CN109257170A - Cryptographic key negotiation method, equipment, terminal, storage medium and system - Google Patents
Cryptographic key negotiation method, equipment, terminal, storage medium and system Download PDFInfo
- Publication number
- CN109257170A CN109257170A CN201811302551.8A CN201811302551A CN109257170A CN 109257170 A CN109257170 A CN 109257170A CN 201811302551 A CN201811302551 A CN 201811302551A CN 109257170 A CN109257170 A CN 109257170A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- equipment
- session
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of cryptographic key negotiation methods, comprising the following steps: equipment then generates the first random number, and first random number is back to the terminal when receiving the RANDOM NUMBER request of terminal transmission;The equipment is when receiving the key negotiation request message, is decrypted to obtain the second random number according to ciphertext data described in the key negotiation request Receive message, and to the ciphertext data;When second random number is consistent with first random number, then the equipment and the terminal carry out key agreement.The invention also discloses a kind of equipment, terminal, computer readable storage medium and key agreement systems.The present invention is when equipment and terminal carry out key agreement, it is first determined the legitimacy of terminal, to strengthen the safety of cipher key agreement process.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of cryptographic key negotiation method, equipment, terminal, computers
Readable storage medium storing program for executing and key agreement system.
Background technique
With the continuous development of information technology, smart machine is widely used in life, for example user passes through terminal to intelligence
Energy equipment sends instruction, to realize the control to smart machine.But after existing smart machine and terminal establish connection,
The legitimacy of terminal is not verified generally, there are certain risks for this.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of cryptographic key negotiation method, equipment, terminal, computer readable storage mediums
And key agreement system, it is intended to when equipment and terminal carry out key agreement, it is first determined the legitimacy of terminal, to strengthen
The safety of cipher key agreement process.
To achieve the above object, the present invention provides a kind of cryptographic key negotiation method, and the cryptographic key negotiation method includes following step
It is rapid:
Equipment then generates the first random number when receiving the RANDOM NUMBER request of terminal transmission, and random by described first
Number is back to the terminal, wherein first random number is sent to by the terminal when receiving first random number
Cloud Server, so that the Cloud Server is encrypted to obtain ciphertext data to first random number, and by the ciphertext number
According to the terminal is back to, the terminal generates key agreement when receiving the ciphertext data, according to the ciphertext data
Request message is simultaneously sent to the equipment;
The equipment is when receiving the key negotiation request message, according to the key negotiation request Receive message institute
Ciphertext data are stated, and the ciphertext data are decrypted to obtain the second random number;
When second random number is consistent with first random number, then the equipment and the terminal carry out key association
Quotient.
Preferably, the equipment includes: with the step of terminal progress key agreement
The equipment is according to the key negotiation request Receive message terminal public key, wherein the terminal is receiving
When stating ciphertext data, the key negotiation request message is generated according to the ciphertext data and the terminal public key and is sent to institute
State equipment;
It is generated according to the terminal public key and device private and saves the first session key;
Equipment public key is back to the terminal, so that the terminal is when receiving the equipment public key, according to described
Equipment public key and terminal secret key generate and save the second session key, wherein second session key and first meeting
Talk about session key of the key between the equipment and the terminal.
Preferably, the step of generating according to the terminal public key and device private and save the first session key packet
It includes:
The terminal public key and the device private are spliced, splicing result is obtained;
Using the splicing result as first session key.
Preferably, described the step of generating according to the terminal public key and device private and save the first session key it
Afterwards, further includes:
First session key is encrypted according to preset algorithm and generates first key check value;
The equipment public key and the first key check value are back to the terminal, wherein the terminal is connecing
When receiving the equipment public key and the first key check value, generated according to the equipment public key and the terminal secret key
Third session key, and the third session key is encrypted according to the preset algorithm and generates the second keycheck value, in institute
State the second keycheck value it is consistent with the first key check value when, save the third session key, the third session
The session key of key and first session key between the equipment and the terminal.
Preferably, described that the step of generating first key check value is encrypted to first session key according to preset algorithm
Include:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Preferably, the described the step of equipment public key and the first key check value are back to the terminal it
Afterwards, further includes:
The equipment is decrypted when receiving the key agreement confirmation message that the terminal returns using the session key
The key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the terminal.
Preferably, described that the step of generating first key check value is encrypted to first session key according to preset algorithm
Later, further includes:
Equipment public key certificate and the first key check value are back to the terminal, wherein the terminal is connecing
When receiving the equipment public key certificate and the first key check value, the equipment is extracted from the equipment public key certificate
Public key generates the 4th session key according to the equipment public key and the terminal secret key, and according to the preset algorithm to institute
It states the encryption of the 4th session key and generates third keycheck value, in the third keycheck value and the first key check value
When consistent, the 4th session key is saved, the 4th session key and first session key are the equipment and institute
State the session key between terminal.
It is preferably, described that the ciphertext data were decrypted after the step of obtaining the second random number, further includes:
When second random number and first random number are inconsistent, then disconnect between the equipment and the terminal
Connection.
To achieve the above object, the present invention also provides a kind of cryptographic key negotiation method, the cryptographic key negotiation method includes following
Step:
Terminal initiates RANDOM NUMBER request to equipment, and when receiving the first random number that the equipment returns, will be described
First random number is sent to Cloud Server, so that the Cloud Server is encrypted to obtain ciphertext number to first random number
According to, and the ciphertext data are back to the terminal;
The terminal generates key negotiation request message simultaneously when receiving the ciphertext data, according to the ciphertext data
It is sent to the equipment, wherein the equipment is asked when receiving the key negotiation request message according to the key agreement
Ciphertext data described in Receive message are sought, and the ciphertext data are decrypted to obtain the second random number, it is random described second
When number is consistent with first random number, then the equipment and the terminal carry out key agreement.
Preferably, the equipment includes: with the step of terminal progress key agreement
The terminal generates described close when receiving the ciphertext data according to the ciphertext data and terminal public key
Key message of negotiation request is sent to the equipment, for equipment terminal according to the key negotiation request Receive message
Public key generates and is saved according to the terminal public key and device private the first session key, and the equipment public key is returned
To the terminal;
The terminal is generated and is saved when receiving the equipment public key, according to the equipment public key and terminal secret key
Second session key, wherein second session key and first session key are between the equipment and the terminal
Session key.
Preferably, the step of generating according to the equipment public key and terminal secret key and save the second session key packet
It includes:
The equipment public key is spliced with the terminal secret key, obtains splicing result;
Using the splicing result as second session key.
Preferably, described to be sent to according to the ciphertext data and the terminal public key generation key negotiation request message
After the step of equipment, further includes:
The terminal when receiving the equipment public key and first key check value, according to the equipment public key and
The terminal secret key generates third session key, and is encrypted according to preset algorithm to the third session key and generate the second key
Check value saves the third session key, institute when second keycheck value is consistent with the first key check value
State the session key of third session key and first session key between the equipment and the terminal, wherein described
Equipment encrypts first session key according to the preset algorithm and generates first key check value, and by the equipment public key
And the first key check value is back to the terminal.
Preferably, described that the step of generating the second keycheck value is encrypted to the third session key according to preset algorithm
Include:
Predetermined bite is encrypted according to the third session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Preferably, the meeting of second session key and first session key between the equipment and the terminal
After the step of talking about key, further includes:
The terminal encrypts preset field using the session key, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the equipment, so that the equipment is receiving the key agreement
When confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, tie in the decryption
When in fruit including the preset field, then key agreement confirmation message is sent to the terminal.
Preferably, described to be sent to according to the ciphertext data and the terminal public key generation key negotiation request message
After the step of equipment, further includes:
The terminal is demonstrate,proved when receiving equipment public key certificate and the first key check value from the equipment public key
The equipment public key is extracted in book, according to the equipment public key and the terminal secret key the 4th session key of generation, and according to
The preset algorithm encrypts the 4th session key and generates third keycheck value, in the third keycheck value and institute
State first key check value it is consistent when, save the 4th session key, the 4th session key and first session are close
Session key of the key between the equipment and the terminal, wherein the equipment is according to the preset algorithm to described first
Session key encryption generates first key check value, and the equipment public key certificate and the first key check value are returned
To the terminal.
It is preferably, described before the step of extracting the equipment public key in the equipment public key certificate, further includes:
Hash operation is carried out to the presupposed information in the equipment public key certificate, obtains the second cryptographic Hash, the default letter
Breath include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and the equipment public key in extremely
It is one few;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then execute described from institute
State the step of equipment public key is extracted in equipment public key certificate.
Preferably, it before the step of presupposed information in the equipment public key certificate carries out Hash operation, also wraps
It includes:
Using the signature result in equipment public key certificate described in predetermined server public key decryptions, third cryptographic Hash is obtained,
In, the signature result is that the Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described in the equipment public key certificate
Presupposed information carries out the step of Hash operation.
To achieve the above object, the present invention also provides a kind of equipment, the equipment includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of terminal, the terminal includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor
The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages
Key Agreement procedure is stored on medium, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by processor
Step.
To achieve the above object, the present invention also provides a kind of key agreement systems, and the key agreement system includes above-mentioned
Equipment and above-mentioned terminal.
Cryptographic key negotiation method, equipment, terminal, computer readable storage medium and key agreement system provided by the invention
System, equipment then generate the first random number, and the first random number is back to end when receiving the RANDOM NUMBER request of terminal transmission
End, and equipment is when receiving key negotiation request message, according to key negotiation request Receive message ciphertext data, and to close
Literary data are decrypted to obtain the second random number, and when the second random number is consistent with the first random number, then equipment and terminal carry out
Key agreement.The present invention is when equipment and terminal carry out key agreement, it is first determined the legitimacy of terminal, to strengthen key
The safety of negotiations process.
Detailed description of the invention
Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key negotiation method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key negotiation method second embodiment of the present invention;
Fig. 4 is the flow diagram of cryptographic key negotiation method 3rd embodiment of the present invention;
Fig. 5 is the flow diagram of cryptographic key negotiation method fourth embodiment of the present invention;
Fig. 6 is the flow diagram of the 5th embodiment of cryptographic key negotiation method of the present invention;
Fig. 7 is the flow diagram of cryptographic key negotiation method sixth embodiment of the present invention;
Fig. 8 is the flow diagram of the 7th embodiment of cryptographic key negotiation method of the present invention;
Fig. 9 is the flow diagram of the 8th embodiment of cryptographic key negotiation method of the present invention;
Figure 10 is the flow diagram of the 9th embodiment of cryptographic key negotiation method of the present invention;
Figure 11 is the flow diagram of the tenth embodiment of cryptographic key negotiation method of the present invention;
Figure 12 is the flow diagram of the 11st embodiment of cryptographic key negotiation method of the present invention;
Figure 13 is the flow diagram of the 12nd embodiment of cryptographic key negotiation method of the present invention;
Figure 14 is the flow diagram of the 13rd embodiment of cryptographic key negotiation method of the present invention;
Figure 15 is the flow diagram of the 14th embodiment of cryptographic key negotiation method of the present invention;
Figure 16 is the flow diagram of the 15th embodiment of cryptographic key negotiation method of the present invention;
Figure 17 is the flow diagram of the 16th embodiment of cryptographic key negotiation method of the present invention;
Figure 18 is the flow diagram of the 17th embodiment of cryptographic key negotiation method of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of cryptographic key negotiation method, during equipment and terminal carry out key agreement, it is first determined
The legitimacy of terminal, to strengthen the safety of cipher key agreement process.
As shown in Figure 1, Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be equipment, such as air conditioner, air regulator, electric cooker, intelligent door lock etc.,
It can be terminal, such as mobile phone, tablet computer, PC etc..
As shown in Figure 1, the embodiment terminal may include: processor 1001, such as CPU, memory 1002, communication bus
1003.Wherein, communication bus 1003 is for realizing the connection communication between each building block in the server.Memory 1002 can
To be high speed RAM memory, it is also possible to stable memory (non-volatile memory), such as magnetic disk storage.It deposits
Reservoir 1002 optionally can also be the storage device independently of aforementioned processor 1001.
As shown in Figure 1, as may include Key Agreement procedure in a kind of memory 1002 of computer storage medium.
In embodiment terminal shown in Fig. 1, processor 1001 can be used for calling the key stored in memory 1002
Negotiation procedure, and execute following operation:
Equipment then generates the first random number when receiving the RANDOM NUMBER request of terminal transmission, and random by described first
Number is back to the terminal, wherein first random number is sent to by the terminal when receiving first random number
Cloud Server, so that the Cloud Server is encrypted to obtain ciphertext data to first random number, and by the ciphertext number
According to the terminal is back to, the terminal generates key agreement when receiving the ciphertext data, according to the ciphertext data
Request message is simultaneously sent to the equipment;
The equipment is when receiving the key negotiation request message, according to the key negotiation request Receive message institute
Ciphertext data are stated, and the ciphertext data are decrypted to obtain the second random number;
When second random number is consistent with first random number, then the equipment and the terminal carry out key association
Quotient.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment is according to the key negotiation request Receive message terminal public key, wherein the terminal is receiving
When stating ciphertext data, the key negotiation request message is generated according to the ciphertext data and the terminal public key and is sent to institute
State equipment;
It is generated according to the terminal public key and device private and saves the first session key;
Equipment public key is back to the terminal, so that the terminal is when receiving the equipment public key, according to described
Equipment public key and terminal secret key generate and save the second session key, wherein second session key and first meeting
Talk about session key of the key between the equipment and the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The terminal public key and the device private are spliced, splicing result is obtained;
Using the splicing result as first session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
First session key is encrypted according to preset algorithm and generates first key check value;
The equipment public key and the first key check value are back to the terminal, wherein the terminal is connecing
When receiving the equipment public key and the first key check value, generated according to the equipment public key and the terminal secret key
Third session key, and the third session key is encrypted according to the preset algorithm and generates the second keycheck value, in institute
State the second keycheck value it is consistent with the first key check value when, save the third session key, the third session
The session key of key and first session key between the equipment and the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment is decrypted when receiving the key agreement confirmation message that the terminal returns using the session key
The key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Equipment public key certificate and the first key check value are back to the terminal, wherein the terminal is connecing
When receiving the equipment public key certificate and the first key check value, the equipment is extracted from the equipment public key certificate
Public key generates the 4th session key according to the equipment public key and the terminal secret key, and according to the preset algorithm to institute
It states the encryption of the 4th session key and generates third keycheck value, in the third keycheck value and the first key check value
When consistent, the 4th session key is saved, the 4th session key and first session key are the equipment and institute
State the session key between terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
When second random number and first random number are inconsistent, then disconnect between the equipment and the terminal
Connection.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Terminal initiates RANDOM NUMBER request to equipment, and when receiving the first random number that the equipment returns, will be described
First random number is sent to Cloud Server, so that the Cloud Server is encrypted to obtain ciphertext number to first random number
According to, and the ciphertext data are back to the terminal;
The terminal generates key negotiation request message simultaneously when receiving the ciphertext data, according to the ciphertext data
It is sent to the equipment, wherein the equipment is asked when receiving the key negotiation request message according to the key agreement
Ciphertext data described in Receive message are sought, and the ciphertext data are decrypted to obtain the second random number, it is random described second
When number is consistent with first random number, then the equipment and the terminal carry out key agreement.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The terminal generates described close when receiving the ciphertext data according to the ciphertext data and terminal public key
Key message of negotiation request is sent to the equipment, for equipment terminal according to the key negotiation request Receive message
Public key generates and is saved according to the terminal public key and device private the first session key, and the equipment public key is returned
To the terminal;
The terminal is generated and is saved when receiving the equipment public key, according to the equipment public key and terminal secret key
Second session key, wherein second session key and first session key are between the equipment and the terminal
Session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The equipment public key is spliced with the terminal secret key, obtains splicing result;
Using the splicing result as second session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The terminal when receiving the equipment public key and first key check value, according to the equipment public key and
The terminal secret key generates third session key, and is encrypted according to preset algorithm to the third session key and generate the second key
Check value saves the third session key, institute when second keycheck value is consistent with the first key check value
State the session key of third session key and first session key between the equipment and the terminal, wherein described
Equipment encrypts first session key according to the preset algorithm and generates first key check value, and by the equipment public key
And the first key check value is back to the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Predetermined bite is encrypted according to the third session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The terminal encrypts preset field using the session key, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the equipment, so that the equipment is receiving the key agreement
When confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, tie in the decryption
When in fruit including the preset field, then key agreement confirmation message is sent to the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
The terminal is demonstrate,proved when receiving equipment public key certificate and the first key check value from the equipment public key
The equipment public key is extracted in book, according to the equipment public key and the terminal secret key the 4th session key of generation, and according to
The preset algorithm encrypts the 4th session key and generates third keycheck value, in the third keycheck value and institute
State first key check value it is consistent when, save the 4th session key, the 4th session key and first session are close
Session key of the key between the equipment and the terminal, wherein the equipment is according to the preset algorithm to described first
Session key encryption generates first key check value, and the equipment public key certificate and the first key check value are returned
To the terminal.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Hash operation is carried out to the presupposed information in the equipment public key certificate, obtains the second cryptographic Hash, the default letter
Breath include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and the equipment public key in extremely
It is one few;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then execute described from institute
State the step of equipment public key is extracted in equipment public key certificate.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following
Operation:
Using the signature result in equipment public key certificate described in predetermined server public key decryptions, third cryptographic Hash is obtained,
In, the signature result is that the Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described in the equipment public key certificate
Presupposed information carries out the step of Hash operation.
Referring to Fig. 2, in the first embodiment, the cryptographic key negotiation method includes:
Step S10, equipment then generates the first random number when receiving the RANDOM NUMBER request of terminal transmission, and will be described
First random number is back to the terminal, wherein the terminal is random by described first when receiving first random number
Number is sent to Cloud Server, so that the Cloud Server is encrypted to obtain ciphertext data to first random number, and by institute
It states ciphertext data and is back to the terminal, the terminal is generated when receiving the ciphertext data according to the ciphertext data
Key negotiation request message is simultaneously sent to the equipment;
In the present embodiment, executing subject is equipment.Equipment can be a variety of intelligence such as air conditioner, washing machine, intelligent door lock
Equipment, the APP in terminal can be communicated by Cloud Server with equipment, i.e., user can be sent by APP and be instructed, with control
Smart machine processed.Before equipment and terminal carry out safe transmission, need to carry out key agreement.
Before equipment and terminal carry out key agreement, equipment carries out sign test to the legitimacy of terminal.Firstly, terminal is to setting
Preparation plays APP authentication request, and request facility information starts APP authentication, wherein has in APP authentication request message including random number
The information such as effect phase mark, random number length.Equipment generates the first random number when receiving APP authentication request message, and by the
The one random number splicing address equipment Mac is back to terminal.Wherein, identified in random number returned packet including random number validity period,
First random number and the address equipment Mac.Terminal is pacified when receiving the random number returned packet of equipment transmission by HTTPS
First random number and the address Mac are uploaded to Cloud Server by full tunnel.Cloud Server passes through predetermined server key pair first
Random number is encrypted to obtain ciphertext data, and ciphertext data are back to terminal.Preferably, predetermined server can be
License server, the encryption interface that Cloud Server accesses License server obtain predetermined server key.Terminal is connecing
When receiving ciphertext data, key negotiation request message is generated according to ciphertext data and is sent to equipment.
Step S11, the described equipment is when receiving the key negotiation request message, according to the key negotiation request report
Text obtains the ciphertext data, and is decrypted to obtain the second random number to the ciphertext data;
In the present embodiment, equipment when receiving key request message, by predetermined server key pair ciphertext data into
Row decryption obtains the second random number, it is preferable that predetermined server can be License server, preset in equipment
License key.It can certainly be that Cloud Server is encrypted to obtain ciphertext by Cloud Server private key to the first random number
Data, and ciphertext data are sent to equipment, equipment by Cloud Server public key to ciphertext data be decrypted to obtain second with
Machine number.Encipher-decipher method can be configured according to the actual situation, and the present invention is not specifically limited.
Step S12, when second random number is consistent with first random number, then the equipment and the terminal into
Row key agreement.
In the present embodiment, the second random number is compared with the first random number, in the second random number and the first random number
When consistent, then determine that terminal is legal, equipment and terminal carry out key agreement.
It should be noted that determining terminal, whether legal method is not limited to the above, can carry out according to the actual situation
Setting.For example Cloud Server carries out Hash operation to the first random number and encrypts to obtain the 4th cryptographic Hash, and presets by first close
Key is signed to obtain Hash ciphertext to the 4th cryptographic Hash, and Hash ciphertext and the 4th cryptographic Hash are back to terminal, terminal root
Key negotiation request message is generated according to Hash ciphertext and the 4th cryptographic Hash and is sent to equipment.Equipment passes through the second preset-key
Operation is decrypted to Hash ciphertext and obtains the 5th cryptographic Hash, when the 5th cryptographic Hash is consistent with the 4th cryptographic Hash, then determines end
It is legal to hold, and equipment and terminal carry out key agreement.Wherein, hash algorithm can be SHA256 algorithm or MD5 algorithm.Wherein,
First preset-key can be Cloud Server private key, and the second preset-key can be Cloud Server public key.
In the first embodiment, equipment then generates the first random number when receiving the RANDOM NUMBER request of terminal transmission, and
First random number is back to terminal, and equipment is when receiving key negotiation request message, according to key negotiation request report
Text obtains ciphertext data, and ciphertext data are decrypted to obtain the second random number, in the second random number and the first random number one
When cause, then equipment and terminal carry out key agreement.In this way, when equipment and terminal carry out key agreement, it is first determined terminal
Legitimacy, to strengthen the safety of cipher key agreement process.
In a second embodiment, as shown in figure 3, on the basis of above-mentioned embodiment shown in Fig. 2, the equipment and the end
End carry out key agreement the step of include:
Step S121, the described equipment is according to the key negotiation request Receive message terminal public key, wherein the terminal exists
When receiving the ciphertext data, the key negotiation request message is generated according to the ciphertext data and the terminal public key
It is sent to the equipment;
Step S122, it is generated according to the terminal public key and device private and saves the first session key;
Step S123, equipment public key is back to the terminal, so that the terminal is when receiving the equipment public key,
It is generated according to the equipment public key and terminal secret key and saves the second session key, wherein second session key and institute
State session key of first session key between the equipment and the terminal.
In the present embodiment, terminal generates terminal public key and terminal when receiving the ciphertext data of Cloud Server return
Private key, wherein terminal public key and terminal secret key can be temporary key pair.It is marked according to terminal public key, terminal public key validity period
Know and ciphertext data generate key negotiation request message and are sent to equipment.
Equipment is decrypted when receiving key negotiation request message by predetermined server key pair ciphertext data
It is compared to the second random number, and by the second random number with the first random number, it is consistent with the first random number in the second random number
When, then determine that terminal is legal.Equipment utilization device private carries out terminal public key the first session key is calculated, it is preferable that
The first session key is calculated according to ECDH algorithm.Equipment public key is back to terminal by equipment, so that terminal is private using terminal
Key carries out equipment public key the second session key is calculated, it is preferable that the second session key is calculated according to ECDH algorithm.
Due to the characteristic of ECDH algorithm, the first session key is consistent with the second session key, therefore the first session key and second
Session key of the session key between equipment and terminal.
It should be noted that the generating mode of the first session key and the second session key is not limited to ECDH algorithm,
It can be other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In a second embodiment, equipment is according to key negotiation request Receive message terminal public key, according to terminal public key and
Device private generates and saves the first session key, and equipment public key is back to terminal, for terminal according to equipment public key with
And terminal secret key generates and saves the second session key.In this way, the safety of session key between equipment and terminal is improved, into
And enhance the safety communicated between equipment and terminal.
In the third embodiment, described as shown in figure 4, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 3
It is generated according to the terminal public key and device private and includes: the step of saving the first session key
Step S1221, the terminal public key and the device private are spliced, obtains splicing result;
Step S1222, using the splicing result as first session key.
In the present embodiment, equipment utilization device private carries out terminal public key the first session key is calculated, it is preferable that
The first session key is calculated to terminal public key by ECDH algorithm using device private.It should be noted that the first session
The generating mode of key is not limited to ECDH algorithm, is also possible to other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm
Deng the present invention is not specifically limited.
In the third embodiment, using the splicing result of terminal public key and device private as the first session key, in this way, protecting
The safety of terminal and communication between devices is demonstrate,proved.
In the fourth embodiment, described as shown in figure 5, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 4
After the step of generating according to the terminal public key and device private and save the first session key, further includes:
Step S124, first session key is encrypted according to preset algorithm and generates first key check value;
Step S125, the equipment public key and the first key check value are back to the terminal, wherein described
Terminal is when receiving the equipment public key and the first key check value, according to the equipment public key and the terminal
Private key generates third session key, and is encrypted according to the preset algorithm to the third session key and generate the second key verification
Value saves the third session key when second keycheck value is consistent with the first key check value, and described the
The session key of three session keys and first session key between the equipment and the terminal.
In the present embodiment, terminal generates terminal public key and terminal when receiving the ciphertext data of Cloud Server return
Private key, wherein terminal public key and terminal secret key can be temporary key pair.It is marked according to terminal public key, terminal public key validity period
Know and ciphertext data generate key negotiation request message and are sent to equipment.Equipment when receiving key negotiation request message,
It is decrypted to obtain the second random number by predetermined server key pair ciphertext data, and by the second random number and the first random number
It is compared, when the second random number is consistent with the first random number, then determines that terminal is legal.Equipment is according to key negotiation request report
Text obtains terminal public key, and carries out that the first session key is calculated to terminal public key using device private, it is preferable that using setting
The first session key is calculated to terminal public key by ECDH algorithm in standby private key.Also, equipment is according to preset algorithm to first
Session key encryption generates first key check value, wherein first key check value is for verifying session key.Preferably, root
Encrypting the step of generating first key check value to the first session key according to preset algorithm may is that according to the first session key pair
Predetermined bite is encrypted, and obtains encrypted result, and using the preset byte of encrypted result as first key check value.
Equipment public key and first key check value are back to terminal by equipment, so that terminal utilizes terminal secret key to equipment
Public key carries out that third session key is calculated, and is encrypted according to preset algorithm to third session key and generate the second key verification
Value saves third session key when the second keycheck value is consistent with first key check value.Preferably, using terminal is private
Third session key is calculated to equipment public key by ECDH algorithm in key.Also, terminal is according to preset algorithm to third session
Key encryption generates the second keycheck value, wherein the second keycheck value is for verifying session key.Preferably, according to pre-
Imputation method encrypts the step of generating the second keycheck value to third session key and may is that according to third session key to predetermined
Byte is encrypted, and obtains encrypted result, and using the preset byte of encrypted result as the second keycheck value.
It should be noted that the first session key is consistent with third session key due to the characteristic of ECDH algorithm, because
This session key of the first session key and third session key between equipment and terminal.First session key and the second meeting
The generating mode of words key is not limited to ECDH algorithm, is also possible to other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm
Deng the present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value also can use other way generation,
The present invention is not specifically limited.For example, carrying out operation to the first session key according to SHA256 algorithm obtains first key verification
Value, terminal carries out operation to third session key according to SHA256 algorithm and obtains the second keycheck value, in the second key verification
When being worth consistent with first key check value, then the session of the first session key and third session key between equipment and terminal is close
Key.
In the fourth embodiment, session key is verified using first key check value and the second keycheck value, in this way,
Improve the safety of session key between equipment and terminal.
In the 5th embodiment, described as shown in fig. 6, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 5
Encrypting the step of generating first key check value to first session key according to preset algorithm includes:
Step S1241, predetermined bite is encrypted according to first session key, obtains encrypted result;
Step S1242, using the preset byte of the encrypted result as the first key check value.
In the present embodiment, equipment encrypts the first session key according to preset algorithm and generates first key check value, wherein
First key check value is for verifying session key.Preferably, first is generated to the encryption of the first session key according to preset algorithm
The step of keycheck value, which may is that, encrypts predetermined bite according to the first session key, obtains encrypted result, and will add
The preset byte of close result is as first key check value.It should be noted that predetermined bite can be 16 bytes, preset byte
It can be first three byte.
It should be noted that first key check value also can use other way generation, the present invention is not specifically limited.
For example, carrying out operation to the first session key according to SHA256 algorithm obtains first key check value, terminal is calculated according to SHA256
Method carries out operation to third session key and obtains the second keycheck value, in the second keycheck value and first key check value one
When cause, then the session key of the first session key and third session key between equipment and terminal.
In the 5th embodiment, predetermined bite is encrypted according to the first session key to obtain encrypted result, and will be added
The preset byte of close result is as first key check value.In this way, improving the safety of session key between equipment and terminal.
In the sixth embodiment, described as shown in fig. 7, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 6
After the step of equipment public key and the first key check value are back to the terminal, further includes:
Step S126, the described equipment utilizes the meeting when receiving the key agreement confirmation message that the terminal returns
Words key decrypts the key agreement confirmation message and obtains decrypted result;
Step S127, when in the decrypted result including preset field, then key agreement confirmation message is sent to described
Terminal.
In the present embodiment, terminal encrypts preset field using session key to obtain key agreement confirmation message, excellent
Selection of land, equipment utilization session key encrypt the splicing result of preset field and random number.Terminal confirms key agreement
Information is sent to equipment, negotiates confirmation message for equipment utilization session key decruption key and obtains decrypted result, ties in decryption
When in fruit including preset field, then key agreement confirmation message is sent to equipment.Wherein, preset field can be words such as " OK "
Symbol.When not including preset field in decrypted result, then error code is returned to equipment.
In the sixth embodiment, equipment utilizes session key when receiving the key agreement confirmation message of terminal return
Decruption key negotiates confirmation message and obtains decrypted result, when including preset field in decrypted result, then it is true to send key agreement
Message is recognized to terminal.In this way, realizing the key agreement between terminal and equipment.
In the seventh embodiment, described as shown in figure 8, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 7
After the step of encrypting generation first key check value to first session key according to preset algorithm, further includes:
Step S128, equipment public key certificate and the first key check value are back to the terminal, wherein described
Terminal is extracted from the equipment public key certificate when receiving the equipment public key certificate and the first key check value
The equipment public key generates the 4th session key according to the equipment public key and the terminal secret key, and according to described default
Algorithm, which encrypts the 4th session key, generates third keycheck value, close in the third keycheck value and described first
When key check value is consistent, the 4th session key is saved, the 4th session key and first session key are described
Session key between equipment and the terminal.
In the present embodiment, equipment public key can be equipment generation, can also extract from equipment public key certificate, wherein set
Standby public key certificate is generated in predetermined server, and equipment can be obtained by decrypting predetermined server, it should be noted that preset service
Device can be License server.Terminal carries out sign test to the signature result in equipment public key certificate, when sign test passes through, leads to
Cross the public key that root public key index comes in extract equipment public key certificate.This kind of mode increases the randomness of certificate.
Before extract equipment public key in equipment public key certificate, terminal verifies equipment public key certificate.Specifically,
In equipment public key certificate include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment public key,
Signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to the first Hash
What value was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, presupposed information
Including certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Terminal obtains third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate,
When third cryptographic Hash is consistent with the first cryptographic Hash, terminal carries out Hash operation to the presupposed information in device certificate and obtains the second Kazakhstan
Uncommon value, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then extract equipment is public from device certificate
Key.
In the seventh embodiment, terminal is extracted from equipment public key certificate and is set after passing through to equipment public key certificate sign test
Standby public key strengthens the safety of key agreement between terminal and equipment in this way, increasing the randomness of certificate.
In the eighth embodiment, described as shown in figure 9, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 8
The ciphertext data were decrypted after the step of obtaining the second random number, further includes:
Step S13, second random number and first random number it is inconsistent when, then disconnect the equipment with it is described
Connection between terminal.
