CN109586906B - Communication device and method and system for negotiating key with terminal - Google Patents

Communication device and method and system for negotiating key with terminal Download PDF

Info

Publication number
CN109586906B
CN109586906B CN201811639737.2A CN201811639737A CN109586906B CN 109586906 B CN109586906 B CN 109586906B CN 201811639737 A CN201811639737 A CN 201811639737A CN 109586906 B CN109586906 B CN 109586906B
Authority
CN
China
Prior art keywords
module
data
fifty
symmetric key
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811639737.2A
Other languages
Chinese (zh)
Other versions
CN109586906A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201811639737.2A priority Critical patent/CN109586906B/en
Publication of CN109586906A publication Critical patent/CN109586906A/en
Application granted granted Critical
Publication of CN109586906B publication Critical patent/CN109586906B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a communication device and a method and a system for negotiating a key with a terminal, relating to the field of communication security; the method comprises the steps that a communication device receives a first random number and a symmetric key ID sent by a terminal, and retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal; receiving third ciphertext data sent by the terminal, obtaining fourth ciphertext data according to the retrieved first symmetric key and the retrieved second random number, obtaining first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and storing the first session data as a session key; and sending authentication success information to the terminal.

Description

Communication device and method and system for negotiating key with terminal
Technical Field
The present invention relates to the field of communication security, and in particular, to a method, a system, and a communication device for negotiating a key with a terminal.
Background
Along with the development of the scientific and technological era, the locks are updated for many times, and the intelligent door locks are locks which are different from the traditional mechanical locks and are more intelligent in the aspects of user identification, safety and manageability. The intelligent door lock is a mature technology using a non-mechanical key as user identification, such as: fingerprint lock, iris recognition entrance guard, magnetic card, radio frequency card, contact card, etc.; the intelligent door lock is safe, reliable, convenient and fast.
Along with the rapid development of the field of smart home in recent years, the smart door lock is gradually and generally accepted, but the problem of embodying the basic security of the smart home is not highly regarded; for example, the communication information between the terminal and the intelligent door lock is transmitted in a plaintext form, so that the communication information is easy to steal or monitor, and the security is extremely low.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a communication device and a method and a system for negotiating a key with a terminal.
The invention provides a method for a communication device to negotiate a key with a terminal, which comprises the following steps:
step S1: the terminal generates a first random number; sending the first random number and a preset symmetric key ID to a communication device;
step S2: the communication device retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
step S3: the terminal acquires a second symmetric key stored corresponding to the symmetric key ID according to a preset symmetric key ID, and acquires second ciphertext data according to the second symmetric key, the first random number and the received second random number; when the second ciphertext data is equal to the received first ciphertext data, obtaining third ciphertext data according to the second symmetric key and the second random number, and sending the third ciphertext data to the communication device;
step S4: the communication device obtains fourth ciphertext data according to the retrieved first symmetric key and the retrieved second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and saves the first session data as a session key; sending authentication success information to the terminal;
step S5: the terminal receives the authentication success information; obtaining second session data according to the first random number, the second random number and the second symmetric key, and storing the second session data as a session key;
the invention also provides a method for negotiating the key between the communication device and the terminal, which comprises the following steps:
step E1: the communication device receives a first random number and a symmetric key ID sent by a terminal, and retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
step E2: the communication device receives third ciphertext data sent by a terminal, obtains fourth ciphertext data according to the first symmetric key and the second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and stores the first session data as a session key; sending authentication success information to the terminal;
the invention also provides a system for negotiating the key between the communication device and the terminal, which comprises the terminal and the communication device, wherein the communication device is used for the interactive communication between the intelligent door lock and the terminal;
the terminal comprises a first generating module, a first sending module, a first receiving module, a first obtaining module, a second ciphertext module, a third ciphertext module, a second session module and a second storing module;
the communication device comprises a second receiving module, a first retrieval module, a second generation module, a first ciphertext module, a fourth ciphertext module, a first session module and a first preservation module;
the first generation module is used for generating a first random number;
the first sending module is further configured to send the first random number and a preset symmetric key ID to a communication device;
the second receiving module is configured to receive the symmetric key ID and the first random number;
the first retrieval module is configured to retrieve, according to the symmetric key ID received by the second receiving module, a first symmetric key stored in correspondence with the symmetric key ID;
the second generating module is used for generating a second random number;
the first ciphertext module is configured to obtain first ciphertext data according to the first symmetric key retrieved by the first retrieval module, the second random number generated by the second generation module, and the first random number received by the second receiving module;
the second sending module is further configured to send the second random number generated by the second generating module and the first ciphertext data obtained by the first ciphertext module to the terminal;
the first receiving module is configured to receive the second random number and the first ciphertext data sent by the second sending module;
the first acquisition module is used for acquiring a second symmetric key which is stored corresponding to the symmetric key ID according to a preset symmetric key ID;
the second ciphertext module is configured to obtain second ciphertext data according to the second symmetric key obtained by the first obtaining module, the first random number generated by the first generating module, and the second random number received by the first receiving module;
the third ciphertext module is configured to, when the second ciphertext data is equal to the received first ciphertext data, obtain third ciphertext data according to the second symmetric key obtained by the first obtaining module and the second random number received by the first receiving module;
the first sending module is further configured to send the third ciphertext data obtained by the third ciphertext data module to the second receiving module;
the second receiving module is further configured to receive the third ciphertext data;
the fourth ciphertext module is configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the first retrieving module and the second random number generated by the second generating module;
the first session module is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module, obtain first session data according to the first random number received by the second receiving module, the second random number generated by the second generating module, and the first symmetric key retrieved by the first retrieving module;
the first saving module is used for saving the first session data obtained by the first session module as a session key;
the second sending module is further configured to send authentication success information to the first receiving module;
the first receiving module is further configured to receive the authentication success information;
the second session module is configured to obtain second session data according to the first random number generated by the first generating module, the second random number received by the first receiving module, and the second symmetric key obtained by the first obtaining module;
and the second storage module is used for storing the second session data obtained by the second session module as a session key.
The invention further provides a communication device, which is used for interactive communication between the intelligent door lock and a terminal and comprises a fifty-second receiving module, a fifty-first retrieving module, a fifty-first generating module, a fifty-first ciphertext module, a fifty-second sending module, a fifty-fourth ciphertext module, a fifty-first session module and a fifty-first storage module;
the fifty-second receiving module is configured to receive the symmetric key ID and the first random number sent by the terminal;
the fifty-first retrieving module is configured to retrieve, according to the symmetric key ID received by the fifty-second receiving module, a first symmetric key stored in correspondence with the symmetric key ID;
the fifth and eleventh generating module is configured to generate a second random number;
the fifty-first ciphertext module is configured to obtain first ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module, the second random number generated by the fifty-first generating module, and the first random number received by the fifty-second receiving module;
the fifty-second sending module is configured to send the second random number generated by the fifty-first generating module and the first ciphertext data obtained by the fifty-first ciphertext module to the terminal;
the fifty-second receiving module is further configured to receive the third ciphertext data sent by the terminal;
the fifty-fourth ciphertext module is configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module and the second random number generated by the fifty-fourth generating module;
the fifty-first session module is configured to, when the fourth ciphertext data obtained by the fifty-fourth ciphertext module is equal to the third ciphertext data received by the fifty-second receiving module, obtain first session data according to the first random number received by the fifty-second receiving module, the second random number generated by the fifty-first generating module, and the first symmetric key retrieved by the fifty-first retrieving module;
the fifty-first storage module is configured to store the first session data obtained by the fifty-first session module as a session key;
the fifty-second sending module is further configured to send an authentication success message to the terminal.
Compared with the prior art, the invention has the following advantages: the invention provides a communication device and a method and a system for negotiating a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal; performing mutual authentication between the communication device and the terminal with respect to a first symmetric key (a second symmetric key), and generating a session key for encrypting and decrypting communication information between the communication device and the terminal; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
Drawings
Fig. 1 is a flowchart of a method for a communication device to negotiate a key with a terminal according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for a communication device to negotiate a key with a terminal according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for a communication device to negotiate a key with a terminal according to a third embodiment of the present invention;
fig. 4 is a block diagram of a system for negotiating a key between a communication device and a terminal according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of a communication device according to a fifth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The embodiment of the invention provides a method for a communication device to negotiate a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, before the method, the terminal and the communication device carry out an initialization process, in the initialization process, the terminal generates a second symmetric key and correspondingly stores the symmetric key ID, the communication device generates a first symmetric key and correspondingly stores the symmetric key ID, and the first symmetric key is the same as the second symmetric key; the method is shown in fig. 1 and comprises the following steps:
step 101: the terminal generates a first random number; sending the first random number and a preset symmetric key ID to the communication device;
optionally, before step 101, the method further includes the following steps:
step A1: the terminal is connected with the communication device, and when the connection is successful, the step A2 is executed;
step A2: the terminal generates a first private key and a first public key; generating a key exchange request according to the first public key, and sending the key exchange request to the communication device;
step A3: the communication device analyzes the received key exchange request to obtain a first public key; encrypting the first public key by using a preset second private key to obtain a first symmetric key, generating a symmetric key ID corresponding to the first symmetric key according to the first symmetric key, and correspondingly storing the symmetric key ID and the first symmetric key; sending a preset second public key and a preset symmetric key ID to the terminal;
step A4: the terminal encrypts the received second public key by using the first private key to obtain a second symmetric key, and correspondingly stores the second symmetric key and the symmetric key ID;
further, step 103 further includes:
when the second ciphertext data are not equal to the received first ciphertext data, the terminal updates a first count value; and judging whether the updated first count value is greater than a first preset value, deleting a preset symmetric key ID and a second symmetric key stored corresponding to the symmetric key ID when the updated first count value is greater than the first preset value, returning to the step A2, and returning to the step 101 when the updated first count value is not greater than the first preset value.
Step 102: the communication device searches a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
optionally, in step 102, obtaining first ciphertext data according to the first symmetric key, the second random number, and the received first random number, specifically:
the communication device calculates the second random number and the received first random number to obtain first intermediate data, and encrypts the first intermediate data by using the first symmetric key to obtain first ciphertext data.
Step 103: the terminal acquires a second symmetric key stored corresponding to the symmetric key ID according to the preset symmetric key ID, and second ciphertext data are obtained according to the second symmetric key, the first random number and the received second random number; when the second ciphertext data is equal to the received first ciphertext data, obtaining third ciphertext data according to the second symmetric key and the second random number, and sending the third ciphertext data to the communication device;
optionally, in step 103, obtaining second ciphertext data according to the second symmetric key, the first random number, and the received second random number, specifically:
and the terminal calculates the first random number and the received second random number to obtain second intermediate data, and encrypts the second intermediate data by using a second symmetric key to obtain second ciphertext data.
Optionally, in step 103, obtaining third ciphertext data according to the second symmetric key and the second random number, specifically:
and the terminal encrypts the second random number by using the second symmetric key to obtain third ciphertext data.
Optionally, in step 103, after obtaining the second ciphertext data according to the second symmetric key, the first random number, and the received second random number, the method further includes:
the terminal judges whether the second ciphertext data is equal to the received first ciphertext data or not, when the second ciphertext data is equal to the received first ciphertext data, third ciphertext data is obtained according to the second symmetric key and the second random number, and when the second ciphertext data is not equal to the received first ciphertext data, an error is reported, and the operation is finished;
further, when the terminal judges that the second ciphertext data is not equal to the received first ciphertext data, an error is reported, and the end is replaced by:
the terminal updates the first count value; and judging whether the updated first count value is greater than a first preset value, deleting a preset symmetric key ID and a second symmetric key stored corresponding to the symmetric key ID when the updated first count value is greater than the first preset value, and returning to the step 101 when the updated first count value is not greater than the first preset value.
Step 104: the communication device obtains fourth ciphertext data according to the searched first symmetric key and the second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and stores the first session data as a session key; sending authentication success information to the terminal;
optionally, in step 103, when the second ciphertext data is equal to the received first ciphertext data, the method further includes: the terminal sends the symmetric key ID to the communication device;
correspondingly, before step 104, the method further includes: the communication device retrieves the first symmetric key stored in association with the received symmetric key ID.
Optionally, in step 104, fourth ciphertext data is obtained according to the retrieved first symmetric key and the second random number, which specifically is:
the communication apparatus encrypts the second random number using the retrieved first symmetric key to obtain fourth ciphertext data.
Optionally, in step 104, after obtaining fourth ciphertext data according to the retrieved first symmetric key and the second random number, the communication apparatus further includes:
the communication device judges whether the fourth ciphertext data and the received third ciphertext data are equal, and if so, first session data are obtained according to the first random number, the second random number and the first symmetric key; otherwise, returning an error code to the terminal;
specifically, the method further comprises the following steps: and the terminal receives the error code, reports the error and finishes.
Further, when it is determined that the fourth ciphertext data is not equal to the received third ciphertext data, before returning the error code to the terminal, the method further includes:
the communication device updates the second count value; judging whether the second count value after the increment is larger than a second preset value or not, deleting the received symmetric key ID and the first symmetric key stored correspondingly to the symmetric key ID when the second count value after the update is judged to be larger than the second preset value, and returning an error code to the terminal; when the updated second count value is judged to be not greater than the second preset value, sending second error information to the terminal;
specifically, the method further comprises the following steps: the terminal receives the second error message and returns to step 101.
Step 105: the terminal receives the authentication success information; and obtaining second session data according to the first random number, the second random number and the second symmetric key, and storing the second session data as a session key.
Optionally, in step 104, when it is determined that the fourth ciphertext data is equal to the received third ciphertext data, the method further includes:
the communication device obtains third data according to the first symmetric key and the second random number, obtains first MAC data according to the third data, and saves the first MAC data as an MAC calculation key;
correspondingly, step 105 further includes: and the terminal obtains fourth data according to the second symmetric key and the second random number, obtains second MAC data according to the fourth data, and stores the second MAC data as an MAC calculation key.
Optionally, after step 105, the method further includes the following steps:
