CN111641539B - Safety interaction method for household electrical appliance - Google Patents

Safety interaction method for household electrical appliance Download PDF

Info

Publication number
CN111641539B
CN111641539B CN201910156111.4A CN201910156111A CN111641539B CN 111641539 B CN111641539 B CN 111641539B CN 201910156111 A CN201910156111 A CN 201910156111A CN 111641539 B CN111641539 B CN 111641539B
Authority
CN
China
Prior art keywords
household appliance
data
session
key
household
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910156111.4A
Other languages
Chinese (zh)
Other versions
CN111641539A (en
Inventor
朱泽春
熊宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Joyoung Co Ltd
Original Assignee
Joyoung Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Joyoung Co Ltd filed Critical Joyoung Co Ltd
Priority to CN201910156111.4A priority Critical patent/CN111641539B/en
Publication of CN111641539A publication Critical patent/CN111641539A/en
Application granted granted Critical
Publication of CN111641539B publication Critical patent/CN111641539B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Abstract

The embodiment of the invention discloses a safe interaction method of household appliances, wherein the method applied to a first household appliance side as a data sender comprises the following steps: acquiring a Media Access Control (MAC) address of second household electrical appliance equipment as a data receiver; using the MAC address as a first public key, and encrypting data by adopting an asymmetric encryption algorithm; and sending the encrypted data to the second household appliance. By the scheme of the embodiment, the problem that the public key in the asymmetric encryption data used for data transmission between the household appliances is difficult to manage is solved; in addition, the public key used in the scheme of the embodiment is the MAC address of the second household appliance, and processes such as public key generation and public key deployment are not performed, so that the time consumption of the encryption process is reduced; meanwhile, the problems of difficult deployment, high cost and the like do not exist; the scheme of the embodiment has better compatibility, and the scheme of the embodiment can be used as long as the household appliance has the MAC address and data transmission functions.

Description

Safety interaction method for household electrical appliance
Technical Field
The embodiment of the invention relates to a communication technology of home equipment, in particular to a safe interaction method of home equipment.
Background
Under the large market prospect of intelligent internet of things, the situation that one household appliance controls other household appliances or forwards a control instruction to other household appliances is ubiquitous, however, data transmission and control between the household appliances are not safe, and the risk of being hijacked by other people exists. Hackers can remotely access the home appliances, simulate requests, and can obtain the data of the space home appliances and the home appliances. Other malicious persons access the user's smart home device and tamper with it, and in the worst case, these persons will enter the user's home; or, private personal data of the user may be stolen and used for personal purposes.
Disclosure of Invention
The embodiment of the invention provides a safe interaction method for household appliances, which can solve the problems that the local area network data transmission is unsafe, the flow is excessive, the time consumption of an encryption flow is long and the like in the existing method for directly transmitting and controlling data between household appliances.
In order to achieve the object of the embodiment of the present invention, an embodiment of the present invention provides a secure interaction method for a home appliance device, which is applied to a first home appliance device side, where the first home appliance device is a data sender, and the method may include:
acquiring a Media Access Control (MAC) address of second household electrical appliance equipment as a data receiver;
encrypting data by using the MAC address as a first public key and adopting an asymmetric encryption algorithm;
and sending the encrypted data to the second household appliance.
In an exemplary embodiment of the present invention, the acquiring the MAC address of the second home device as the data receiver may include:
connecting a local area network of the area, and acquiring the MAC address of the second household appliance under the local area network through the local area network; and/or the presence of a gas in the gas,
and directly establishing connection with the second household appliance, and acquiring the MAC address of the second household appliance.
In an exemplary embodiment of the present invention, the method may further include: and randomly generating a second public key, a second private key and a first session secret key of the first household appliance for each session between the first household appliance and the second household appliance by using the asymmetric encryption algorithm.
In an exemplary embodiment of the present invention, the encrypting data using an asymmetric encryption algorithm using the MAC address as the first public key may include:
and encrypting the second public key, the second private key and the first session key of the first household appliance by using the MAC address as a public key and adopting the asymmetric encryption algorithm.
In an exemplary embodiment of the present invention, the method may further include:
after receiving data returned by the second household appliance equipment in the current session, decrypting a second session key randomly generated by the second household appliance equipment in the current session by using the second private key generated in the current session;
and encrypting the data to be sent to the second household appliance by using the first session key and adopting a symmetric encryption algorithm, and then sending the encrypted data to the second household appliance.
In an exemplary embodiment of the present invention, the first session key is generated by combining a randomly generated character string under a current session with a current timestamp.
The embodiment of the invention also provides a safe interaction method of the household appliance, which is applied to a second household appliance side, wherein the second household appliance is a data receiver, and the method can comprise the following steps:
acquiring a first private key; the first private key is a private key which is stored by the second household appliance and corresponds to the MAC address of the second household appliance, or is stored in a preset private key Certificate Authority (CA) server, and after the second household appliance sends a private key acquisition request to the CA server, the CA server verifies the MAC address of the second household appliance and successfully verifies the MAC address, and then sends the private key which corresponds to the MAC address to the second household appliance;
decrypting the received encrypted data according to the first private key; the encrypted data is obtained by encrypting data to be sent by a first household appliance serving as a data sender by using the MAC address of the second household appliance as a first public key and adopting an asymmetric encryption algorithm;
and executing corresponding operation according to the decrypted data.
In an exemplary embodiment of the present invention, the encryption data may include: a second public key, a second private key and a first session key of the first household appliance are randomly generated by the first household appliance in each session;
the method may further comprise:
after the first private key is used for decrypting the encrypted data to obtain the second public key and the first session key of the first household appliance in the current session, randomly generating a third public key and a third private key in the current session and a second session key of the second household appliance by using the asymmetric encryption algorithm;
and encrypting a third public key, a third private key and the second session key of the second household appliance under the current session by using the second public key under the current session obtained by decryption, and returning the encrypted data to the first household appliance.
In an exemplary embodiment of the present invention, the method may further include:
after receiving the data returned by the first household appliance, decrypting the returned data by using the first session key of the first household appliance under the current session; and the data returned by the first household appliance is obtained by encrypting the data to be sent by the first household appliance by using the first session key and adopting a symmetric encryption algorithm.
In an exemplary embodiment of the present invention, the method may further include:
and when the second household appliance returns data to the first household appliance again, encrypting the data to be returned by using the second session key under the current session of the second household appliance by adopting the symmetric encryption algorithm, and sending the encrypted data to the first household appliance.
The embodiment of the invention has the beneficial effects that:
1. the safe interaction method of the household appliance equipment in the embodiment of the invention is applied to a first household appliance equipment side, the first household appliance equipment is a data sender, and the method can comprise the following steps: acquiring a Media Access Control (MAC) address of second household electrical appliance equipment as a data receiver; encrypting data by using the MAC address as a first public key and adopting an asymmetric encryption algorithm; and sending the encrypted data to the second household appliance. By the scheme of the embodiment, the problem that the public key in the asymmetric encryption data used for data transmission between the household appliances is difficult to manage is solved; in addition, the public key used in the scheme of the embodiment is the MAC address of the second household appliance, and there are no processes such as public key generation and public key deployment, so that the time consumption of the encryption process is reduced; meanwhile, the problems of difficult deployment, high cost and the like do not exist; the scheme of the embodiment has better compatibility, and can be used as long as the household appliance has the functions of MAC address and data transmission.
2. The acquiring of the MAC address of the second home appliance device serving as the data receiver according to the embodiment of the present invention may include: connecting a local area network of the area, and acquiring the MAC address of the second household appliance under the local area network through the local area network; and/or directly establishing connection with the second household appliance and acquiring the MAC address of the second household appliance. By the scheme of the embodiment, offline operation can be performed under the condition of not connecting with the Internet and the like, household appliances such as the Internet and the like can be adapted, and the requirements of a user that the user does not want to connect with the Internet and the like are met. Because the support is not connected with an external network, the encryption transmission and decryption of data and the like can be completed in the local area network, and the problem of preventing hackers from remotely invading can be solved.
3. The method of the embodiment of the invention can also comprise the following steps: and randomly generating a second public key, a second private key and a first session secret key of the first household appliance for each session between the first household appliance and the second household appliance by using the asymmetric encryption algorithm. By the scheme of the embodiment, deeper encryption transmission is realized, and data transmission is safer.
4. The first session key of the embodiment of the invention is generated by combining a randomly generated character string under the current session and the current timestamp. Through the scheme of the embodiment of the invention, the session key of the household appliance in each session is a character string which is generated randomly and then is combined with the current timestamp to generate; therefore, the session keys of the household appliances in each session are different, and the problem that the data in the current data transmission scheme is easy to decrypt is well solved.
5. The method of the embodiment of the invention can also comprise the following steps: after receiving data returned by the second household appliance equipment in the current session, decrypting a second session key randomly generated by the second household appliance equipment in the current session by using the second private key generated in the current session; and encrypting the data to be sent to the second household appliance by using the first session key and adopting a symmetric encryption algorithm, and then sending the encrypted data to the second household appliance. By the scheme of the embodiment of the invention, the asymmetric encryption algorithm and the symmetric encryption algorithm are simultaneously adopted to encrypt the household appliance transmission data, so that a hacker can hardly find the rule even if intercepting the data, and the cracking difficulty is increased, thereby the data is difficult to crack by other people.
Additional features and advantages of embodiments of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the embodiments of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the examples of the application do not constitute a limitation of the embodiments of the invention.
Fig. 1 is a flowchart of a secure interaction method applied to a first home device in an embodiment of the present invention;
fig. 2 is a flowchart of a secure interaction method applied to a second home device in an embodiment of the present invention;
fig. 3 is a flowchart of a secure interaction method of a home appliance device according to an embodiment of the present invention;
fig. 4 is a flowchart of a data interaction method between a first household electrical appliance and a second household electrical appliance when a private key is issued by a CA server according to the embodiment of the present invention;
fig. 5 is a flowchart of a data interaction method between a first household electrical appliance and a second household electrical appliance when the second household electrical appliance stores a private key by itself according to the embodiment of the present invention;
fig. 6 is a flowchart of a data interaction method between a first household electrical appliance and a second household electrical appliance when a public key, a private key, and a session key are randomly generated for each session between the first household electrical appliance and the second household electrical appliance by using an asymmetric encryption algorithm according to the embodiment of the present invention;
fig. 7 is a schematic diagram of the RSA algorithm public key according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Example one
The embodiment of the invention provides a safe interaction method of household appliances, which is applied to a first household appliance side, wherein the first household appliance is a data sender, and as shown in fig. 1 and fig. 3, the method can comprise the following steps of S101-S103:
and S101, acquiring a Media Access Control (MAC) address of the second household appliance serving as a data receiving party.
And S102, encrypting the data by using the MAC address as a first public key and adopting an asymmetric encryption algorithm.
And S103, sending the encrypted data to the second household appliance.
In the exemplary embodiment of the present invention, because a data transmission scheme between current home appliances based on the internet has a great potential safety hazard, the scheme of this embodiment provides a home appliance data security interaction scheme based on a local area network or direct interconnection between home appliances. When the household appliance transmits data between local area networks, a household appliance data sender (namely, a first household appliance) can encrypt the data by using an MAC address of a household appliance data receiver (namely, a second household appliance) as a public key; then the data sender of the household appliance sends the encrypted data to the data receiver of the household appliance; the household appliance data receiver decrypts the received data by using a private key of the household appliance data receiver; and finally, the household appliance data receiver executes subsequent related operations according to the decrypted data.
In the exemplary embodiment of the invention, the data transmission between the household appliances adopts encrypted transmission, so that the data transmission of the household appliances is safer. Because the data transmission between the household appliance data is changed into the transmission after encryption, even if the data is intercepted by others and can not be decrypted, others can not directly obtain important information, thereby ensuring the transmission to be safer.
In an exemplary embodiment of the present invention, the first home device may encrypt data using an asymmetric encryption algorithm, and may perform encrypted data transmission between the first home device and the second home device by using a public key to encrypt data and a private key to decrypt data.
In an exemplary embodiment of the present invention, the public key may use the MAC address of the second home device, because each MAC address is unique, and may form a one-to-one correspondence with the home device; the private key can be issued by a preset private key Certificate Authority (CA) server or stored by the second household appliance.
In an exemplary embodiment of the present invention, before the first home device transmits data to the second home device, the MAC address of the second home device may be acquired first.
In an exemplary embodiment of the present invention, the acquiring the MAC address of the second home device as the data receiver may include:
connecting a local area network of the area, and acquiring the MAC address of the second household appliance under the local area network through the local area network; and/or the presence of a gas in the gas,
and directly establishing connection with the second household appliance, and acquiring the MAC address of the second household appliance.
In an exemplary embodiment of the present invention, the method may further include: and randomly generating a second public key, a second private key and a first session secret key of the first household appliance for each session between the first household appliance and the second household appliance by using the asymmetric encryption algorithm.
In the exemplary embodiment of the present invention, on the basis of performing asymmetric encryption by using the MAC address of the second home device as the public key, a manner of encrypting data by using a randomly generated public key, a private key, and a session key every session may be adopted in the scheme of this embodiment.
In an exemplary embodiment of the present invention, the encrypting data using an asymmetric encryption algorithm using the MAC address as the first public key may include:
and encrypting the second public key, the second private key and the first session key of the first household appliance by using the MAC address as a public key and adopting the asymmetric encryption algorithm.
In an exemplary embodiment of the present invention, a first home device may first access a local area network, and request to obtain device information of a second home device in the same local area network; acquiring the MAC address of a second household appliance under the same local area network; the first home device may randomly generate a public key and a private key under a current session using an asymmetric encryption algorithm (e.g., RSA), and generate a session key of the first home device; and the first household appliance equipment encrypts the current session public key which is generated at random and the session secret key of the first household appliance equipment by using the MAC address of the second household appliance equipment as a public key, and sends the encrypted data to the second household appliance equipment.
In the exemplary embodiment of the present invention, the MAC address of the second home device is used as the public key to perform asymmetric encryption, so that the time consumption of the encryption process is reduced and the cost is reduced. Because the MAC address of the household appliance is used as the public key, the original scheme of generating or applying the public key to the CA mechanism is replaced; the processes of public key verification and public key deployment are omitted; the flow is reduced, so the encryption time consumption is shortened, a public key does not need to be generated, applied and deployed, partial cost is saved, and the cost is reduced.
In an exemplary embodiment of the present invention, the method may further include:
after receiving data returned by the second household appliance in the current session, decrypting a second session key randomly generated by the second household appliance in the current session by using the second private key generated in the current session;
and encrypting the data to be sent to the second household appliance by using the first session key and adopting a symmetric encryption algorithm, and then sending the data to the second household appliance.
In an exemplary embodiment of the present invention, the second electrical device may perform decryption using its own private key, to obtain a public key of the second electrical device in the current session and a first session key of the first electrical device; the second household appliance can also randomly generate a public key and a private key under the current session and a second session secret key of the second household appliance by using an asymmetric algorithm; the second device may encrypt the session key of the second device in the current session using the previously received and decrypted public key of the first device in the current session.
In an exemplary embodiment of the present invention, after receiving data returned by the second home device in the current session, the first home device may use a previous private key (i.e., a second private key) generated in the current session to decrypt a second session key in the current session of the second home device; and may encrypt data to be transmitted using a symmetric encryption algorithm (e.g., AES) using a key (first session key) of the current session of the first home device, and then transmit the encrypted data to the second home device.
In an exemplary embodiment of the present invention, asymmetric encryption and symmetric encryption are used simultaneously to encrypt appliance data, making the data difficult for others to crack. Because the combination of the asymmetric encryption algorithm and the symmetric encryption algorithm is adopted, even if a hacker intercepts and captures the data, the hacker is difficult to find the rule, and the cracking difficulty is increased, so that the data is difficult to crack by other people.
In an exemplary embodiment of the present invention, each of the first session key and the second session key may be generated by combining a randomly generated character string under a current session with a current timestamp.
In an exemplary embodiment of the present invention, the randomly generated string and the current timestamp are combined into a session key, so that the session key has absolute uniqueness. Because the time stamp is unique, the session key containing the time stamp is also unique.
In the exemplary embodiment of the present invention, the household appliance data is encrypted in units of sessions, so that a single household appliance data transmission session can be decrypted, and other sessions are not affected, because each time of session communication between household appliances, and the session key of the encrypted data can be combined by a randomly generated character string and a current timestamp, it is ensured that the session key of each household appliance in each session is different, and even if one household appliance is decrypted, the others are not affected.
Example two
An embodiment of the present invention further provides a secure interaction method for a home appliance, which is applied to a second home appliance, where the second home appliance is a data receiver, and as shown in fig. 2 and 3, the method may include S201 to S203:
s201, acquiring a first private key; the first private key is a private key which is stored by the second household appliance and corresponds to the MAC address of the second household appliance, or is stored in a preset private key Certificate Authority (CA) server, and after the second household appliance sends a private key acquisition request to the CA server, the CA server verifies the MAC address of the second household appliance and successfully verifies the MAC address, and then sends the private key which corresponds to the MAC address to the second household appliance;
s202, decrypting the received encrypted data according to the first private key; the encrypted data is obtained by encrypting data to be sent by a first household appliance serving as a data sender by using the MAC address of the second household appliance as a first public key and adopting an asymmetric encryption algorithm;
and S203, executing corresponding operation according to the decrypted data.
In an exemplary embodiment of the present invention, the first home device may encrypt data by using an asymmetric encryption algorithm, and may perform encrypted data transmission between the first home device and the second home device by using a public key to encrypt data and a private key to decrypt data.
In an exemplary embodiment of the present invention, the public key may use the MAC address of the second home device, because each MAC address is unique, and may form a one-to-one correspondence with the home device; the private key can be issued by a preset private key Certificate Authority (CA) server or stored by the second household appliance.
In an exemplary embodiment of the present invention, when the private key is issued by a preset CA server, the second home appliance may authenticate through the router and request the CA server to issue the private key; the CA server can inquire whether the second household appliance is an appliance of its own brand or not through the MAC address of the second household appliance, if the second household appliance is determined to be an appliance of its own brand, a private key corresponding to the MAC address of the second household appliance can be issued to the second household appliance, and if the second household appliance is determined not to be an appliance of its own brand, the private key cannot be issued, and the second household appliance cannot decrypt data; after obtaining the private key, the second home device may decrypt the encrypted data using the private key, and then perform subsequent operations using the decrypted data.
In an exemplary embodiment of the present invention, when the second home device stores the private key itself, such a private key storage scheme may also operate in an offline (no external network connected) situation. In the encryption and decryption process of sending data to the second household appliance by the first household appliance, the private key of the second household appliance is stored in the second household appliance, the second household appliance does not need to authenticate and apply for the private key to other places, when the second household appliance receives the data encrypted by the asymmetric encryption algorithm, the data can be directly decrypted by using the private key, and then the subsequent operation is executed according to the decrypted data, wherein the MAC address of the second household appliance is used as the public key by the first household appliance.
In an exemplary embodiment of the present invention, the encryption data may include: a second public key, a second private key and a first session key of the first household appliance are randomly generated by the first household appliance in each session;
the method may further comprise:
after the first private key is used for decrypting the encrypted data to obtain the second public key and the first session key of the first household appliance in the current session, randomly generating a third public key and a third private key in the current session and a second session key of the second household appliance by using the asymmetric encryption algorithm;
and encrypting a third public key, a third private key and the second session key of the second household appliance under the current session by using the second public key under the current session obtained by decryption, and returning the encrypted data to the first household appliance.
In the exemplary embodiment of the present invention, on the basis of performing asymmetric encryption by using the MAC address of the second home device as the public key, a manner of encrypting data by using a randomly generated public key, a private key, and a session key every session may be adopted in the scheme of this embodiment.
In an exemplary embodiment of the present invention, during each session, the first home device may use the MAC address as a public key, and encrypt the second public key, the second private key, and the first session key of the first home device, which are randomly generated, by using the asymmetric encryption algorithm.
In an exemplary embodiment of the present invention, a first home device may first access a local area network, and request to obtain device information of a second home device in the same local area network; acquiring the MAC address of a second household appliance under the same local area network; the first home device may randomly generate a public key and a private key (i.e., the second public key and the second private key) under the current session using an asymmetric encryption algorithm (e.g., RSA), and generate a session key of the first home device; the first household appliance uses the MAC address of the second household appliance as a public key, encrypts the current session public key which is generated at random and the session secret key of the first household appliance, and can send the encrypted data to the second household appliance through the router.
In an exemplary embodiment of the present invention, the second electrical device may perform decryption using its own private key, to obtain a public key of the second electrical device in the current session and a first session key of the first electrical device; the second household appliance device can also randomly generate a public key (namely, a third public key) and a private key (namely, a third private key) under the current session and a second session key of the second household appliance device by using an asymmetric algorithm; the second electrical appliance may encrypt the session key (i.e., the second session key) of the second electrical appliance in the current session by using the previously received and decrypted public key (i.e., the second public key) of the first electrical appliance in the current session, and return the encrypted data to the first electrical appliance.
In an exemplary embodiment of the present invention, the first home device may decrypt the second session key in the current session of the second home device by using the previous private key (i.e., the second private key) in the current session generated by the first home device. The first home device may encrypt data to be transmitted using a symmetric encryption algorithm AES by using a key (i.e., a first session key) in a current session, and then transmit the encrypted data to the second home device.
In an exemplary embodiment of the present invention, the method may further include:
after receiving the data returned by the first household appliance, decrypting the returned data by using the first session key of the first household appliance under the current session; and the data returned by the first household appliance is obtained by encrypting the data to be sent by the first household appliance by using the first session key and adopting a symmetric encryption algorithm.
In an exemplary embodiment of the present invention, the second home device may decrypt the data using the previously received and decrypted first session key of the current session of the first home device.
In an exemplary embodiment of the present invention, the method may further include:
and when the second household appliance returns data to the first household appliance again, encrypting the data to be returned by using the second session key under the current session of the second household appliance by adopting the symmetric encryption algorithm, and sending the encrypted data to the first household appliance.
In an exemplary embodiment of the present invention, if the second home device is to send data to the first home device in the current session, the following process may be performed: the second household appliance uses the session key (second session key) of the current session thereof to encrypt data by adopting a symmetric encryption algorithm AES, and then sends the data to the first household appliance; the first home device may decrypt the data using the previously received and decrypted second home device current session key (second session key).
In the exemplary embodiment of the present invention, on the basis of the original asymmetric encryption using the MAC address as the public key, each communication session randomly generates the public key, the private key, and the session key for each home appliance, so as to perform deeper encryption transmission, thereby making data transmission safer. The scheme of the embodiment is encrypted by taking a single session as a unit; the session key of the household appliance in each session is a character string which is generated randomly, and then is combined with the current timestamp to generate the session key; therefore, the session keys of the household appliances in each session are different, and the problem that the previous data is easy to decrypt is well solved.
EXAMPLE III
Based on the first embodiment and the second embodiment, as shown in fig. 4, the embodiment provides a specific embodiment of data interaction between a first household appliance and a second household appliance when a private key is issued by a CA server.
In an exemplary embodiment of the present invention, when the private key is issued by the CA server, the method for data interaction between the first home device and the second home device may include steps S301 to S310:
s301, the first electrical home device may first access a local area network to request to obtain device information (including device information of the second electrical home device) of other electrical home devices except the first electrical home device in the same local area network;
s302, the second household appliance is obtained equipment information including the MAC address of the second household appliance;
s303, the first household appliance obtains the MAC address of the second household appliance in the same local area network;
s304, the first household appliance uses the obtained MAC address of the second household appliance as a public key and encrypts data by using an asymmetric encryption algorithm (such as RSA); the encrypted data is sent to the second household appliance;
s305, the router forwards the encrypted data (the data encrypted by using the MAC address of the second household appliance);
s306, the second household appliance requests the CA server to authenticate through the router and requests the CA server to issue a private key corresponding to a preset identifier (such as an MAC address of the second household appliance) of the second household appliance;
s307, the router forwards an authentication request and a private key issuing request of the second household appliance;
s308, the CA server inquires whether the second household appliance is an appliance of the own brand or not through the MAC address of the second household appliance, if the second household appliance is determined to be the appliance of the own brand, a private key corresponding to the MAC address of the second household appliance and the second household appliance can be issued to the second household appliance, and the step S309 is entered; if the second household appliance is determined not to be the electric appliance of the own brand, the private key is not issued, and the current session is ended or verification failure information is returned;
s309, the router forwards the private key issued by the CA server to the second household appliance;
and S310, after the second household appliance equipment obtains the private key, the second household appliance equipment decrypts the encrypted data by using the private key, and then performs subsequent operation by using the decrypted data.
Example four
Based on the first embodiment and the second embodiment, as shown in fig. 5, a specific embodiment of data interaction between the first home appliance device and the second home appliance device when the second home appliance device stores the private key by itself is provided.
In an exemplary embodiment of the present invention, when the private key is saved by the second home device itself, the data interaction method between the first home device and the second home device may include steps S401 to S406:
s401, a first household appliance can be connected to a local area network first, and equipment information (including equipment information of a second household appliance) of other household appliances except the first household appliance in the same local area network is requested to be acquired;
s402, the second household appliance is obtained equipment information including the MAC address of the second household appliance;
s403, the first household appliance obtains the MAC address of the second household appliance in the same local area network;
s404, the first household appliance uses the obtained MAC address of the second household appliance as a public key and encrypts data by using an asymmetric encryption algorithm (such as RSA); the encrypted data is sent to the second household appliance;
s405, the router forwards the encrypted data (the data encrypted by using the MAC address of the second household appliance);
s406, the second household appliance decrypts the encrypted data by using the private key stored in the second household appliance, and then performs subsequent operation by using the decrypted data.
EXAMPLE five
Based on any of the above embodiments, as shown in fig. 6, a specific embodiment of data interaction between a first household electrical appliance and a second household electrical appliance when a public key, a private key, and a session key are randomly generated for each session between the first household electrical appliance and the second household electrical appliance by using an asymmetric encryption algorithm is provided.
In an exemplary embodiment of the present invention, on the basis of asymmetric encryption using an original MAC address of a home appliance as a public key, when a manner of encrypting data using a randomly generated public key, a private key, and a session key every session is adopted, a data interaction method between a first home appliance and a second home appliance may include steps S501 to S510:
s501, a first household appliance can be connected to a local area network first, and device information (including device information of a second household appliance) of other household appliances except the first household appliance in the same local area network is requested to be acquired;
s502, the first household appliance obtains the MAC address of the second household appliance in the same local area network;
s503, the first electrical home device randomly generates a public key (second public key) and a private key (second private key) under the current session by using an asymmetric encryption algorithm (e.g., RSA), randomly generates a string, and generates a session key (first session key) of the first electrical home device by combining the string with the current timestamp;
s504, the first household appliance encrypts the current session public key (the second public key) and the session key (the first session key) of the first household appliance, which have been generated at random, using the MAC address of the second household appliance as the public key, and sends the encrypted data to the second household appliance;
s505, the second electrical appliance may decrypt using its own private key to obtain a public key (second public key) of the second electrical appliance in the current session and a first session secret key of the first electrical appliance;
s506, the second household electrical appliance may also randomly generate a public key (third public key) and a private key (third private key) under the current session by using an asymmetric algorithm, randomly generate a character string, and combine with the current timestamp to generate a second session key of the second household electrical appliance;
s507, the second electrical appliance uses the public key (the second public key) of the first electrical appliance under the current session, which is received and decrypted in the foregoing, to encrypt the session key (the second session key) of the second electrical appliance under the current session;
s508, the first electrical appliance uses a current session private key (second private key) previously generated by the first electrical appliance to decrypt a second session private key of the second electrical appliance in the current session;
s509, using a key (i.e., a first session key) of the first home appliance in the current session, encrypting data to be transmitted by using a symmetric encryption algorithm AES, and then transmitting the encrypted data to the second home appliance;
s510, the second electrical appliance decrypts the data using the first session key of the current session of the first electrical appliance received and decrypted in the foregoing.
In an exemplary embodiment of the present invention, a basic data interaction procedure for a first home device (data sending party) to send data to a second home device (data receiving party) may be as described in steps S501 to S510 above.
In an exemplary embodiment of the present invention, if the second home device is still to send data to the first home device in the current session, the following process may be performed:
s511, the second household appliance encrypts data by using a second session key of the current session of the second household appliance through a symmetric encryption algorithm AES, and then sends the data to the first household appliance;
and S512, the first household appliance decrypts the data by using the current second session key of the second household appliance which is received and decrypted in the previous step.
In an exemplary embodiment of the present invention, the detailed flowchart is shown as S511 to S512 in fig. 6. Subsequently, in the same session, the data transmission process between the first home device and the second home device may be to continuously perform operations from S509 to S512.
In an exemplary embodiment of the present invention, if data transmission is performed between the first home device and the second home device in a new session, the processes of S501 to S512 are performed again. The session key generated by each session and the public and private keys randomly generated by the home device are all up to date.
In the exemplary embodiment of the present invention, on the basis of the original asymmetric encryption using the MAC address as the public key, the scheme of this embodiment randomly generates the public key, the private key, and the session key for each home appliance in each communication session, and performs deeper encryption transmission, so that data transmission is safer. In addition, the scheme is encrypted by taking a single session as a unit; the session key of the household appliance of each session is a character string generated randomly and then is combined with the current timestamp to generate; therefore, the session keys of the household appliances in each session are different, and the problem that the previous data is easy to decrypt is well solved.
EXAMPLE six
This embodiment is based on any of the above embodiments, and a specific embodiment that uses the MAC address of the second home device as the public key is given.
A conventional Public Key Infrastructure (PKI) system scheme uses a conventional public key infrastructure for public key management; when the traditional CS uses an asymmetric encryption algorithm to encrypt data, a requested end (a server end) also needs to be provided with a public key; moreover, SSL (secure sockets layer) certificates are expensive and require a workload for deployment. However, in a UPNP (universal plug and play) network connection structure used for connection between home devices, management using such a public key requires generation and management of a public key for each home device. The certificate of a receiver must be acquired before communication between household appliances every time, and after receiving one certificate every time, an entity needs to verify the validity of the certificate, so that the flow is complex and the same, and unnecessary flow and time are increased; and the certificate issuing and management system (PKI) is very complex, difficult to deploy and costly.
Conventionally, a public key is generated, and fig. 7 shows an example of an embodiment of the public key of the RSA algorithm. Since such a key is a large number of 1024-bit binary bits, it does not have the notion of identity, requiring a digital certificate to associate the public key with the user identity. For secure data communication, the sender must have all this information and then bind the recipient identity and key pair via a digital certificate: public index: 65537 (0 x 10001), modulus:
A53172274603491B2CC4F10EBAA5CBB6F756E71E69171D4747991CEB495DEB6B46BDCBC1695995A92A29AC58C3148369DB8F5319764E6B7BFCD69046AF66F30186D215C9F31AE56BF83A54160BAD8429816B1750B0B3A2EC8C71707B6623F478F2F8D7329B0922A16EA4D8B358E650893BDE66DC189E4500E7BE55ADD433962D。
in the exemplary embodiment of the present invention, the MAC address used as the public key is simply 40.
In an exemplary embodiment of the present invention, for example, the first home device performs asymmetric encryption on "K6a1012321" using the SM9 identification cryptographic algorithm using the MAC address 40:
8C2E80B975752CCCC588E71CAC4A79CDFF91FD5DA028F9FB37A983E2A1B90050A02450C4594B2DADDA3B491744E361FFD3C4242F3551D8A98205137476D40155313E302110F520927EAD47521AD7217356E4D6911E3DD3C8B423B7DB8795EF9C055D018C2118C2D6B9637170E86E6C85。
in an exemplary embodiment of the invention, the first home device sends the ciphertext to the second home device, which uses the following private key:
the "48BA08BACC578E7DEBF12a777B2C3DB5EBBD3FE7196BC95133ED1F7D348a65BE" decrypts to obtain the data "K6a1012321" sent by the first home appliance, and the second home appliance performs related control according to the decrypted data.
In the exemplary embodiment of the present invention, the solution of the present embodiment solves the problem of difficult management of public keys in data transmission between home devices using asymmetric encryption data. The public key used in the scheme of the embodiment is the MAC address of the home appliance, and the home appliance sending data enters the local area network or is connected with the home appliance receiving data, so that the MAC address can be obtained. This solves the following two problems: before a data sender sends information each time, a certificate of a data receiver must be acquired; each time a certificate is received, the entity needs to verify the validity of the certificate. Since the scheme of the embodiment has no processes of public key generation, public key deployment and the like, the time consumption of the encryption process is shortened; meanwhile, the problems of difficult deployment, high cost and the like do not exist.
In the exemplary embodiment of the present invention, the data transmission encryption method between the local area networks of the home appliances in the embodiment is not limited to the wireless Wi-Fi condition using the router, and the encryption transmission may be performed using the scheme as long as the home appliances have MAC addresses.
In the exemplary embodiment of the invention, the scheme of the embodiment can also perform off-line operation under the condition of not connecting with the internet and the like, can adapt to household appliances not connected with the internet, and meets the requirements of a user on not wanting to connect with the internet and the like. Because the support is not connected with an external network, the encryption transmission and decryption of data and the like can be completed in the local area network, and the problem of preventing hackers from remotely invading can be solved.
In the exemplary embodiment of the present invention, since the scheme of the present embodiment uses the MAC address as a public key encryption manner; the household appliances with Wi-Fi and Bluetooth functions have unique MAC addresses, so that the household appliances are also suitable for transmitting to Bluetooth; therefore, the scheme of the embodiment has better compatibility, and the scheme of the embodiment can be used as long as the household appliance has the MAC address and data transmission functions.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (6)

1. A safe interaction method of household appliances is applied to a first household appliance side, the first household appliance is a data sender, and the method comprises the following steps:
acquiring a Media Access Control (MAC) address of second household electrical appliance equipment as a data receiver;
the MAC address is used as a first public key, a second public key and a second private key which are randomly generated under the current session and a first session private key of the first household appliance are encrypted by adopting an asymmetric encryption algorithm, and encrypted data are sent to the second household appliance;
receiving data returned by the second household appliance in the current session, wherein the returned data is data encrypted by the second household appliance under the current session by using the second public key obtained by decryption, the returned data comprises a third public key and a third private key under the current session and a second session key of the second household appliance, which are randomly generated by the second household appliance after receiving the encrypted data sent by the first household appliance by using an asymmetric encryption algorithm, the returned data is decrypted by using the second private key generated under the current session, and the second session key under the current session of the second household appliance is decrypted;
and encrypting the data to be transmitted by using a symmetric encryption algorithm by using a first session key of the first household appliance under the current session, and then transmitting the encrypted data to the second household appliance.
2. The method for secure interaction of a home device according to claim 1, wherein the obtaining the MAC address of the second home device as a data receiver comprises:
connecting a local area network of the area, and acquiring the MAC address of the second household appliance under the local area network through the local area network; and/or the presence of a gas in the gas,
and directly establishing connection with the second household appliance, and acquiring the MAC address of the second household appliance.
3. The method for secure interaction of a home device according to claim 1, wherein the first session key is generated by combining a randomly generated character string under a current session with a current timestamp.
4. A safety interaction method of household electrical appliances is applied to a second household electrical appliance side, the second household electrical appliance is a data receiving party, and the method comprises the following steps:
acquiring a first private key; the first private key is a private key which is stored by the second household appliance and corresponds to the MAC address of the second household appliance, or is stored in a preset private key Certificate Authority (CA) server, and after the second household appliance sends a private key acquisition request to the CA server, the CA server verifies the MAC address of the second household appliance and successfully verifies the MAC address, and then sends the private key which corresponds to the MAC address to the second household appliance;
decrypting the received encrypted data according to the first private key; the encrypted data is obtained by encrypting data to be sent by a first household appliance serving as a data sender by using the MAC address of the second household appliance as a first public key and by using an asymmetric encryption algorithm, and includes: a second public key and a second private key randomly generated by the first household appliance in each session and a first session key of the first household appliance;
after the first private key is used for decrypting the encrypted data to obtain the second public key and the first session key of the first household appliance in the current session, randomly generating a third public key and a third private key in the current session and a second session key of the second household appliance by using the asymmetric encryption algorithm;
and encrypting a third public key, a third private key and the second session secret key of the second household appliance in the current session by using the second public key obtained by decryption in the current session, and returning the encrypted data to the first household appliance.
5. The method for secure interaction of a home device according to claim 4, further comprising:
after receiving the data returned by the first household appliance, decrypting the returned data by using the first session key of the first household appliance under the current session; and the data returned by the first household appliance is obtained by encrypting the data to be sent by the first household appliance by using the first session key and adopting a symmetric encryption algorithm.
6. The method for secure interaction of a home device according to claim 5, further comprising:
and when the second household appliance returns data to the first household appliance again, encrypting the data to be returned by using the second session key under the current session of the second household appliance by adopting the symmetric encryption algorithm, and sending the encrypted data to the first household appliance.
CN201910156111.4A 2019-03-01 2019-03-01 Safety interaction method for household electrical appliance Active CN111641539B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910156111.4A CN111641539B (en) 2019-03-01 2019-03-01 Safety interaction method for household electrical appliance

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910156111.4A CN111641539B (en) 2019-03-01 2019-03-01 Safety interaction method for household electrical appliance

Publications (2)

Publication Number Publication Date
CN111641539A CN111641539A (en) 2020-09-08
CN111641539B true CN111641539B (en) 2022-11-01

Family

ID=72330516

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910156111.4A Active CN111641539B (en) 2019-03-01 2019-03-01 Safety interaction method for household electrical appliance

Country Status (1)

Country Link
CN (1) CN111641539B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN105337969A (en) * 2015-10-19 2016-02-17 朱建龙 Safety communication method between two mobile terminals
CN107026727B (en) * 2016-02-02 2019-03-29 阿里巴巴集团控股有限公司 A kind of methods, devices and systems for establishing communication between devices
CN107682141A (en) * 2017-10-26 2018-02-09 广州市雷军游乐设备有限公司 Data ciphering method and system for data transfer

Also Published As

Publication number Publication date
CN111641539A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
JP6641029B2 (en) Key distribution and authentication method and system, and device
JP6168415B2 (en) Terminal authentication system, server device, and terminal authentication method
US8600063B2 (en) Key distribution system
US10938554B2 (en) Managing private key access in multiple nodes
CN108366063B (en) Data communication method and device of intelligent equipment and equipment thereof
CN101772024B (en) User identification method, device and system
EP3537652B1 (en) Method for securely controlling smart home appliance and terminal device
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
US20170126623A1 (en) Protected Subnet Interconnect
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
CN112350826A (en) Industrial control system digital certificate issuing management method and encrypted communication method
WO2023241176A1 (en) Communication method and apparatus, device, storage medium, and program product
KR101481403B1 (en) Data certification and acquisition method for vehicle
CN101827106A (en) DHCP safety communication method, device and system
KR20190038632A (en) Method for provisioning a first communication device using a second communication device
KR20090020869A (en) System and method of transmitting/receiving encrypted data in a communication system
CN109995723B (en) Method, device and system for DNS information interaction of domain name resolution system
WO2022041151A1 (en) Device verification method, device, and cloud
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
EP3340530B1 (en) Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server
CN107733929B (en) Authentication method and authentication system
CN111641539B (en) Safety interaction method for household electrical appliance
WO2014207929A1 (en) Information processing device, terminal, information processing system, and information processing method
KR20110053578A (en) An authentication method of device member in ubiquitous computing network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant