
Non- distribution net equipment public key is extracted in key certificate.
In the fourth embodiment, distribution net equipment carries out Hash meter to the presupposed information in non-distribution net equipment public key certificate
Calculate, obtain the second cryptographic Hash, and when the second cryptographic Hash is consistent with the first cryptographic Hash in non-distribution net equipment public key certificate, then from
Non- distribution net equipment public key is extracted in non-distribution net equipment public key certificate.This way it is ensured that the legitimacy of certificate.
In the 5th embodiment, described as shown in fig. 6, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 5
Before the step of carrying out Hash operation to the presupposed information in the non-distribution net equipment public key certificate, further includes:
Step S1016, it using the signature result in non-distribution net equipment public key certificate described in predetermined server public key decryptions, obtains
To third cryptographic Hash, wherein the signature result be Cloud Server using predetermined server private key to first cryptographic Hash into
Row encryption obtains;
Step S1017, judge whether the third cryptographic Hash is consistent with first cryptographic Hash;
Step S1018, it when the third cryptographic Hash is consistent with first cryptographic Hash, executes described to the non-distribution
The step of presupposed information in equipment public key certificate carries out Hash operation.
In the present embodiment, before non-distribution net equipment public key is extracted in never distribution net equipment public key certificate, distribution net equipment
Non- distribution net equipment public key certificate is verified.It specifically, include certificate format, certificate sequence in non-distribution net equipment public key certificate
Number, hash algorithm mark, non-distribution net equipment public key algorithm mark, non-distribution net equipment public key, signature result and the first cryptographic Hash,
Wherein, signature result is what predetermined server signed to the first cryptographic Hash using predetermined server private key, and first breathes out
Uncommon value, which is predetermined server, to be carried out Hash operation to presupposed information and obtains, presupposed information include certificate format, certificate serial number,
Hash algorithm mark, non-distribution net equipment public key algorithm mark and non-distribution net equipment public key.
Distribution net equipment has been using the signature result in the non-distribution net equipment public key certificate of predetermined server public key decryptions, obtains the
Three cryptographic Hash, when third cryptographic Hash is consistent with the first cryptographic Hash, distribution net equipment is to pre- in non-distribution net equipment public key certificate
If information carries out Hash operation and obtains the second cryptographic Hash, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate closes
Method then never extracts non-distribution net equipment public key in distribution net equipment public key certificate.It should be noted that predetermined server can be
License server.
In the 5th embodiment, distribution net equipment decrypts the signature result in non-distribution net equipment public key certificate, obtains third
Cryptographic Hash, when third cryptographic Hash is consistent with the first cryptographic Hash in equipment public key certificate, then to non-distribution net equipment public key certificate
In presupposed information carry out Hash operation.In this way, further ensuring the legitimacy of certificate.
In the sixth embodiment, described as shown in fig. 7, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 6
According to the non-distribution net equipment public key and distribution net equipment private key generate first session key the step of include:
Step S1021, the non-distribution net equipment public key and the private key of distribution net equipment are spliced, obtains splicing knot
Fruit;
Step S1022, using the splicing result as first session key.
In the present embodiment, distribution net equipment carries out non-distribution net equipment public key using distribution net equipment private key to be calculated
One session key, it is preferable that first is calculated to non-distribution net equipment public key by ECDH algorithm using distribution net equipment private key
Session key.It should be noted that the generating mode of the first session key is not limited to ECDH algorithm, it is also possible to other algorithms,
Such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In the sixth embodiment, using the splicing result of non-distribution net equipment public key and distribution net equipment private key as the first session
Key, this way it is ensured that the safety communicated between non-distribution net equipment and distribution net equipment.
In the seventh embodiment, described as shown in figure 8, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 7
Include: according to the step of first session key generation first key check value
Step S111, predetermined bite is encrypted according to first session key, obtains encrypted result;
Step S112, using the preset byte of the encrypted result as the first key check value.
In the present embodiment, distribution net equipment encrypts the first session key according to preset algorithm and generates first key verification
Value, wherein the first default check value is for verifying session key.Preferably, the first session key is encrypted according to preset algorithm
The step of generating first key check value, which may is that, encrypts predetermined bite according to the first session key, obtains encryption knot
Fruit, and using the preset byte of encrypted result as first key check value.It should be noted that predetermined bite can be 16 words
Section, preset byte can be first three byte.
It should be noted that session key can also be verified otherwise, the present invention is not specifically limited.For example, according to
SHA256 algorithm carries out operation to the second session key and obtains the first summary info, and terminal is according to SHA256 algorithm to the second session
Key carries out operation and obtains the second summary info, and when the second summary info is consistent with the first summary info, then the first session is close
Key and the second session key are non-distribution net equipment and the session key between distribution net equipment.
In the seventh embodiment, predetermined bite is encrypted according to the first session key to obtain encrypted result, and will be added
The preset byte of close result is as first key check value.This way it is ensured that key between non-distribution net equipment and distribution net equipment
The safety of negotiation.
In the eighth embodiment, described as shown in figure 9, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 8
After the step of key negotiation response message is back to the non-distribution net equipment, further includes:
Step S13, when the key agreement confirmation message that the described distribution net equipment non-distribution net equipment described in receiving returns,
The key agreement confirmation message, which is decrypted, using the session key obtains decrypted result;
Step S14, in the decrypted result include preset field when, then send key agreement confirmation message to it is described not
Distribution net equipment.
In the present embodiment, non-distribution net equipment encrypts preset field using session key, or non-distribution net equipment benefit
Preset field and random number are encrypted with session key, obtain key agreement confirmation message, and by key agreement confirmation letter
Breath is sent to distribution net equipment, so that distribution net equipment is decrypted when receiving key agreement confirmation message using session key
Key agreement confirmation message obtains decrypted result, when including preset field in decrypted result, then sends encrypted distribution letter
It ceases to non-distribution net equipment.Wherein, preset field can be characters such as " OK ".
It should be noted that distribution information may include SSID, password and User ID etc..Distribution net equipment is close by session
Key encrypts distribution information, and non-distribution net equipment is decrypted when receiving encrypted distribution information by session key
Local area network is connected automatically to distribution information, and according to distribution information.
In the eighth embodiment, distribution net equipment when receiving the key agreement confirmation message that non-distribution net equipment returns,
Negotiate confirmation message using session key decruption key and obtain decrypted result, when including preset field in decrypted result, then sends out
Send encrypted distribution information to non-distribution net equipment.In this way, realizing that non-distribution net equipment connects local area network automatically.
The present invention also provides a kind of cryptographic key negotiation methods, as shown in Figure 10, in the 9th embodiment, the key agreement side
Method the following steps are included:
Step S20, non-distribution net equipment sends key negotiation request message to distribution net equipment, for the distribution net equipment
After receiving the key negotiation request message, is generated according to the key negotiation request message and to save the first session close
Key, and first key check value is generated according to first session key, key association is generated according to the first key check value
The key negotiation response message is back to the non-distribution net equipment by quotient's response message;
Step S21, the described non-distribution net equipment is when receiving the key negotiation response message, according to the key agreement
Response message generates the second session key, and obtains the first key check value, generates the according to second session key
Two check values, when second check value is consistent with first check value, preservation second session key, described second
Session key and first session key are the session key between distribution net equipment and the non-distribution net equipment.
In the present embodiment, executing subject is non-distribution net equipment.Non- distribution net equipment can be air conditioner, air regulator, wash
A variety of smart machines such as the mechanical, electrical rice cooker of clothing, intelligent door lock, the APP in terminal can be communicated by Cloud Server with equipment,
I.e. user can be sent by APP and be instructed, to control smart machine.Under LAN environment, distribution net equipment can pass through
The non-distribution net equipment being powered in WiFi module search preset range, examines the legitimacy of non-distribution net equipment, in non-distribution first
When equipment is legal, then with non-distribution net equipment consult session key, and distribution information is sent to not by session key through consultation
Distribution net equipment, so that non-distribution net equipment connects local area network automatically.
In the present embodiment, key negotiation request message is generated by non-distribution net equipment, and is sent to distribution net equipment, to
Distribution net equipment initiates key negotiation request.It wherein, may include non-distribution net equipment public key etc. in key negotiation request message, it can also
To include root public key index, non-distribution net equipment public key certificate etc., i.e., non-distribution net equipment public key can be non-distribution net equipment and generate,
It can never extract in distribution net equipment public key certificate.It should be noted that non-distribution net equipment public key certificate can be pre- by decrypting
If server obtains, predetermined server can be License server.Distribution net equipment is in non-distribution net equipment public key certificate
Signature result carries out sign test and extracts not matching in non-distribution net equipment public key certificate by root public key index when sign test passes through
Net equipment public key.This kind of mode increases the randomness of certificate.