step D1: the terminal generates a state monitoring instruction, encrypts the state detection instruction by using the session key to obtain state detection data, and sends the state detection data to the communication device;
step D2: the communication device receives the state detection data, and decrypts the state detection data by using the session key to obtain a state detection instruction; detecting the current switching state of the terminal, generating a state detection response, encrypting the state detection response by using a session key to obtain state detection response data, and sending the state detection response data to the terminal;
step D3: and the terminal receives the state detection response data and decrypts the state detection response data by using the session key to obtain the state detection response.
Further, before step D1, the method further includes:
when the terminal receives a first instruction input by the user, the terminal prompts the user to input fingerprint information, judges whether the fingerprint information input by the user is the same as the preset fingerprint information or not, if so, executes the step D1, otherwise, reports an error, and ends;
further, after the step D3, the method further includes the following steps:
step D4: the terminal judges the current situation of the communication device switch according to the state detection response, generates a closing instruction when the current situation of the communication device switch is in an open state, encrypts the closing instruction by using the session key to obtain closing data, sends the closing data to the communication device, and executes step D5; when the communication device is in the closed state, generating an opening instruction, encrypting the opening instruction by using the session key to obtain opening data, sending the opening data to the communication device, and executing step D7;
step D5: the communication device receives the closing data, decrypts the closing data by using the session key to obtain a closing instruction, closes the closing instruction, generates a closing success response, encrypts the closing success response by using the session key to obtain closing success response data, sends the closing success response data to the terminal, and executes the step D6;
step D6: the terminal receives the closing success response data, decrypts the closing success response data by using the session key to obtain a closing success response, and the operation is finished;
step D7: the communication device receives the opening data, decrypts the opening data by using the session key to obtain an opening instruction, opens, generates an opening success response, encrypts the opening success response by using the session key to obtain opening success response data, sends the opening success response data to the terminal, and executes the step D8;
step D8: the terminal receives the successful response data of the opening, decrypts the successful response data of the opening by using the session key to obtain the successful response of the opening, and the operation is finished;
further, in step D5, after the step of decrypting the closing data by using the session key to obtain the closing instruction, the method further includes:
the communication device detects whether the self switch state is the closed state, generates a closed response when the self switch state is the closed state, encrypts the closed response by using the session key to obtain closed response data, sends the closed response data to the terminal, and executes the step D9; when the self switch state is not the closed state, closing;
step D9: the terminal receives the closed response data, decrypts the closed response data by using the session key to obtain a closed response, displays that the communication device is closed, and ends;
further, in step D5, after the closing, the method further includes:
the communication device judges whether the closing is successful, if so, a closing success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing the step D10;
step D10: the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished;
further, in step D7, after the decrypting the opening data with the session key obtains the opening instruction, the method further includes:
the communication device detects whether the self switch state is the opened state, generates the opened response when the self switch state is the opened state, encrypts the opened response by using the session key to obtain opened response data, sends the opened response data to the terminal, and executes the step D11; when the self switch state is not the opened state, the switch is opened;
step D11: the terminal receives the opened response data, decrypts the opened response data by using the session key to obtain an opened response, displays that the communication device is opened, and ends;
further, in step D7, after the opening, the method further includes:
the communication device judges whether the opening is successful, if so, an opening success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing the step D12;
step D12: and the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished.
The embodiment provides a method for a communication device to negotiate a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, the communication device and the terminal perform mutual authentication on a first symmetric key (a second symmetric key), and a session key for encrypting and decrypting communication information between the communication device and the terminal is generated; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
Example two
The second embodiment provides a method for a terminal to negotiate a key with a communication device, where the communication device is used for interactive communication between an intelligent door lock and the terminal, as shown in fig. 2, and includes the following steps:
step E1: the communication device receives a first random number and a symmetric key ID sent by a terminal, and retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
optionally, in step E1, the first ciphertext data is obtained according to the first symmetric key, the second random number, and the received first random number, specifically:
the communication device calculates the second random number and the received first random number to obtain first intermediate data, and encrypts the first intermediate data by using the first symmetric key to obtain first ciphertext data.
Optionally, before the step E1, the method further includes the following steps:
step F1: the communication device receives a key exchange request sent by a terminal, and analyzes the received key exchange request to obtain a first public key; encrypting the first public key by using a preset second private key to obtain a first symmetric key, generating a symmetric key ID corresponding to the first symmetric key according to the first symmetric key, and correspondingly storing the symmetric key ID and the first symmetric key; and sending the preset second public key and the symmetric key ID to the terminal.
Step E2: the communication device receives third ciphertext data sent by the terminal, obtains fourth ciphertext data according to the searched first symmetric key and the searched second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and stores the first session data as a session key; sending authentication success information to the terminal;
optionally, in step E2, obtaining fourth ciphertext data according to the retrieved first symmetric key and the second random number, specifically:
the communication apparatus encrypts the second random number using the retrieved first symmetric key to obtain fourth ciphertext data.
Optionally, in step E2, after obtaining the fourth ciphertext data according to the retrieved first symmetric key and the second random number, the communications apparatus further includes:
the communication device judges whether the fourth ciphertext data and the received third ciphertext data are equal, and if so, first session data are obtained according to the first random number, the second random number and the first symmetric key; otherwise, returning error codes to the terminal.
Further, when it is determined that the fourth ciphertext data is not equal to the received third ciphertext data, before returning the error code to the terminal, the method further includes:
the communication device updates the second count value; judging whether the second count value after the increment is larger than a second preset value or not, deleting the first symmetric key and the symmetric key ID when the second count value after the update is judged to be larger than the second preset value, and returning an error code to the terminal; and when the updated second count value is judged to be not greater than the second preset value, sending second error information to the terminal.
Optionally, in step E2, when it is determined that the fourth ciphertext data is equal to the received third ciphertext data, the method further includes:
the communication device obtains third data according to the first symmetric key and the second random number, obtains first MAC data according to the third data, and stores the first MAC data as an MAC calculation key.
Optionally, after the step E2, the method further includes the following steps:
step G1: the communication device receives state detection data sent by the terminal, and decrypts the state detection data by using the session key to obtain a state detection instruction; detecting the current switching state of the terminal, generating a state detection response, encrypting the state detection response by using a session key to generate state detection response data, and sending the state detection response data to the terminal;
further, after the step G1, the method further includes the following steps:
step G2: the communication device receives closing data sent by the terminal, decrypts the closing data by using the session key to obtain a closing instruction, closes the closing instruction, generates a closing success response, encrypts the closing success response by using the session key to obtain closing success response data, and sends the closing success response data to the terminal;
step G3: the communication device receives opening data sent by the terminal, decrypts the opening data by using the session key to obtain an opening instruction, opens the opening instruction, generates an opening success response, encrypts the opening success response by using the session key to obtain opening success response data, and sends the opening success response data to the terminal;
further, in step G2, after the step of decrypting the closing data by using the session key obtains the closing instruction, the method further includes:
the communication device detects whether the self switch state is the closed state, generates a closed response when the self switch state is the closed state, encrypts the closed response by using the session key to obtain closed response data, and sends the closed response data to the terminal; when the self switch state is not the closed state, closing;
further, step G2, after the closing, further includes:
the communication device judges whether the closing is successful, if so, a closing success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to generate error response data, and sending the error response data to the terminal;
further, in step G3, after the decrypting the opening data with the session key obtains the opening instruction, the method further includes:
the communication device detects whether the self switch state is the opened state, generates the opened response when the self switch state is the opened state, encrypts the opened response by using the session key to obtain opened response data, and sends the opened response data to the terminal; when the self switch state is not the opened state, the switch is opened to generate a response of successful opening;
further, step G3, after the opening, further includes:
the communication device judges whether the opening is successful, if so, an opening success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to generate error response data, and sending the error response data to the terminal.
The embodiment provides a method for a communication device to negotiate a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, the communication device and the terminal perform mutual authentication on a first symmetric key (a second symmetric key), and a session key for encrypting and decrypting communication information between the communication device and the terminal is generated; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
EXAMPLE III
In a third embodiment, a method for a communication device to negotiate a key with a terminal is provided, where the communication device is used for interactive communication between an intelligent door lock and the terminal, and as shown in fig. 3, the method includes the following steps:
step 301: the terminal and the communication device are connected by Bluetooth, and step 302 is executed after the Bluetooth connection is successful;
optionally, the terminal and the communication device may be connected by other communication methods, such as ZigBee;
step 302: the terminal generates and stores a first private key and a first public key; generating a key exchange request according to the first public key, and sending the key exchange request to the communication device;
for example, the first private key comprises 32 bytes, which is a8992255B6CB2276A8CFDB786FD6FBCABFE20D355787914327D8E717BB43 FCFE;
the first public key comprises 64 bytes, which is 4647CD1260FFFBE9351082133532B208144173611883FF4488A082788F3C639BEFB9E8034748A4DF26D455945E9F4A9561A20797EA7986D2D4D9E7A56DAAC4A 3;
step 303: the communication device receives and analyzes the key exchange request to obtain a first public key; encrypting the first public key by using a preset second private key according to a first algorithm to obtain a first symmetric key, generating a symmetric key ID corresponding to the first symmetric key according to the first symmetric key, and correspondingly storing the symmetric key ID and the first symmetric key; sending a preset second public key and a preset symmetric key ID to the terminal;
specifically, before this step, the communication device presets a second key pair, which includes a second public key and a second private key;
for example, the first symmetric key comprises 32 bytes, which is FDC2a958C2343D4F80DA568100737C2DFDC64641B8E7CB97F60F805D2C95E 72C;
the symmetric key ID comprises 2 bytes, which is 0001;
the second public key is composed of 64 bytes, and is 5344335CA8A83BF7568D92B7AB37334981AA017416935A4E38D2CDE159C45A5D394D6A17F4945DA5CCCB7F3AED7FF2F2C7E68A324821852ECF06C3F8C31B 2098;
the second private key is 32 bytes comprising, and is D05DC4DF7D673C4EB085E3D4B8C51014607F3182AF417F87E3E71EB2486E9a 04;
the first algorithm is an ECDH algorithm;
step 304: the terminal receives the second public key and the symmetric key ID; encrypting the second public key by using the first private key according to a first algorithm to obtain a second symmetric key, and correspondingly storing the second symmetric key and the symmetric key ID;
in this embodiment, the first symmetric key and the second symmetric key are the same; in order to distinguish whether the symmetric keys are generated by the terminal or the communication device, the same symmetric keys are named a first symmetric key and a second symmetric key respectively, namely, the communication device generates the first symmetric key and the terminal generates the second symmetric key;
for example, the first private key comprises 32 bytes, which is a8992255B6CB2276A8CFDB786FD6FBCABFE20D355787914327D8E717BB43 FCFE;
the second symmetric key comprises 32 bytes, which is FDC2a958C2343D4F80DA568100737C2DFDC64641B8E7CB97F60F805D2C95E 72C;
the first algorithm is an ECDH algorithm;
step 305: the terminal generates a first random number; transmitting the first random number and the symmetric key ID to the communication device;
for example, the first random number comprises 16 bytes, which is 00000000000000000000000000000000;
step 306: the communication device receives the first random number and the symmetric key ID; retrieving a first symmetric key stored corresponding to the symmetric key ID according to the symmetric key ID; generating a second random number; calculating the first random number and the second random number by using a second algorithm to obtain first intermediate data; encrypting the first intermediate data by using a first symmetric key according to a third algorithm to obtain first ciphertext data; sending the second random number and the first ciphertext data to the terminal;
for example, the second random number includes 16 bytes, which is 11111111111111111111111111111111; the first intermediate data comprises 16 bytes, which is 11111111111111111111111111111111;
the first ciphertext data comprises 16 bytes, 88EF383ACEF56150EB0F1CA723a 7407A;
the second algorithm is an exclusive or algorithm;
the third algorithm is an AES256_ ECB algorithm;
step 307: the terminal receives the second random number and the first ciphertext data; calculating the first random number and the second random number by using a second algorithm to obtain second intermediate data; encrypting the second intermediate data by using a second symmetric key according to a third algorithm to obtain second ciphertext data; judging whether the first ciphertext data and the second ciphertext data are equal, if so, executing a step 309, otherwise, executing a step 308;
optionally, before encrypting the second intermediate data by using the second symmetric key according to the third algorithm to obtain the second ciphertext data, the method may further include: the terminal retrieves a second symmetric key stored corresponding to the symmetric key ID according to the symmetric key ID;
for example, the second ciphertext data may include 16 bytes, which is 88EF383ACEF56150EB0F1CA723a 7407A;
the second algorithm is an exclusive or algorithm;
the third algorithm is an AES256_ ECB algorithm;
step 308: the terminal updates the first count value; judging whether the updated first count value is greater than a first preset value, if so, deleting the second symmetric key and the symmetric key ID, returning to the step 302, otherwise, returning to the step 305;
optionally, step 308 specifically includes: the terminal increases the first counting value in an incremental mode; judging whether the data of the incremented first counting value is larger than a first preset value, if so, deleting the second symmetric key and the symmetric key ID, returning to the step 302, otherwise, returning to the step 305;
for example, the first preset value is 15;
alternatively, step 308 may be replaced with step 308-1: the terminal reports the error and finishes;
step 309: the terminal encrypts the second random number by using a second symmetric key according to a third algorithm to obtain third ciphertext data, and sends the third ciphertext data and the symmetric key ID to the communication device;
optionally, before step 309, the method may further include: the terminal retrieves a second symmetric key stored corresponding to the symmetric key ID according to the symmetric key ID;
optionally, step 309 is replaced with step 309-1: the terminal encrypts the second random number by using a second symmetric key according to a third algorithm to obtain third ciphertext data, and sends the third ciphertext data to the communication device;
for example, the third ciphertext data may include 16 bytes, which is 7741CF07F5AC4F3094237C51E6BAE3F 7;
the third algorithm is an AES256_ ECB algorithm;
step 310: the communication device receives the third ciphertext data and the symmetric key ID; retrieving a first symmetric key corresponding to the symmetric key ID based on the symmetric key ID; encrypting the second random number by using the first symmetric key according to a third algorithm to obtain fourth ciphertext data, and judging whether the third ciphertext data and the fourth ciphertext data are equal, if so, executing the step 314, otherwise, executing the step 311;
accordingly, when step 309 is replaced with step 309-1, step 310 is replaced with step 310-1: the communication device receives the third ciphertext data; encrypting the second random number by using the retrieved first symmetric key according to a third algorithm to obtain fourth ciphertext data, and judging whether the third ciphertext data and the fourth ciphertext data are equal, if so, executing a step 314, otherwise, executing a step 311;
for example, the fourth ciphertext data may include 16 bytes, which is 7741CF07F5AC4F3094237C51E6BAE3F 7;
the third algorithm is an AES256_ ECB algorithm;
step 311: the communication device updates the second count value; judging whether the updated second count value is greater than a second preset value, if so, deleting the first symmetric key and the symmetric key ID, sending first error information to the terminal, and executing step 312, otherwise, sending second error information to the terminal, and executing step 313;
optionally, step 311 is specifically: the communication device increments the second count value; judging whether the incremented second count value is greater than a second preset value, if so, deleting the first symmetric key and the symmetric key ID, sending first error information to the terminal, and executing step 312, otherwise, sending second error information to the terminal, and executing step 313;