In the eighth embodiment, when the second random number and the first random number are inconsistent, then determine that the terminal is illegal, because
Connection between this disconnected end and equipment.This way it is ensured that the secure communication between terminal and equipment.
The present invention also provides a kind of cryptographic key negotiation method, referring to Fig.1 0, in the 9th embodiment, the cryptographic key negotiation method
The following steps are included:
Step S20, terminal initiates RANDOM NUMBER request to equipment, and in the first random number for receiving the equipment return
When, first random number is sent to Cloud Server, so that the Cloud Server encrypt to first random number
The terminal is back to ciphertext data, and by the ciphertext data;
Step S21, the described terminal generates key agreement according to the ciphertext data and asks when receiving the ciphertext data
It seeks message and is sent to the equipment, wherein the equipment is when receiving the key negotiation request message, according to described close
Key message of negotiation request obtains the ciphertext data, and is decrypted to obtain the second random number to the ciphertext data, described
When second random number is consistent with first random number, then the equipment and the terminal carry out key agreement.
In the present embodiment, executing subject is terminal, and the APP in terminal can be communicated by Cloud Server with equipment,
I.e. user can be sent by APP and be instructed, to control smart machine.Before equipment and terminal carry out safe transmission, need into
Row key agreement.
Before equipment and terminal carry out key agreement, equipment carries out sign test to the legitimacy of terminal.Firstly, terminal is to setting
Preparation plays APP authentication request, and request facility information starts APP authentication, wherein has in APP authentication request message including random number
The information such as effect phase mark, random number length.Equipment generates the first random number when receiving APP authentication request message, and by the
The one random number splicing address equipment Mac is back to terminal.Wherein, identified in random number returned packet including random number validity period,
First random number and the address equipment Mac.Terminal is pacified when receiving the random number returned packet of equipment transmission by HTTPS
First random number and the address Mac are uploaded to Cloud Server by full tunnel.Cloud Server passes through predetermined server key pair first
Random number is encrypted to obtain ciphertext data, and ciphertext data are back to terminal.Preferably, predetermined server can be
License server, the encryption interface that Cloud Server accesses License server obtain predetermined server key.Terminal is connecing
When receiving ciphertext data, key negotiation request message is generated according to ciphertext data and is sent to equipment.
In the present embodiment, equipment when receiving key request message, by predetermined server key pair ciphertext data into
Row decryption obtains the second random number, it is preferable that predetermined server can be License server, preset in equipment
License key.It can certainly be that Cloud Server is encrypted to obtain ciphertext by Cloud Server private key to the first random number
Data, and ciphertext data are sent to equipment, equipment by Cloud Server public key to ciphertext data be decrypted to obtain second with
Machine number.Encipher-decipher method can be configured according to the actual situation, and the present invention is not specifically limited.
In the present embodiment, the second random number is compared with the first random number, in the second random number and the first random number
When consistent, then determine that terminal is legal, equipment and terminal carry out key agreement.
It should be noted that determining terminal, whether legal method is not limited to the above, can carry out according to the actual situation
Setting.For example Cloud Server carries out Hash operation to the first random number and encrypts to obtain the 4th cryptographic Hash, and presets by first close
Key is signed to obtain Hash ciphertext to the 4th cryptographic Hash, and Hash ciphertext and the 4th cryptographic Hash are back to terminal, terminal root
Key negotiation request message is generated according to Hash ciphertext and the 4th cryptographic Hash and is sent to equipment.Equipment passes through the second preset-key
Operation is decrypted to Hash ciphertext and obtains the 5th cryptographic Hash, when the 5th cryptographic Hash is consistent with the 4th cryptographic Hash, then determines end
It is legal to hold, and equipment and terminal carry out key agreement.Wherein, hash algorithm can be SHA256 algorithm or MD5 algorithm.Wherein,
First preset-key can be Cloud Server private key, and the second preset-key can be Cloud Server public key.
In the 9th embodiment, equipment then generates the first random number when receiving the RANDOM NUMBER request of terminal transmission, and
First random number is back to terminal, and equipment is when receiving key negotiation request message, according to key negotiation request report
Text obtains ciphertext data, and ciphertext data are decrypted to obtain the second random number, in the second random number and the first random number one
When cause, then equipment and terminal carry out key agreement.In this way, during equipment and terminal carry out key agreement, it is first determined
The legitimacy of terminal, to strengthen the safety of cipher key agreement process.
Referring to Fig.1 1, in the tenth embodiment, on the basis of above-mentioned embodiment shown in Fig. 10, the equipment and the end
End carry out key agreement the step of include:
Step S211, the described terminal is when receiving the ciphertext data, according to the ciphertext data and terminal public key
It generates the key negotiation request message and is sent to the equipment, so that the equipment is obtained according to the key negotiation request message
The terminal public key is taken, the first session key is generated and saved according to the terminal public key and device private, and set described
Standby public key is back to the terminal;
Step S212, the described terminal is when receiving the equipment public key, according to the equipment public key and terminal secret key
It generates and saves the second session key, wherein second session key and first session key are the equipment and institute
State the session key between terminal.
In the present embodiment, terminal generates terminal public key and terminal when receiving the ciphertext data of Cloud Server return
Private key, wherein terminal public key and terminal secret key can be temporary key pair.It is marked according to terminal public key, terminal public key validity period
Know and ciphertext data generate key negotiation request message and are sent to equipment.
Equipment is decrypted when receiving key negotiation request message by predetermined server key pair ciphertext data
It is compared to the second random number, and by the second random number with the first random number, it is consistent with the first random number in the second random number
When, then determine that terminal is legal.Equipment utilization device private carries out terminal public key the first session key is calculated, it is preferable that
The first session key is calculated according to ECDH algorithm.Equipment public key is back to terminal by equipment, so that terminal is private using terminal
Key carries out equipment public key the second session key is calculated, it is preferable that the second session key is calculated according to ECDH algorithm.
Due to the characteristic of ECDH algorithm, the first session key is consistent with the second session key, therefore the first session key and second
Session key of the session key between equipment and terminal.
It should be noted that the generating mode of the first session key and the second session key is not limited to ECDH algorithm,
It can be other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm etc., the present invention is not specifically limited.
In the tenth embodiment, equipment according to key negotiation request Receive message terminal public key, according to terminal public key and
Device private generates and saves the first session key, and equipment public key is back to terminal, for terminal according to equipment public key with
And terminal secret key generates and saves the second session key.In this way, the safety of session key between equipment and terminal is improved, into
And enhance the safety communicated between equipment and terminal.
In the 11st embodiment, as shown in figure 12, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 11,
It is described to be generated according to the equipment public key and terminal secret key and include: the step of saving the second session key
Step S2121, the equipment public key is spliced with the terminal secret key, obtains splicing result;
Step S2122, using the splicing result as second session key.
In the present embodiment, terminal carries out equipment public key using terminal secret key the second session key is calculated, it is preferable that
The second session key is calculated to equipment public key by ECDH algorithm in using terminal private key.It should be noted that the second session
The generating mode of key is not limited to ECDH algorithm, is also possible to other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm
Deng the present invention is not specifically limited.
In the 11st embodiment, using the splicing result of equipment public key and terminal secret key as the second session key, in this way,
It ensure that the safety of terminal and communication between devices.
In the 12nd embodiment, as shown in figure 13, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 12,
It is described to generate the step of key negotiation request message is sent to the equipment according to the ciphertext data and terminal public key
Later, further includes:
Step S213, the described terminal is set when receiving the equipment public key and first key check value according to described
Standby public key and the terminal secret key generate third session key, and are encrypted and given birth to the third session key according to preset algorithm
The third is saved when second keycheck value is consistent with the first key check value at the second keycheck value
Session key, the session of the third session key and first session key between the equipment and the terminal are close
Key, wherein the equipment encrypts first session key according to the preset algorithm and generates first key check value, and will
The equipment public key and the first key check value are back to the terminal.
In the present embodiment, terminal generates terminal public key and terminal when receiving the ciphertext data of Cloud Server return
Private key, wherein terminal public key and terminal secret key can be temporary key pair.It is marked according to terminal public key, terminal public key validity period
Know and ciphertext data generate key negotiation request message and are sent to equipment.Equipment when receiving key negotiation request message,
It is decrypted to obtain the second random number by predetermined server key pair ciphertext data, and by the second random number and the first random number
It is compared, when the second random number is consistent with the first random number, then determines that terminal is legal.Equipment utilization device private is to terminal
Public key carries out that the first session key is calculated, it is preferable that is calculated by ECDH algorithm terminal public key using device private
To the first session key.Also, equipment encrypts the first session key according to preset algorithm and generates first key check value,
In, first key check value is for verifying session key.Preferably, the is generated to the encryption of the first session key according to preset algorithm
The step of one keycheck value, which may is that, encrypts predetermined bite according to the first session key, obtains encrypted result, and will
The preset byte of encrypted result is as first key check value.
Equipment public key and first key check value are back to terminal by equipment, so that terminal utilizes terminal secret key to equipment
Public key carries out that third session key is calculated, and is encrypted according to preset algorithm to third session key and generate the second key verification
Value saves third session key when the second keycheck value is consistent with first key check value.Preferably, using terminal is private
Third session key is calculated to equipment public key by ECDH algorithm in key.Also, terminal is according to preset algorithm to third session
Key encryption generates the second keycheck value, wherein the second keycheck value is for verifying session key.Preferably, according to pre-
Imputation method encrypts the step of generating the second keycheck value to third session key and may is that according to third session key to predetermined
Byte is encrypted, and obtains encrypted result, and using the preset byte of encrypted result as the second keycheck value.
It should be noted that the first session key is consistent with third session key due to the characteristic of ECDH algorithm, because
This session key of the first session key and third session key between equipment and terminal.First session key and the second meeting
The generating mode of words key is not limited to ECDH algorithm, is also possible to other algorithms, such as ECC algorithm, RSA Algorithm, ECDSA algorithm
Deng the present invention is not specifically limited.
It should be noted that first key check value and the second keycheck value also can use other way generation,
The present invention is not specifically limited.For example, carrying out operation to the first session key according to SHA256 algorithm obtains first key verification
Value, terminal carries out operation to third session key according to SHA256 algorithm and obtains the second keycheck value, in the second key verification
When being worth consistent with first key check value, then the session of the first session key and third session key between equipment and terminal is close
Key.
In the 12nd embodiment, session key is verified using first key check value and the second keycheck value, this
Sample improves the safety of session key between equipment and terminal.
In the 13rd embodiment, as shown in figure 14, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 13,
It is described to include: to the step of third session key encryption the second keycheck value of generation according to preset algorithm
Step S2131, predetermined bite is encrypted according to the third session key, obtains encrypted result;
Step S2132, using the preset byte of the encrypted result as second keycheck value.
In the present embodiment, equipment encrypts third session key according to preset algorithm and generates the second keycheck value, wherein
Second keycheck value is for verifying session key.Preferably, second is generated to the encryption of third session key according to preset algorithm
The step of keycheck value, which may is that, encrypts predetermined bite according to third session key, obtains encrypted result, and will add
The preset byte of close result is as the second keycheck value.It should be noted that predetermined bite can be 16 bytes, preset byte
It can be first three byte.
It should be noted that session key can also be verified otherwise, the present invention is not specifically limited.For example, according to
SHA256 algorithm carries out operation to third session key and obtains the first summary info, and terminal is according to SHA256 algorithm to third session
Key carries out operation and obtains the second summary info, and when the second summary info is consistent with the first summary info, then the first session is close
The session key of key and third session key between equipment and terminal.
In the 13rd embodiment, predetermined bite is encrypted according to third session key to obtain encrypted result, and will
The preset byte of encrypted result is as the second keycheck value.This way it is ensured that between terminal and equipment key agreement safety
Property.
In the 14th embodiment, as shown in figure 15, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 14,
The step of session key between the equipment and the terminal of second session key and first session key it
Afterwards, further includes:
Step S214, the described terminal encrypts preset field using the session key, obtains key agreement confirmation
Information;
Step S215, the key agreement confirmation message is sent to the equipment, so that the equipment is receiving
When stating key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result,
When in the decrypted result including the preset field, then key agreement confirmation message is sent to the terminal.
In the present embodiment, terminal encrypts preset field using session key to obtain key agreement confirmation message, excellent
Selection of land, equipment utilization session key encrypt the splicing result of preset field and random number.Terminal confirms key agreement
Information is sent to equipment, negotiates confirmation message for equipment utilization session key decruption key and obtains decrypted result, ties in decryption
When in fruit including preset field, then key agreement confirmation message is sent to equipment.Wherein, preset field can be words such as " OK "
Symbol.When not including preset field in decrypted result, then error code is returned to equipment.
In the 14th embodiment, equipment is close using session when receiving the key agreement confirmation message of terminal return
Key decruption key negotiates confirmation message and obtains decrypted result, when including preset field in decrypted result, then sends key agreement
Confirmation message is to terminal.In this way, realizing the key agreement between terminal and equipment.
In the 15th embodiment, as shown in figure 16, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 15,
It is described to generate the step of key negotiation request message is sent to the equipment according to the ciphertext data and terminal public key
Later, further includes:
Step S216, the described terminal is when receiving equipment public key certificate and the first key check value, from described
The equipment public key is extracted in equipment public key certificate, it is close to generate the 4th session according to the equipment public key and the terminal secret key
Key, and the 4th session key is encrypted according to the preset algorithm and generates third keycheck value, in the third key
When check value is consistent with the first key check value, save the 4th session key, the 4th session key with it is described
Session key of first session key between the equipment and the terminal, wherein the equipment is according to the preset algorithm
First session key is encrypted and generates first key check value, and by the equipment public key certificate and the first key
Check value is back to the terminal.
In the present embodiment, equipment public key can be equipment generation, can also extract from equipment public key certificate, wherein set
Standby public key certificate is generated in predetermined server, and equipment can be obtained by decrypting predetermined server, it should be noted that preset service
Device can be License server.Terminal carries out sign test to the signature result in equipment public key certificate, when sign test passes through, leads to
Cross the public key that root public key index comes in extract equipment public key certificate.This kind of mode increases the randomness of certificate.
Before extract equipment public key in equipment public key certificate, terminal verifies equipment public key certificate.Specifically,
In equipment public key certificate include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment public key,
Signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to the first Hash
What value was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, presupposed information
Including certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Terminal obtains third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate,
When third cryptographic Hash is consistent with the first cryptographic Hash, terminal carries out Hash operation to the presupposed information in device certificate and obtains the second Kazakhstan
Uncommon value, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then extract equipment is public from device certificate
Key.
In the 15th embodiment, terminal is extracted from equipment public key certificate after passing through to equipment public key certificate sign test
Equipment public key, in this way, improving the safety of session key between equipment and terminal.
In the 16th embodiment, as shown in figure 17, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 16,
It is described before the step of extracting the equipment public key in the equipment public key certificate, further includes:
Step S217, Hash operation is carried out to the presupposed information in the equipment public key certificate, obtains the second cryptographic Hash, institute
Stating presupposed information includes that certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and the equipment are public
At least one of key;
Step S218, judge whether second cryptographic Hash and the first cryptographic Hash in the equipment public key certificate are consistent;
Step S219, it when second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then holds
The step of extracting the equipment public key from the equipment public key certificate described in row.
In the present embodiment, before extract equipment public key in equipment public key certificate, terminal carries out equipment public key certificate
Verifying.It specifically, include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark in equipment public key certificate
Knowledge, equipment public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server is private using predetermined server
Key signs to the first cryptographic Hash, and the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation
, presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Wherein, predetermined server can be License server.
Terminal carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash, in the second cryptographic Hash and the
When one cryptographic Hash is consistent, then determine that certificate is legal, then the extract equipment public key from device certificate.
In the 16th embodiment, terminal carries out Hash calculation to the presupposed information in equipment public key certificate, obtains second
Cryptographic Hash, and when the second cryptographic Hash is consistent with the first cryptographic Hash in equipment public key certificate, then it is mentioned from equipment public key certificate
Take equipment public key.This way it is ensured that the legitimacy of certificate.
In the 17th embodiment, as shown in figure 18, on the basis of the embodiment shown in above-mentioned Figure 10 to any one of Figure 17,
Before the step of presupposed information in the equipment public key certificate carries out Hash operation, further includes:
Step S220, using the signature result in equipment public key certificate described in predetermined server public key decryptions, third is obtained
Cryptographic Hash, wherein the signature result is that the Cloud Server carries out first cryptographic Hash using predetermined server private key
Encryption obtains;
Step S221, judge whether second cryptographic Hash and the first cryptographic Hash in the equipment public key certificate are consistent;
Step S222, it when the third cryptographic Hash is consistent with first cryptographic Hash, executes described public to the equipment
The step of presupposed information in key certificate carries out Hash operation.
In the present embodiment, before extract equipment public key in equipment public key certificate, terminal carries out equipment public key certificate
Verifying.It specifically, include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark in equipment public key certificate
Knowledge, equipment public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server is private using predetermined server
Key signs to the first cryptographic Hash, and the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation
, presupposed information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Predetermined server can be License server.
Terminal obtains third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate,
When third cryptographic Hash is consistent with the first cryptographic Hash, terminal carries out Hash operation to the presupposed information in device certificate and obtains the second Kazakhstan
Uncommon value, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then extract equipment is public from device certificate
Key.
In the 17th embodiment, signature result in terminal deciphering equipment public key certificate obtains third cryptographic Hash,
When three cryptographic Hash are consistent with the first cryptographic Hash in equipment public key certificate, then the presupposed information in equipment public key certificate is breathed out
Uncommon operation.In this way, further ensuring the legitimacy of certificate.
In addition, the present invention also proposes that a kind of equipment, the equipment include memory, processor and stores on a memory simultaneously
The Key Agreement procedure that can be run on a processor, it is the key under executing subject that the processor, which executes above equipment such as,
The step of machinery of consultation.
In addition, the present invention also proposes that a kind of terminal, the terminal include memory, processor and store on a memory simultaneously
The Key Agreement procedure that can be run on a processor, it is the key under executing subject that the processor, which executes above-mentioned terminal such as,
The step of machinery of consultation.
In addition, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium include close
Key negotiation procedure, the Key Agreement procedure realize cryptographic key negotiation method as described above in Example when being executed by processor
Step.
In addition, the present invention also proposes that a kind of key agreement system, the key agreement system include above equipment, Yi Jishang
State terminal.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be TV
Machine, mobile phone, computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (21)
1. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Equipment then generates the first random number, and first random number is returned when receiving the RANDOM NUMBER request of terminal transmission
It is back to the terminal, wherein the terminal is sent to cloud clothes when receiving first random number, by first random number
Business device, so that the Cloud Server encrypts first random number to obtain ciphertext data, and the ciphertext data is returned
It is back to the terminal, the terminal generates key negotiation request when receiving the ciphertext data, according to the ciphertext data
Message is simultaneously sent to the equipment;
The equipment is close according to the key negotiation request Receive message when receiving the key negotiation request message
Literary data, and the ciphertext data are decrypted to obtain the second random number;
When second random number is consistent with first random number, then the equipment and the terminal carry out key agreement.
2. cryptographic key negotiation method as described in claim 1, which is characterized in that the equipment and the terminal carry out key agreement
The step of include:
The equipment is according to the key negotiation request Receive message terminal public key, wherein the terminal receive it is described close
When literary data, the key negotiation request message is generated according to the ciphertext data and the terminal public key and is sent to described set
It is standby;
It is generated according to the terminal public key and device private and saves the first session key;
Equipment public key is back to the terminal, so that the terminal is when receiving the equipment public key, according to the equipment
Public key and terminal secret key generate and save the second session key, wherein second session key and first session are close
Session key of the key between the equipment and the terminal.
3. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described private according to the terminal public key and equipment
Key generates and includes: the step of saving the first session key
The terminal public key and the device private are spliced, splicing result is obtained;
Using the splicing result as first session key.
4. cryptographic key negotiation method as claimed in claim 2, which is characterized in that described private according to the terminal public key and equipment
After the step of key generates and saves the first session key, further includes:
First session key is encrypted according to preset algorithm and generates first key check value;
The equipment public key and the first key check value are back to the terminal, wherein the terminal is receiving
When the equipment public key and the first key check value, third is generated according to the equipment public key and the terminal secret key
Session key, and the third session key is encrypted according to the preset algorithm and generates the second keycheck value, described the
When two keycheck values are consistent with the first key check value, the third session key, the third session key are saved
With session key of first session key between the equipment and the terminal.
5. cryptographic key negotiation method as claimed in claim 4, which is characterized in that it is described according to preset algorithm to first session
Key encryption generate first key check value the step of include:
Predetermined bite is encrypted according to first session key, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
6. cryptographic key negotiation method as claimed in claim 4, which is characterized in that described by the equipment public key and described first
Keycheck value was back to after the step of terminal, further includes:
The equipment is when receiving the key agreement confirmation message that the terminal returns, using described in session key decryption
Key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the terminal.
7. cryptographic key negotiation method as claimed in claim 4, which is characterized in that it is described according to preset algorithm to first session
After the step of key encryption generates first key check value, further includes:
Equipment public key certificate and the first key check value are back to the terminal, wherein the terminal is receiving
When the equipment public key certificate and the first key check value, it is public that the equipment is extracted from the equipment public key certificate
Key generates the 4th session key according to the equipment public key and the terminal secret key, and according to the preset algorithm to described
The encryption of 4th session key generates third keycheck value, in the third keycheck value and the first key check value one
When cause, save the 4th session key, the 4th session key and first session key for the equipment with it is described
Session key between terminal.
8. cryptographic key negotiation method as described in claim 1, which is characterized in that described to be decrypted to obtain to the ciphertext data
After the step of second random number, further includes:
When second random number and first random number are inconsistent, then the company between the equipment and the terminal is disconnected
It connects.
9. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Terminal initiates RANDOM NUMBER request to equipment, and when receiving the first random number that the equipment returns, by described first
Random number is sent to Cloud Server, so that the Cloud Server encrypts first random number to obtain ciphertext data, and
The ciphertext data are back to the terminal;
The terminal generates key negotiation request message according to the ciphertext data and sends when receiving the ciphertext data
To the equipment, wherein the equipment is when receiving the key negotiation request message, according to the key negotiation request report
Text obtains the ciphertext data, and is decrypted to obtain the second random number to the ciphertext data, second random number with
When first random number is consistent, then the equipment and the terminal carry out key agreement.
10. cryptographic key negotiation method as claimed in claim 9, which is characterized in that the equipment and the terminal carry out key association
The step of quotient includes:
The terminal generates the key according to the ciphertext data and terminal public key and assists when receiving the ciphertext data
Quotient's request message is sent to the equipment, so that equipment terminal according to the key negotiation request Receive message is public
Key generates and is saved according to the terminal public key and device private the first session key, and the equipment public key is back to
The terminal;
The terminal generates according to the equipment public key and terminal secret key when receiving the equipment public key and saves second
Session key, wherein the meeting of second session key and first session key between the equipment and the terminal
Talk about key.
11. cryptographic key negotiation method as claimed in claim 10, which is characterized in that described according to the equipment public key and terminal
Private key generates and includes: the step of saving the second session key
The equipment public key is spliced with the terminal secret key, obtains splicing result;
Using the splicing result as second session key.
12. cryptographic key negotiation method as claimed in claim 10, which is characterized in that described according to the ciphertext data and terminal
Public key generated after the step of key negotiation request message is sent to the equipment, further includes:
The terminal is when receiving the equipment public key and first key check value, according to the equipment public key and described
Terminal secret key generates third session key, and is encrypted according to preset algorithm to the third session key and generate the second key verification
Value saves the third session key when second keycheck value is consistent with the first key check value, and described the
The session key of three session keys and first session key between the equipment and the terminal, wherein the equipment
First session key is encrypted according to the preset algorithm and generates first key check value, and by the equipment public key and
The first key check value is back to the terminal.
13. cryptographic key negotiation method as claimed in claim 12, which is characterized in that it is described according to preset algorithm to the third meeting
Words key encrypts the step of generating the second keycheck value
Predetermined bite is encrypted according to the third session key, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
14. cryptographic key negotiation method as claimed in claim 12, which is characterized in that second session key and first meeting
After the step of talking about session key of the key between the equipment and the terminal, further includes:
The terminal encrypts preset field using the session key, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the equipment, so that the equipment is receiving the key agreement confirmation
When information, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in the decrypted result
When comprising the preset field, then key agreement confirmation message is sent to the terminal.
15. cryptographic key negotiation method as claimed in claim 10, which is characterized in that described according to the ciphertext data and terminal
Public key generated after the step of key negotiation request message is sent to the equipment, further includes:
The terminal is when receiving equipment public key certificate and the first key check value, from the equipment public key certificate
The equipment public key is extracted, the 4th session key is generated according to the equipment public key and the terminal secret key, and according to described
Preset algorithm encrypts the 4th session key and generates third keycheck value, in the third keycheck value and described the
When one keycheck value is consistent, the 4th session key is saved, the 4th session key is with first session key
Session key between the equipment and the terminal, wherein the equipment is according to the preset algorithm to first session
Key encryption generates first key check value, and the equipment public key certificate and the first key check value are back to institute
State terminal.
16. cryptographic key negotiation method as claimed in claim 15, which is characterized in that described to be extracted from the equipment public key certificate
Before the step of equipment public key, further includes:
Hash operation is carried out to the presupposed information in the equipment public key certificate, obtains the second cryptographic Hash, the presupposed information packet
Include at least one in certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and the equipment public key
It is a;
When second cryptographic Hash is consistent with the first cryptographic Hash in the equipment public key certificate, then execution is described sets from described
The step of extracting the equipment public key in standby public key certificate.
17. cryptographic key negotiation method as claimed in claim 16, which is characterized in that described to pre- in the equipment public key certificate
If information carried out before the step of Hash operation, further includes:
Using the signature result in equipment public key certificate described in predetermined server public key decryptions, third cryptographic Hash is obtained, wherein institute
Stating signature result is that the Cloud Server is encrypted to obtain using predetermined server private key to first cryptographic Hash;
When the third cryptographic Hash is consistent with first cryptographic Hash, execute described to default in the equipment public key certificate
Information carries out the step of Hash operation.
18. a kind of equipment, which is characterized in that the equipment includes memory, processor and is stored on the memory and can
The Key Agreement procedure run on the processor realizes such as right when the Key Agreement procedure is executed by the processor
It is required that the step of cryptographic key negotiation method described in any one of 1 to 8.
19. a kind of terminal, which is characterized in that the terminal includes memory, processor and is stored on the memory and can
The Key Agreement procedure run on the processor realizes such as right when the Key Agreement procedure is executed by the processor
It is required that the step of cryptographic key negotiation method described in any one of 9 to 17.
20. a kind of computer readable storage medium, which is characterized in that be stored with key association on the computer readable storage medium
Quotient's program realizes the key association as described in any one of claims 1 to 17 when the Key Agreement procedure is executed by processor
The step of quotient's method.
21. a kind of key agreement system, which is characterized in that the key agreement system includes setting as described in claim 18
Terminal standby and as described in claim 19.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302551.8A CN109257170A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811302551.8A CN109257170A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109257170A true CN109257170A (en) | 2019-01-22 |
Family
ID=65042866
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811302551.8A Pending CN109257170A (en) | 2018-11-02 | 2018-11-02 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109257170A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110224811A (en) * | 2019-05-13 | 2019-09-10 | 中国联合网络通信集团有限公司 | Internet of Things cipher processing method, apparatus and system |
CN110995662A (en) * | 2019-11-13 | 2020-04-10 | 北京连山科技股份有限公司 | Data transmission method and system based on multi-path network media |
CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
CN113342653A (en) * | 2021-06-07 | 2021-09-03 | 星汉智能科技股份有限公司 | 5G smart card testing method, device and medium based on key agreement |
CN116340954A (en) * | 2023-03-24 | 2023-06-27 | 合芯科技有限公司 | Data security channel establishment method, system control processor and starting firmware |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
CN104821930A (en) * | 2014-02-03 | 2015-08-05 | 塔塔咨询服务公司 | A computer implemented system and method for lightweight authentication on datagram transport for internet of things |
WO2016053184A1 (en) * | 2014-10-02 | 2016-04-07 | Huawei International Pte. Ltd. | Key generation method and device |
CN105847002A (en) * | 2016-06-06 | 2016-08-10 | 北京京东尚科信息技术有限公司 | Method for sharing key in multi-party communication |
CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
-
2018
- 2018-11-02 CN CN201811302551.8A patent/CN109257170A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
CN104821930A (en) * | 2014-02-03 | 2015-08-05 | 塔塔咨询服务公司 | A computer implemented system and method for lightweight authentication on datagram transport for internet of things |
WO2016053184A1 (en) * | 2014-10-02 | 2016-04-07 | Huawei International Pte. Ltd. | Key generation method and device |
CN105847002A (en) * | 2016-06-06 | 2016-08-10 | 北京京东尚科信息技术有限公司 | Method for sharing key in multi-party communication |
CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110224811A (en) * | 2019-05-13 | 2019-09-10 | 中国联合网络通信集团有限公司 | Internet of Things cipher processing method, apparatus and system |
CN110224811B (en) * | 2019-05-13 | 2022-05-06 | 中国联合网络通信集团有限公司 | Internet of things encryption processing method, device and system |
CN110995662A (en) * | 2019-11-13 | 2020-04-10 | 北京连山科技股份有限公司 | Data transmission method and system based on multi-path network media |
CN110995662B (en) * | 2019-11-13 | 2020-07-31 | 北京连山科技股份有限公司 | Data transmission method and system based on multi-path network media |
CN112987581A (en) * | 2019-12-16 | 2021-06-18 | 华为技术有限公司 | Control method for intelligent household equipment, medium and terminal thereof |
CN111147257A (en) * | 2019-12-26 | 2020-05-12 | 核芯互联科技(青岛)有限公司 | Identity authentication and information confidentiality method, monitoring center and remote terminal unit |
CN113342653A (en) * | 2021-06-07 | 2021-09-03 | 星汉智能科技股份有限公司 | 5G smart card testing method, device and medium based on key agreement |
CN113342653B (en) * | 2021-06-07 | 2022-11-29 | 星汉智能科技股份有限公司 | 5G smart card testing method, device and medium based on key agreement |
CN116340954A (en) * | 2023-03-24 | 2023-06-27 | 合芯科技有限公司 | Data security channel establishment method, system control processor and starting firmware |
CN116340954B (en) * | 2023-03-24 | 2024-01-23 | 合芯科技有限公司 | Data security channel establishment method, system control processor and starting firmware |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109040149A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109005028A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109257170A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN109309565B (en) | Security authentication method and device | |
CN109120649A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109039628A (en) | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system | |
CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN109039657A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN102299930B (en) | Method for ensuring security of client software | |
CN103067402B (en) | The generation method and system of digital certificate | |
CN110474898A (en) | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing | |
EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
CN102024123B (en) | Method and device for importing mirror image of virtual machine in cloud calculation | |
CN110198295A (en) | Safety certifying method and device and storage medium | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
CN103795534A (en) | Password-based authentication method and apparatus executing the method | |
CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN103095456A (en) | Method and system for processing transaction messages | |
CN107800675A (en) | A kind of data transmission method, terminal and server | |
CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
CN106817346B (en) | Data transmission method and device and electronic equipment | |
CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
CN112055019B (en) | Method for establishing communication channel and user terminal | |
WO2015135398A1 (en) | Negotiation key based data processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190122 |
|
RJ01 | Rejection of invention patent application after publication |