CN111343634A - Safe connection method and data transmission method between low-power-consumption Bluetooth devices - Google Patents
Safe connection method and data transmission method between low-power-consumption Bluetooth devices Download PDFInfo
- Publication number
- CN111343634A CN111343634A CN202010147139.4A CN202010147139A CN111343634A CN 111343634 A CN111343634 A CN 111343634A CN 202010147139 A CN202010147139 A CN 202010147139A CN 111343634 A CN111343634 A CN 111343634A
- Authority
- CN
- China
- Prior art keywords
- broadcast
- connection
- data
- broadcasting
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a safe connection method between low-power-consumption Bluetooth devices, which comprises the following steps: the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts the password and the one-time safe connection secret key to the outside after the basic setting of the broadcasting is completed; scanning the broadcast signal and reading the broadcast content by the scanning equipment, taking out the dynamic authentication password, and restoring the equipment model, the random mask code and the authentication code by specifying an encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. The invention also discloses a data transmission method based on the safe connection method between the low-power-consumption Bluetooth devices. The invention can solve the problems of poor interactive experience of the connection authentication user between the existing Bluetooth devices and easy decryption and tampering of the transmission data.
Description
Technical Field
The invention relates to the field of Bluetooth connection and transmission safety among devices, in particular to a safe connection method and a data transmission method among low-power-consumption Bluetooth devices.
Background
Bluetooth communication has the advantages of wide coverage range, high signal strength, high transmission rate and the like, but communication signals of the Bluetooth communication also have the risks of being monitored and data being stolen and the like, so that the Bluetooth communication is difficult to be applied to financial offline scenes (payment, transfer, account checking and the like) with extremely high safety requirements. With the continuous improvement and update of the Bluetooth protocol, the authentication pairing and encryption and decryption mode of the Bluetooth protocol improves the safety of communication connection and data transmission to a certain extent, and prevents data tampering and man-in-the-middle attack. However, the authentication mode requires that the device to be connected pops up the pairing request, and the user needs to confirm the secret key and start the encrypted connection in a visual comparison or digital password input mode, so that the interaction experience is poor.
Disclosure of Invention
The invention aims to provide a safe connection method and a data transmission method between low-power-consumption Bluetooth devices, and solves the problems that the existing connection authentication between the Bluetooth devices is poor in user interaction experience and transmission data is easy to decrypt and tamper.
The technical scheme for realizing the purpose is as follows:
a method for secure connection between low-power Bluetooth devices includes:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts to the outside after completing basic setting of broadcasting;
step S2, scanning the broadcast signal and reading the broadcast content, taking out the dynamic authentication password, restoring the device model, random mask code and authentication code through the appointed encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment.
Preferably, the step S1 includes:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted, and generates a one-time safe connection secret key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast, and starts the countdown according to the broadcast time length;
step S13, when the broadcast time exceeds the broadcast time, the broadcast refreshes the frequency, and there is no equipment connection, then the current broadcast is ended, the broadcast content is refreshed, and the broadcast is restarted.
Preferably, the valid timestamp is generated according to the system time and the key valid time interval constraint;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm; the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the one-time safe connection secret key is as follows: generating a secret key according to the model, the effective timestamp, the random mask and the data to be transmitted by a specified encryption and decryption algorithm;
the dynamic authentication password is: the combination of the model of the machine, the random mask code and the verification code;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
Preferably, the step S2 includes:
step S21, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, and restoring the device model, the random mask code and the authentication code by the appointed encryption and decryption algorithm;
step S22, the scanning device judges the safe connection distance according to the model of the two devices and the real-time signal strength RSSI;
step S23, the scanning device calls the appointed encryption and decryption algorithm, generates a one-time safe connection secret key according to the received broadcast content, and verifies the dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Preferably, the method is characterized by comprising the following steps:
step S3, the scanning device generates a random seed to be encrypted and then informs the broadcasting device, the broadcasting device receives the random seed to be verified and decrypted, and the two parties use the random seed to generate a communication secret key by calling a specified encryption and decryption algorithm;
step S4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication secret key;
step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key.
Preferably, the step S3 includes:
step S31, the scanning device generates a random seed;
step S32, the scanning device uses the one-time safe connection secret key and the appointed encryption and decryption algorithm to encrypt the random seed and inform the broadcast device;
step S33, the broadcasting equipment receives the random seed, and the random seed is obtained and checked by using the one-time safe connection secret key and the appointed encryption and decryption algorithm;
step S34, the two devices use the same random seed and combine with the specified encryption and decryption algorithm to generate the communication key.
Preferably, the step S4 includes:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
Preferably, the dynamic characteristic universal unique identification code is converted into 32-bit characters according to a 16-system, the characters are divided into a plurality of groups of check domains, and check domain codes are determined by actual service scenes and data to be transmitted.
Preferably, the check domain is composed of the appointed part byte information according to any sequence, including but not limited to merchant information, transmission content, identity password, setting information and collection information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check domain is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
Preferably, the step S5 includes:
step S51, the scanning device receives the encrypted data packet, and restores the data content by using the communication secret key and the appointed encryption and decryption algorithm;
step S52, the scanning device verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
The invention has the beneficial effects that: the invention defines the authentication and safe connection standard between devices from the configuration and application level of GATT (generic attribute protocol) and GAP (generic access protocol), enhances the user experience and the connection safety, and ensures the confidentiality of the transmission data, and prevents falsification and man-in-the-middle attack by combining an algorithm library and other safe secret mechanisms based on the Bluetooth characteristic and the time algorithm.
Drawings
FIG. 1 is a flow chart of a method for secure connection and data transmission between Bluetooth low energy devices according to the present invention;
FIG. 2 is a flowchart illustrating steps S1-S3 of the present invention;
FIG. 3 is a flowchart illustrating steps S4-S5 according to the present invention.
Detailed Description
The invention will be further explained with reference to the drawings.
Referring to fig. 1, the method for secure connection between bluetooth low energy devices of the present invention includes the following steps:
step S1, the broadcasting device generates a dynamic authentication password and a one-time secure connection key, and broadcasts the password and the one-time secure connection key to the outside after the basic setting of the broadcast is completed. Specifically, as shown in fig. 2, step S1 includes:
step S11, the broadcast device (otherwise called server, peripheral device) generates a one-time secure Connection Key (Connection Secret Key) and a dynamic Authentication password (Authentication Code) by using a specified encryption/decryption algorithm (built-in encryption/decryption and hash algorithm) according to the local model, the valid timestamp, the random mask, the data to be transmitted, and the like.
The valid timestamp is generated according to the restriction of the system time and the valid time of the secret key, is the valid time of the one-time safe connection secret key, and the broadcast, the scan and the related safety mechanisms need to be reset after the valid time is exceeded. The random mask is a random combination of 4-bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm. The data to be transmitted includes, but is not limited to, a signature such as complete transmission content or a designated string segment before and after encryption, or a hash value thereof. The one-time secure Connection Key (Connection Secret Key) is: the method comprises the steps of generating a secret key by the type of the computer, an effective timestamp, a random mask and data to be transmitted according to a specified encryption and decryption algorithm. The dynamic authentication password is: the combination of the local model, the verification code and the random mask.
And step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast and starts the countdown according to the broadcast time length. The basic broadcast settings include, but are not limited to, broadcast frequency, power consumption level, etc. Broadcast content includes, but is not limited to, broadcast basic settings, dynamic authentication passwords, service numbers, service content, and the like. The broadcast time is the single broadcast refresh frequency built in the system, and in principle, the broadcast time is less than the valid time of the secret key.
Step S13, when the broadcast time exceeds the broadcast duration, i.e. the broadcast refresh frequency, and no device is connected, ending the current broadcast, refreshing the broadcast content, and resuming the broadcast.
Step S2, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, the appointed encryption and decryption algorithm, and restoring the device model, the random mask code and the authentication code; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. Specifically, as shown in fig. 2, step S2 includes:
step S21, the scanning device (otherwise called client, central device) scans the signal and reads the broadcast content, and takes out the dynamic authentication password, and restores the device model, the random mask, and the authentication code.
Step S22, the scanning device performs a safety connection distance verification according to the model of both devices and the real-time signal strength rssi (received signal strength indication). Reference is made to the technical contents of the prior patent ZL201810646308.1, and the details are not repeated.
The built-in signal intensity threshold value table defines real-time signal intensity threshold values which are allowed to be connected among different types of equipment when the safety distance among most of the mainstream mobile equipment is fixed (for example, the safety distance is less than or equal to 5 cm), wherein the scanning equipment calls the built-in signal intensity threshold value table to carry out safety distance verification according to the type of the received broadcasting equipment and the type of the scanning equipment, carries out subsequent operation when the specified threshold value is reached, and continues scanning when the specified threshold value is not reached.
In step S23, the scanning device generates a one-time secure connection key according to the received broadcast content by using a specified encryption/decryption algorithm, and verifies the dynamic authentication password. If the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, the broadcast signal is ignored and scanning is restarted.
And step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Referring to fig. 1, the data transmission method based on the secure connection method between bluetooth low energy devices of the present invention includes the following steps:
step S3, the scanning device generates a random seed to encrypt and notify the broadcasting device, the broadcasting device receives the random seed to verify and decrypt, and the two parties use the random seed to generate a communication key through a specified encryption and decryption algorithm. Specifically, as shown in fig. 2, step S3 includes:
in step S31, the scanning device generates a random seed. The random seed is an 8 to 128 bit random string generated according to a built-in algorithm.
In step S32, the scanning device encrypts the random seed (when an asymmetric algorithm is selected, the encrypted content needs to be signed) by using the one-time secure connection key and the specified encryption/decryption algorithm, and informs the broadcasting device.
Step S33, the broadcasting device receives the random seed, completes decryption (when an asymmetric algorithm is selected, signature verification needs to be completed first) by using the one-time secure connection key and the specified encryption/decryption algorithm, and obtains the random seed.
In step S34, the broadcasting device and the scanning device generate a communication key by using the random seed and the specified encryption/decryption algorithm.
In step S4, the broadcasting device generates a dynamic Characteristic universal unique identifier (charateristicic UUID), and encrypts and transmits data to be transmitted using a communication key. As shown in fig. 3, step S4 includes:
in step S41, the broadcaster generates a dynamic feature universal unique identifier (charateristic UUID).
The Bluetooth technical alliance defines a Universal Unique Identifier (UUID) as a 128-bit numerical value, but does not define the assignment specification of a Characteristic (charasteristic) in the financial or payment field. Electronic payment is used as an example for convenience of description below, and may include but is not limited to merchant information, transmission content, identity passwords, setup information, payment information, and the like. The check field can be composed of the appointed part of byte information according to any sequence:
the merchant information check field includes, but is not limited to, information such as a merchant name, a merchant number, a cash register address, and the like, or a hash value thereof. The transmission content check field includes, but is not limited to, signatures or hash values such as complete content or specified character string segments before and after encryption. The identity password check field is a designated character string segment in the dynamic identity authentication password. The setting information check field includes, but is not limited to, software parameters, communication parameters, hardware parameters, and the like. The collection information includes, but is not limited to, the amount of collection, collection information, order number, and the like, or a hash value.
In step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
Step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key. As shown in fig. 3, step S5 includes:
in step S51, the scanning device receives the encrypted data packet, and restores the data content using the communication key and the specified encryption/decryption algorithm.
And step S52, the scanning device verifies the corresponding check domain in the received Universal Unique Identifier (UUID) of the dynamic characteristics according to the restored data content.
After the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
In conclusion, the invention is not only applicable to traditional financial transaction scenarios including but not limited to transfer accounts, electronic payments, ATM user authorized login and the like, but also applicable to innovative financial fields such as digital currency payment settlement and the like and other application fields with higher security requirements. Broadcast information domains and universal unique identification codes of the Bluetooth connecting equipment are verified through a dynamic example and an algorithm library, malicious access or counterfeit equipment is prevented, and connection safety is ensured. Meanwhile, encryption and decryption signature verification is carried out on the transmission data by using the combination of encryption modes such as a symmetric algorithm, an asymmetric algorithm, a Hash algorithm and the like, so that the transmission data safety is guaranteed, and the user experience is optimized.
The above embodiments are provided only for illustrating the present invention and not for limiting the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, and therefore all equivalent technical solutions should also fall within the scope of the present invention, and should be defined by the claims.
Claims (10)
1. A method for secure connection between Bluetooth low energy devices, comprising:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts to the outside after completing basic setting of broadcasting;
step S2, scanning the broadcast signal and reading the broadcast content, taking out the dynamic authentication password, restoring the device model, random mask code and authentication code through the appointed encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment.
2. The method of claim 1, wherein the step S1 includes:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted, and generates a one-time safe connection secret key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast, and starts the countdown according to the broadcast time length;
step S13, when the broadcast time exceeds the broadcast time, the broadcast refreshes the frequency, and there is no equipment connection, then the current broadcast is ended, the broadcast content is refreshed, and the broadcast is restarted.
3. The method of claim 2, wherein the valid timestamp is generated according to system time and key valid time interval constraints;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm; the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the one-time safe connection secret key is as follows: generating a secret key according to the model, the effective timestamp, the random mask and the data to be transmitted by a specified encryption and decryption algorithm;
the dynamic authentication password is: the combination of the model of the machine, the random mask code and the verification code;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
4. The method of claim 1, wherein the step S2 includes:
step S21, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, and restoring the device model, the random mask code and the authentication code by the appointed encryption and decryption algorithm;
step S22, the scanning device judges the safe connection distance according to the model of the two devices and the real-time signal strength RSSI;
step S23, the scanning device calls the appointed encryption and decryption algorithm, generates a one-time safe connection secret key according to the received broadcast content, and verifies the dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
5. A data transmission method based on the secure connection method between bluetooth low energy devices of claim 1, comprising:
step S3, the scanning device generates a random seed to be encrypted and then informs the broadcasting device, the broadcasting device receives the random seed to be verified and decrypted, and the two parties use the random seed to generate a communication secret key by calling a specified encryption and decryption algorithm;
step S4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication secret key;
step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key.
6. The data transmission method according to claim 5, wherein the step S3 includes:
step S31, the scanning device generates a random seed;
step S32, the scanning device uses the one-time safe connection secret key and the appointed encryption and decryption algorithm to encrypt the random seed and inform the broadcast device;
step S33, the broadcasting equipment receives the random seed, and the random seed is obtained and checked by using the one-time safe connection secret key and the appointed encryption and decryption algorithm;
step S34, the two devices use the same random seed and combine with the specified encryption and decryption algorithm to generate the communication key.
7. The data transmission method according to claim 5, wherein the step S4 includes:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
8. The data transmission method according to claim 7, wherein the dynamic characteristic universal unique identification code is converted into 32-bit characters according to a 16-system, and is divided into a plurality of groups of check fields, and check field coding is determined by an actual service scene and data to be transmitted.
9. The data transmission method according to claim 8, wherein the check field is composed of the byte information of the designated part in any order, including but not limited to merchant information, transmission content, identity password, setting information, and payment information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check domain is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
10. The data transmission method according to claim 5, wherein the step S5 includes:
step S51, the scanning device receives the encrypted data packet, and restores the data content by using the communication secret key and the appointed encryption and decryption algorithm;
step S52, the scanning device verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010147139.4A CN111343634B (en) | 2020-03-05 | 2020-03-05 | Safe connection method and data transmission method between low-power-consumption Bluetooth devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010147139.4A CN111343634B (en) | 2020-03-05 | 2020-03-05 | Safe connection method and data transmission method between low-power-consumption Bluetooth devices |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111343634A true CN111343634A (en) | 2020-06-26 |
CN111343634B CN111343634B (en) | 2023-01-03 |
Family
ID=71185894
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010147139.4A Active CN111343634B (en) | 2020-03-05 | 2020-03-05 | Safe connection method and data transmission method between low-power-consumption Bluetooth devices |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111343634B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111935684A (en) * | 2020-07-17 | 2020-11-13 | 深圳一卡通新技术有限公司 | Bluetooth payment system and method |
CN112788600A (en) * | 2020-12-31 | 2021-05-11 | 中国人民银行数字货币研究所 | Method and device for realizing authentication and safe connection between Bluetooth devices |
CN113766482A (en) * | 2021-09-15 | 2021-12-07 | 荣耀终端有限公司 | Method for searching Bluetooth device, electronic device and storage medium |
WO2022032535A1 (en) * | 2020-08-12 | 2022-02-17 | Oppo广东移动通信有限公司 | Methods and devices for device discovery |
CN114286290A (en) * | 2021-12-08 | 2022-04-05 | 广州安凯微电子股份有限公司 | BLE broadcast sending and receiving method, device and system |
CN114339591A (en) * | 2021-12-09 | 2022-04-12 | 青岛海信移动通信技术股份有限公司 | Method for positioning based on ultra-wideband chip and related device |
CN114423004A (en) * | 2021-12-24 | 2022-04-29 | 深圳市丰鑫科技服务有限公司 | Method for realizing virtual connection and safe transmission between Bluetooth devices based on data link |
CN114980119A (en) * | 2020-12-02 | 2022-08-30 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for connecting equipment |
WO2023103425A1 (en) * | 2021-12-10 | 2023-06-15 | 青岛海尔科技有限公司 | Communicative connection method, system, and apparatus, storage medium, and processor |
CN116614806A (en) * | 2023-07-18 | 2023-08-18 | 荣耀终端有限公司 | Bluetooth pairing method and device, electronic equipment and storage medium |
CN117579392A (en) * | 2024-01-16 | 2024-02-20 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160100311A1 (en) * | 2014-10-06 | 2016-04-07 | Derek D. Kumar | Secure broadcast beacon communications |
CN105631987A (en) * | 2015-02-12 | 2016-06-01 | 北京神器科技有限公司 | Bluetooth access control unlocking method, device and system |
CN107833046A (en) * | 2017-11-28 | 2018-03-23 | 恒宝股份有限公司 | A kind of method of mobile payment and its checkout terminal |
CN107947931A (en) * | 2017-12-29 | 2018-04-20 | 北京海泰方圆科技股份有限公司 | A kind of method and system of key agreement, bluetooth equipment |
CN108737971A (en) * | 2018-05-11 | 2018-11-02 | 深圳市文鼎创数据科技有限公司 | Identity identifying method, equipment and storage medium |
CN109639435A (en) * | 2018-12-26 | 2019-04-16 | 江苏恒宝智能系统技术有限公司 | It is a kind of based on terminal card to the authentication method and system of APP |
-
2020
- 2020-03-05 CN CN202010147139.4A patent/CN111343634B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160100311A1 (en) * | 2014-10-06 | 2016-04-07 | Derek D. Kumar | Secure broadcast beacon communications |
CN105631987A (en) * | 2015-02-12 | 2016-06-01 | 北京神器科技有限公司 | Bluetooth access control unlocking method, device and system |
CN107833046A (en) * | 2017-11-28 | 2018-03-23 | 恒宝股份有限公司 | A kind of method of mobile payment and its checkout terminal |
CN107947931A (en) * | 2017-12-29 | 2018-04-20 | 北京海泰方圆科技股份有限公司 | A kind of method and system of key agreement, bluetooth equipment |
CN108737971A (en) * | 2018-05-11 | 2018-11-02 | 深圳市文鼎创数据科技有限公司 | Identity identifying method, equipment and storage medium |
CN109639435A (en) * | 2018-12-26 | 2019-04-16 | 江苏恒宝智能系统技术有限公司 | It is a kind of based on terminal card to the authentication method and system of APP |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111935684A (en) * | 2020-07-17 | 2020-11-13 | 深圳一卡通新技术有限公司 | Bluetooth payment system and method |
WO2022032535A1 (en) * | 2020-08-12 | 2022-02-17 | Oppo广东移动通信有限公司 | Methods and devices for device discovery |
CN114980119A (en) * | 2020-12-02 | 2022-08-30 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for connecting equipment |
CN114980119B (en) * | 2020-12-02 | 2024-06-11 | 支付宝(杭州)信息技术有限公司 | Method, device and equipment for connecting equipment |
CN112788600A (en) * | 2020-12-31 | 2021-05-11 | 中国人民银行数字货币研究所 | Method and device for realizing authentication and safe connection between Bluetooth devices |
CN113766482A (en) * | 2021-09-15 | 2021-12-07 | 荣耀终端有限公司 | Method for searching Bluetooth device, electronic device and storage medium |
CN114286290B (en) * | 2021-12-08 | 2023-03-14 | 广州安凯微电子股份有限公司 | BLE broadcast sending and receiving method, device and system |
CN114286290A (en) * | 2021-12-08 | 2022-04-05 | 广州安凯微电子股份有限公司 | BLE broadcast sending and receiving method, device and system |
CN114339591A (en) * | 2021-12-09 | 2022-04-12 | 青岛海信移动通信技术股份有限公司 | Method for positioning based on ultra-wideband chip and related device |
CN114339591B (en) * | 2021-12-09 | 2024-03-08 | 青岛海信移动通信技术有限公司 | Method and related device for positioning based on ultra-wideband chip |
WO2023103425A1 (en) * | 2021-12-10 | 2023-06-15 | 青岛海尔科技有限公司 | Communicative connection method, system, and apparatus, storage medium, and processor |
CN114423004A (en) * | 2021-12-24 | 2022-04-29 | 深圳市丰鑫科技服务有限公司 | Method for realizing virtual connection and safe transmission between Bluetooth devices based on data link |
CN114423004B (en) * | 2021-12-24 | 2024-03-19 | 深圳市丰鑫科技服务有限公司 | Method for realizing virtual connection and safe transmission between Bluetooth devices based on data chain |
CN116614806A (en) * | 2023-07-18 | 2023-08-18 | 荣耀终端有限公司 | Bluetooth pairing method and device, electronic equipment and storage medium |
CN116614806B (en) * | 2023-07-18 | 2023-10-20 | 荣耀终端有限公司 | Bluetooth pairing method and device, electronic equipment and storage medium |
CN117579392A (en) * | 2024-01-16 | 2024-02-20 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
CN117579392B (en) * | 2024-01-16 | 2024-04-16 | 北京富通亚讯网络信息技术有限公司 | Reliable data transmission method, device, equipment and medium based on encryption processing |
Also Published As
Publication number | Publication date |
---|---|
CN111343634B (en) | 2023-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111343634B (en) | Safe connection method and data transmission method between low-power-consumption Bluetooth devices | |
CN109728909B (en) | Identity authentication method and system based on USBKey | |
US11501294B2 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
US9117324B2 (en) | System and method for binding a smartcard and a smartcard reader | |
US6073237A (en) | Tamper resistant method and apparatus | |
JP4617763B2 (en) | Device authentication system, device authentication server, terminal device, device authentication method, and device authentication program | |
JP5345675B2 (en) | Network helper for authentication between token and verifier | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
WO2015161699A1 (en) | Secure data interaction method and system | |
US20030041244A1 (en) | Method for securing communications between a terminal and an additional user equipment | |
CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
CN103944736A (en) | Data security interactive method | |
CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
WO2015161690A1 (en) | Secure data interaction method and system | |
EP3513539B1 (en) | User sign-in and authentication without passwords | |
CN101789068A (en) | Card reader safety certification device and method | |
KR100957044B1 (en) | Method and system for providing mutual authentication using kerberos | |
CN110138736B (en) | Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things | |
CN103944728A (en) | Data security interactive system | |
US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
CN112769783B (en) | Data transmission method, cloud server, receiving end and sending end | |
CN116132986A (en) | Data transmission method, electronic equipment and storage medium | |
KR101490638B1 (en) | Method of authenticating smart card, server performing the same and system performint the same | |
CN116248280B (en) | Anti-theft method for security module without key issue, security module and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Huang Shuang Inventor after: Wang Wenyi Inventor before: Huang Shuang Inventor before: Wang Wenyi Inventor before: Xue Musong Inventor before: Zhu Zhi |
|
GR01 | Patent grant | ||
GR01 | Patent grant |