for example, the first error information may be: locking information;
the second error information may be: re-authenticating the information;
for example, the second preset value is 15;
alternatively, step 311 may be replaced with step 311-1: the communication device sends a third error message to the terminal, and performs step 312-2;
accordingly, step 311-2 is: the terminal receives the third error information, reports an error and finishes;
or step 311-2 may be replaced with step 311-3: the terminal receives the third error message, judges the type of the third error message, returns to step 302 when the third error message is the first error message, and returns to step 305 when the third error message is the second error message;
optionally, step 311-3 is specifically: the terminal receives the third error message, judges the type of the error code in the third error message, returns to step 302 when the error code is a first preset value, and returns to step 305 when the error code is a second preset value;
step 312: the terminal receives the first error message and returns to step 302;
optionally, step 312 may be replaced with: the terminal receives the first error information, reports an error and finishes;
step 313: the terminal receives the second error message and returns to step 305;
optionally, step 313 may be replaced by: the terminal receives the second error information, reports the error and finishes;
step 314: the communication device calculates the second random number by using a fourth algorithm to obtain first data, calculates the first data and the first symmetric key by using the second algorithm to obtain first session data, and stores the first session data as a session key; sending authentication success information to the terminal;
alternatively, step 314 may be replaced with step 314-1: the communication device calculates the first random number by using a fourth algorithm to obtain first data, calculates the first data and the first symmetric key by using a second algorithm to obtain first session data, and stores the first session data as a session key; sending authentication success information to the terminal;
alternatively, step 314 may be replaced with step 314-2: the communication device calculates the first random number and the second random number by using a fourth algorithm to obtain first data, calculates the first data and the first symmetric key by using the second algorithm to obtain first session data, and stores the first session data as a session key; sending authentication success information to the terminal;
optionally, step 314 may further include: the communication device encrypts the first session data by using a fourth algorithm to obtain second data, intercepts data of a left first preset length byte of the second data as first session vector data, and stores the first session vector data as a session vector;
optionally, step 314 may further include: the communication device calculates the first symmetric key and the second random number by using a fifth algorithm to obtain third data, calculates the third data by using a fourth algorithm to obtain first MAC data, and stores the first MAC data as an MAC calculation key;
accordingly, step 314 may further include: the communication device calculates the first MAC data by using a fourth algorithm to obtain fourth data, intercepts data of a left second preset length byte of the fourth data as second session vector data, and saves the second session vector data as an MAC vector;
for example, the first session data comprises 16 bytes, which is 453387F00B9D6004C69BE6BC9FD6DB 37;
the session key comprises 16 bytes, which is 453387F00B9D6004C69BE6BC9FD6DB 37;
the first session vector data comprises 16 bytes, being 011C04AFA2FC59E4472031E17AC73B 8D;
the session vector consists of 16 bytes, and is 011C04AFA2FC59E4472031E17AC73B 8D;
the first MAC data comprises 16 bytes, which is 96665744C339B01EF513042037BE4AF 4;
the MAC calculation key comprises 16 bytes, and is 96665744C339B01EF513042037BE4AF 4;
the second session vector data comprises 16 bytes, being EE8A1E957a382A2E2B4C 271180670741;
the MAC vector consists of 16 bytes, EE8A1E957a382A2E2B4C 271180670741;
the first preset length is 16 bytes;
the second preset length is 16 bytes;
the second algorithm is an exclusive-or operation;
the fourth algorithm is the sha256 algorithm;
the fifth algorithm is a splicing algorithm;
step 315: the terminal receives the authentication success information; calculating the second random number by using a fourth algorithm to obtain fifth data, calculating the fifth data and the second symmetric key by using the second algorithm to obtain second session data, and storing the second session data as a session key;
in this embodiment, when step 314 is replaced with step 314-1, step 315 is replaced with step 315-1: the terminal receives the authentication success information; calculating the first random number by using a fourth algorithm to obtain fifth data, calculating the fifth data and the second symmetric key by using a second algorithm to obtain second session data, and storing the second session data as a session key;
in this embodiment, when step 314 is replaced with step 314-2, step 315 is replaced with step 315-2: the terminal receives the authentication success information; calculating the first random number and the second random number by using a fourth algorithm to obtain fifth data, calculating the fifth data and the second symmetric key by using a second algorithm to obtain second session data, and storing the second session data as a session key;
optionally, when step 314 further includes the communication apparatus encrypting the first session data by using a fourth algorithm to obtain second data, intercepting left first preset length byte of data of the second data as the first session vector data, and regarding the first session vector data as a session vector, step 315 further includes: the terminal encrypts the second session data by using a fourth algorithm to obtain sixth data, intercepts byte data of a left third preset length byte of the sixth data to serve as first MAC vector data, and saves the first MAC vector data as a session vector;
optionally, when step 314 includes that the communication apparatus calculates the first symmetric key and the second random number by using a fifth algorithm to obtain third data, calculates the third data by using a fourth algorithm to obtain first MAC data, and stores the first MAC data as the MAC calculation key, step 315 further includes: the terminal calculates the second symmetric key and the second random number by using a fifth algorithm to obtain seventh data, calculates the seventh data by using a fourth algorithm to obtain second MAC data, and stores the second MAC data as an MAC calculation key;
optionally, when step 314 further comprises: the communication device calculates the first symmetric key and the second random number by using a fifth algorithm to obtain third data, and calculates the third data by using a fourth algorithm to obtain first MAC data and stores the first MAC data; using a fourth algorithm to calculate the first MAC data to obtain fourth data, intercepting data of a left second preset length byte of the fourth data as second session vector data, and when the second session vector data is stored as an MAC vector, step 315 further includes: the terminal calculates the second symmetric key and the second random number by using a fifth algorithm to obtain seventh data, calculates the seventh data by using a fourth algorithm to obtain second MAC data, and stores the second MAC data as an MAC calculation key; calculating the second MAC data by using a fourth algorithm to obtain eighth data, intercepting data of a left fourth preset length byte of the eighth data as second MAC vector data, and storing the second MAC vector data as an MAC vector;
for example, the second session data comprises 16 bytes, which is 453387F00B9D6004C69BE6BC9FD6DB 37;
the session key comprises 16 bytes, which is 453387F00B9D6004C69BE6BC9FD6DB 37;
the first MAC vector data comprises 16 bytes, being 011C04AFA2FC59E4472031E17AC73B 8D;
the session vector consists of 16 bytes, and is 011C04AFA2FC59E4472031E17AC73B 8D;
the second MAC data comprises 16 bytes, which is 96665744C339B01EF513042037BE4AF 4;
the MAC calculation key comprises 16 bytes, and is 96665744C339B01EF513042037BE4AF 4;
the second MAC vector data comprises 16 bytes, being EE8A1E957a382A2E2B4C 271180670741;
the MAC vector consists of 16 bytes, EE8A1E957a382A2E2B4C 271180670741;
the third preset length is 16 bytes;
the fourth preset length is 16 bytes;
the second algorithm is an exclusive or algorithm;
the fourth algorithm is the sha256 algorithm;
the fifth algorithm is a splicing algorithm;
optionally, before the embodiment, the terminal logs in the cloud according to a user account and a login password input by the user; and adding a communication device;
optionally, in step 307, after determining that the first ciphertext data is the same as the second ciphertext data and the terminal successfully authenticates the communication device, the terminal may generate second session data in the same manner as in step 215; only in step 315, after receiving the authentication success information, the terminal saves the second session data as the session key; similarly, when the terminal further generates the first MAC vector data and/or the second MAC vector data, the MAC vector data may also be generated in step 307, and after receiving the authentication success information in step 315, the MAC vector data may be stored as the session vector and/or the MAC calculation key and/or the MAC vector, respectively;
in this embodiment, the first session data is the same as the second session data, the first MAC data is the same as the second MAC data, the first session vector data is the same as the first MAC vector data, and the second session vector data is the same as the second MAC vector data; to distinguish whether the session key, the MAC calculation key, the session vector, and the MAC vector are generated by the terminal or the communication apparatus, they are named as different names, respectively; the communication device generating first session data, first session vector data, first MAC data, and second session vector data; the terminal generates second session data, first MAC vector data, second MAC data and second MAC vector data;
in this embodiment, the communication apparatus generates first session data as a session key, and the terminal generates second session data as a session key; the session key is used for encryption and decryption of communication information between the communication device and the terminal later, so that the communication security between the communication device and the terminal is improved;
in addition, in this embodiment, the communication device may further generate first session vector data as a session vector, and the terminal may further generate second session vector data as a session vector; the session vector data and the session vector assistance are used for later encryption and decryption of communication information between the communication device and the terminal; the communication safety between the communication device and the terminal is further improved;
further, in the present embodiment, the communication apparatus may further generate first MAC data as a MAC calculation key, and the terminal may further generate second MAC data as a MAC calculation key; the MAC calculation key is used for verifying the communication information, so that the communication information is prevented from being tampered or lost, and the communication security between the communication device and the terminal is further improved on the basis that the communication security is improved through the session key;
further, the communication apparatus may also generate first MAC vector data as a MAC vector, and the terminal may also generate second MAC vector data as a MAC vector; the MAC vector is used for later checking of communication information between the communication device and the terminal, and further prevents communication information from being falsified or lost.
Optionally, after step 315, the following steps are further included:
step B1: the terminal sends the successful negotiation information of the session key to the communication device;
step B2: the communication device receives the successful session key negotiation information, checks the on-off state of the communication device, generates a state check response, encrypts the state check response by using the session key to obtain the state check response, and sends state check response data to the terminal;
step B3: the terminal receives the state checking response data, and decrypts the checking state data by using the session key to obtain the state detection response.
Optionally, after step 315, the following steps are further included:
step C1: the terminal generates a state change instruction, encrypts the state change instruction by using the session key to obtain state change data, and sends the state change data to the communication device;
step C2: the communication device receives the state change data, decrypts the state change data by using the session key to obtain a state change instruction, judges the self switch state, closes when the self switch state is the open state, generates a state change response, encrypts the state change response by using the session key to obtain the state change response data, sends the state change response data to the terminal, and executes the step C3; when the self switch state is the close state, the state is opened, the state changed response is generated, the state changed response data is obtained by encrypting the state changed response by using the session key, the state changed response data is sent to the terminal, and the step C3 is executed;
step C3: and the terminal receives the state-changed response data and decrypts the state-changed response data by using the session key to obtain a state-changed response.
Optionally, after step 315, the following steps are further included:
step D1: the terminal generates a state detection instruction, encrypts the state detection instruction by using the session key to obtain state detection data, and sends the state detection data to the communication device;
the method can also comprise the following steps: when a first instruction of the user is received, the terminal prompts the user to input fingerprint information, when the fingerprint information input by the user is received, whether the fingerprint information is correct is judged, if yes, the step D1 is executed, and if not, an error is reported, and the operation is finished;
step D2: the communication device receives the state detection data, and decrypts the state detection data by using the session key to obtain a state detection instruction; detecting the current switching state of the terminal, generating a state detection response, encrypting the state detection response by using a session key to obtain state detection response data, and sending the state detection response data to the terminal;
step D3: the terminal receives the state detection response data, decrypts the state detection response data by using the session key to obtain a state detection response, judges the current situation of the switch of the communication device according to the state detection response, generates a closing instruction when the current situation of the switch of the communication device is in an open state, encrypts the closing instruction by using the session key to obtain closing data, sends the closing data to the communication device, and executes the step D4; when the communication device is in the closed state, generating an opening instruction, encrypting the opening instruction by using the session key to obtain opening data, sending the opening data to the communication device, and executing step D8;
step D4: the communication device receives the closing data, decrypts the closing data by using the session key to obtain a closing instruction, detects whether the self switch state is the closed state, generates a closed response when the self switch state is the closed state, encrypts the closed response by using the session key to obtain closed response data, sends the closed response data to the terminal, and executes the step D5; when the self switch state is not the closed state, closing, judging whether the closing is successful, if so, generating a closing success response, encrypting the closing success response by using the session key to obtain closing success response data, sending the closing success response data to the terminal, and executing the step D6; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing the step D7;
step D5: the terminal receives the closed response data, decrypts the closed response data by using the session key to obtain a closed response, displays that the communication device is closed, and ends;
step D6: the terminal receives the closing success response data, decrypts the closing success response data by using the session key to obtain a closing success response, and the operation is finished;
step D7: the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished;
step D8: the communication device receives the opening data, decrypts the opening data by using the session key to obtain an opening instruction, detects whether the self switch state is the opened state, generates an opened response when the self switch state is the opened state, encrypts the opened response by using the session key to obtain opened response data, sends the opened response data to the terminal, and executes the step D9; when the self switch state is not the opened state, opening, judging whether the opening is successful, if so, generating an opening success response, encrypting the opening success response by using the session key to obtain opening success response data, sending the opening success response data to the terminal, and executing the step D10; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing the step D11;
step D9: the terminal receives the opened response data, decrypts the opened response data by using the session key to obtain an opened response, displays that the communication device is opened, and ends;
step D10: the terminal receives the successful response data of the opening, decrypts the successful response data of the opening by using the session key to obtain the successful response of the opening, and the operation is finished;
step D11: and the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished.
The embodiment provides a method for a communication device to negotiate a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, the communication device and the terminal perform mutual authentication on a first symmetric key (a second symmetric key), and a session key for encrypting and decrypting communication information between the communication device and the terminal is generated; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
Example four
The fourth embodiment of the invention provides a system for negotiating a key between a communication device and a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, and comprises the terminal and the communication device as shown in fig. 4;
the terminal comprises a first generating module 401, a first sending module 402, a first receiving module 408, a first obtaining module 409, a second ciphertext module 410, a third ciphertext module 411, a second session module 415 and a second saving module 416;
the communication device comprises a second receiving module 403, a first retrieving module 404, a second generating module 405, a first ciphertext module 406, a second sending module 407, a fourth ciphertext module 412, a first session module 413 and a first saving module 414;
a first generating module 401, configured to generate a first random number;
a first sending module 402, configured to send the first random number and a preset symmetric key ID to the communication apparatus;
a second receiving module 403, configured to receive the symmetric key ID and the first random number;
a first retrieving module 404, configured to retrieve, according to the symmetric key ID received by the second receiving module 403, a first symmetric key stored in correspondence with the symmetric key ID;
a second generating module 405, configured to generate a second random number;
a first ciphertext module 406, configured to obtain first ciphertext data according to the first symmetric key retrieved by the first retrieving module 404, the second random number generated by the second generating module 405, and the first random number received by the second receiving module 403;
optionally, the first ciphertext module 406 is specifically configured to calculate the second random number generated by the second generating module 405 and the first random number received by the second receiving module 403 to obtain first intermediate data, and encrypt the first intermediate data by using the first symmetric key retrieved by the first retrieving module 404 to obtain first ciphertext data.
The second sending module 407 is further configured to send the second random number generated by the second generating module 405 and the first ciphertext data obtained by the first ciphertext module 406 to the terminal;
a first receiving module 408, configured to receive the second random number and the first ciphertext data sent by the second sending module 407;