In the present embodiment, distribution net equipment encrypts the first session key according to preset algorithm and generates first key verification
Value, wherein the first default check value is for verifying session key.Preferably, the first session key is encrypted according to preset algorithm
The step of generating first key check value, which may is that, encrypts predetermined bite according to the first session key, obtains encryption knot
Fruit, and using the preset byte of encrypted result as first key check value.
In the present embodiment, key negotiation response message may include first key check value and distribution net equipment public key
Deng, or including first key check value, distribution net equipment public key certificate and root public key index etc..Distribution net equipment is by key
Negotiate response message and be back to non-distribution net equipment, so that non-distribution net equipment utilizes non-distribution net equipment private key to distribution net equipment public key
It carries out that the second session key is calculated, and the second session key is encrypted according to preset algorithm and generates the second keycheck value,
When the second keycheck value is consistent with first key check value, the second session key is saved.Preferably, using non-distribution net equipment
The second session key is calculated to distribution net equipment public key by ECDH algorithm in private key.Also, non-distribution net equipment is according to default
Algorithm encrypts the second session key and generates the second keycheck value, wherein the second keycheck value is for verifying session key.
Preferably, encrypting the step of generating the second keycheck value to the second session key according to preset algorithm may is that according to second
Session key encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as the second key school
Test value.
It should be noted that the first session key is consistent with the second session key due to the characteristic of ECDH algorithm, because
This first session key and the second session key are the session key between distribution net equipment and non-distribution net equipment.First session is close
The generating mode of key and the second session key is not limited to ECDH algorithm, is also possible to other algorithms, for example ECC algorithm, RSA are calculated
Method, ECDSA algorithm etc., the present invention is not specifically limited.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than
Such as, operation is carried out to the first session key according to SHA256 algorithm and obtains the first summary info, non-distribution net equipment is according to SHA256
Algorithm carries out operation to the second session key and obtains the second summary info, consistent with the first summary info in the second summary info
When, then the first session key and the second session key are the session key between distribution net equipment and non-distribution net equipment.
In the 9th embodiment, the key negotiation request message that distribution net equipment has been sent according to non-distribution net equipment is generated and is protected
The first session key is deposited, first key check value is generated according to the first session key, and close according to the generation of first key check value
Key negotiates response message, key negotiation response message is back to the non-distribution net equipment, wherein non-distribution net equipment is according to key
Negotiate response message and generate the second session key, and obtain first key check value, the second school is generated according to the second session key
Value is tested, when the second check value is consistent with the first check value, saves the second session key.The present invention realizes that distribution net equipment is automatic
Non- distribution net equipment is searched for, and carries out key agreement with non-distribution net equipment and obtains session key, distribution information is passed through into session key
It is sent to non-distribution net equipment after encryption, realizes that non-distribution net equipment connects network automatically, to improve the communication peace of home equipment
Quan Xing.
It is as shown in figure 11, described according to described close on the basis of above-mentioned embodiment shown in Fig. 10 in the tenth embodiment
Key negotiate response message generate the second session key the step of include:
Step S211, according to key negotiation response Receive message distribution net equipment public key;
Step S212, close according to the distribution net equipment public key and non-distribution net equipment private key generation second session
Key.
In the present embodiment, non-distribution net equipment carries out distribution net equipment public key using non-distribution net equipment private key to be calculated
Two session keys, it is preferable that second is calculated to distribution net equipment public key by ECDH algorithm using non-distribution net equipment private key
Session key.It should be noted that the generating mode of the second session key is not limited to ECDH algorithm, it is also possible to other algorithms,
Such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In the tenth embodiment, using the splicing result of distribution net equipment public key and non-distribution net equipment private key as the second session
Key, this way it is ensured that the safety communicated between non-distribution net equipment public key and distribution net equipment public key.
Referring to Fig.1 2, in the 11st embodiment, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 11, institute
State according to the key negotiation response Receive message distribution net equipment public key the step of include:
Step S2111, the described non-distribution net equipment extracts distribution net equipment public key certificate from the key negotiation response message
And root public key index;
Step S2112, the distribution is extracted from the public key certificate of distribution net equipment according to root public key index
Equipment public key.
In the present embodiment, key negotiation response message is generated by distribution net equipment, and is sent to non-distribution net equipment, to not
Distribution net equipment initiates key negotiation request.Wherein, it in key negotiation request message may include distribution net equipment public key etc., it can also
To include root public key index, distribution net equipment public key certificate etc..
Distribution net equipment public key can be distribution net equipment generation, can also extract from distribution net equipment public key certificate,
Wherein, distribution net equipment public key certificate can be obtained by decrypting predetermined server.Non- distribution net equipment is to distribution net equipment public key
Signature result in certificate carries out sign test and extracts distribution net equipment public key certificate by root public key index when sign test passes through
In distribution net equipment public key.This kind of mode increases the randomness of certificate, it should be noted that predetermined server can be
License server.
In the 11st embodiment, non-distribution net equipment extracts distribution net equipment public key certificate from key negotiation request message
And root public key index, and distribution net equipment public key is extracted from distribution net equipment certificate according to root public key index.In this way, increasing
The randomness of certificate, further improves the communications security of home equipment.
Referring to Fig.1 3, in the 12nd embodiment, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 12, institute
State the step of distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index it
Before, further includes:
Step S2113, Hash operation is carried out to the presupposed information in the public key certificate of distribution net equipment, obtains the 5th Kazakhstan
Uncommon value, the presupposed information includes certificate format, certificate serial number, hash algorithm mark, distribution net equipment public key algorithm has identified
And at least one of described public key of distribution net equipment;
Step S2114, judge the 5th cryptographic Hash whether with the 4th Hash in the public key certificate of distribution net equipment
Value is consistent;
Step S2115, consistent with the 4th cryptographic Hash in the public key certificate of distribution net equipment in the 5th cryptographic Hash
When, then it executes described index according to the root public key and extracts the public affairs of distribution net equipment from the public key certificate of distribution net equipment
The step of key.
In the present embodiment, before extracting distribution net equipment public key in distribution net equipment public key certificate, non-distribution net equipment
Distribution net equipment public key certificate is verified.It specifically, include certificate format, certificate sequence in distribution net equipment public key certificate
Number, hash algorithm mark, distribution net equipment public key algorithm mark, distribution net equipment public key, signature result and the 4th cryptographic Hash,
Wherein, signature result is what predetermined server signed to the 4th cryptographic Hash using predetermined server private key, and the 4th breathes out
Uncommon value, which is predetermined server, to be carried out Hash operation to presupposed information and obtains, presupposed information include certificate format, certificate serial number,
Hash algorithm mark, distribution net equipment public key algorithm mark and distribution net equipment public key.
Non- distribution net equipment carries out Hash operation to the presupposed information in distribution net equipment public key certificate and obtains the 5th cryptographic Hash,
When the 5th cryptographic Hash is consistent with the 4th cryptographic Hash, then determine that distribution net equipment public key certificate is legal, then from the public affairs of distribution net equipment
Distribution net equipment public key is extracted in key certificate.
In the 12nd embodiment, non-distribution net equipment carries out Hash meter to the presupposed information in distribution net equipment public key certificate
Calculate, obtain the 5th cryptographic Hash, and when the 5th cryptographic Hash is consistent with the 4th cryptographic Hash in distribution net equipment public key certificate, then from
Distribution net equipment public key is extracted in distribution net equipment public key certificate.This way it is ensured that the legitimacy of certificate.
In the 13rd embodiment, as shown in figure 14, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 13,
Before the step of presupposed information in the public key certificate of distribution net equipment carries out Hash operation, further includes:
Step S2116, it using the signature result in distribution net equipment public key certificate described in predetermined server public key decryptions, obtains
To the 6th cryptographic Hash, wherein the signature result be Cloud Server using predetermined server private key to the 4th cryptographic Hash into
Row encryption obtains;
Step S2117, judge whether the 6th cryptographic Hash is consistent with the 4th cryptographic Hash;
Step S2118, it when the 6th cryptographic Hash is consistent with the 4th cryptographic Hash, executes described to the distribution
The step of presupposed information in equipment public key certificate carries out Hash operation.
In the present embodiment, before extracting distribution net equipment public key in distribution net equipment public key certificate, non-distribution net equipment
Distribution net equipment public key certificate is verified.It specifically, include certificate format, certificate sequence in distribution net equipment public key certificate
Number, hash algorithm mark, distribution net equipment public key algorithm mark, distribution net equipment public key, signature result and the 4th cryptographic Hash,
Wherein, signature result is what predetermined server signed to the 4th cryptographic Hash using predetermined server private key, and the 4th breathes out
Uncommon value, which is predetermined server, to be carried out Hash operation to presupposed information and obtains, presupposed information include certificate format, certificate serial number,
Hash algorithm mark, distribution net equipment public key algorithm mark and distribution net equipment public key.
Non- distribution net equipment obtains the using the predetermined server public key decryptions signature result in distribution net equipment public key certificate
Six cryptographic Hash, when the 6th cryptographic Hash is consistent with the 4th cryptographic Hash, non-distribution net equipment is to pre- in distribution net equipment public key certificate
If information carries out Hash operation and obtains the 5th cryptographic Hash, when the 5th cryptographic Hash is consistent with the 4th cryptographic Hash, then determine that certificate closes
Method then extracts distribution net equipment public key from distribution net equipment public key certificate.It should be noted that predetermined server can be
License server.
In the 13rd embodiment, non-distribution net equipment carries out Hash meter to the presupposed information in distribution net equipment public key certificate
It calculates, obtains the 6th cryptographic Hash, and when the 6th cryptographic Hash is consistent with the 4th cryptographic Hash in distribution net equipment public key certificate, then it is right
The presupposed information in distribution net equipment public key certificate carries out Hash operation.In this way, further ensuring the legitimacy of certificate.
As shown in figure 15, in the 14th embodiment, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 14,
Described the step of distribution net equipment public key and non-distribution net equipment private key generate second session key according to includes:
Step S213, the public key of distribution net equipment and the non-distribution net equipment private key are spliced, obtains splicing knot
Fruit;
Step S214, using the splicing result as second session key.
In the present embodiment, non-distribution net equipment carries out distribution net equipment public key using non-distribution net equipment private key to be calculated
Two session keys, it is preferable that second is calculated to distribution net equipment public key by ECDH algorithm using non-distribution net equipment private key
Session key.It should be noted that the generating mode of the second session key is not limited to ECDH algorithm, it is also possible to other algorithms,
Such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In the 14th embodiment, using the splicing result of distribution net equipment public key and non-distribution net equipment private key as the second meeting
Key is talked about, this way it is ensured that the safety communicated between non-distribution net equipment and distribution net equipment.
In the 15th embodiment, as shown in figure 16, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 15,
It is described according to second session key generate the second check value the step of include:
Step S215, predetermined bite is encrypted according to second session key, obtains encrypted result;
Step S216, using the preset byte of the encrypted result as second keycheck value.
In the present embodiment, non-distribution net equipment encrypts the second session key according to preset algorithm and generates the second key verification
Value, wherein the second default check value is for verifying session key.Preferably, the second session key is encrypted according to preset algorithm
The step of generating the second keycheck value, which may is that, encrypts predetermined bite according to the second session key, obtains encryption knot
Fruit, and using the preset byte of encrypted result as the second keycheck value.It should be noted that predetermined bite can be 16 words
Section, preset byte can be first three byte.
It should be noted that session key can also be verified otherwise, the present invention is not specifically limited.For example, according to
SHA256 algorithm carries out operation to the second session key and obtains the first summary info, and terminal is according to SHA256 algorithm to the second session
Key carries out operation and obtains the second summary info, and when the second summary info is consistent with the first summary info, then the first session is close
Key and the second session key are non-distribution net equipment and the session key between distribution net equipment.
In the seventh embodiment, predetermined bite is encrypted according to the second session key to obtain encrypted result, and will be added
The preset byte of close result is as the second keycheck value.This way it is ensured that key between non-distribution net equipment and distribution net equipment
The safety of negotiation.
In the 16th embodiment, as shown in figure 17, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 16,
Second session key and first session key are the session between distribution net equipment and the non-distribution net equipment
After the step of key, further includes:
Step S22, the described non-distribution net equipment encrypts preset field using the session key, obtains key agreement
Confirmation message;
Step S23, the key agreement confirmation message is sent to the distribution net equipment, for the distribution net equipment
When receiving the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and is solved
It is close as a result, in the decrypted result include the preset field when, then send key agreement confirmation message to the non-distribution
Equipment.
In the present embodiment, non-distribution net equipment encrypts preset field using session key, or non-distribution net equipment benefit
Preset field and random number are encrypted with session key, obtain key agreement confirmation message, and by key agreement confirmation letter
Breath is sent to distribution net equipment, so that distribution net equipment is decrypted when receiving key agreement confirmation message using session key
Key agreement confirmation message obtains decrypted result, when including preset field in decrypted result, then sends encrypted distribution letter
It ceases to non-distribution net equipment.Wherein, preset field can be characters such as " OK ".
It should be noted that distribution information may include SSID, password and User ID etc..Distribution net equipment is close by session
Key encrypts distribution information, and non-distribution net equipment is decrypted when receiving encrypted distribution information by session key
Local area network is connected automatically to distribution information, and according to distribution information.
In the 16th embodiment, distribution net equipment is in the key agreement confirmation message for receiving non-distribution net equipment return
When, negotiate confirmation message using session key decruption key and obtain decrypted result, when including preset field in decrypted result, then
Encrypted distribution information is sent to non-distribution net equipment.In this way, realizing that non-distribution net equipment connects local area network automatically.
In addition, the present invention also proposes that distribution net equipment, the distribution net equipment include memory, processor and storage to one kind
On a memory and the Key Agreement procedure that can run on a processor, it is to hold that the processor, which executes above-mentioned distribution net equipment such as,
The step of cryptographic key negotiation method under row main body.
In addition, the present invention also proposes a kind of non-distribution net equipment, the non-distribution net equipment includes memory, processor and storage
On a memory and the Key Agreement procedure that can run on a processor, it is to hold that the processor, which executes above-mentioned non-distribution net equipment such as,
The step of cryptographic key negotiation method under row main body.
In addition, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium include close
Key negotiation procedure, the Key Agreement procedure realize cryptographic key negotiation method as described above in Example when being executed by processor
Step.
In addition, the present invention also proposes that a kind of key agreement system, the key agreement system include above-mentioned distribution net equipment,
And above-mentioned non-distribution net equipment.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that one (can be television set, mobile phone, meter
Calculation machine, server, air conditioner or network etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (20)
1. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Distribution net equipment is after receiving the key negotiation request message that non-distribution net equipment is sent, according to the key negotiation request
Message generates and saves the first session key;
First key check value is generated according to first session key;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is back to institute
State non-distribution net equipment, wherein the non-distribution net equipment is assisted when receiving the key negotiation response message according to the key
Quotient's response message generates the second session key, and obtains the first key check value, is generated according to second session key
Second check value saves second session key when second check value is consistent with first check value, and described the
Two session keys and first session key are the session key between distribution net equipment and the non-distribution net equipment.
2. cryptographic key negotiation method as described in claim 1, which is characterized in that described raw according to the key negotiation request message
Include: at the step of the first session key
According to the non-distribution net equipment public key of the key negotiation request Receive message;
According to the non-distribution net equipment public key and first session key of distribution net equipment private key generation.
3. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described to be obtained according to the key negotiation request message
The step of taking non-distribution net equipment public key include:
The distribution net equipment extracts non-distribution net equipment public key certificate and root public key rope from the key negotiation request message
Draw;
The non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
4. cryptographic key negotiation method as claimed in claim 3, which is characterized in that it is described according to the root public key index from it is described not
Before the step of extracting the non-distribution net equipment public key in distribution net equipment public key certificate, further includes:
Hash operation is carried out to the presupposed information in the non-distribution net equipment public key certificate, obtains the second cryptographic Hash, it is described default
Information includes certificate format, certificate serial number, hash algorithm mark, non-distribution net equipment public key algorithm mark and the non-distribution
At least one of equipment public key;
When second cryptographic Hash is consistent with the first cryptographic Hash in the non-distribution net equipment public key certificate, then described is executed
The step of non-distribution net equipment public key is extracted from the non-distribution net equipment public key certificate according to root public key index.
5. cryptographic key negotiation method as claimed in claim 4, which is characterized in that described in the non-distribution net equipment public key certificate
Presupposed information carry out Hash operation the step of before, further includes:
Using the signature result in non-distribution net equipment public key certificate described in predetermined server public key decryptions, third cryptographic Hash is obtained,
Wherein, the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described in the non-distribution net equipment public key certificate
Presupposed information carry out Hash operation the step of.
6. cryptographic key negotiation method as claimed in claim 2, which is characterized in that the distribution net equipment public key non-according to and
The step of distribution net equipment private key generation first session key includes:
The non-distribution net equipment public key and the private key of distribution net equipment are spliced, splicing result is obtained;
Using the splicing result as first session key.
7. cryptographic key negotiation method as described in claim 1, which is characterized in that described to generate the according to first session key
The step of one keycheck value includes:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
8. cryptographic key negotiation method as described in claim 1, which is characterized in that described to return to the key negotiation response message
After the step of non-distribution net equipment described in, further includes:
The distribution net equipment utilizes the session when receiving the key agreement confirmation message that the non-distribution net equipment returns
Key decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the non-distribution net equipment.
9. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Non- distribution net equipment sends key negotiation request message to distribution net equipment, for the distribution net equipment receive it is described
After key negotiation request message, is generated according to the key negotiation request message and save the first session key, and according to described
First session key generates first key check value, generates key negotiation response message according to the first key check value, will
The key negotiation response message is back to the non-distribution net equipment;
The non-distribution net equipment is generated when receiving the key negotiation response message according to the key negotiation response message
Second session key, and the first key check value is obtained, the second check value is generated according to second session key, in institute
State the second check value it is consistent with first check value when, save second session key, second session key and institute
Stating the first session key is the session key between distribution net equipment and the non-distribution net equipment.
10. cryptographic key negotiation method as claimed in claim 9, which is characterized in that described according to the key negotiation response message
The step of generating the second session key include:
According to key negotiation response Receive message distribution net equipment public key;
Second session key is generated according to the public key of distribution net equipment and non-distribution net equipment private key.
11. cryptographic key negotiation method as claimed in claim 10, which is characterized in that described according to the key negotiation response message
Obtain distribution net equipment public key the step of include:
The non-distribution net equipment extracts distribution net equipment public key certificate and root public key index from the key negotiation response message;
The distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
12. cryptographic key negotiation method as claimed in claim 11, which is characterized in that described to be indexed according to the root public key from described
Before the step of distribution net equipment public key is extracted in distribution net equipment public key certificate, further includes:
Hash operation is carried out to the presupposed information in the public key certificate of distribution net equipment, obtains the 5th cryptographic Hash, it is described default
Information includes certificate format, certificate serial number, hash algorithm mark, distribution net equipment public key algorithm mark and the distribution
At least one of equipment public key;
When the 5th cryptographic Hash is consistent with the 4th cryptographic Hash in the public key certificate of distribution net equipment, then described is executed
The step of distribution net equipment public key is extracted from the public key certificate of distribution net equipment according to root public key index.
13. cryptographic key negotiation method as claimed in claim 12, which is characterized in that described to the distribution net equipment public key certificate
In presupposed information carry out Hash operation the step of before, further includes:
Using the signature result in distribution net equipment public key certificate described in predetermined server public key decryptions, the 6th cryptographic Hash is obtained,
Wherein, the signature result is that Cloud Server is encrypted to obtain using predetermined server private key to the 4th cryptographic Hash;
When the 6th cryptographic Hash is consistent with the 4th cryptographic Hash, execute described in the public key certificate of distribution net equipment
Presupposed information carry out Hash operation the step of.
14. cryptographic key negotiation method as claimed in claim 10, which is characterized in that it is described according to distribution net equipment public key with
And non-distribution net equipment private key generates the step of second session key and includes:
The public key of distribution net equipment and the non-distribution net equipment private key are spliced, splicing result is obtained;
Using the splicing result as second session key.
15. cryptographic key negotiation method as claimed in claim 9, which is characterized in that described to be generated according to second session key
The step of second check value includes:
Predetermined bite is encrypted according to second session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
16. cryptographic key negotiation method as claimed in claim 9, which is characterized in that second session key and first meeting
After talking about the step of key is the session key between distribution net equipment and the non-distribution net equipment, further includes:
The non-distribution net equipment encrypts preset field using the session key, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the distribution net equipment, for the distribution net equipment receive it is described
When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in institute
When stating in decrypted result comprising the preset field, then key agreement confirmation message is sent to the non-distribution net equipment.
17. a kind of distribution net equipment, which is characterized in that the distribution net equipment includes memory, processor and is stored in described
On memory and the Key Agreement procedure that can run on the processor, the Key Agreement procedure are executed by the processor
The step of Shi Shixian such as cryptographic key negotiation method described in any item of the claim 1 to 8.
18. a kind of non-distribution net equipment, which is characterized in that the non-distribution net equipment includes memory, processor and is stored in described
On memory and the Key Agreement procedure that can run on the processor, the Key Agreement procedure are executed by the processor
The step of cryptographic key negotiation method of the Shi Shixian as described in any one of claim 9 to 16.
19. a kind of computer readable storage medium, which is characterized in that be stored with key association on the computer readable storage medium
Quotient's program realizes the key association as described in any one of claims 1 to 16 when the Key Agreement procedure is executed by processor
The step of quotient's method.
20. a kind of key agreement system, which is characterized in that the key agreement system include as described in claim 17
Distribution net equipment, and non-distribution net equipment as described in claim 18.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302227.6A CN109245886A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, storage medium and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302227.6A CN109245886A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, storage medium and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109245886A true CN109245886A (en) | 2019-01-18 |
Family
ID=65076476
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811302227.6A Pending CN109245886A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, storage medium and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109245886A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110149206A (en) * | 2019-05-30 | 2019-08-20 | 全链通有限公司 | Transmission method, equipment and the computer readable storage medium of session key |
CN114172740A (en) * | 2021-12-16 | 2022-03-11 | 广州城市理工学院 | Distribution network certificate verification-based power distribution network secure access method |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
CN114793178A (en) * | 2022-05-07 | 2022-07-26 | 北京百度网讯科技有限公司 | Network distribution method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101448262A (en) * | 2008-12-15 | 2009-06-03 | 广州杰赛科技股份有限公司 | WAPI-based authentication method of wireless mesh network |
CN102170636A (en) * | 2010-02-26 | 2011-08-31 | 捷讯研究有限公司 | Methods and devices for computing a shared encryption key |
US8448235B2 (en) * | 2010-08-05 | 2013-05-21 | Motorola Solutions, Inc. | Method for key identification using an internet security association and key management based protocol |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN106302415A (en) * | 2016-08-03 | 2017-01-04 | 杭州晟元数据安全技术股份有限公司 | A kind of method verifying equipment validity and distribution automatic to legitimate device |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
CN107040373A (en) * | 2016-01-15 | 2017-08-11 | 富士通株式会社 | Inter-authentication method and authenticating device |
WO2018077086A1 (en) * | 2016-10-26 | 2018-05-03 | 阿里巴巴集团控股有限公司 | Data transmission method, apparatus and system |
-
2018
- 2018-11-02 CN CN201811302227.6A patent/CN109245886A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101448262A (en) * | 2008-12-15 | 2009-06-03 | 广州杰赛科技股份有限公司 | WAPI-based authentication method of wireless mesh network |
CN102170636A (en) * | 2010-02-26 | 2011-08-31 | 捷讯研究有限公司 | Methods and devices for computing a shared encryption key |
US8448235B2 (en) * | 2010-08-05 | 2013-05-21 | Motorola Solutions, Inc. | Method for key identification using an internet security association and key management based protocol |
CN107040373A (en) * | 2016-01-15 | 2017-08-11 | 富士通株式会社 | Inter-authentication method and authenticating device |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN106302415A (en) * | 2016-08-03 | 2017-01-04 | 杭州晟元数据安全技术股份有限公司 | A kind of method verifying equipment validity and distribution automatic to legitimate device |
WO2018077086A1 (en) * | 2016-10-26 | 2018-05-03 | 阿里巴巴集团控股有限公司 | Data transmission method, apparatus and system |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110149206A (en) * | 2019-05-30 | 2019-08-20 | 全链通有限公司 | Transmission method, equipment and the computer readable storage medium of session key |
CN114697000A (en) * | 2020-12-28 | 2022-07-01 | 深圳Tcl新技术有限公司 | Network distribution method, device, terminal and computer readable storage medium |
CN114172740A (en) * | 2021-12-16 | 2022-03-11 | 广州城市理工学院 | Distribution network certificate verification-based power distribution network secure access method |
CN114793178A (en) * | 2022-05-07 | 2022-07-26 | 北京百度网讯科技有限公司 | Network distribution method and device |
CN114793178B (en) * | 2022-05-07 | 2023-02-17 | 北京百度网讯科技有限公司 | Network distribution method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109039628A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109005028A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109040149A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109120649A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109245886A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN106375287B (en) | Charging method of new energy automobile | |
CN109039657A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN102983971B (en) | Certificateless signature algorithm for user identity authentication in network environment | |
CN104079581B (en) | Identity identifying method and equipment | |
CN109104279A (en) | A kind of encryption method of electric power data, system and terminal device | |
CN109039627A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN109257170A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
CN104579679B (en) | Wireless public network data forwarding method for agriculture distribution communication equipment | |
CN110362357A (en) | A kind of configuration file management method and device of application program | |
CN110149209A (en) | Internet of things equipment and its method and apparatus of improve data transfer safety | |
CN110113745A (en) | Verification method, server, mobile unit and the storage medium of mobile unit | |
CN109905869A (en) | Data transmission method between a kind of charging equipment and smart machine | |
CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
CN104978515A (en) | Computer intelligent hole-locking device | |
CN107094138A (en) | A kind of smart home safe communication system and communication means | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
CN107506207A (en) | The safe verification method and terminal of a kind of POS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190118 |
|
RJ01 | Rejection of invention patent application after publication |