CN111343634A - Safe connection method and data transmission method between low-power-consumption Bluetooth devices - Google Patents

Safe connection method and data transmission method between low-power-consumption Bluetooth devices Download PDF

Info

Publication number
CN111343634A
CN111343634A CN202010147139.4A CN202010147139A CN111343634A CN 111343634 A CN111343634 A CN 111343634A CN 202010147139 A CN202010147139 A CN 202010147139A CN 111343634 A CN111343634 A CN 111343634A
Authority
CN
China
Prior art keywords
broadcast
connection
data
broadcasting
scanning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010147139.4A
Other languages
Chinese (zh)
Other versions
CN111343634B (en
Inventor
黄双
王文漪
薛暮松
朱智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Fengxin Technology Services Co ltd
Original Assignee
Shenzhen Fengxin Technology Services Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Fengxin Technology Services Co ltd filed Critical Shenzhen Fengxin Technology Services Co ltd
Priority to CN202010147139.4A priority Critical patent/CN111343634B/en
Publication of CN111343634A publication Critical patent/CN111343634A/en
Application granted granted Critical
Publication of CN111343634B publication Critical patent/CN111343634B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • H04W48/10Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a safe connection method between low-power-consumption Bluetooth devices, which comprises the following steps: the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts the password and the one-time safe connection secret key to the outside after the basic setting of the broadcasting is completed; scanning the broadcast signal and reading the broadcast content by the scanning equipment, taking out the dynamic authentication password, and restoring the equipment model, the random mask code and the authentication code by specifying an encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. The invention also discloses a data transmission method based on the safe connection method between the low-power-consumption Bluetooth devices. The invention can solve the problems of poor interactive experience of the connection authentication user between the existing Bluetooth devices and easy decryption and tampering of the transmission data.

Description

Safe connection method and data transmission method between low-power-consumption Bluetooth devices
Technical Field
The invention relates to the field of Bluetooth connection and transmission safety among devices, in particular to a safe connection method and a data transmission method among low-power-consumption Bluetooth devices.
Background
Bluetooth communication has the advantages of wide coverage range, high signal strength, high transmission rate and the like, but communication signals of the Bluetooth communication also have the risks of being monitored and data being stolen and the like, so that the Bluetooth communication is difficult to be applied to financial offline scenes (payment, transfer, account checking and the like) with extremely high safety requirements. With the continuous improvement and update of the Bluetooth protocol, the authentication pairing and encryption and decryption mode of the Bluetooth protocol improves the safety of communication connection and data transmission to a certain extent, and prevents data tampering and man-in-the-middle attack. However, the authentication mode requires that the device to be connected pops up the pairing request, and the user needs to confirm the secret key and start the encrypted connection in a visual comparison or digital password input mode, so that the interaction experience is poor.
Disclosure of Invention
The invention aims to provide a safe connection method and a data transmission method between low-power-consumption Bluetooth devices, and solves the problems that the existing connection authentication between the Bluetooth devices is poor in user interaction experience and transmission data is easy to decrypt and tamper.
The technical scheme for realizing the purpose is as follows:
a method for secure connection between low-power Bluetooth devices includes:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts to the outside after completing basic setting of broadcasting;
step S2, scanning the broadcast signal and reading the broadcast content, taking out the dynamic authentication password, restoring the device model, random mask code and authentication code through the appointed encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment.
Preferably, the step S1 includes:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted, and generates a one-time safe connection secret key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast, and starts the countdown according to the broadcast time length;
step S13, when the broadcast time exceeds the broadcast time, the broadcast refreshes the frequency, and there is no equipment connection, then the current broadcast is ended, the broadcast content is refreshed, and the broadcast is restarted.
Preferably, the valid timestamp is generated according to the system time and the key valid time interval constraint;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm; the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the one-time safe connection secret key is as follows: generating a secret key according to the model, the effective timestamp, the random mask and the data to be transmitted by a specified encryption and decryption algorithm;
the dynamic authentication password is: the combination of the model of the machine, the random mask code and the verification code;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
Preferably, the step S2 includes:
step S21, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, and restoring the device model, the random mask code and the authentication code by the appointed encryption and decryption algorithm;
step S22, the scanning device judges the safe connection distance according to the model of the two devices and the real-time signal strength RSSI;
step S23, the scanning device calls the appointed encryption and decryption algorithm, generates a one-time safe connection secret key according to the received broadcast content, and verifies the dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Preferably, the method is characterized by comprising the following steps:
step S3, the scanning device generates a random seed to be encrypted and then informs the broadcasting device, the broadcasting device receives the random seed to be verified and decrypted, and the two parties use the random seed to generate a communication secret key by calling a specified encryption and decryption algorithm;
step S4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication secret key;
step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key.
Preferably, the step S3 includes:
step S31, the scanning device generates a random seed;
step S32, the scanning device uses the one-time safe connection secret key and the appointed encryption and decryption algorithm to encrypt the random seed and inform the broadcast device;
step S33, the broadcasting equipment receives the random seed, and the random seed is obtained and checked by using the one-time safe connection secret key and the appointed encryption and decryption algorithm;
step S34, the two devices use the same random seed and combine with the specified encryption and decryption algorithm to generate the communication key.
Preferably, the step S4 includes:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
Preferably, the dynamic characteristic universal unique identification code is converted into 32-bit characters according to a 16-system, the characters are divided into a plurality of groups of check domains, and check domain codes are determined by actual service scenes and data to be transmitted.
Preferably, the check domain is composed of the appointed part byte information according to any sequence, including but not limited to merchant information, transmission content, identity password, setting information and collection information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check domain is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
Preferably, the step S5 includes:
step S51, the scanning device receives the encrypted data packet, and restores the data content by using the communication secret key and the appointed encryption and decryption algorithm;
step S52, the scanning device verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
The invention has the beneficial effects that: the invention defines the authentication and safe connection standard between devices from the configuration and application level of GATT (generic attribute protocol) and GAP (generic access protocol), enhances the user experience and the connection safety, and ensures the confidentiality of the transmission data, and prevents falsification and man-in-the-middle attack by combining an algorithm library and other safe secret mechanisms based on the Bluetooth characteristic and the time algorithm.
Drawings
FIG. 1 is a flow chart of a method for secure connection and data transmission between Bluetooth low energy devices according to the present invention;
FIG. 2 is a flowchart illustrating steps S1-S3 of the present invention;
FIG. 3 is a flowchart illustrating steps S4-S5 according to the present invention.
Detailed Description
The invention will be further explained with reference to the drawings.
Referring to fig. 1, the method for secure connection between bluetooth low energy devices of the present invention includes the following steps:
step S1, the broadcasting device generates a dynamic authentication password and a one-time secure connection key, and broadcasts the password and the one-time secure connection key to the outside after the basic setting of the broadcast is completed. Specifically, as shown in fig. 2, step S1 includes:
step S11, the broadcast device (otherwise called server, peripheral device) generates a one-time secure Connection Key (Connection Secret Key) and a dynamic Authentication password (Authentication Code) by using a specified encryption/decryption algorithm (built-in encryption/decryption and hash algorithm) according to the local model, the valid timestamp, the random mask, the data to be transmitted, and the like.
The valid timestamp is generated according to the restriction of the system time and the valid time of the secret key, is the valid time of the one-time safe connection secret key, and the broadcast, the scan and the related safety mechanisms need to be reset after the valid time is exceeded. The random mask is a random combination of 4-bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm. The data to be transmitted includes, but is not limited to, a signature such as complete transmission content or a designated string segment before and after encryption, or a hash value thereof. The one-time secure Connection Key (Connection Secret Key) is: the method comprises the steps of generating a secret key by the type of the computer, an effective timestamp, a random mask and data to be transmitted according to a specified encryption and decryption algorithm. The dynamic authentication password is: the combination of the local model, the verification code and the random mask.
And step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast and starts the countdown according to the broadcast time length. The basic broadcast settings include, but are not limited to, broadcast frequency, power consumption level, etc. Broadcast content includes, but is not limited to, broadcast basic settings, dynamic authentication passwords, service numbers, service content, and the like. The broadcast time is the single broadcast refresh frequency built in the system, and in principle, the broadcast time is less than the valid time of the secret key.
Step S13, when the broadcast time exceeds the broadcast duration, i.e. the broadcast refresh frequency, and no device is connected, ending the current broadcast, refreshing the broadcast content, and resuming the broadcast.
Step S2, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, the appointed encryption and decryption algorithm, and restoring the device model, the random mask code and the authentication code; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. Specifically, as shown in fig. 2, step S2 includes:
step S21, the scanning device (otherwise called client, central device) scans the signal and reads the broadcast content, and takes out the dynamic authentication password, and restores the device model, the random mask, and the authentication code.
Step S22, the scanning device performs a safety connection distance verification according to the model of both devices and the real-time signal strength rssi (received signal strength indication). Reference is made to the technical contents of the prior patent ZL201810646308.1, and the details are not repeated.
The built-in signal intensity threshold value table defines real-time signal intensity threshold values which are allowed to be connected among different types of equipment when the safety distance among most of the mainstream mobile equipment is fixed (for example, the safety distance is less than or equal to 5 cm), wherein the scanning equipment calls the built-in signal intensity threshold value table to carry out safety distance verification according to the type of the received broadcasting equipment and the type of the scanning equipment, carries out subsequent operation when the specified threshold value is reached, and continues scanning when the specified threshold value is not reached.
In step S23, the scanning device generates a one-time secure connection key according to the received broadcast content by using a specified encryption/decryption algorithm, and verifies the dynamic authentication password. If the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, the broadcast signal is ignored and scanning is restarted.
And step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Referring to fig. 1, the data transmission method based on the secure connection method between bluetooth low energy devices of the present invention includes the following steps:
step S3, the scanning device generates a random seed to encrypt and notify the broadcasting device, the broadcasting device receives the random seed to verify and decrypt, and the two parties use the random seed to generate a communication key through a specified encryption and decryption algorithm. Specifically, as shown in fig. 2, step S3 includes:
in step S31, the scanning device generates a random seed. The random seed is an 8 to 128 bit random string generated according to a built-in algorithm.
In step S32, the scanning device encrypts the random seed (when an asymmetric algorithm is selected, the encrypted content needs to be signed) by using the one-time secure connection key and the specified encryption/decryption algorithm, and informs the broadcasting device.
Step S33, the broadcasting device receives the random seed, completes decryption (when an asymmetric algorithm is selected, signature verification needs to be completed first) by using the one-time secure connection key and the specified encryption/decryption algorithm, and obtains the random seed.
In step S34, the broadcasting device and the scanning device generate a communication key by using the random seed and the specified encryption/decryption algorithm.
In step S4, the broadcasting device generates a dynamic Characteristic universal unique identifier (charateristicic UUID), and encrypts and transmits data to be transmitted using a communication key. As shown in fig. 3, step S4 includes:
in step S41, the broadcaster generates a dynamic feature universal unique identifier (charateristic UUID).
The Bluetooth technical alliance defines a Universal Unique Identifier (UUID) as a 128-bit numerical value, but does not define the assignment specification of a Characteristic (charasteristic) in the financial or payment field. Electronic payment is used as an example for convenience of description below, and may include but is not limited to merchant information, transmission content, identity passwords, setup information, payment information, and the like. The check field can be composed of the appointed part of byte information according to any sequence:
the merchant information check field includes, but is not limited to, information such as a merchant name, a merchant number, a cash register address, and the like, or a hash value thereof. The transmission content check field includes, but is not limited to, signatures or hash values such as complete content or specified character string segments before and after encryption. The identity password check field is a designated character string segment in the dynamic identity authentication password. The setting information check field includes, but is not limited to, software parameters, communication parameters, hardware parameters, and the like. The collection information includes, but is not limited to, the amount of collection, collection information, order number, and the like, or a hash value.
In step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
Step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key. As shown in fig. 3, step S5 includes:
in step S51, the scanning device receives the encrypted data packet, and restores the data content using the communication key and the specified encryption/decryption algorithm.
And step S52, the scanning device verifies the corresponding check domain in the received Universal Unique Identifier (UUID) of the dynamic characteristics according to the restored data content.
After the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
In conclusion, the invention is not only applicable to traditional financial transaction scenarios including but not limited to transfer accounts, electronic payments, ATM user authorized login and the like, but also applicable to innovative financial fields such as digital currency payment settlement and the like and other application fields with higher security requirements. Broadcast information domains and universal unique identification codes of the Bluetooth connecting equipment are verified through a dynamic example and an algorithm library, malicious access or counterfeit equipment is prevented, and connection safety is ensured. Meanwhile, encryption and decryption signature verification is carried out on the transmission data by using the combination of encryption modes such as a symmetric algorithm, an asymmetric algorithm, a Hash algorithm and the like, so that the transmission data safety is guaranteed, and the user experience is optimized.
The above embodiments are provided only for illustrating the present invention and not for limiting the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, and therefore all equivalent technical solutions should also fall within the scope of the present invention, and should be defined by the claims.

Claims (10)

1. A method for secure connection between Bluetooth low energy devices, comprising:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts to the outside after completing basic setting of broadcasting;
step S2, scanning the broadcast signal and reading the broadcast content, taking out the dynamic authentication password, restoring the device model, random mask code and authentication code through the appointed encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment.
2. The method of claim 1, wherein the step S1 includes:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted, and generates a one-time safe connection secret key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcast, starts the broadcast, and starts the countdown according to the broadcast time length;
step S13, when the broadcast time exceeds the broadcast time, the broadcast refreshes the frequency, and there is no equipment connection, then the current broadcast is ended, the broadcast content is refreshed, and the broadcast is restarted.
3. The method of claim 2, wherein the valid timestamp is generated according to system time and key valid time interval constraints;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm; the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the one-time safe connection secret key is as follows: generating a secret key according to the model, the effective timestamp, the random mask and the data to be transmitted by a specified encryption and decryption algorithm;
the dynamic authentication password is: the combination of the model of the machine, the random mask code and the verification code;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
4. The method of claim 1, wherein the step S2 includes:
step S21, scanning the signal and reading the broadcast content by the scanning device, taking out the dynamic authentication password, and restoring the device model, the random mask code and the authentication code by the appointed encryption and decryption algorithm;
step S22, the scanning device judges the safe connection distance according to the model of the two devices and the real-time signal strength RSSI;
step S23, the scanning device calls the appointed encryption and decryption algorithm, generates a one-time safe connection secret key according to the received broadcast content, and verifies the dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
5. A data transmission method based on the secure connection method between bluetooth low energy devices of claim 1, comprising:
step S3, the scanning device generates a random seed to be encrypted and then informs the broadcasting device, the broadcasting device receives the random seed to be verified and decrypted, and the two parties use the random seed to generate a communication secret key by calling a specified encryption and decryption algorithm;
step S4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication secret key;
step S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, verifies the data successfully, completes data transmission, and destroys the communication secret key.
6. The data transmission method according to claim 5, wherein the step S3 includes:
step S31, the scanning device generates a random seed;
step S32, the scanning device uses the one-time safe connection secret key and the appointed encryption and decryption algorithm to encrypt the random seed and inform the broadcast device;
step S33, the broadcasting equipment receives the random seed, and the random seed is obtained and checked by using the one-time safe connection secret key and the appointed encryption and decryption algorithm;
step S34, the two devices use the same random seed and combine with the specified encryption and decryption algorithm to generate the communication key.
7. The data transmission method according to claim 5, wherein the step S4 includes:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
8. The data transmission method according to claim 7, wherein the dynamic characteristic universal unique identification code is converted into 32-bit characters according to a 16-system, and is divided into a plurality of groups of check fields, and check field coding is determined by an actual service scene and data to be transmitted.
9. The data transmission method according to claim 8, wherein the check field is composed of the byte information of the designated part in any order, including but not limited to merchant information, transmission content, identity password, setting information, and payment information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check domain is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
10. The data transmission method according to claim 5, wherein the step S5 includes:
step S51, the scanning device receives the encrypted data packet, and restores the data content by using the communication secret key and the appointed encryption and decryption algorithm;
step S52, the scanning device verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
CN202010147139.4A 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices Active CN111343634B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010147139.4A CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010147139.4A CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Publications (2)

Publication Number Publication Date
CN111343634A true CN111343634A (en) 2020-06-26
CN111343634B CN111343634B (en) 2023-01-03

Family

ID=71185894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010147139.4A Active CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Country Status (1)

Country Link
CN (1) CN111343634B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935684A (en) * 2020-07-17 2020-11-13 深圳一卡通新技术有限公司 Bluetooth payment system and method
CN112788600A (en) * 2020-12-31 2021-05-11 中国人民银行数字货币研究所 Method and device for realizing authentication and safe connection between Bluetooth devices
CN113766482A (en) * 2021-09-15 2021-12-07 荣耀终端有限公司 Method for searching Bluetooth device, electronic device and storage medium
WO2022032535A1 (en) * 2020-08-12 2022-02-17 Oppo广东移动通信有限公司 Methods and devices for device discovery
CN114286290A (en) * 2021-12-08 2022-04-05 广州安凯微电子股份有限公司 BLE broadcast sending and receiving method, device and system
CN114339591A (en) * 2021-12-09 2022-04-12 青岛海信移动通信技术股份有限公司 Method for positioning based on ultra-wideband chip and related device
CN114423004A (en) * 2021-12-24 2022-04-29 深圳市丰鑫科技服务有限公司 Method for realizing virtual connection and safe transmission between Bluetooth devices based on data link
CN114980119A (en) * 2020-12-02 2022-08-30 支付宝(杭州)信息技术有限公司 Method, device and equipment for connecting equipment
WO2023103425A1 (en) * 2021-12-10 2023-06-15 青岛海尔科技有限公司 Communicative connection method, system, and apparatus, storage medium, and processor
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160100311A1 (en) * 2014-10-06 2016-04-07 Derek D. Kumar Secure broadcast beacon communications
CN105631987A (en) * 2015-02-12 2016-06-01 北京神器科技有限公司 Bluetooth access control unlocking method, device and system
CN107833046A (en) * 2017-11-28 2018-03-23 恒宝股份有限公司 A kind of method of mobile payment and its checkout terminal
CN107947931A (en) * 2017-12-29 2018-04-20 北京海泰方圆科技股份有限公司 A kind of method and system of key agreement, bluetooth equipment
CN108737971A (en) * 2018-05-11 2018-11-02 深圳市文鼎创数据科技有限公司 Identity identifying method, equipment and storage medium
CN109639435A (en) * 2018-12-26 2019-04-16 江苏恒宝智能系统技术有限公司 It is a kind of based on terminal card to the authentication method and system of APP

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160100311A1 (en) * 2014-10-06 2016-04-07 Derek D. Kumar Secure broadcast beacon communications
CN105631987A (en) * 2015-02-12 2016-06-01 北京神器科技有限公司 Bluetooth access control unlocking method, device and system
CN107833046A (en) * 2017-11-28 2018-03-23 恒宝股份有限公司 A kind of method of mobile payment and its checkout terminal
CN107947931A (en) * 2017-12-29 2018-04-20 北京海泰方圆科技股份有限公司 A kind of method and system of key agreement, bluetooth equipment
CN108737971A (en) * 2018-05-11 2018-11-02 深圳市文鼎创数据科技有限公司 Identity identifying method, equipment and storage medium
CN109639435A (en) * 2018-12-26 2019-04-16 江苏恒宝智能系统技术有限公司 It is a kind of based on terminal card to the authentication method and system of APP

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935684A (en) * 2020-07-17 2020-11-13 深圳一卡通新技术有限公司 Bluetooth payment system and method
WO2022032535A1 (en) * 2020-08-12 2022-02-17 Oppo广东移动通信有限公司 Methods and devices for device discovery
CN114980119A (en) * 2020-12-02 2022-08-30 支付宝(杭州)信息技术有限公司 Method, device and equipment for connecting equipment
CN114980119B (en) * 2020-12-02 2024-06-11 支付宝(杭州)信息技术有限公司 Method, device and equipment for connecting equipment
CN112788600A (en) * 2020-12-31 2021-05-11 中国人民银行数字货币研究所 Method and device for realizing authentication and safe connection between Bluetooth devices
CN113766482A (en) * 2021-09-15 2021-12-07 荣耀终端有限公司 Method for searching Bluetooth device, electronic device and storage medium
CN114286290B (en) * 2021-12-08 2023-03-14 广州安凯微电子股份有限公司 BLE broadcast sending and receiving method, device and system
CN114286290A (en) * 2021-12-08 2022-04-05 广州安凯微电子股份有限公司 BLE broadcast sending and receiving method, device and system
CN114339591A (en) * 2021-12-09 2022-04-12 青岛海信移动通信技术股份有限公司 Method for positioning based on ultra-wideband chip and related device
CN114339591B (en) * 2021-12-09 2024-03-08 青岛海信移动通信技术有限公司 Method and related device for positioning based on ultra-wideband chip
WO2023103425A1 (en) * 2021-12-10 2023-06-15 青岛海尔科技有限公司 Communicative connection method, system, and apparatus, storage medium, and processor
CN114423004A (en) * 2021-12-24 2022-04-29 深圳市丰鑫科技服务有限公司 Method for realizing virtual connection and safe transmission between Bluetooth devices based on data link
CN114423004B (en) * 2021-12-24 2024-03-19 深圳市丰鑫科技服务有限公司 Method for realizing virtual connection and safe transmission between Bluetooth devices based on data chain
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN116614806B (en) * 2023-07-18 2023-10-20 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN117579392A (en) * 2024-01-16 2024-02-20 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Also Published As

Publication number Publication date
CN111343634B (en) 2023-01-03

Similar Documents

Publication Publication Date Title
CN111343634B (en) Safe connection method and data transmission method between low-power-consumption Bluetooth devices
CN109728909B (en) Identity authentication method and system based on USBKey
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
US9117324B2 (en) System and method for binding a smartcard and a smartcard reader
US6073237A (en) Tamper resistant method and apparatus
JP4617763B2 (en) Device authentication system, device authentication server, terminal device, device authentication method, and device authentication program
JP5345675B2 (en) Network helper for authentication between token and verifier
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
WO2015161699A1 (en) Secure data interaction method and system
US20030041244A1 (en) Method for securing communications between a terminal and an additional user equipment
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN103944736A (en) Data security interactive method
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
WO2015161690A1 (en) Secure data interaction method and system
EP3513539B1 (en) User sign-in and authentication without passwords
CN101789068A (en) Card reader safety certification device and method
KR100957044B1 (en) Method and system for providing mutual authentication using kerberos
CN110138736B (en) Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things
CN103944728A (en) Data security interactive system
US20240106633A1 (en) Account opening methods, systems, and apparatuses
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
CN112769783B (en) Data transmission method, cloud server, receiving end and sending end
CN116132986A (en) Data transmission method, electronic equipment and storage medium
KR101490638B1 (en) Method of authenticating smart card, server performing the same and system performint the same
CN116248280B (en) Anti-theft method for security module without key issue, security module and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Huang Shuang

Inventor after: Wang Wenyi

Inventor before: Huang Shuang

Inventor before: Wang Wenyi

Inventor before: Xue Musong

Inventor before: Zhu Zhi

GR01 Patent grant
GR01 Patent grant