a first obtaining module 409, configured to obtain, according to a preset symmetric key ID, a second symmetric key that is stored in correspondence with the symmetric key ID;
a second ciphertext module 410, configured to obtain second ciphertext data according to the second symmetric key obtained by the first obtaining module 409, the first random number generated by the first generating module 401, and the second random number received by the first receiving module 408;
optionally, the second ciphertext module 410 is specifically configured to calculate the first random number generated by the first generating module 401 and the second random number received by the first receiving module 408 to obtain second intermediate data, and encrypt the second intermediate data by using the second symmetric key obtained by the first obtaining module 409 to obtain second ciphertext data.
The third ciphertext module 411, configured to obtain third ciphertext data according to the second symmetric key obtained by the first obtaining module 409 and the second random number received by the first receiving module 408, when the second ciphertext data is equal to the received first ciphertext data;
optionally, the third ciphertext module 411 is specifically configured to encrypt the second random number received by the first receiving module 408 by using the second symmetric key obtained by the first obtaining module 409 to obtain third ciphertext data.
The first sending module 402 is further configured to send the third ciphertext data obtained by the third ciphertext data module 411 to the second receiving module 403;
the second receiving module 403 is further configured to receive third ciphertext data;
a fourth ciphertext module 412, configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the first retrieving module 404 and the second random number generated by the second generating module 405;
optionally, the fourth ciphertext module 412 is specifically configured to encrypt the second random number generated by the second generating module 405 by using the first symmetric key retrieved by the first retrieving module 404 to obtain fourth ciphertext data.
A first session module 413, configured to, when the fourth ciphertext data obtained by the fourth ciphertext module 412 is equal to the third ciphertext data received by the second receiving module 403, obtain first session data according to the first random number received by the second receiving module 403, the second random number generated by the second generating module 405, and the first symmetric key retrieved by the first retrieving module 404;
a first saving module 414, configured to save the first session data obtained by the first session module 413 as a session key;
the second sending module 407 is further configured to send the authentication success information to the first receiving module 408;
the first receiving module 408 is further configured to receive authentication success information;
a second session module 415, configured to obtain second session data according to the first random number generated by the first generating module 401, the second random number received by the first receiving module 408, and the second symmetric key obtained by the first obtaining module 409;
a second saving module 416, configured to save the second session data obtained by the second session module 415 as the session key.
Optionally, the system in this embodiment further includes a first determining module and a first error reporting module;
correspondingly, the first judging module is used for judging whether the second ciphertext data is equal to the received first ciphertext data;
correspondingly, the third ciphertext module 411 is specifically configured to, when the first determining module determines that the second ciphertext data is equal to the received first ciphertext data, obtain third ciphertext data according to the second symmetric key obtained by the first obtaining module 409 and the second random number received by the first receiving module 408;
correspondingly, the first error reporting module is configured to report an error when the first determining module determines that the second ciphertext data is not equal to the received first ciphertext data, and then end;
furthermore, the system also comprises a second judging module and a first deleting module;
correspondingly, the second judging module is used for updating the first counting value; judging whether the updated first count value is larger than a first preset value or not;
correspondingly, the first deleting module is used for deleting the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the second judging module judges that the updated first counting value is larger than the first preset value;
correspondingly, the first generating module 401 is specifically configured to generate a first random number when the second determining module determines that the updated first count value is not greater than the first preset value.
Optionally, a second retrieval module is further included;
accordingly, the first sending module 402 is further configured to send the symmetric key ID to the communication apparatus;
correspondingly, the second receiving module 403 is further configured to receive the symmetric key ID sent by the first sending module 402;
correspondingly, the second retrieving module is further configured to retrieve the first symmetric key stored corresponding to the symmetric key ID received by the second receiving module 403;
correspondingly, the fourth ciphertext module 412 is further configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the second retrieving module and the second random number generated by the second generating module 405;
correspondingly, the first session module 413 is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module 412 is equal to the third ciphertext data received by the second receiving module 403, obtain the first session data according to the first random number received by the second receiving module 403, the second random number generated by the second generating module 405, and the first symmetric key retrieved by the second retrieving module.
Optionally, the system further comprises a third judging module and a second error reporting module;
correspondingly, the third determining module is configured to determine whether the fourth ciphertext data obtained by the fourth ciphertext module 412 is equal to the third ciphertext data received by the second receiving module 403;
correspondingly, the first session module 413 is specifically configured to, when the third determining module determines that the fourth ciphertext data obtained by the fourth ciphertext module 412 is equal to the third ciphertext data received by the second receiving module 403, obtain the first session data according to the first random number received by the second receiving module 403, the second random number generated by the second generating module 405, and the first symmetric key retrieved by the first retrieving module 404;
correspondingly, the second sending module 407 is further configured to return an error code to the terminal when the third determining module determines that the fourth ciphertext data obtained by the fourth ciphertext module 412 is not equal to the third ciphertext data received by the second receiving module 403;
accordingly, the first receiving module 408 is further configured to receive an error code;
correspondingly, the second error reporting module is used for reporting errors and ending;
furthermore, the device also comprises a fourth judging module;
correspondingly, the fourth determining module is configured to update the second count value when the third determining module determines that the fourth ciphertext data obtained by the fourth ciphertext module 412 is not equal to the third ciphertext data received by the second receiving module 403; judging whether the second count value after the increment is larger than a second preset value or not;
correspondingly, the second deleting module is configured to delete the symmetric key ID received by the second receiving module 403 and the first symmetric key stored in correspondence with the symmetric key ID when the fourth determining module determines that the updated second count value is greater than the second preset value;
correspondingly, the second sending module 407 is further configured to send a second error message to the first receiving module 408 when the fourth determining module determines that the updated second count value is not greater than the second preset value;
accordingly, the first receiving module 408 is further configured to receive a second error message;
accordingly, the first generating module 401 is specifically configured to generate the first random number when the first receiving module 408 receives the second error information.
Optionally, the system in this embodiment further includes a first MAC module and a second MAC module;
correspondingly, the first MAC module is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module 412 is equal to the third ciphertext data received by the second receiving module 403, obtain third data according to the first symmetric key retrieved by the first retrieving module 404 and the second random number generated by the second generating module 405, obtain first MAC data according to the third data, and store the first MAC data as a MAC calculation key;
correspondingly, the second MAC module is configured to obtain fourth data according to the second symmetric key obtained by the first obtaining module 409 and the second random number received by the first receiving module 408, obtain second MAC data according to the fourth data, and store the second MAC data as a MAC calculation key.
Optionally, the system in this embodiment further includes a first connection module, a third generation module, a fourth generation module, a first parsing module, a first encryption module, a fifth generation module, and a second encryption module;
correspondingly, the first connecting module is used for connecting with the communication device;
correspondingly, the third generating module is used for generating a first private key and a first public key when the first connecting module is successfully connected with the communication device;
correspondingly, the fourth generating module is configured to generate a key exchange request according to the first public key generated by the third generating module;
accordingly, the first sending module 402 is further configured to send a key exchange request to the second receiving module 403;
correspondingly, the second receiving module 403 is further configured to receive a key exchange request;
correspondingly, the first parsing module is configured to parse the key exchange request received by the second receiving module 403 to obtain a first public key;
correspondingly, the first encryption module is used for encrypting the first public key obtained by the analysis of the first analysis module by using a preset second private key to obtain a first symmetric key;
correspondingly, the fifth generating module is configured to generate a symmetric key ID corresponding to the first symmetric key according to the first symmetric key obtained by the encryption by the first encrypting module, and store the symmetric key ID and the first symmetric key correspondingly;
correspondingly, the second sending module 407 is further configured to send a preset second public key and the symmetric key ID generated by the fifth generating module to the first receiving module 408;
accordingly, the first receiving module 408 is further configured to receive a second public key and a symmetric key ID;
correspondingly, the second encryption module is configured to encrypt the second public key received by the second receiving module 403 with the first private key generated by the third generating module to obtain a second symmetric key, and correspondingly store the second symmetric key and the symmetric key ID received by the second receiving module 403;
further, the system in this embodiment further includes a fifth determining module;
correspondingly, the fifth determining module is configured to update the first count value when the second ciphertext data obtained by the second ciphertext module 410 is not equal to the first ciphertext data received by the first receiving module 408; judging whether the updated first count value is larger than a first preset value or not;
correspondingly, the third deleting module is configured to delete the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the fifth determining module determines that the updated first count value is greater than the first preset value;
correspondingly, the third generating module is specifically configured to generate the first private key and the first public key after the third deleting module deletes the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID;
correspondingly, the first generating module 401 is specifically configured to generate a first random number when the fifth determining module determines that the updated first count value is not greater than the first preset value.
Optionally, the system in this embodiment further includes an eleventh generating module, an eleventh encrypting module, an eleventh decrypting module, a first detecting module, a twelfth generating module, a twelfth encrypting module, and a twelfth decrypting module;
correspondingly, the eleventh generating module is configured to generate a status monitoring instruction;
correspondingly, the eleventh encrypting module is configured to encrypt the state detection instruction generated by the eleventh generating module by using the session key stored in the second storing module 416 to obtain state detection data;
accordingly, the first sending module 402 is further configured to send the status detection data encrypted by the eleventh encryption module to the second receiving module 403;
accordingly, a second receiving module 403 is configured to receive the status detection data;
correspondingly, the eleventh decryption module is configured to decrypt, using the session key stored by the first storage module 414, the state detection data received by the second receiving module 403 to obtain a state detection instruction;
correspondingly, the first detection module is used for detecting the current switching situation of the first detection module;
correspondingly, a twelfth generating module for generating a status detection response;
correspondingly, the twelfth encrypting module is configured to encrypt the state detection response generated by the twelfth generating module by using the session key stored in the first storing module 414 to obtain state detection response data;
correspondingly, the second sending module 407 is further configured to send the status detection response data encrypted by the twelfth encrypting module to the first receiving module 408;
accordingly, the first receiving module 408 is further configured to receive the status detection response data;
correspondingly, the twelfth decryption module is configured to decrypt the state detection response data received by the first receiving module 408 using the session key stored by the second storing module 416 to obtain a state detection response;
furthermore, the system in this embodiment further includes an eleventh determining module, a thirteenth generating module, a thirteenth encrypting module, a thirteenth decrypting module, a first closing module, a fourteenth generating module, a fourteenth encrypting module, a fourteenth decrypting module, a fifteenth generating module, a fifteenth encrypting module, a fifteenth decrypting module, a sixteenth generating module, a sixteenth encrypting module, and a sixteenth decrypting module;
correspondingly, the eleventh judging module is used for judging the current switching status of the communication device according to the status detection response obtained by the encryption of the twelfth decrypting module;
correspondingly, the thirteenth generating module is used for generating a closing instruction when the eleventh judging module judges that the communication device switch is in an open state;
correspondingly, the thirteenth encrypting module is configured to encrypt the close instruction generated by the thirteenth generating module by using the session key stored by the second storing module 416 to obtain close data;
correspondingly, the first sending module 402 further sends the closing data encrypted by the thirteenth encryption module to the second receiving module 403;
correspondingly, the second receiving module 403 is further configured to receive the shutdown data sent by the first sending module 402;
correspondingly, a thirteenth decryption module, configured to decrypt, using the session key stored by the first storage module 414, the closing data received by the second receiving module 403 to obtain a closing instruction;
correspondingly, the first closing module is used for closing when the thirteenth decryption module decrypts the closing data to obtain a closing instruction;
correspondingly, a fourteenth generating module for generating a closing success response;
correspondingly, the fourteenth encrypting module is configured to encrypt the closing success response generated by the fourteenth generating module by using the session key stored in the first storing module 414 to obtain closing success response data;
correspondingly, the second sending module 407 is further configured to send the closing success response data encrypted by the fourteenth encryption module to the first receiving module 408;
accordingly, a first receiving module 408 is configured to receive the closing success response data;
correspondingly, the fourteenth decryption module is configured to decrypt, using the session key stored by the second storage module 416, the closing success response data received by the first receiving module 408 to obtain a closing success response, and then end;
correspondingly, the fifteenth generation module is used for generating an opening instruction when the eleventh judgment module judges that the communication device switch is in a closed state;
correspondingly, the fifteenth encrypting module is configured to encrypt the opening instruction generated by the fifteenth generating module by using the session key stored in the second storing module 416 to obtain opening data;
correspondingly, the first sending module 402 is further configured to send the opening data encrypted by the fifteenth encryption module to the second receiving module 403;
accordingly, a second receiving module 403 is configured to receive the opening data;
correspondingly, the fifteenth decryption module is configured to decrypt, using the session key stored by the first storage module 414, the opening data received by the second receiving module 403 to obtain an opening instruction;
correspondingly, the first opening module is used for opening when the sixteenth decryption module decrypts the opening data to obtain an opening instruction;
correspondingly, a sixteenth generating module is configured to generate an open success response;
correspondingly, the sixteenth encrypting module is configured to encrypt the opening success response generated by the sixteenth generating module by using the session key stored in the first storing module 414 to obtain opening success response data;
correspondingly, the second sending module 407 is further configured to send the opening success response data encrypted by the sixteenth encryption module to the first receiving module 408;
accordingly, the first receiving module 408 is further configured to receive the opening success response data;
accordingly, the sixteenth decryption module is configured to decrypt the opening success response data received by the first receiving module 408 using the session key stored by the second storing module 416 to obtain an opening success response, and then the process is ended.
Further, the system in this embodiment further includes a second detecting module, a seventeenth generating module, a seventeenth encrypting module, a seventeenth decrypting module, and a first display module;
correspondingly, the second detection module is used for detecting whether the self switch state is the closed state;
correspondingly, the seventeenth generation module is used for generating a closed response when the second detection module detects that the self switch state is the closed state;
correspondingly, a seventeenth encrypting module, configured to encrypt the closed response generated by the seventeenth generating module by using the session key stored in the first storing module 414 to obtain closed response data;
correspondingly, the second sending module 407 is further configured to send the closed response data encrypted by the seventeenth encryption module to the first receiving module 408;
accordingly, a first receiving module 408 for receiving the shutdown response data;
correspondingly, a seventeenth decryption module, configured to decrypt the closed response data received by the first receiving module 408 using the session key stored by the first storage module 414 to obtain a closed response;
correspondingly, the first display module is used for displaying that the communication device is closed and ending;
correspondingly, the first closing module is specifically used for closing when the second detection module detects that the self switch state is not the closed state.
Furthermore, the system in this embodiment further includes a twelfth determining module, a fourteenth generating module, an eighteenth encrypting module, an eighteenth decrypting module, and a third error reporting module;
correspondingly, the twelfth judging module is used for judging whether the closing is successful or not after the first closing module is closed;
correspondingly, the fourteenth generating module is specifically configured to generate a closing success response when the twelfth judging module judges that the closing is successful;
correspondingly, the eighteenth generation module is configured to generate an error-reporting response when the twelfth judgment module judges that the shutdown is not successful;
correspondingly, the eighteenth encrypting module is configured to encrypt the error response generated by the eighteenth generating module by using the session key stored in the first storing module 414 to obtain error response data;
correspondingly, the second sending module 407 is configured to send the error response data encrypted by the eighteenth encryption module to the first receiving module 408;
accordingly, a first receiving module 408 is configured to receive error response data;
correspondingly, the eighteenth decryption module is configured to decrypt the error response data using the session key stored by the second storage module 416 to obtain an error response;
correspondingly, the third error reporting module is used for reporting errors and ending.
Further, the system in this embodiment further includes a third detection module, a nineteenth generation module, a nineteenth encryption module, a nineteenth decryption module, and a second display module;
correspondingly, the third detection module is used for detecting whether the self switch state is the opened state;
correspondingly, the nineteenth generating module is used for generating an opened response when the third detecting module detects that the self switch state is the opened state;
correspondingly, a nineteenth encrypting module, configured to encrypt the opened response using the session key stored by the first storing module 414 to obtain opened response data;
correspondingly, the second sending module 407 is further configured to send the opened response data encrypted by the nineteenth encryption module to the first receiving module 408;
accordingly, a first receiving module 408 for receiving opened response data;
correspondingly, the nineteenth decryption module is configured to decrypt the opened response data using the session key stored by the second storage module 416 to obtain an opened response;
correspondingly, the second display module is used for displaying that the communication device is opened and finished;
correspondingly, the first opening module is specifically configured to open when the third detection module detects that the self switch state is not the already opened state.
Further, the system in this embodiment further includes a thirteenth determining module, a twentieth generating module, a twentieth encrypting module, a twentieth decrypting module, and a fourth error reporting module;
correspondingly, the thirteenth judging module is used for judging whether the first opening module is opened successfully or not after the first opening module is opened;
correspondingly, the sixteenth generating module is specifically configured to generate an opening success response when the thirteenth judging module judges that the opening is successful;
correspondingly, the twentieth generation module is configured to generate an error response when the thirteenth determination module determines that the opening is not successful;
correspondingly, the twentieth encryption module is configured to encrypt the error response using the session key stored in the first storage module 414 to obtain error response data;
correspondingly, the second sending module 407 is further configured to send error response data encrypted by the nineteenth encryption module to the first receiving module 408;
accordingly, a first receiving module 408 is configured to receive error response data;
correspondingly, the twentieth decryption module is configured to decrypt the error response data received by the first receiving module 408 using the session key stored by the second storage module 416 to obtain an error response;
correspondingly, the fourth error reporting module is used for reporting errors and ending.
Further, the system in this embodiment further includes a fourteenth determining module and a third error reporting module
Accordingly, the first receiving module 408 is further configured to receive a first instruction input by a user;
accordingly, the first prompting module is configured to prompt the user to input fingerprint information when the first receiving module 408 receives the first instruction;
accordingly, the first receiving module 408 is further configured to receive the input fingerprint information;
correspondingly, a fourteenth determining module, configured to determine whether the fingerprint information input by the user and received by the first receiving module 408 is the same as the preset fingerprint information;
correspondingly, the first generating module 401 is specifically configured to generate a status monitoring instruction when it is determined that the fingerprint information input by the user and received by the first receiving module 408 is the same as the preset fingerprint information;
correspondingly, the third error reporting module is configured to report an error and end when it is determined that the fingerprint information input by the user and received by the first receiving module 408 is different from the preset fingerprint information.
The embodiment provides a system for a communication device to negotiate a key with a terminal; the communication device is used for the interactive communication between the intelligent door lock and the terminal, the communication device and the terminal perform mutual authentication on a first symmetric key (a second symmetric key), and a session key for encrypting and decrypting communication information between the communication device and the terminal is generated; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
EXAMPLE five
Fifth embodiment of the present invention provides a communication device, where the communication device is used for an intelligent door lock to perform interactive communication with a terminal, and as shown in fig. 5, the communication device includes a fifty-second receiving module 501, a fifty-first retrieving module 502, a fifty-first generating module 503, a fifty-first ciphertext module 504, a fifty-second sending module 505, a fifty-fourth ciphertext module 506, a fifty-first session module 507, and a fifty-first saving module 508;
a fifty-second receiving module 501, configured to receive a symmetric key ID and a first random number sent by a terminal;
a fifty-first retrieving module 502, configured to retrieve, according to the symmetric key ID received by the fifty-second receiving module 501, the first symmetric key stored in correspondence with the symmetric key ID;
a fifty-first generating module 503 for generating a second random number;
a fifty-first ciphertext module 504, configured to obtain first ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module 502, the second random number generated by the fifty-first generating module 503, and the first random number received by the fifty-second receiving module 501;
optionally, the fifty-first ciphertext module 504 is specifically configured to calculate the second random number generated by the fifty-first generating module 503 and the first random number received by the fifty-second receiving module 501 to obtain first intermediate data, and encrypt the first intermediate data by using the first symmetric key retrieved by the fifty-first retrieving module 502 to obtain first ciphertext data.
A fifty-second sending module 505, configured to send the second random number generated by the fifty-first generating module 503 and the first ciphertext data obtained by the fifty-first ciphertext module 504 to the terminal;
a fifty-second receiving module 501, configured to receive third ciphertext data sent by the terminal;
a fifty-fourth ciphertext module 506, configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module 502 and the second random number generated by the fifty-fourth generating module 503;
optionally, the fifty-fourth ciphertext module 506 is specifically configured to encrypt the second random number generated by the fifty-first generating module 503 by using the first symmetric key retrieved by the fifty-first retrieving module 502 to obtain fourth ciphertext data.
A fifty-first session module 507, configured to, when the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is equal to the third ciphertext data received by the fifty-second receiving module 501, obtain the first session data according to the first random number received by the fifty-second receiving module 501, the second random number generated by the fifty-first generating module 503, and the first symmetric key retrieved by the fifty-first retrieving module 502;
a fifty-first saving module 508, configured to save the first session data obtained by the fifty-first session module 507 as a session key;
a fifty-second sending module 505, further configured to send the authentication success information to the terminal.
Optionally, the system in this embodiment further includes a fifty-third determining module;
correspondingly, a fifty-third determining module, configured to determine whether the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is equal to the third ciphertext data received by the fifty-second receiving module 501;
correspondingly, the fifty-third session module 507 is specifically configured to, when the fifty-third determining module determines that the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is equal to the third ciphertext data received by the fifty-second receiving module 501, obtain the first session data according to the first random number received by the fifty-second receiving module 501, the second random number generated by the fifty-first generating module 503, and the first symmetric key retrieved by the fifty-first retrieving module 502;
correspondingly, the fifty-second sending module 505 is further configured to, when the fifty-third determining module determines that the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is not equal to the third ciphertext data received by the fifty-second receiving module 501, return an error code to the terminal;
further, the system in this embodiment further includes a fifty-fourth determining module;
correspondingly, the fifty-fourth determining module is configured to update the second count value when the fifty-third determining module determines that the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is not equal to the third ciphertext data received by the fifty-second receiving module 501; judging whether the second count value after the increment is larger than a second preset value or not;
correspondingly, the fifty-second deleting module is configured to delete the symmetric key ID received by the fifty-second receiving module 501 and the first symmetric key stored in correspondence with the symmetric key ID when the fifty-fourth determining module determines that the updated second count value is greater than the second preset value;
correspondingly, the fifty-second sending module 505 is further configured to send a second error message to the terminal when the fifty-fourth determining module determines that the updated second count value is not greater than the second preset value.
Optionally, the system in this embodiment further includes a fifth-eleventh MAC module;
correspondingly, the fifty-first MAC module is configured to, when the fourth ciphertext data obtained by the fifty-fourth ciphertext module 506 is equal to the third ciphertext data received by the fifty-second receiving module 501, obtain third data according to the first symmetric key retrieved by the fifty-first retrieving module 502 and the second random number generated by the fifty-second generating module 503, obtain first MAC data according to the third data, and store the first MAC data as a MAC calculation key.
Optionally, the system in this embodiment further includes a fifty-second receiving module 501, a fifty-first parsing module, a fifty-first encrypting module, and a fifty-fifth generating module;
correspondingly, the fifty-second receiving module 501 is further configured to receive a key exchange request sent by the terminal;
correspondingly, the fifty-first parsing module is configured to parse the key exchange request received by the fifty-second receiving module 501 to obtain a first public key;
correspondingly, the fifty-first encryption module is used for encrypting the first public key obtained by the fifty-first analysis module by using a preset second private key to obtain a first symmetric key;
correspondingly, a fifty-fifth generating module, configured to generate a symmetric key ID corresponding to the first symmetric key according to the first symmetric key encrypted by the fifty-fifth encrypting module, and store the symmetric key ID and the first symmetric key correspondingly;
correspondingly, the fifty-second sending module 505 is further configured to send the preset second public key and the symmetric key ID generated by the fifty-fifth generating module to the terminal.
Optionally, the system in this embodiment further includes a fifty-first decryption module, a fifty-first detection module, a fifty-second generation module, and a fifty-second encryption module;
correspondingly, the fifty-second receiving module 501 is further configured to receive status detection data sent by the terminal;
correspondingly, a fifty-first decryption module, configured to decrypt, using the session key stored by the fifty-first storage module 508, the state detection data received by the fifty-second receiving module 501 to obtain a state detection instruction;
correspondingly, the fifty-first detection module is used for detecting the self switching status;
correspondingly, a fifty-second generating module for generating a status detection response;
accordingly, a fifty-second encrypting module, configured to encrypt the state detection response generated by the fifty-second generating module by using the session key stored by the fifty-second storing module 508 to obtain state detection response data;
correspondingly, the fifty-second sending module 505 is further configured to send the status detection response data encrypted by the fifty-second encryption module to the terminal;
still further, the system in this embodiment further includes a fifty-third decryption module, a fifty-first shutdown module, a fifty-fourth generation module, and a fifty-fourth encryption module;
correspondingly, the fifty-second receiving module 501 is further configured to receive closing data sent by the terminal;
correspondingly, a fifty-third decryption module, configured to decrypt, using the session key stored by the fifty-third storage module 508, the closing data received by the fifty-second receiving module 501 to obtain a closing instruction;
correspondingly, the fifty-first closing module is used for closing when the fifty-third decryption module decrypts the closing data to obtain a closing instruction;
correspondingly, a fifty-fourth generation module for generating a close success response;
correspondingly, a fifty-fourth encrypting module, configured to encrypt the closing success response generated by the fifty-fourth generating module by using the session key stored by the fifty-fourth storing module 508 to obtain closing success response data;
correspondingly, the fifty-second sending module 505 is further configured to send the closing success response data encrypted by the fifty-fourth encrypting module to the terminal;
correspondingly, the fifty-second receiving module 501 is further configured to receive opening data sent by the terminal;
correspondingly, a fifty-fifth decryption module, configured to decrypt, using the session key stored by the fifty-fifth storage module 508, the opening data received by the fifty-second receiving module 501 to obtain an opening instruction;
correspondingly, the fiftieth opening module is used for opening when the sixteenth decryption module decrypts the opening data to obtain an opening instruction;
correspondingly, a fifty-sixth generating module for generating an opening success response;
correspondingly, a fifty-sixth encrypting module, configured to encrypt the opening success response generated by the fifty-sixth generating module by using the session key stored by the fifty-sixth storing module 508 to obtain opening success response data;
correspondingly, the fifty-second sending module 505 is further configured to send the opening success response data encrypted by the fifty-sixth encryption module to the terminal.
Still further, the system in this embodiment further includes a fifty-second detection module, a fifty-seventh generation module, and a fifty-seventh encryption module;
correspondingly, the fifty-second detection module is used for detecting whether the self switch state is the closed state;
correspondingly, a fifty-seventh generating module, configured to generate a turned-off response when the fifty-second detecting module detects that the self-switch state is the turned-off state;
accordingly, a fifty-seventh encrypting module, configured to encrypt the closed response generated by the fifty-seventh generating module using the session key stored by the fifty-seventh storing module 508 to obtain closed response data;
correspondingly, the fifty-second sending module 505 is further configured to send the closed response data encrypted by the seventeenth decryption module to the terminal.
Further, the system in this embodiment further includes a fifth-twelfth judging module, a fifty-eighth generating module, and a fifty-eighth encrypting module;
correspondingly, the fifth and twelfth judging module is used for judging whether the closing is successful or not after the fifty-first closing module is closed;
correspondingly, the fifty-fourth generating module is specifically configured to generate a closing success response when the fifty-second determining module determines that the closing is successful;
correspondingly, a fifty-eighth generating module, configured to generate an error response when the fifty-second determining module determines that the closing is not successful;
correspondingly, a fifty-eighth encrypting module, configured to encrypt the error response generated by the fifty-eighth generating module by using the session key stored by the fifty-eighth storing module 508 to obtain error response data;
correspondingly, the fifty-second sending module 505 is further configured to send the error response data encrypted by the fifty-eighth encrypting module to the terminal.
Still further, the system in this embodiment further includes a fifty-third detection module, a fifty-ninth generation module, and a fifty-ninth encryption module;
correspondingly, a fifty-third detection module is used for detecting whether the self switch state is the opened state;
correspondingly, a fifty-ninth generating module for generating an opened response when the fifty-third detecting module detects that the self switch state is the opened state;
accordingly, a fifty-ninth encrypting module, configured to encrypt the opened response using the session key saved by the fifty-ninth saving module 508 to obtain opened response data;
accordingly, the fifty-second sending module 505 is further configured to send the opened response data encrypted by the fifty-ninth encryption module to the communication apparatus.
Furthermore, the system in this embodiment further includes a fifty-third determining module, a sixteenth generating module, a fifty-fifth encrypting module, and a fourth error reporting module;
correspondingly, the fifty-third judging module is used for judging whether the opening is successful or not after the fifty-third opening module is opened;
correspondingly, a fifty-sixth generating module, specifically configured to generate an opening success response when the fifty-third determining module determines that the opening is successful;
correspondingly, the sixteenth generating module is used for generating an error response when the fifty-third judging module judges that the opening is not successful;
correspondingly, a fifty-th encrypting module, configured to encrypt the error response with the session key stored by the fifty-th storing module 508 to obtain error response data;
correspondingly, the fifty-second sending module 505 is further configured to send error response data encrypted by the fifty-ninth encryption module to the communication apparatus.
The present embodiment provides a communication apparatus; the communication device is used for the interactive communication between the intelligent door lock and the terminal, the communication device and the terminal perform mutual authentication on a first symmetric key (a second symmetric key), and a session key for encrypting and decrypting communication information between the communication device and the terminal is generated; the session key is used for encrypting and decrypting information to be communicated between the communication device and the terminal, so that the communication safety between the communication device and the terminal is improved, and the communication safety between the intelligent door lock and the terminal is further improved.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (62)

1. A method for a communication device to negotiate a key with a terminal, wherein the communication device is used for interactive communication between an intelligent door lock and the terminal, and comprises the following steps:
step S1: the terminal generates a first random number; sending the first random number and a preset symmetric key ID to a communication device;
step S2: the communication device retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
step S3: the terminal acquires a second symmetric key stored corresponding to the symmetric key ID according to a preset symmetric key ID, and acquires second ciphertext data according to the second symmetric key, the first random number and the received second random number; when the second ciphertext data is equal to the received first ciphertext data, obtaining third ciphertext data according to the second symmetric key and the second random number, and sending the third ciphertext data to the communication device;
step S4: the communication device obtains fourth ciphertext data according to the retrieved first symmetric key and the retrieved second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and saves the first session data as a session key; sending authentication success information to the terminal;
step S5: the terminal receives the authentication success information; obtaining second session data according to the first random number, the second random number and the second symmetric key, and storing the second session data as a session key;
before the step S1, the method further includes the following steps:
step A1: the terminal is connected with the communication device, and when the connection is successful, the step A2 is executed;
step A2: the terminal generates a first private key and a first public key; generating a key exchange request according to the first public key, and sending the key exchange request to the communication device;
step A3: the communication device analyzes the received key exchange request to obtain a first public key; encrypting the first public key by using a preset second private key to obtain a first symmetric key, generating a symmetric key ID corresponding to the first symmetric key according to the first symmetric key, and correspondingly storing the symmetric key ID and the first symmetric key; sending a preset second public key and the symmetric key ID to the terminal;
step A4: and the terminal encrypts the received second public key by using the first private key to obtain a second symmetric key, and correspondingly stores the second symmetric key and the symmetric key ID.
2. The method according to claim 1, wherein in step S2, the obtaining first ciphertext data according to the first symmetric key, the second random number, and the received first random number includes:
and the communication device calculates the second random number and the received first random number to obtain first intermediate data, and encrypts the first intermediate data by using the first symmetric key to obtain first ciphertext data.
3. The method according to claim 1, wherein in step S3, the obtaining second ciphertext data according to the second symmetric key, the first random number, and the received second random number includes:
and the terminal calculates the first random number and the received second random number to obtain second intermediate data, and encrypts the second intermediate data by using the second symmetric key to obtain second ciphertext data.
4. The method according to claim 1, wherein in step S3, the obtaining third ciphertext data according to the second symmetric key and the second random number includes:
and the terminal encrypts the second random number by using the second symmetric key to obtain third ciphertext data.
5. The method according to claim 1, wherein in step S3, after obtaining second ciphertext data according to the second symmetric key, the first random number, and the received second random number, the method further comprises:
and the terminal judges whether the second ciphertext data is equal to the received first ciphertext data or not, obtains third ciphertext data according to the second symmetric key and the second random number when the second ciphertext data is equal to the received first ciphertext data, reports an error when the second ciphertext data is not equal to the received first ciphertext data, and ends.
6. The method of claim 5, wherein when the terminal determines that the second ciphertext data is not equal to the received first ciphertext data, the error reporting is completed by:
the terminal updates a first counting value; and judging whether the updated first count value is greater than a first preset value, deleting the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the updated first count value is greater than the first preset value, and returning to the step S1 when the updated first count value is not greater than the first preset value.
7. The method according to claim 1, wherein in step S3, when the second ciphertext data is equal to the received first ciphertext data, the method further comprises: the terminal sends the symmetric key ID to the communication device;
before the step S4, the method further includes: the communication device retrieves a first symmetric key stored in correspondence with the received symmetric key ID.
8. The method according to claim 1, wherein in step S4, the obtaining fourth ciphertext data according to the retrieved first symmetric key and the second random number includes:
the communication device encrypts the second random number using the retrieved first symmetric key to obtain fourth ciphertext data.
9. The method according to claim 1, wherein in step S4, after the communication device obtains fourth ciphertext data according to the retrieved first symmetric key and the second random number, the method further comprises:
the communication device judges whether the fourth ciphertext data and the received third ciphertext data are equal, and if so, first session data are obtained according to the first random number, the second random number and the first symmetric key; otherwise, returning an error code to the terminal, and executing step S6;
step S6: and the terminal receives the error code, reports the error and finishes.
10. The method according to claim 9, wherein when it is determined that the fourth ciphertext data is not equal to the received third ciphertext data, before returning an error code to the terminal, the method further comprises:
the communication device updating a second count value; judging whether the second count value after the increment is larger than a second preset value or not, deleting the received symmetric key ID and the first symmetric key stored correspondingly to the symmetric key ID when the second count value after the update is judged to be larger than the second preset value, and returning an error code to the terminal; when the updated second count value is not greater than the second preset value, sending a second error message to the terminal, and executing step S7;
step S7: and the terminal receives the second error message and returns to the step S1.
11. The method according to claim 1, wherein in step S4, when it is determined that the fourth ciphertext data is equal to the received third ciphertext data, the method further comprises:
the communication device obtains third data according to the first symmetric key and the second random number, obtains first MAC data according to the third data, and stores the first MAC data as an MAC calculation key;
in step S5, the method further includes: and the terminal obtains fourth data according to the second symmetric key and the second random number, obtains second MAC data according to the fourth data, and stores the second MAC data as an MAC calculation key.
12. The method according to claim 1, wherein in step S3, the method further comprises:
when the second ciphertext data is not equal to the received first ciphertext data, the terminal updates a first count value; and judging whether the updated first count value is greater than a first preset value, deleting the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the updated first count value is greater than the first preset value, returning to the step A2, and returning to the step S1 when the updated first count value is not greater than the first preset value.
13. The method of claim 1, wherein after the step S5, the method further comprises the steps of:
step D1: the terminal generates a state monitoring instruction, encrypts the state detection instruction by using the session key to obtain state detection data, and sends the state detection data to the communication device;
step D2: the communication device receives the state detection data, and decrypts the state detection data by using the session key to obtain a state detection instruction; detecting the self switch status, generating a state detection response, encrypting the state detection response by using the session key to obtain state detection response data, and sending the state detection response data to the terminal;
step D3: and the terminal receives the state detection response data and decrypts the state detection response data by using the session key to obtain a state detection response.
14. The method of claim 13, wherein after the step D3, the method further comprises the steps of:
step D4: the terminal judges the current situation of the communication device switch according to the state detection response, generates a closing instruction when the current situation of the communication device switch is in an open state, encrypts the closing instruction by using the session key to obtain closing data, sends the closing data to the communication device, and executes step D5; when the communication device is in a closed state, generating an opening instruction, encrypting the opening instruction by using the session key to obtain opening data, sending the opening data to the communication device, and executing step D7;
step D5: the communication device receives the closing data, decrypts the closing data by using the session key to obtain a closing instruction, closes, generates a closing success response, encrypts the closing success response by using the session key to obtain the closing success response data, sends the closing success response data to the terminal, and executes step D6;
step D6: the terminal receives the closing success response data, decrypts the closing success response data by using the session key to obtain a closing success response, and the operation is finished;
step D7: the communication device receives the opening data, decrypts the opening data by using the session key to obtain an opening instruction, opens, generates an opening success response, encrypts the opening success response by using the session key to obtain opening success response data, sends the opening success response data to the terminal, and executes step D8;
step D8: and the terminal receives the successful response data, decrypts the successful response data by using the session key to obtain a successful response, and then the operation is finished.
15. The method according to claim 14, wherein in step D5, after the step of decrypting the closing data using the session key obtains a closing instruction, the method further comprises:
the communication device detects whether the self switch state is the closed state, generates a closed response when the self switch state is the closed state, encrypts the closed response by using the session key to obtain closed response data, sends the closed response data to the terminal, and executes step D9; when the self switch state is not the closed state, closing;
step D9: and the terminal receives the closed response data, decrypts the closed response data by using the session key to obtain a closed response, displays that the communication device is closed, and ends.
16. The method according to claim 14, wherein said step D5, after said closing, further comprises:
the communication device judges whether the closing is successful, if so, a closing success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing step D10;
step D10: and the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished.
17. The method according to claim 14, wherein in step D7, after the decrypting the opening data with the session key obtains an opening instruction, the method further comprises:
the communication device detects whether the self switch state is the opened state, generates the opened response when the self switch state is the opened state, encrypts the opened response by using the session key to obtain opened response data, sends the opened response data to the terminal, and executes the step D11; when the self switch state is not the opened state, the switch is opened;
step D11: and the terminal receives the opened response data, decrypts the opened response data by using the session key to obtain an opened response, displays that the communication device is opened, and ends.
18. The method of claim 14, wherein said step D7, after said opening, further comprises:
the communication device judges whether the opening is successful, if so, an opening success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to obtain error response data, sending the error response data to the terminal, and executing the step D12;
step D12: and the terminal receives the error response data, decrypts the error response data by using the session key to obtain an error response, and reports the error, and the operation is finished.
19. The method of claim 13, wherein step D1 is preceded by the further step of:
and when the terminal receives a first instruction input by the user, the terminal prompts the user to input fingerprint information, judges whether the fingerprint information input by the user is the same as the preset fingerprint information or not, if so, executes the step D1, otherwise, reports an error, and ends.
20. A method for a communication device to negotiate a key with a terminal, wherein the communication device is used for interactive communication between an intelligent door lock and the terminal, and comprises the following steps:
step E1: the communication device receives a first random number and a symmetric key ID sent by a terminal, and retrieves a first symmetric key stored corresponding to the symmetric key ID according to the received symmetric key ID; generating a second random number; obtaining first ciphertext data according to the first symmetric key, the second random number and the received first random number; sending the second random number and the first ciphertext data to the terminal;
step E2: the communication device receives third ciphertext data sent by a terminal, obtains fourth ciphertext data according to the first symmetric key and the second random number, obtains first session data according to the first random number, the second random number and the first symmetric key when the fourth ciphertext data is equal to the received third ciphertext data, and stores the first session data as a session key; sending authentication success information to the terminal;
before the step E1, the method further includes the following steps:
step F1: the communication device receives a key exchange request sent by the terminal, and analyzes the received key exchange request to obtain a first public key; encrypting the first public key by using a preset second private key to obtain a first symmetric key, generating a symmetric key ID corresponding to the first symmetric key according to the first symmetric key, and correspondingly storing the symmetric key ID and the first symmetric key; and sending a preset second public key and the symmetric key ID to the terminal.
21. The method according to claim 20, wherein in step E1, the obtaining first ciphertext data according to the first symmetric key, the second random number, and the received first random number includes:
and the communication device calculates the second random number and the received first random number to obtain first intermediate data, and encrypts the first intermediate data by using the first symmetric key to obtain first ciphertext data.
22. The method according to claim 20, wherein in step E2, the obtaining of the fourth ciphertext data according to the retrieved first symmetric key and the second random number includes:
the communication device encrypts the second random number using the retrieved first symmetric key to obtain fourth ciphertext data.
23. The method according to claim 20, wherein in step E2, after the communication device obtains fourth ciphertext data according to the retrieved first symmetric key and the second random number, the method further comprises:
the communication device judges whether the fourth ciphertext data and the received third ciphertext data are equal, and if so, first session data are obtained according to the first random number, the second random number and the first symmetric key; otherwise, returning an error code to the terminal.
24. The method according to claim 23, wherein when it is determined that the fourth ciphertext data is not equal to the received third ciphertext data, before returning an error code to the terminal, the method further comprises:
the communication device updating a second count value; judging whether the second count value after the increment is larger than a second preset value or not, deleting the first symmetric key and the symmetric key ID when the second count value after the update is judged to be larger than the second preset value, and returning an error code to the terminal; and when the updated second count value is judged to be not greater than the second preset value, sending second error information to the terminal.
25. The method according to claim 20, wherein in step E2, when it is determined that the fourth ciphertext data is equal to the received third ciphertext data, the method further comprises:
and the communication device obtains third data according to the first symmetric key and the second random number, obtains first MAC data according to the third data, and stores the first MAC data as an MAC calculation key.
26. The method of claim 20, wherein after the step E2, the method further comprises the steps of:
step G1: the communication device receives state detection data sent by the terminal, and decrypts the state detection data by using the session key to obtain a state detection instruction; detecting the self switch status, generating a state detection response, encrypting the state detection response by using the session key to generate state detection response data, and sending the state detection response data to the terminal.
27. The method of claim 26, wherein after step G1, the method further comprises the steps of:
step G2: the communication device receives closing data sent by the terminal, decrypts the closing data by using the session key to obtain a closing instruction, closes, generates a closing success response, encrypts the closing success response by using the session key to obtain the closing success response data, and sends the closing success response data to the terminal;
step G3: the communication device receives opening data sent by the terminal, decrypts the opening data by using the session key to obtain an opening instruction, opens, generates an opening success response, encrypts the opening success response by using the session key to obtain opening success response data, and sends the opening success response data to the terminal.
28. The method according to claim 27, wherein said step G2, after said decrypting said closing data with said session key obtains a closing instruction, further comprises:
the communication device detects whether the self switch state is the closed state, generates a closed response when the self switch state is the closed state, encrypts the closed response by using the session key to obtain closed response data, and sends the closed response data to the terminal; and when the self switch state is not the closed state, closing.
29. The method according to claim 27, wherein said step G2, after said closing, further comprises:
the communication device judges whether the closing is successful, if so, a closing success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to generate error response data, and sending the error response data to the terminal.
30. The method according to claim 27, wherein said step G3, after said decrypting said opening data with said session key obtains an opening instruction, further comprises:
the communication device detects whether the self switch state is the opened state, generates the opened response when the self switch state is the opened state, encrypts the opened response by using the session key to obtain opened response data, and sends the opened response data to the terminal; and when the self switch state is not the opened state, opening the switch to generate an opening success response.
31. The method according to claim 27, wherein said step G3, after said opening, further comprises:
the communication device judges whether the opening is successful, if so, an opening success response is generated; otherwise, generating an error response, encrypting the error response by using the session key to generate error response data, and sending the error response data to the terminal.
32. A system for a communication device and a terminal to negotiate a key is characterized in that the communication device is used for interactive communication between an intelligent door lock and the terminal and comprises the terminal and the communication device;
the terminal comprises a first generating module, a first sending module, a first receiving module, a first obtaining module, a second ciphertext module, a third ciphertext module, a second session module and a second storing module;
the communication device comprises a second receiving module, a first retrieval module, a second sending module, a second generating module, a first ciphertext module, a fourth ciphertext module, a first session module and a first saving module;
the first generation module is used for generating a first random number;
the first sending module is further configured to send the first random number and a preset symmetric key ID to a communication device;
the second receiving module is configured to receive the symmetric key ID and the first random number;
the first retrieval module is configured to retrieve, according to the symmetric key ID received by the second receiving module, a first symmetric key stored in correspondence with the symmetric key ID;
the second generating module is used for generating a second random number;
the first ciphertext module is configured to obtain first ciphertext data according to the first symmetric key retrieved by the first retrieval module, the second random number generated by the second generation module, and the first random number received by the second receiving module;
the second sending module is further configured to send the second random number generated by the second generating module and the first ciphertext data obtained by the first ciphertext module to the terminal;
the first receiving module is configured to receive the second random number and the first ciphertext data sent by the second sending module;
the first acquisition module is used for acquiring a second symmetric key which is stored corresponding to the symmetric key ID according to a preset symmetric key ID;
the second ciphertext module is configured to obtain second ciphertext data according to the second symmetric key obtained by the first obtaining module, the first random number generated by the first generating module, and the second random number received by the first receiving module;
the third ciphertext module is configured to, when the second ciphertext data is equal to the received first ciphertext data, obtain third ciphertext data according to the second symmetric key obtained by the first obtaining module and the second random number received by the first receiving module;
the first sending module is further configured to send the third ciphertext data obtained by the third ciphertext data module to the second receiving module;
the second receiving module is further configured to receive the third ciphertext data;
the fourth ciphertext module is configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the first retrieving module and the second random number generated by the second generating module;
the first session module is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module, obtain first session data according to the first random number received by the second receiving module, the second random number generated by the second generating module, and the first symmetric key retrieved by the first retrieving module;
the first saving module is used for saving the first session data obtained by the first session module as a session key;
the second sending module is further configured to send authentication success information to the first receiving module;
the first receiving module is further configured to receive the authentication success information;
the second session module is configured to obtain second session data according to the first random number generated by the first generating module, the second random number received by the first receiving module, and the second symmetric key obtained by the first obtaining module;
the second saving module is configured to save the second session data obtained by the second session module as a session key;
the system also comprises a first connection module, a third generation module, a fourth generation module, a first analysis module, a first encryption module, a fifth generation module and a second encryption module;
the first connecting module is used for connecting with a communication device;
the third generating module is configured to generate a first private key and a first public key when the first connecting module and the communication apparatus are successfully connected;
the fourth generating module is configured to generate a key exchange request according to the first public key generated by the third generating module;
the first sending module is further configured to send the key exchange request to the second receiving module;
the second receiving module is further configured to receive the key exchange request;
the first analysis module is configured to analyze the key exchange request received by the second receiving module to obtain a first public key;
the first encryption module is used for encrypting the first public key obtained by the analysis of the first analysis module by using a preset second private key to obtain a first symmetric key;
the fifth generating module is configured to generate a symmetric key ID corresponding to the first symmetric key according to the first symmetric key obtained by the encryption by the first encrypting module, and store the symmetric key ID and the first symmetric key correspondingly;
the second sending module is further configured to send a preset second public key and the symmetric key ID generated by the fifth generating module to the first receiving module;
the first receiving module is further configured to receive the second public key and the symmetric key ID;
the second encryption module is configured to encrypt the second public key received by the second receiving module by using the first private key generated by the third generating module to obtain a second symmetric key, and correspondingly store the second symmetric key and the symmetric key ID received by the second receiving module.
33. The system according to claim 32, wherein the first ciphertext module is specifically configured to calculate the second random number generated by the second generating module and the first random number received by the second receiving module to obtain first intermediate data, and encrypt the first intermediate data using the first symmetric key retrieved by the first retrieving module to obtain first ciphertext data.
34. The system according to claim 32, wherein the second ciphertext module is specifically configured to calculate the first random number generated by the first generating module and the second random number received by the first receiving module to obtain second intermediate data, and encrypt the second intermediate data using the second symmetric key obtained by the first obtaining module to obtain second ciphertext data.
35. The system according to claim 32, wherein the third ciphertext module is specifically configured to encrypt the second random number received by the first receiving module using the second symmetric key obtained by the first obtaining module to obtain third ciphertext data.
36. The system of claim 32, further comprising a first determining module and a first error reporting module;
the first judging module is configured to judge whether the second ciphertext data is equal to the received first ciphertext data;
the third ciphertext module is specifically configured to, when the first determining module determines that the second ciphertext data is equal to the received first ciphertext data, obtain third ciphertext data according to the second symmetric key obtained by the first obtaining module and the second random number received by the first receiving module;
and the first error reporting module is configured to report an error and end when the first determining module determines that the second ciphertext data is not equal to the received first ciphertext data.
37. The system of claim 36, further comprising a second determining module and a first deleting module;
the second judging module is used for updating the first counting value; judging whether the updated first count value is larger than a first preset value or not;
the first deleting module is configured to delete the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the second determining module determines that the updated first count value is greater than a first preset value;
the first generating module is specifically configured to generate a first random number when the second determining module determines that the updated first count value is not greater than a first preset value.
38. The system of claim 32, further comprising a second retrieval module;
the first sending module is further configured to send the symmetric key ID to the communication apparatus;
the second receiving module is further configured to receive the symmetric key ID sent by the first sending module;
the second retrieving module is further configured to retrieve the first symmetric key stored corresponding to the symmetric key ID received by the second receiving module;
the fourth ciphertext module is further configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the second retrieval module and the second random number generated by the second generation module;
the first session module is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module, obtain first session data according to the first random number received by the second receiving module, the second random number generated by the second generating module, and the first symmetric key retrieved by the second retrieving module.
39. The system according to claim 32, wherein the fourth ciphertext module is specifically configured to encrypt the second random number generated by the second generating module using the first symmetric key retrieved by the first retrieving module to obtain fourth ciphertext data.
40. The system of claim 32, further comprising a third determination module and a second error reporting module;
the third determining module is configured to determine whether the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module;
the first session module is specifically configured to, when the third determining module determines that the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module, obtain first session data according to the first random number received by the second receiving module, the second random number generated by the second generating module, and the first symmetric key retrieved by the first retrieving module;
the second sending module is further configured to return an error code to the terminal when the third determining module determines that the fourth ciphertext data obtained by the fourth ciphertext module is not equal to the third ciphertext data received by the second receiving module;
the first receiving module is further configured to receive an error code;
and the second error reporting module is used for reporting errors and ending.
41. The system of claim 40, further comprising a fourth determination module and a second deletion module;
the fourth judging module is configured to update a second count value when the third judging module judges that the fourth ciphertext data obtained by the fourth ciphertext module is not equal to the third ciphertext data received by the second receiving module; judging whether the second count value after the increment is larger than a second preset value or not;
the second deleting module is configured to delete the symmetric key ID received by the second receiving module and the first symmetric key stored in correspondence with the symmetric key ID when the fourth determining module determines that the updated second count value is greater than a second preset value;
the second sending module is further configured to send a second error message to the first receiving module when the fourth determining module determines that the updated second count value is not greater than a second preset value;
the first receiving module is further configured to receive the second error information;
the first generating module is specifically configured to generate a first random number when the first receiving module receives the second error information.
42. The system of claim 32, further comprising a first MAC module and a second MAC module;
the first MAC module is configured to, when the fourth ciphertext data obtained by the fourth ciphertext module is equal to the third ciphertext data received by the second receiving module, obtain third data according to the first symmetric key retrieved by the first retrieving module and the second random number generated by the second generating module, obtain first MAC data according to the third data, and store the first MAC data as an MAC calculation key;
the second MAC module is configured to obtain fourth data according to the second symmetric key obtained by the first obtaining module and the second random number received by the first receiving module, obtain second MAC data according to the fourth data, and store the second MAC data as an MAC calculation key.
43. The system of claim 32, further comprising a fifth determining module and a third deleting module;
the fifth judging module is configured to update a first count value when the second ciphertext data obtained by the second ciphertext module is not equal to the first ciphertext data received by the first receiving module; judging whether the updated first count value is larger than a first preset value or not;
the third deleting module is configured to delete the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID when the fifth determining module determines that the updated first count value is greater than the first preset value;
the third generating module is specifically configured to generate a first private key and a first public key after the third deleting module deletes the preset symmetric key ID and the second symmetric key stored corresponding to the symmetric key ID;
the first generating module is specifically configured to generate a first random number when the fifth determining module determines that the updated first count value is not greater than the first preset value.
44. The system of claim 32, further comprising an eleventh generation module, an eleventh encryption module, an eleventh decryption module, a first detection module, a twelfth generation module, a twelfth encryption module, and a twelfth decryption module;
the eleventh generating module is configured to generate a state monitoring instruction;
the eleventh encrypting module is configured to encrypt the state detection instruction generated by the eleventh generating module by using the session key stored by the second storing module to obtain state detection data;
the first sending module is further configured to send the status detection data encrypted by the eleventh encryption module to the second receiving module;
the second receiving module is used for receiving the state detection data;
the eleventh decryption module is configured to decrypt, using the session key stored by the first storage module, the state detection data received by the second receiving module to obtain a state detection instruction;
the first detection module is used for detecting the current switching situation of the first detection module;
the twelfth generating module is configured to generate a status detection response;
the twelfth encrypting module is configured to encrypt the state detection response generated by the twelfth generating module by using the session key stored by the first storing module to obtain state detection response data;
the second sending module is further configured to send the status detection response data encrypted by the twelfth encrypting module to the first receiving module;
the first receiving module is further configured to receive the status detection response data;
the twelfth decryption module is configured to decrypt the state detection response data received by the first receiving module using the session key stored by the second storage module to obtain a state detection response.
45. The system of claim 44, further comprising an eleventh determining module, a thirteenth generating module, a thirteenth encrypting module, a thirteenth decrypting module, a first closing module, a fourteenth generating module, a fourteenth encrypting module, a fourteenth decrypting module, a fifteenth generating module, a fifteenth encrypting module, a fifteenth decrypting module, a first opening module, a sixteenth generating module, a sixteenth encrypting module, and a sixteenth decrypting module;
the eleventh judging module is configured to judge a current status of switching on and off of the communication apparatus according to the status detection response obtained by encrypting the twelfth decrypting module;
the thirteenth generating module is configured to generate a close instruction when the eleventh determining module determines that the current status of the switch of the communication device is in an open state;
the thirteenth encryption module is configured to encrypt the close instruction generated by the thirteenth generation module with the session key stored by the second storage module to obtain close data;
the first sending module further sends the closing data obtained by encrypting the closing data by the thirteenth encrypting module to the second receiving module;
the second receiving module is further configured to receive the shutdown data sent by the first sending module;
the thirteenth decryption module is configured to decrypt, using the session key stored by the first storage module, the closing data received by the second receiving module to obtain a closing instruction;
the first closing module is configured to close when the thirteenth decryption module decrypts the closing data to obtain a closing instruction;
the fourteenth generating module is configured to generate a closing success response;
the fourteenth encrypting module is configured to encrypt the closing success response generated by the fourteenth generating module by using the session key stored in the first storing module to obtain the closing success response data;
the second sending module is further configured to send the closing success response data obtained by encrypting by the fourteenth encrypting module to the first receiving module;
the first receiving module is configured to receive the closing success response data;
the fourteenth decryption module is configured to decrypt the closing success response data received by the first receiving module using the session key stored by the second storage module to obtain a closing success response, and then end;
the fifteenth generating module is configured to generate an open instruction when the eleventh determining module determines that the current status of the switch of the communication device is in an off state;
the fifteenth encryption module is configured to encrypt the open instruction generated by the fifteenth generation module by using the session key stored by the second storage module to obtain open data;
the first sending module is further configured to send the opening data encrypted by the fifteenth encryption module to the second receiving module;
the second receiving module is used for receiving the opening data;
the fifteenth decryption module is configured to decrypt, using the session key stored by the first storage module, the opening data received by the second receiving module to obtain an opening instruction;
the first opening module is configured to open when the sixteenth decryption module decrypts the opening data to obtain an opening instruction;
the sixteenth generation module is configured to generate an open success response;
the sixteenth encrypting module is configured to encrypt the opening success response generated by the sixteenth generating module by using the session key stored in the first storing module to obtain opening success response data;
the second sending module is further configured to send the opening success response data encrypted by the sixteenth encryption module to the first receiving module;
the first receiving module is further configured to receive the opening success response data;
and the sixteenth decryption module is configured to decrypt, using the session key stored by the second storage module, the opening success response data received by the first receiving module to obtain an opening success response, and then the process is finished.
46. The system of claim 45, further comprising a second detection module, a seventeenth generation module, a seventeenth encryption module, a seventeenth decryption module, and a first display module;
the second detection module is used for detecting whether the switch state of the second detection module is a closed state;
the seventeenth generation module is configured to generate a turned-off response when the second detection module detects that the switch state of the second detection module is a turned-off state;
the seventeenth encrypting module is configured to encrypt the closed response generated by the seventeenth generating module by using the session key stored by the first storing module to obtain closed response data;
the second sending module is further configured to send the closed response data encrypted by the seventeenth encryption module to the first receiving module;
the first receiving module is used for receiving the closed response data;
the seventeenth decryption module is configured to decrypt the closed response data received by the first receiving module using the session key stored by the first storage module to obtain a closed response;
the first display module is used for displaying that the communication device is closed and ending;
the first closing module is specifically configured to close when the second detection module detects that the switch state of the second detection module is not the closed state.
47. The system of claim 45, further comprising a twelfth judging module, a fourteenth generating module, an eighteenth encrypting module, an eighteenth decrypting module and a third error reporting module;
the twelfth judging module is configured to judge whether the closing is successful after the first closing module is closed;
the fourteenth generating module is specifically configured to generate a closing success response when the twelfth judging module judges that the closing is successful;
the eighteenth generation module is configured to generate an error response when the twelfth judgment module judges that the shutdown is not successful;
the eighteenth encryption module is configured to encrypt the error response generated by the eighteenth generation module by using the session key stored by the first storage module to obtain error response data;
the second sending module is configured to send the error response data obtained by encrypting by the eighteenth encrypting module to the first receiving module;
the first receiving module is configured to receive the error response data;
the eighteenth decryption module is configured to decrypt the error response data by using the session key stored in the second storage module to obtain an error response;
and the third error reporting module is used for reporting errors and ending.
48. The system of claim 45, further comprising a third detection module, a nineteenth generation module, a nineteenth encryption module, a nineteenth decryption module, and a second display module;
the third detection module is used for detecting whether the self switch state is the opened state;
the nineteenth generation module is configured to generate an opened response when the third detection module detects that the switch state of the third detection module is the opened state;
the nineteenth encryption module is configured to encrypt the opened response with the session key stored in the first storage module to obtain opened response data;
the second sending module is further configured to send the opened response data obtained by encrypting by the nineteenth encrypting module to the first receiving module;
the first receiving module is used for receiving the opened response data;
the nineteenth decryption module is configured to decrypt the opened response data using the session key stored by the second storage module to obtain an opened response;
the second display module is used for displaying that the communication device is opened and then is finished;
the first opening module is specifically configured to open when the third detection module detects that the switch state of the third detection module is not already open.
49. The system of claim 45, further comprising a thirteenth determining module, a twentieth generating module, a twentieth encrypting module, a twentieth decrypting module, and a fourth error reporting module;
the thirteenth judging module is configured to judge whether the first opening module is opened successfully or not after the first opening module is opened;
the sixteenth generation module is specifically configured to generate an opening success response when the thirteenth determination module determines that the opening is successful;
the twentieth generation module is configured to generate an error response when the thirteenth determination module determines that the opening is not successful;
the twentieth encryption module is configured to encrypt an error response using the session key stored in the first storage module to obtain error response data;
the second sending module is further configured to send the error response data obtained by encrypting by the twentieth encrypting module to the first receiving module;
the first receiving module is configured to receive the error response data;
the twentieth decryption module is configured to decrypt the error response data received by the first receiving module using the session key stored by the second storage module to obtain an error response;
and the fourth error reporting module is used for reporting an error and ending.
50. The system of claim 45, further comprising a fourteenth determination module, a first prompt module, and a third error reporting module;
the first receiving module is further used for receiving a first instruction input by a user;
the first prompting module is used for prompting a user to input fingerprint information when the first receiving module receives the first instruction;
the first receiving module is further used for receiving input fingerprint information;
the fourteenth judging module is configured to judge whether the fingerprint information received by the first receiving module and input by the user is the same as preset fingerprint information;
the first generating module is specifically configured to generate a state monitoring instruction when it is determined that the fingerprint information received by the first receiving module and input by the user is the same as the preset fingerprint information;
and the third error reporting module is used for reporting an error when the fingerprint information input by the user and received by the first receiving module is judged to be different from the preset fingerprint information, and ending.
51. A communication device is used for interactive communication between an intelligent door lock and a terminal and comprises a fifty-second receiving module, a fifty-first retrieving module, a fifty-first generating module, a fifty-first ciphertext module, a fifty-second sending module, a fifty-fourth ciphertext module, a fifty-first session module and a fifty-second saving module;
the fifty-second receiving module is configured to receive a symmetric key ID and a first random number sent by the terminal;
the fifty-first retrieving module is configured to retrieve, according to the symmetric key ID received by the fifty-second receiving module, a first symmetric key stored in correspondence with the symmetric key ID;
the fifth and eleventh generating module is configured to generate a second random number;
the fifty-first ciphertext module is configured to obtain first ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module, the second random number generated by the fifty-first generating module, and the first random number received by the fifty-second receiving module;
the fifty-second sending module is configured to send the second random number generated by the fifty-first generating module and the first ciphertext data obtained by the fifty-first ciphertext module to the terminal;
the fifty-second receiving module is further configured to receive third ciphertext data sent by the terminal;
the fifty-fourth ciphertext module is configured to obtain fourth ciphertext data according to the first symmetric key retrieved by the fifty-first retrieving module and the second random number generated by the fifty-fourth generating module;
the fifty-first session module is configured to, when the fourth ciphertext data obtained by the fifty-fourth ciphertext module is equal to the third ciphertext data received by the fifty-second receiving module, obtain first session data according to the first random number received by the fifty-second receiving module, the second random number generated by the fifty-first generating module, and the first symmetric key retrieved by the fifty-first retrieving module;
the fifty-first storage module is configured to store the first session data obtained by the fifty-first session module as a session key;
the fifty-second sending module is further configured to send an authentication success message to the terminal;
the communication device further comprises a fifty-second receiving module, a fifty-first parsing module, a fifty-first encrypting module and a fifty-fifth generating module;
the fifty-second receiving module is further configured to receive a key exchange request sent by the terminal;
the fifty-first parsing module is configured to parse the key exchange request received by the fifty-second receiving module to obtain a first public key;
the fifty-first encryption module is configured to encrypt the first public key obtained by analysis by the fifty-first analysis module by using a preset second private key to obtain a first symmetric key;
the fifty-fifth generating module is configured to generate a symmetric key ID corresponding to the first symmetric key according to the first symmetric key obtained by the fifty-first encrypting module, and store the symmetric key ID and the first symmetric key correspondingly;
the fifty-second sending module is further configured to send a preset second public key and the symmetric key ID generated by the fifty-fifth generating module to the terminal.
52. The communications device as claimed in claim 51, wherein the fifty-first cryptogram module is specifically configured to calculate the second random number generated by the fifty-first generation module and the first random number received by the fifty-second reception module to obtain first intermediate data, and encrypt the first intermediate data using the first symmetric key retrieved by the fifty-first retrieval module to obtain first cryptogram data.
53. The communications apparatus as claimed in claim 51, wherein the fifty-fourth ciphertext module is specifically configured to encrypt the second random number generated by the fifty-first generating module using the first symmetric key retrieved by the fifty-first retrieving module to obtain fourth ciphertext data.
54. The communications apparatus of claim 51, further comprising a fifty-third determination module;
the fifty-third determining module is configured to determine whether the fourth ciphertext data obtained by the fifty-fourth ciphertext module is equal to the third ciphertext data received by the fifty-second receiving module;
the fifty-third determining module is specifically configured to, when the fifty-third determining module determines that the fourth ciphertext data obtained by the fifty-fourth ciphertext module is equal to the third ciphertext data received by the fifty-second receiving module, obtain first session data according to the first random number received by the fifty-second receiving module, the second random number generated by the fifty-first generating module, and the first symmetric key retrieved by the fifty-first retrieving module;
the fifty-second sending module is further configured to return an error code to the terminal when the fifty-third determining module determines that the fourth ciphertext data obtained by the fifty-fourth ciphertext module is not equal to the third ciphertext data received by the fifty-second receiving module.
55. The communications apparatus of claim 54, further comprising a fifty-fourth determination module and a fifty-second deletion module;
the fifty-fourth judging module is configured to update a second count value when the fifty-third judging module judges that the fourth ciphertext data obtained by the fifty-fourth ciphertext module is not equal to the third ciphertext data received by the fifty-second receiving module; judging whether the second count value after the increment is larger than a second preset value or not;
the fifty-second deleting module is configured to delete the symmetric key ID received by the fifty-second receiving module and the first symmetric key stored in correspondence with the symmetric key ID when the fifty-fourth determining module determines that the updated second count value is greater than a second preset value;
the fifty-second sending module is further configured to send a second error message to the terminal when the fifty-fourth determining module determines that the updated second count value is not greater than a second preset value.
56. The communications apparatus of claim 51, further comprising a fifty-one MAC module;
the fifty-first MAC module is configured to, when the fourth ciphertext data obtained by the fifty-fourth ciphertext module is equal to the third ciphertext data received by the fifty-second receiving module, obtain third data according to the first symmetric key retrieved by the fifty-first retrieving module and the second random number generated by the fifty-second generating module, obtain first MAC data according to the third data, and store the first MAC data as a MAC calculation key.
57. The communications apparatus of claim 51, further comprising a fifty-first decryption module, a fifty-first detection module, a fifty-second generation module, and a fifty-second encryption module;
the fifty-second receiving module is further configured to receive status detection data sent by the terminal;
the fifty-first decryption module is configured to decrypt, by using the session key stored by the fifty-second storage module, the state detection data received by the fifty-second receiving module to obtain a state detection instruction;
the fifty-first detection module is used for detecting the current switching status of the detection module;
the fifty-second generation module is configured to generate a status detection response;
the fifty-second encryption module is configured to encrypt the status detection response generated by the fifty-second generation module by using the session key stored by the fifty-second storage module to obtain status detection response data;
the fifty-second sending module is further configured to send the status detection response data encrypted by the fifty-second encrypting module to the terminal.
58. The communications apparatus of claim 57, further comprising a fifty-third decryption module, a fifty-first shutdown module, a fifty-fourth generation module, a fifty-fourth encryption module, a fifty-fifth decryption module, a fifty-eleventh open module, a fifty-sixth generation module, and a fifty-sixth encryption module;
the fifty-second receiving module is further configured to receive closing data sent by the terminal;
the fifty-third decryption module is configured to decrypt, using the session key stored by the fifty-third storage module, the shutdown data received by the fifty-second receiving module to obtain a shutdown instruction;
the fifty-first closing module is configured to close when the fifty-third decryption module decrypts the closing data to obtain a closing instruction;
the fifty-fourth generation module is configured to generate a shutdown success response;
the fifty-fourth encrypting module is configured to encrypt the close success response generated by the fifty-fourth generating module by using the session key stored by the fifty-fourth storing module to obtain close success response data;
the fifty-second sending module is further configured to send the closing success response data encrypted by the fifty-fourth encrypting module to the terminal;
the fifty-second receiving module is further configured to receive opening data sent by the terminal;
the fifty-fifth decryption module is configured to decrypt the opening data received by the fifty-second receiving module by using the session key stored by the fifty-fifth storage module to obtain an opening instruction;
the fifty-fifth decryption module is configured to decrypt the opening data to obtain an opening instruction, and then open the electronic device;
the fifty-sixth generation module is configured to generate an open success response;
the fifty-sixth encrypting module is configured to encrypt the opening success response generated by the fifty-sixth generating module by using the session key stored by the fifty-sixth storing module to obtain opening success response data;
the fifty-second sending module is further configured to send the opening success response data encrypted by the fifty-sixth encrypting module to the terminal.
59. The communications apparatus of claim 58, further comprising a fifty-second detection module, a fifty-seventh generation module, and a fifty-seventh encryption module;
the fifty-second detection module is used for detecting whether the switch state of the detection module is the closed state;
the fifty-seventh generating module is configured to generate a turned-off response when the fifty-second detecting module detects that the self-switch state is the turned-off state;
the fifty-seventh encrypting module is configured to encrypt the closed response generated by the fifty-seventh generating module by using the session key saved by the fifty-seventh saving module to obtain closed response data;
the fifty-second sending module is further configured to send the closed response data encrypted by the fifty-seventh encrypting module to the terminal.
60. The communications apparatus of claim 58, further comprising a fifth twelfth determination module, a fifty-eighth generation module, and a fifty-eighth encryption module;
the fifty-second judging module is configured to judge whether the closing is successful after the fifty-first closing module is closed;
the fifty-fourth generating module is specifically configured to generate a closing success response when the fifty-second determining module determines that the closing is successful;
the fifty-eighth generating module is configured to generate an error response when the fifty-second determining module determines that the closing is not successful;
the fifty-eighth encrypting module is configured to encrypt the error response generated by the fifty-eighth generating module by using the session key stored by the fifty-eighth storing module to obtain error response data;
the fifty-second sending module is further configured to send the error response data encrypted by the fifty-eighth encrypting module to the terminal.
61. The communications apparatus of claim 58, further comprising a fifty-third detection module, a fifty-ninth generation module, and a fifty-ninth encryption module;
the fifty-third detection module is used for detecting whether the self switch state is the opened state;
the fifty-ninth generating module is used for generating an opened response when the fifty-third detecting module detects that the self switch state is the opened state;
the fifty-ninth encrypting module is configured to encrypt the opened response generated by the fifty-ninth generating module by using the session key saved by the fifty-ninth saving module to obtain opened response data;
the fifty-second sending module is further configured to send the opened response data encrypted by the fifty-ninth encrypting module to the communication apparatus.
62. The communications apparatus of claim 58, further comprising a fifty-third determination module, a sixty generation module, a sixty encryption module, and a fourth error reporting module;
the fifty-third judging module is used for judging whether the opening is successful or not after the fifty-third opening module is opened;
the fifty-sixth generating module is specifically configured to generate an opening success response when the fifty-third determining module determines that the opening is successful;
the sixteenth generation module is configured to generate an error response when the fifty-third judgment module judges that the opening is not successful;
the sixteenth encrypting module is configured to encrypt an error response by using the session key stored in the fifty-first storing module to obtain error response data;
the fifty-second sending module is further configured to send the error response data encrypted by the sixteenth encrypting module to the communication apparatus.
CN201811639737.2A 2018-12-29 2018-12-29 Communication device and method and system for negotiating key with terminal Active CN109586906B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811639737.2A CN109586906B (en) 2018-12-29 2018-12-29 Communication device and method and system for negotiating key with terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811639737.2A CN109586906B (en) 2018-12-29 2018-12-29 Communication device and method and system for negotiating key with terminal

Publications (2)

Publication Number Publication Date
CN109586906A CN109586906A (en) 2019-04-05
CN109586906B true CN109586906B (en) 2021-07-20

Family

ID=65933629

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811639737.2A Active CN109586906B (en) 2018-12-29 2018-12-29 Communication device and method and system for negotiating key with terminal

Country Status (1)

Country Link
CN (1) CN109586906B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112118223B (en) * 2020-08-11 2023-06-20 北京智芯微电子科技有限公司 Authentication method of master station and terminal, master station, terminal and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103347080A (en) * 2013-07-09 2013-10-09 安徽海聚信息科技有限责任公司 Method for controlling Cloud intelligent lock, corresponding device and system
KR101452124B1 (en) * 2013-08-01 2014-10-16 덕성여자대학교 산학협력단 Method for Device Authentication and Session Key Generation Based on Encryption in Internet of Things
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN108475317A (en) * 2015-12-14 2018-08-31 阿费罗有限公司 System and method for protecting Internet of Things (IoT) device preset
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10263775B2 (en) * 2017-06-23 2019-04-16 Microsoft Technology Licensing, Llc Policy-based key recovery

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103347080A (en) * 2013-07-09 2013-10-09 安徽海聚信息科技有限责任公司 Method for controlling Cloud intelligent lock, corresponding device and system
KR101452124B1 (en) * 2013-08-01 2014-10-16 덕성여자대학교 산학협력단 Method for Device Authentication and Session Key Generation Based on Encryption in Internet of Things
CN108475317A (en) * 2015-12-14 2018-08-31 阿费罗有限公司 System and method for protecting Internet of Things (IoT) device preset
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Also Published As

Publication number Publication date
CN109586906A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
US11335144B2 (en) Method for unlocking intelligent lock, mobile terminal, intelligent lock and server
US7284127B2 (en) Secure communications
CN105303651A (en) Bluetooth based two-way communication automatic locking system and method
US20070257813A1 (en) Secure network bootstrap of devices in an automatic meter reading network
CN108173822A (en) Intelligent door lock management-control method, intelligent door lock and computer readable storage medium
US7702910B2 (en) Message authentication
US20120019355A1 (en) Protective-control measuring system and device and data transmission method
EP1875657A1 (en) Method and apparatus for checking proximity between devices using hash chain
EP3832980A1 (en) Method for data transmission, battery management system, and storage medium
CN109635610A (en) The read-write system and method for RFID tag data
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN111740846B (en) Method and system for realizing smart card information reading of mobile terminal
CN106572098B (en) Two-dimensional code type virtual key method
CN103929308B (en) Information Authentication method applied to rfid card
CN109002875A (en) Two dimensional code encryption method, two dimensional code Transmission system and storage medium
CN205788363U (en) A kind of multiple authentication Gate-ban Monitoring System of Home House
CN109586906B (en) Communication device and method and system for negotiating key with terminal
CN110190950B (en) Method and device for realizing security signature
CN109922022A (en) Internet of Things communication means, platform, terminal and system
US20230353364A1 (en) Electronic device and method for protecting seed data packet thereof
CN113518071B (en) Robot sensor information security enhancing device and method
CN109451504A (en) Internet of Things mould group method for authenticating and system
WO2019218328A1 (en) Smart door lock wireless communication method, smart door lock, gateway, and communication device
CN101588578B (en) Attack test method and device
CN110610360B (en) Hardware wallet binding authorization method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant