CN112448808A

CN112448808A - Communication method, device, access point, server, system and storage medium

Info

Publication number: CN112448808A
Application number: CN201910807099.9A
Authority: CN
Inventors: 李�诚; 王清元; 张锴
Original assignee: Banma Zhixing Network Hongkong Co Ltd
Current assignee: Banma Zhixing Network Hongkong Co Ltd
Priority date: 2019-08-29
Filing date: 2019-08-29
Publication date: 2021-03-05

Abstract

A communication method, apparatus, access point, server, system, and storage medium are disclosed. For example, the second device may receive device identification information sent by the first device, the device identification information being used to characterize the identity of the first device, send the device identification information to the server, receive first data sent by the server corresponding to the device identification information, calculate a key based on the first data and the second data, and may send the second data to the first device so that the first device calculates the key. The key is generated by introducing the server assistance, and the key exchange between the devices is completed, so that the security of the key exchange and the security of the communication encryption by using the key are improved.

Description

Communication method, device, access point, server, system and storage medium

Technical Field

The present disclosure relates to the field of communications, and in particular, to a communication method, device, access point, server, system, and storage medium.

Background

With the popularization of the internet of things, more and more devices are connected together through communication protocols such as a local network or the internet and the like, so that an informationized, remote management control and intelligent network is realized. Meanwhile, the data security problem of the internet of things is increasingly prominent, and because most of the devices accessed into the internet of things are resource-limited devices, the symmetric encryption algorithm with low requirement on computing capability is widely applied. The same symmetric key is used in encryption and decryption of the symmetric encryption algorithm, and if the symmetric key of the equipment end is revealed once, the security of the internet of things is greatly damaged.

Taking intelligent devices such as intelligent home equipment and intelligent vehicle-mounted equipment as examples, the intelligent devices are different in form, and for the intelligent devices without human-computer interaction interfaces, how to access the devices into networks such as a home gateway or a vehicle machine conveniently, quickly, safely and reliably is a problem which needs to be solved urgently by intelligent device manufacturers. At present, the password of the wireless gateway is generally obtained by means of the mobile phone APP central coordination, which is inconvenient and safe. Some manufacturers connect the intelligent device with a home gateway or a car machine through a USB (universal serial bus) cable, a network cable and the like, so that the cost is increased and the connection is inconvenient.

Disclosure of Invention

One technical problem to be solved by the present disclosure is to provide a communication scheme capable of improving security.

According to a first aspect of the present disclosure, a communication method is proposed, adapted to be performed by a second device, comprising: receiving equipment identification information sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment; sending equipment identification information to a server; receiving first data which is sent by a server and corresponds to equipment identification information; calculating a key based on the first data and the second data; the second data is sent to the first device.

Optionally, the second data is data generated by the second device, or the method further comprises: and receiving second data sent by the server.

Optionally, the method further comprises: sending a first message encrypted by using a secret key to first equipment; and/or decrypt the received second message sent by the first device using the key.

According to the second aspect of the present disclosure, there is also provided a communication method, adapted to be performed by a second device, including: receiving equipment identification information sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment; sending equipment identification information to a server; receiving a key sent by the server, wherein the key is obtained by the server based on the second data and the first data corresponding to the equipment identification information; the second data is sent to the first device.

Optionally, the method further comprises: sending the second data to the server; or receiving second data sent by the server.

According to a third aspect of the present disclosure, there is also provided a communication method, adapted to be performed by a second device, including: receiving equipment identification information and second data sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment; sending equipment identification information to a server; receiving first data which is sent by a server and corresponds to equipment identification information; based on the first data and the second data, a key is calculated.

According to a fourth aspect of the present disclosure, there is also provided a communication method, adapted to be performed by a second device, including: receiving equipment identification information and second data sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment; sending the equipment identification information and the second data to a server; and receiving a key sent by the server, wherein the key is obtained by the server based on the second data and the first data corresponding to the equipment identification information.

According to a fifth aspect of the present disclosure, there is also provided a communication method, adapted to be performed by a first device, including: sending equipment identification information to the second equipment, wherein the equipment identification information is used for representing the identity of the first equipment; receiving second data sent by second equipment; a key is calculated based on the second data and the first data corresponding to the device identification information.

Optionally, the method further comprises: sending the second message encrypted by the key to the second device; and/or decrypt the received first message sent by the second device using the key.

Optionally, the first device stores the first data, or the method further comprises: the method comprises the steps of sending equipment identification information to a server and receiving first data which are sent by the server and correspond to the equipment identification information.

According to a sixth aspect of the present disclosure, there is also provided a communication method, adapted to be performed by a first device, including: sending equipment identification information and second data to second equipment, wherein the equipment identification information is used for representing the identity of the first equipment; a key is calculated based on the second data and the first data corresponding to the device identification information.

According to a seventh aspect of the present disclosure, there is also provided a communication method, adapted to be executed by a server, including: the method comprises the steps of associatively saving equipment identification information and first data aiming at first equipment, wherein the equipment identification information is used for identifying the identity of the first equipment; receiving equipment identification information and second data sent by second equipment; searching first data corresponding to the equipment identification information; calculating a key based on the second data and the first data; and issuing the key to the second equipment.

Optionally, the step of issuing the key to the second device includes: and sending the key to the second equipment by using a hypertext transfer security protocol.

Optionally, the method further comprises: verifying the identity of the second device; and under the condition that the identity of the second equipment is legal, executing the step of searching the first data corresponding to the equipment identification information.

Optionally, the method further comprises: receiving equipment identification information sent by first equipment; and sending the first data corresponding to the equipment identification information to the first equipment.

According to an eighth aspect of the present disclosure, there is also provided a communication method, adapted to be executed by a server, including: the method comprises the steps of associatively saving equipment identification information and first data aiming at first equipment, wherein the equipment identification information is used for identifying the identity of the first equipment; receiving equipment identification information sent by second equipment; searching first data corresponding to the equipment identification information; generating second data for participating in the generation of the key; calculating a key based on the second data and the first data; and sending the key and the second data to the second equipment.

According to a ninth aspect of the present disclosure, there is also provided a communication method, adapted to be executed by a server, including: the method comprises the steps of associatively saving equipment identification information and first data aiming at first equipment, wherein the equipment identification information is used for identifying the identity of the first equipment, and the first data is part of data participating in key generation; receiving equipment identification information sent by second equipment; searching first data corresponding to the equipment identification information; and sending the searched first data to the second equipment.

Optionally, the method further comprises: generating second data for participating in the generation of the key; and sending the second data to the second equipment.

According to a tenth aspect of the present disclosure, there is also provided a second apparatus, comprising: the device comprises a receiving module, a sending module and a calculating module, wherein the receiving module is used for receiving device identification information sent by first equipment, the device identification information is used for representing the identity of the first equipment, the sending module is used for sending the device identification information to a server, the receiving module is also used for receiving first data which are sent by the server and correspond to the device identification information, the calculating module is used for calculating a secret key based on the first data and the second data, and the sending module is also used for sending the second data to the first equipment.

Optionally, the apparatus further comprises: the device comprises an encryption module and/or a decryption module, wherein the encryption module is used for encrypting a first message by using a secret key, the sending module is also used for sending the encrypted first message to first equipment, the receiving module is also used for receiving a second message sent by the first equipment, and the decryption module is used for decrypting the second message by using the secret key.

Optionally, the second data is data generated by the second device, or the receiving module is further configured to receive the second data sent by the server.

According to an eleventh aspect of the present disclosure, there is also provided a second apparatus, comprising: the receiving module is used for receiving equipment identification information sent by the first equipment, and the equipment identification information is used for representing the identity of the first equipment; the device comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending the device identification information to the server, the receiving module is also used for receiving a secret key sent by the server, the secret key is obtained by the server based on second data and first data corresponding to the device identification information, and the sending module is also used for sending the second data to the first device.

According to a twelfth aspect of the present disclosure, there is also provided a second apparatus, comprising: the device comprises a receiving module, a sending module and a calculating module, wherein the receiving module is used for receiving device identification information and second data sent by first equipment, the device identification information is used for representing the identity of the first equipment, the sending module is used for sending the device identification information to a server, the receiving module is also used for receiving first data which are sent by the server and correspond to the device identification information, and the calculating module is used for calculating a secret key based on the first data and the second data.

According to a thirteenth aspect of the present disclosure, there is also provided a second apparatus, comprising: the receiving module is used for receiving equipment identification information and second data sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment; the sending module is used for sending the equipment identification information and the second data to the server, and the receiving module is also used for receiving a key sent by the server, wherein the key is obtained by the server based on the second data and the first data corresponding to the equipment identification information.

According to a fourteenth aspect of the present disclosure, there is also provided a first apparatus, comprising: the sending module is used for sending equipment identification information to the second equipment, and the equipment identification information is used for representing the identity of the first equipment; the receiving module is used for receiving second data sent by second equipment; and the calculation module is used for calculating the key based on the second data and the first data corresponding to the equipment identification information.

Optionally, the apparatus further comprises: the encryption module is used for encrypting the second message by using the key, the sending module is also used for sending the encrypted second message to the second equipment, the receiving module is also used for receiving the first message sent by the second equipment, and the decryption module is used for decrypting the first message by using the key.

Optionally, the first device further includes a storage module, configured to store the first data, or the sending module is further configured to send device identification information to the server, and the receiving module is further configured to receive the first data corresponding to the device identification information sent by the server.

According to a fifteenth aspect of the present disclosure, there is also provided a first device, comprising: the sending module is used for sending equipment identification information and second data to the second equipment, wherein the equipment identification information is used for representing the identity of the first equipment; and the calculation module is used for calculating the key based on the second data and the first data corresponding to the equipment identification information.

According to a sixteenth aspect of the present disclosure, there is also provided a server, including: the device comprises a storage module, a key generation module and a key generation module, wherein the storage module is used for storing device identification information and first data for first equipment in a correlated manner, the device identification information is used for identifying the identity of the first equipment, and the first data is part of data participating in key generation; the receiving module is used for receiving the equipment identification information and the second data sent by the second equipment; the searching module is used for searching first data corresponding to the equipment identification information; a calculation module for calculating a key based on the second data and the first data; and the sending module is used for sending the key to the second equipment.

According to a seventeenth aspect of the present disclosure, there is also provided a server, comprising: the device comprises a storage module, a key generation module and a key generation module, wherein the storage module is used for storing device identification information and first data for first equipment in a correlated manner, the device identification information is used for identifying the identity of the first equipment, and the first data is part of data participating in key generation; the receiving module is used for receiving the equipment identification information sent by the second equipment; the searching module is used for searching first data corresponding to the equipment identification information; a generation module for generating second data for participating in generating a key; a calculation module for calculating a key based on the second data and the first data; and the sending module is used for sending the key and the second data to the second equipment.

According to an eighteenth aspect of the present disclosure, there is also provided a server, including: the device comprises a storage module, a key generation module and a key generation module, wherein the storage module is used for storing device identification information and first data for first equipment in a correlated manner, the device identification information is used for identifying the identity of the first equipment, and the first data is part of data participating in key generation; the receiving module is used for receiving the equipment identification information sent by the second equipment; the searching module is used for searching first data corresponding to the equipment identification information; and the sending module is used for sending the searched first data to the second equipment.

According to a nineteenth aspect of the present disclosure, there is also provided a communication system including: a second apparatus as set forth in any one of the tenth to thirteenth aspects of the present disclosure; a first device as recited in the fourteenth or fifteenth aspects of the present disclosure; and a server as set forth in any one of the sixteenth aspect of the present disclosure to the eighteenth aspect of the present disclosure.

According to a twentieth aspect of the present disclosure, there is also provided a smart device, comprising: the storage module is used for storing equipment identification information and first data, the equipment identification information is used for identifying the identity of the intelligent equipment, and the first data is first part of data participating in key generation; the access point sends a detection request frame to the access point in response to receiving a beacon frame sent by the access point, wherein the detection request frame comprises equipment identification information, the receiving and sending module is also used for receiving a detection reply frame sent by the access point aiming at the detection request frame, the detection reply frame comprises second data and encrypted data obtained by encrypting a network password by using a key, and the second data is second part of data participating in generating the key; a calculation module for calculating a key based on the first data and the second data; the decryption module is used for decrypting the encrypted data based on the calculated secret key to obtain a network password; and the networking module is used for accessing the network corresponding to the access point based on the network password.

Optionally, the beacon frame includes first identification information and/or second identification information for identifying the access point, and the probe request frame further includes the first identification information and/or the second identification information.

According to a twenty-first aspect of the present disclosure, there is also provided an access point, comprising: the system comprises a receiving and sending module, a sending and receiving module and a key generation module, wherein the receiving and sending module is used for sending a beacon frame in a broadcast mode, the receiving and sending module is also used for receiving a detection request frame sent by the intelligent equipment, the detection request frame comprises equipment identification information of the intelligent equipment, the receiving and sending module also sends the equipment identification information to a server and receives first data which are sent by the server and correspond to the equipment identification information, and the first data are first part of data which participate in key generation; the generating module is used for generating second data, and the second data is a second part of data participating in key generation; and the transceiver module is further used for sending a detection reply frame aiming at the detection request frame to the intelligent equipment, wherein the detection reply frame comprises the second data and encrypted data obtained by encrypting the network password by using the key.

Optionally, accessing the access point further comprises: and the first interaction module responds to the operation performed by the user aiming at the first interaction module, and the transceiving module transmits the beacon frame in a broadcasting mode.

Optionally, accessing the access point further comprises: the prompting module is used for outputting equipment information of intelligent equipment which is expected to access a network corresponding to the access point to a user; and the second interaction module responds to the operation of allowing the intelligent equipment to access the network, which is executed by the user through the second interaction module, and the transceiver module sends the equipment identification information to the server.

Optionally, the access point is a car machine or a gateway device.

According to a twenty-second aspect of the present disclosure, there is also provided a computing device, comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method as set forth in any one of the first to ninth aspects of the disclosure.

According to a twenty-third aspect of the present disclosure, there is also presented a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method as set forth in any one of the first to ninth aspects of the present disclosure.

The key is generated by introducing the server assistance, and the key exchange between the devices is completed, so that the security of the key exchange and the security of the communication encryption by using the key are improved.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.

Fig. 1 shows a schematic structural diagram of a communication system according to one embodiment of the present disclosure.

Fig. 2 shows a schematic flow diagram of a communication method according to an embodiment of the present disclosure.

Fig. 3 shows a schematic flow chart of a communication method according to another embodiment of the present disclosure.

Fig. 4 shows a schematic flow chart of a communication method according to another embodiment of the present disclosure.

Fig. 5 shows a schematic flow chart of a communication method according to another embodiment of the present disclosure.

Fig. 6 shows a schematic flow chart of a first device and a second device performing an encrypted communication based on a key.

Fig. 7 shows a schematic flow chart of a communication method according to another embodiment of the present disclosure.

Fig. 8 shows a schematic flow chart of a key exchange method between a smart device and a car machine.

Fig. 9 shows a schematic block diagram of the structure of a first device according to the present disclosure.

Fig. 10 shows a schematic block diagram of the structure of a second device according to the present disclosure.

Fig. 11 shows a schematic block diagram of the structure of a server according to the present disclosure.

FIG. 12 shows a schematic block diagram of the structure of a smart device according to one embodiment of the present disclosure.

Fig. 13 shows a schematic block diagram of the structure of an access point according to one embodiment of the present disclosure.

Fig. 14 is a schematic structural diagram of a computing device that can be used to implement the above communication method according to an embodiment of the present invention.

Detailed Description

Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

A key (secret key) is a parameter used in an algorithm for converting plaintext into ciphertext or converting ciphertext into plaintext. The secret keys are divided into a symmetric secret key and an asymmetric secret key, and because most of the secret keys accessed into the Internet of things are resource-limited equipment, the symmetric encryption algorithm with low requirement on computing capability is widely applied. In the symmetric encryption algorithm, both sides sending and receiving data use the same key to encrypt or decrypt plaintext or ciphertext, so that the requirement of exchanging keys exists between the two communicating sides. If the two communicating parties exchange the key directly, there is a risk that the key is easily monitored.

Aiming at the safety problem of key exchange in symmetric encryption, the disclosure provides a communication scheme, which is characterized in that a server is introduced to assist in generating a key and complete key exchange between devices, so that the key exchange is improved and the safety of communication encryption is realized by using the key.

The key referred to in this disclosure preferably refers to a symmetric key, i.e., both the sending and receiving parties perform an encryption or decryption operation on plaintext or ciphertext using the same key. For ease of distinction, the two communicating parties may be referred to as a first device and a second device.

In the present disclosure, the key is generated based on two-part data. For the sake of distinction, the two portions of data participating in the generation of the key may be referred to as first data and second data, respectively. The two communication parties can calculate the first data and the second data based on the same key generation algorithm to obtain the key. The first data and the second data may be, but are not limited to, characters, numbers, combinations of characters and numbers, and the like with predetermined lengths, and the disclosure is not limited with respect to specific contents of the first data and the second data and specific implementation manners of the key generation algorithm.

As shown in fig. 1, the communication system includes a first device 110, a second device 120, and a server 130. The first device 110 and the second device 120 may be various devices suitable for communication, such as but not limited to internet of things devices. The server 130 may be regarded as a cloud server, and the server 130 may be used to assist in implementing key exchange between the first device 110 and the second device 120.

The first device 110 may have device identification information and first data stored therein. For example, the manufacturer may preset the device identification information and the first data in the first device 110. The device identification information refers to information for identifying the identity of the first device 110, such as but not limited to a device identification code, a MAC address, and the like. Alternatively, the first device 110 may not store the first data in advance, and may obtain the first data from the server 130 when needed.

The server 130 may store the device identification information and the first data for the first device 110 in association. As an example, the first device 100 may be registered by the vendor to the server 130 before the first device 110 leaves the factory, so as to associatively save the device identification information and the first data for the first device 110 on the server 130.

For example, the manufacturer may upload the device identification information of the first device 100 to the server 130, generate first data for the device identification information by the server 130, store the device identification information and the first data in association, and the server 130 may further issue the generated first data to the manufacturer, so that the manufacturer presets the first data in the first device 100.

For another example, the manufacturer may generate the first data, preset the first data in the first device 110, upload the device identification information of the first device 110 and the first data to the server 130, and store the device identification information and the first data in association with each other by the server 130.

The server 130 may store, for a plurality of devices, device identification information and first data corresponding to the respective devices. For example, server 130 may maintain a database containing device identification information corresponding to the first data. Alternatively, the first data may be different for different devices.

The first device 110 and the second device 120 first perform a key exchange to determine a key used in a communication process, and then the first device 110 and the second device 120 can perform communication encryption using the determined key.

The present disclosure implements key exchange via server 130. And, in the key exchange process, the key is not transmitted between the first device 110 and the second device 120, but the device identification information and the second data are transmitted. And the generation of the key depends on the first data and the second data. Therefore, even if the transmission content between the first device 110 and the second device 120 is maliciously listened to, the key cannot be obtained from the transmission content.

The implementation of the key exchange is exemplified below with reference to specific embodiments.

Example 1

Referring to fig. 2, in step S2110, a first device may transmit device identification information for characterizing an identity of the first device to a second device. Wherein the first device may send the device identification information to the second device in clear text.

The second device may receive the device identification information sent by the first device, and after receiving the device identification information, the second device may perform step S2210 of sending the device identification information to the server.

As described above, the server side may store the device identification information and the first data in association. Therefore, after receiving the device identification information sent by the second device, the server may perform step S2310 to search for the first data corresponding to the device identification information.

Optionally, after receiving the device identification information sent by the second device, the server may also verify the identity of the second device, and perform step S2310 only when the identity of the second device is legal. For example, when the second device sends the device identification information to the server, the second device may carry an AppKey (a public key, which is equivalent to an account) and an AppSecret (a private key, which is equivalent to a password), and the server may verify the identity of the second device according to the AppKey and the AppSecret. The AppKey and AppSecret may be obtained by the second device through registration. In the event that the identity of the second device is not legitimate, the server may refuse to provide the query service to the second device.

After the server finds the first data corresponding to the device identification information, step S2320 may be executed to send the first data to the second device.

In this embodiment, step S2220 may be executed by the second device to generate the second data. The server may execute step S2330 to generate the second data. The second data may be data generated based on a plurality of ways, such as data generated based on a random number generation algorithm, that is, random data. In the case that the server generates the second data, the server may further send the second data to the second device, for example, the server may send the generated second data and the searched first data together to the second device.

The second device may perform step S2230, calculating the key based on the first data and the second data. The specific calculation method of the key is not limited in the present disclosure, and for example, a hash algorithm may be used to calculate the key.

The second device may further perform step S2240 to transmit the second data to the first device. Wherein the second data may be sent to the first device in the clear. The sequence between step S2240 and step S2230 is not limited in this disclosure.

After receiving the second data sent by the second device, the first device may perform step S2120 to calculate a key based on the first data and the second data. The first device and the second device have the same key calculation method, which may be agreed by the two devices in advance.

As described above, the first device may or may not be pre-provided with the first data. In a case where the first device has the first data preset therein, the first device may calculate the key based on the first data stored in advance in the first device and the received second data after receiving the second data transmitted by the second device. When the first device does not have the first data preset therein, the first device may send the device identification information to the server, receive the first data corresponding to the device identification information sent by the server, and calculate the key based on the first data and the second data received from the second device.

Thereby, a key exchange between the first device and the second device may be achieved. And the device identification information and the second data are transmitted between the first device and the second device during the whole key exchange process. Therefore, even if the transmission process is snooped, the key cannot be derived therefrom.

In fact, if one wants to obtain the key maliciously, one must have the following conditions: 1. cracking the first equipment or the server to acquire first data; 2. monitoring a communication process between first equipment and second equipment, and acquiring currently used second data; 3. and reversely breaking the code of the first equipment end or the code of the second equipment end to obtain the generation algorithm of the key.

Therefore, according to the method and the device, a part of data (namely first data) used for participating in key generation is stored in the server, key exchange is achieved through the server, the threshold for an attacker to crack the key can be improved to a great extent, the security of subsequent encrypted communication achieved by using the key can be enhanced, deployment is flexible, the problem can be solved quickly after risk identification, and risk management and control capability is improved.

Example 2

The difference from the solution described in embodiment 1 is that, in this embodiment, the server may calculate the key and send the calculated key to the second device. The differences between the present embodiment and embodiment 1 are mainly described below, and the same points can be referred to the corresponding descriptions in embodiment 1, which are not described again in this embodiment.

In this embodiment, the steps (step S3110, step S3120) that the first device can perform are the same as the steps (step S2110, step S2120) that the first device can perform in embodiment 1, and for details of implementation of step S3110 and step S3120, reference may be made to the corresponding description of step S2110 and step S2120 in embodiment 1, and details are not repeated here.

After receiving the device identification information sent by the first device, the second device may execute step S3210 to upload the device identification information to the server.

After receiving the device identification information sent by the second device, the server may perform step S3310 to search for the first data corresponding to the device identification information.

In this embodiment, step S3220 may be performed by the second device to generate the second data. The server may execute step S3320 to generate the second data. The second data may be data generated based on a plurality of ways, such as data generated based on a random number generation algorithm, that is, random data. In the case where the second data is generated by the second device, the second device may also transmit the second data to the server, and optionally, the second device may transmit the generated second data to the server together with the device identification information.

The server may perform step S3330 to calculate a key based on the first data and the second data. The present disclosure is not limited with respect to the specific calculation of the key. The key generation algorithm of the first device and the server is the same, and the algorithm may be agreed by both parties in advance.

After the server calculates the key, the server may execute step S3340 to issue the key to the second device. In order to ensure that the transmitted key is not stolen, the server may send the key to the second device using a secure channel such as a hypertext transfer security protocol (https connection).

Compared with embodiment 1, the second device may not calculate the key but obtain the key from the server, so that the requirement on the second device may be reduced.

Example 3

The difference from the scheme described in embodiment 1 is that, in this embodiment, the second data may be generated by the first device. The differences between the present embodiment and embodiment 1 are mainly described below, and the same points can be referred to the corresponding descriptions in embodiment 1, which are not described again in this embodiment.

Referring to fig. 4, in step S4110, the first device may transmit device identification information and second data to the second device. The second data may be data generated by the first device, such as data generated by the first device based on a plurality of ways, such as data generated based on a random number generation algorithm, that is, random data. The device identification information and the second data may be sent to the second device together, or may be sent to the second device in batches.

After receiving the device identification information sent by the first device, the second device may execute step S4210 to send the device identification information to the server.

After receiving the device identification information uploaded by the second device, the server may perform step S4310 to search for the first data corresponding to the device identification information.

After the server finds the first data corresponding to the device identification information, step S4320 may be executed to send the found first data to the second device.

After receiving the first data sent by the server, the second device may execute step S4220 to calculate a key based on the first data and the second data. The present disclosure is not limited with respect to the specific calculation of the key.

The first device may perform step S2120 of calculating a key based on the first data and the second data. The first device and the second device have the same key calculation method, which may be agreed by the two devices in advance.

As described above, the first device may or may not be pre-provided with the first data. In a case where the first data is preset in the first device, the first device may calculate the key based on the first data stored in the first device in advance and the generated second data after generating the second data. When the first device does not have the first data preset therein, the first device may send the device identification information to the server, receive the first data corresponding to the device identification information and sent by the server, and calculate the key based on the first data and the generated second data.

Example 4

The difference from the solution described in embodiment 3 is that, in this embodiment, the server may calculate the key and send the calculated key to the second device. The differences between the present embodiment and embodiment 3 are mainly explained below, and the same parts can be referred to the corresponding descriptions in embodiment 3, which are not described again in this embodiment.

In this embodiment, the steps (step S5110, step S5120) that the first device can perform are the same as the steps (step S4110, step S4120) that the first device can perform in embodiment 3, and for details of implementation of step S5110 and step S5120, reference may be made to corresponding descriptions of step S4110 and step S4120 in embodiment 3, which are not described again here.

The second device may perform step S5210 after receiving the device identification information and the second data transmitted by the first device, and transmit the device identification information and the second data to the server. The second device may send the device identification information and the second data to the server together, or send the device identification information and the second data to the server in batches.

After receiving the device identification information sent by the second device, the server may execute step S5310 to search for the first data corresponding to the device identification information.

After finding the first data corresponding to the device identification information, the server may perform step S5320 to calculate a key based on the first data and the second data. The present disclosure is not limited with respect to the specific calculation of the key. The key generation algorithm of the first device and the server is the same, and the algorithm may be agreed by both parties in advance.

After the server obtains the key through calculation, step S5330 may be executed to send the key to the second device. In order to ensure that the transmitted key is not stolen, the server may send the key to the second device using a secure channel such as a hypertext transfer security protocol (https connection).

Compared with embodiment 3, the second device may not calculate the key but obtain the key from the server, so that the requirement on the second device may be reduced.

The implementation of the key exchange between the first device and the second device is now exemplified in connection with fig. 2 to 5.

Encrypted communication

After the first device and the second device realize the key exchange, encrypted communication can be carried out based on the obtained key.

Referring to fig. 6, the second device may perform step S6210 of transmitting a first message encrypted with a key to the first device. The first message refers to data (i.e., ciphertext) encrypted by using a key, and the disclosure is not limited in this respect, with respect to an encryption algorithm used by the second device.

After receiving the first message, the first device may execute step S6110, and decrypt the received first message sent by the second device with the key. The decryption algorithm referred to herein is the inverse of the encryption algorithm. The encryption algorithm and the decryption algorithm may be agreed upon in advance by both the communication parties.

The first device may also execute step S6120 to send the second message encrypted with the key to the second device. The second message refers to encrypted data (i.e., ciphertext) encrypted by using the key, and the disclosure is not limited in this respect.

The second device may perform step S6220 after receiving the second message, and decrypt the received second message sent by the first device by using the key.

In the disclosure, the device only stores part of data participating in key generation, not the stored key, so that the key cannot be directly obtained from the device, thereby reducing security risk; and only the device identification code and the random number are transmitted in the clear text, so that man-in-the-middle attack is prevented; and as only the equipment identification code and the random number are transmitted, the situation that a malicious listener obtains the symmetric key from the reverse coding of the transmission content is avoided.

Application example

The communication scheme disclosed by the invention can be used for a safe distribution network (namely networking) of intelligent equipment, especially for intelligent equipment (such as an intelligent socket, an intelligent switch and the like) without a human-computer interaction interface, the distribution network can be automatically realized based on the communication scheme disclosed by the invention, and the safety in the distribution network process can be improved.

The smart device 710 in this embodiment may be various devices suitable for accessing a network, such as but not limited to a smart socket, a smart switch, a smart speaker, and the like.

When the smart device 710 is shipped from a factory, the manufacturer may preset the device identification information and the first data in the smart device. By way of example, the device identification information may include, but is not limited to, vendor information, information (e.g., MAC address) of the smart device 710, and the like. The first data refers to a part of data for participating in key generation, namely, an important factor of a key used for transferring a network password (such as a wifi password) in the process of distribution network.

The server 730 may manage information related to a plurality of intelligent devices 710, for example, before the intelligent devices are shipped, a manufacturer may upload device identification information and first data of the intelligent devices to the server 730, and the server 73 maintains a database including a correspondence relationship between the device identification information and the first data. Alternatively, the first data may be generated by the server when registering the device identification information of the smart device on the server.

As an example, the server 730 may provide a setup interface through which the vendor may set specific information (e.g., device identification information and first data) of the smart device, and a query interface through which the access point 720 may query the device for specific information (e.g., query the first data).

The Access Point 720 (AP) can be regarded as a HUB (repeater) in a conventional wired network, and is also the most commonly used device in building a small wireless lan at present. The AP acts as a bridge connecting the network and the wireless network, and mainly functions to connect the wireless network clients together and then to access the wireless network to the ethernet. In the present disclosure, an access point may refer to a wireless access point, such as a generic term for a wireless router (including a wireless gateway and a wireless bridge). Alternatively, the access point may be, but is not limited to, a car machine, a gateway device (e.g., a home gateway).

In this embodiment, the smart device 710 may be regarded as the first device mentioned above, and the access point 720 may be regarded as the second device mentioned above. The server 730 may associatively store the device identification information and the first data of the smart device 710.

The distribution network flow is as follows.

During the distribution process, the access point 720 may perform step S7210 to transmit a beacon frame (i.e., beacon frame) outwards in a broadcast manner, for example, the access point 720 may periodically transmit the beacon frame outwards. The beacon frame may include first identification information and/or second identification information in addition to information conforming to a frame format of an existing mechanism. The first identification information may be regarded as a special flag bit, and the first identification information may be used to characterize that the access point 720 which sent the beacon frame is currently in the distribution network mode. The second identification information is used to identify the access point 720, for example, the second identification information may be information that can characterize the identity of the access point 720, such as the MAC address of the access point 720.

Optionally, the access point 720 may include an interactive module (for convenience of distinction, may be referred to as a first interactive module), and the first interactive module may be provided to the User in the form of a UI (User Interface) control, an entity button, or the like. When the user performs a specific operation (e.g., clicking) through the first interaction module, the distribution network mode may be triggered, and the access point 720 performs S7210 to transmit the beacon frame in a broadcast manner.

The smart device 710 may perform step S7110, receiving the beacon frame.

As described above, the first identification information may be included in the beacon frame. Therefore, the smart device 710 may filter the received signal by determining whether the first identification information exists in the received signal, so as to filter out the beacon frame in which the first identification information exists.

Upon receiving the beacon frame in which the first identification information exists, the smart device 710 may perform step S7120 to transmit a probe request frame (i.e., a ProbeRequest frame) to the access point 720.

The probe request frame includes device identification information for characterizing the identity of the smart device 710. Optionally, the probe request frame further includes second identification information, and the device identification information (e.g., MAC address of the smart device) and the second identification information (e.g., MAC address of the access point 720) in the probe request frame may be used to indicate that the smart device 710 desires to complete the network with the access point 720. Optionally, the probe request frame may further include the first identification information.

Upon receiving the probe request frame, the access point 720 may perform step S7220 of transmitting the device identification information in the probe request frame to the server 730.

Optionally, the access point 720 may further include a second interactive module. The access point 720 may output device information of the smart device 710 desiring to access the network corresponding to the access point to the user, and the user may determine whether to allow the smart device 710 to access the network through the second interaction module. The access point 720 may perform step S7220 in response to the operation performed by the user through the second interaction module to allow the smart device 710 to access the network.

Upon receiving the probe request frame, the access point 720 may further perform step S7230 to generate second data. Here, the access point 720 may generate data in a variety of ways, for example, data may be generated based on a random data generation algorithm, i.e., random data is generated. The execution sequence of step S7220 and step S7230 is not limited in this disclosure.

As an example, after receiving the probe request frame, the access point 720 may first perform filtering according to the first identification information and/or the second identification information, and for the probe request frame in which the first identification information and/or the second identification information exists, the access point 720 may perform step S7220 and/or step S7230.

The server 730 may query the first data corresponding to the device identification information after receiving the device identification information. After finding the first data, the server 730 may execute step S7310 to send the first data to the access point 720.

The access point 720 may perform step S7240 based on the first data and the second data, which are acquired from the server 730, and the locally generated second data, and calculate a key based on the first data and the second data.

After calculating the key, the access point 720 may encrypt a network password (i.e., a network access password, such as a wifi password) by using the key, and the encrypted data may be appended to a probe response frame (i.e., a ProbeResponse frame).

In step S7250, the access point 720 may transmit a probe reply frame to the smart device 710. The probe reply frame may be considered a reply made by the access point 720 to the received probe request frame. The detection reply frame includes second data in addition to the encrypted network password. Wherein the second data may be appended in plaintext form to the sounding reply frame.

After receiving the probe reply frame, the smart device 710 may perform step S7130, calculate a key based on the second data in the probe reply frame and the first data stored in the smart device 710, and decrypt the encrypted data with the key to obtain the network password.

After obtaining the network password, the smart device 710 may perform step S7140, and complete a subsequent networking process based on the decrypted network password, and access the network corresponding to the access point 720.

It should be noted that in the embodiment, by appropriately modifying the frame formats of the beacon frame, the probe request frame, and the probe reply frame, the intelligent device can automatically obtain a network password (such as a wifi password) of an access point (e.g., a car machine), so as to connect to the access point, thereby completing the automatic network distribution process. In this embodiment, the specific frame formats in the beacon frame, the probe request frame, and the probe reply frame appear in the process of the distribution network. In the case of a non-distribution network, these customized contents may not be present in the relevant frames.

The following takes the key interaction between the smart device and the car machine as an example, and an implementation process of wifi provided by the smart device automatically connecting to the car machine is exemplarily described.

As shown in fig. 8, the device a is a wifi smart device providing wifi access function, which may be, but is not limited to, a smart socket shown in the figure. Equipment B is the car machine that can provide wifi.

The manufacturer of the device a may register manufacturer information and device information (including a MAC address and the like) to the cloud when the device leaves the factory, and pre-embed the SecurityNum (i.e., the above-mentioned first data) generated by the cloud on the device a.

In the process of network distribution, the device a may send a device identification code to the device B. After receiving the device identification code of the device a, the device B may generate a random number, and upload the device identification code and the random number to the cloud.

The cloud end can inquire the corresponding SecurityNum according to the equipment identification code, and then can calculate the key at the cloud end based on the SecurityNum and the random number and return the key to the equipment B.

Device B may encrypt the wifi password using the key, and send the random number and the encrypted data to device a.

Device a may calculate a key according to the reserved SecurityNum and the received random number, and may decrypt the encrypted data using the key to obtain the wifi password. So equipment A just can be based on the wifi of this wifi password automatic connection equipment B.

Fig. 9 shows a schematic block diagram of the structure of a first device according to the present disclosure. Wherein the functional blocks of the first device may be implemented by hardware, software, or a combination of hardware and software implementing the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks described in fig. 9 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.

In the following, functional modules that the first device may have and operations that each functional module may perform are briefly described, and for details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.

In one embodiment of the present disclosure, the first device 800 may include a transmitting module 820 and a calculating module 840.

The sending module 820 is configured to send, to the second device, device identification information and second data, where the device identification information is used to characterize the identity of the first device, and the second data is a part of data that participates in generating a key. Where the second data may be random data generated by the first device 800. Optionally, the first device 800 may further comprise a generating module for generating the second data.

The calculation module 840 is configured to calculate a key based on the second data and the first data corresponding to the device identification information. The first data may be stored in the first device 800 in advance, or may be acquired by the first device 800 from a server. For example, the first device 800 may transmit the device identification information to the server through the transmission module 820 to acquire the first data corresponding to the device identification information from the server.

Optionally, the first device 800 may further include a storage module 810, and the storage module 810 is configured to store the device identification information and the first data.

Optionally, the first device 800 may further include a receiving module 830, an encryption module, and/or a decryption module. The encryption module may be configured to encrypt the second message using the key, and the sending module 820 may send the encrypted second message to the second device. The receiving module 830 may receive the first message sent by the second device, and the decrypting module may be configured to decrypt the first message with the key.

In another embodiment of the present disclosure, the first device 800 may include a transmitting module 820, a receiving module 830, and a calculating module 840.

The sending module 820 is configured to send device identification information to the second device, where the device identification information is used to characterize the identity of the first device.

The receiving module 830 is configured to receive second data sent by the second device.

The calculation module 840 is configured to calculate a key based on the second data and the first data corresponding to the device identification information. The first data may be stored in the first device 800 in advance, or may be acquired from a server by the first device 800. For example, the first device 800 may include the storage module 810, and the storage module 810 may store the device identification information and the first data, and at this time, the calculation module 840 may calculate the key based on the received second data and the first data stored by the storage module 810. For another example, the first device 800 may also transmit the device identification information to the server through the transmission module 820 to obtain the first data corresponding to the device identification information from the server, at which time the calculation module 840 may calculate the key based on the received second data and the first data obtained from the server.

Optionally, the first device 800 may further comprise an encryption module and/or a decryption module. The encryption module may be configured to encrypt the second message using the key, and the sending module 820 may send the encrypted second message to the second device. The receiving module 830 may receive the first message sent by the second device, and the decrypting module may be configured to decrypt the first message with the key.

Fig. 10 shows a schematic block diagram of the structure of a second device according to the present disclosure. Wherein the functional blocks of the second device may be implemented by hardware, software, or a combination of hardware and software implementing the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks described in fig. 10 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.

In the following, functional modules that the second device may have and operations that each functional module may perform are briefly described, and for details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.

In one embodiment of the present disclosure, the second device 900 may include a receiving module 910 and a transmitting module 920.

As an example of the present disclosure, the receiving module 910 may receive device identification information sent by the first device, where the device identification information is used to characterize an identity of the first device. The transmitting module 920 may transmit the device identification information to the server. The receiving module 910 further receives a key sent by the server, where the key is obtained by the server based on the second data and the first data corresponding to the device identification information, and the sending module 920 is further configured to send the second data to the first device. Wherein the second data may be generated by the second device 900 or may be generated by a server. For example, the second device 900 may include a generating module, and the generating module may generate the second data, and the sending module 920 may send the second data to the server in addition to sending the device identification information to the server. For another example, in the case where the second data is generated by the server, the receiving module 910 receives the second data in addition to the key generated by the server.

As another example of the present disclosure, the receiving module 910 may receive the device identification information and the second data transmitted by the first device. The sending module 920 is configured to send the device identification information and the second data to the server. The receiving module is further configured to receive a key sent by the server, where the key is obtained by the server based on the second data and the first data corresponding to the device identification information.

Optionally, the second device 900 may further include an encryption module and/or a decryption module. The encryption module is used for encrypting the first message by using the key, the sending module is also used for sending the encrypted first message to the first equipment, the receiving module is also used for receiving a second message sent by the first equipment, and the decryption module is used for decrypting the second message by using the key.

In another embodiment of the present disclosure, the second device 900 may include a receiving module 910, a transmitting module 920, and a calculating module 930.

As an example of the present disclosure, the receiving module 910 is configured to receive device identification information sent by a first device, where the device identification information is used to characterize an identity of the first device. The sending module 920 is configured to send the device identification information to the server, and the receiving module 910 is further configured to receive first data sent by the server and corresponding to the device identification information. The calculation module 930 is configured to calculate a key based on the first data and the second data. The sending module 920 is further configured to send the second data to the first device. The second data may be data generated by the second device or data generated by the server. For example, the second device 900 may further comprise a generating module for generating the second data. For another example, the receiving module may further receive the second data sent by the server.

Optionally, the receiving module 910 may further receive a second message sent by the first device and encrypted by using a key, and the sending module 920 may further send the first message encrypted by using the key to the first device. The second device may also include an encryption module and/or a decryption module. The encryption module may be configured to encrypt the first message with a key. The decryption module may be operable to decrypt the received second message.

As another example of the disclosure, the receiving module 910 is configured to receive device identification information and second data, where the device identification information is used to characterize an identity of the first device, and the second data is a part of data participating in generating a key.

The sending module 920 is configured to send the device identification information to the server, and the receiving module 910 is further configured to receive first data sent by the server and corresponding to the device identification information. The calculation module 930 is configured to calculate a key based on the first data and the second data.

Fig. 11 shows a schematic block diagram of the structure of a server according to the present disclosure. Wherein the functional blocks of the server can be implemented by hardware, software, or a combination of hardware and software that implements the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks depicted in fig. 11 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.

In the following, functional modules that a server can have and operations that each functional module can perform are briefly described, and for details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.

In one embodiment of the present disclosure, the server 1000 includes a storage module 1010, a receiving module 1020, a lookup module 1030, and a sending module 1060.

The storage module 1010 is configured to store device identification information and first data in association with each other, where the device identification information is used to identify an identity of a first device, and the first data is a part of data involved in generating a key. The receiving module 1020 is configured to receive the device identification information sent by the second device. The searching module 1030 is configured to search for first data corresponding to the device identification information. The sending module 1060 is configured to send the found first data to the second device.

In another embodiment of the present disclosure, the server 1000 includes a storage module 1010, a receiving module 1020, a lookup module 1030, a calculation module 1050, and a sending module 1060.

The storage module 1010 is configured to store device identification information and first data in association with each other, where the device identification information is used to identify an identity of a first device, and the first data is a part of data involved in generating a key. The receiving module 1020 is configured to receive the device identification information and the second data sent by the second device. The searching module 1030 is configured to search for first data corresponding to the device identification information. The calculation module 1050 is configured to calculate a key based on the second data and the first data. The sending module 1060 is configured to send the key to the second device.

In yet another embodiment of the present disclosure, the server 1000 includes a storage module 1010, a receiving module 1020, a lookup module 1030, a generation module 1040, a calculation module 1050, and a sending module 1060.

The storage module 1010 is configured to store device identification information and first data in association with each other, where the device identification information is used to identify an identity of a first device, and the first data is a part of data involved in generating a key. The receiving module 1020 is configured to receive the device identification information sent by the second device. The searching module 1030 is configured to search for first data corresponding to the device identification information. The generating module 1040 is configured to generate second data for participating in generating the key. The calculation module 1050 is configured to calculate a key based on the second data and the first data. The sending module 1060 is configured to send the key and the second data to the second device.

FIG. 12 shows a schematic block diagram of the structure of a smart device according to one embodiment of the present disclosure. Wherein the functional blocks of the smart device can be implemented by hardware, software, or a combination of hardware and software that implement the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks described in fig. 12 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.

In the following, brief descriptions are given to functional modules that the intelligent device can have and operations that each functional module can perform, and details related thereto may be referred to the above related description, and are not repeated here.

Referring to fig. 12, the smart device 1100 includes a storage module 1110, a transceiver module 1120, a computing module 1130, a decryption module 1140, and a networking module 1150.

The storage module 1100 is configured to store device identification information and first data, where the device identification information is used to identify an identity of the smart device, and the first data is a first part of data participating in key generation.

The transceiver module 1120 is configured to send a probe request frame to the access point in response to receiving the beacon frame sent by the access point, where the probe request frame includes the device identification information, and receive a probe reply frame sent by the access point for the probe request frame, where the probe reply frame includes second data and encrypted data obtained by encrypting a network password with a key, and the second data is a second part of data participating in generating the key.

The calculation module 1130 is configured to calculate a key based on the first data and the second data.

The decryption module 1140 is used to decrypt the encrypted data based on the calculated key to obtain the network password.

The networking module 1150 is configured to access a network corresponding to the access point based on the network password.

Fig. 13 shows a schematic block diagram of the structure of an access point according to one embodiment of the present disclosure. Wherein the functional blocks of the access point may be implemented by hardware, software, or a combination of hardware and software implementing the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks described in fig. 13 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.

The functional modules that the access point may have and the operations that each functional module may perform are briefly described below, and for the details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.

Referring to fig. 13, the access point 1200 includes a transceiver module 1210, a generation module 1220, and a calculation module 1230.

The transceiver module 1210 is configured to send a beacon frame in a broadcast form, and is further configured to receive a probe request frame sent by the smart device, where the probe request frame includes device identification information of the smart device, and the transceiver module further sends the device identification information to the server and receives first data corresponding to the device identification information sent by the server, where the first data is a first part of data participating in key generation.

The generating module 1220 is configured to generate second data, which is a second part of data involved in generating the key.

The calculation module 1230 is configured to calculate a key based on the first data and the second data. The transceiver module 1210 is further configured to send a probe reply frame to the smart device, where the probe reply frame includes the second data and encrypted data obtained by encrypting the network password with the key.

The access point 1200 may further include a first interworking module for transmitting the beacon frame in a broadcast form by the transceiving module in response to an operation performed by the user with respect to the first interworking module.

The access point 1200 may also include a prompt module and a second interaction module. And the prompting module is used for outputting the equipment information of the intelligent equipment which is expected to access the network corresponding to the access point to the user. And responding to the operation of allowing the intelligent equipment to access the network, which is executed by the user through the second interaction module, and sending equipment identification information to the server by the transceiving module.

Referring to fig. 14, computing device 1300 includes a memory 1310 and a processor 1320.

Processor 1320 may be a multi-core processor or may include multiple processors. In some embodiments, processor 1320 may include a general-purpose host processor and one or more special purpose coprocessors such as a Graphics Processor (GPU), Digital Signal Processor (DSP), or the like. In some embodiments, processor 1320 may be implemented using custom circuits, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA).

The memory 1310 may include various types of storage units, such as system memory, Read Only Memory (ROM), and permanent storage. The ROM may store, among other things, static data or instructions for the processor 1320 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. Further, the memory 1310 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, may also be employed. In some embodiments, memory 1310 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a digital versatile disc read only (e.g., DVD-ROM, dual layer DVD-ROM), a Blu-ray disc read only, an ultra-dense disc, a flash memory card (e.g., SD card, min SD card, Micro-SD card, etc.), a magnetic floppy disk, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.

The memory 1310 has stored thereon executable code that, when processed by the processor 1320, may cause the processor 1320 to perform the communication methods described above.

The communication method, device, access point, server, system according to the invention have been described in detail above with reference to the accompanying drawings.

Furthermore, the method according to the invention may also be implemented as a computer program or computer program product comprising computer program code instructions for carrying out the above-mentioned steps defined in the above-mentioned method of the invention.

Alternatively, the invention may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or computing device, server, etc.), causes the processor to perform the steps of the above-described method according to the invention.

Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A communication method, adapted to be performed by a second device, comprising:

receiving equipment identification information sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment;

sending the equipment identification information to a server;

receiving first data which is sent by the server and corresponds to the equipment identification information;

calculating a key based on the first data and the second data;

sending the second data to the first device.

2. The communication method according to claim 1,

the second data is data generated by the second device, or

The method further comprises the following steps: and receiving second data sent by the server.

3. The communication method according to claim 1, further comprising:

sending a first message encrypted by the key to the first device; and/or decrypting the received second message sent by the first device by using the key.

4. A communication method, adapted to be performed by a second device, comprising:

sending the equipment identification information to a server;

receiving a key sent by the server, wherein the key is obtained by the server based on second data and first data corresponding to the equipment identification information;

sending the second data to the first device.

5. The communication method according to claim 4, further comprising:

sending the second data to the server; or

And receiving the second data sent by the server.

6. The communication method according to claim 4, further comprising:

7. A communication method, adapted to be performed by a second device, comprising:

receiving equipment identification information and second data sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment;

sending the equipment identification information to a server;

a key is calculated based on the first data and the second data.

8. The communication method according to claim 7, further comprising:

9. A communication method, adapted to be performed by a second device, comprising:

sending the device identification information and the second data to a server;

and receiving a key sent by the server, wherein the key is obtained by the server based on the second data and the first data corresponding to the equipment identification information.

10. The communication method according to claim 9, further comprising:

11. A communication method, adapted to be performed by a first device, comprising:

sending equipment identification information to second equipment, wherein the equipment identification information is used for representing the identity of the first equipment;

receiving second data sent by the second equipment;

and calculating a key based on the second data and the first data corresponding to the equipment identification information.

12. The communication method according to claim 11, further comprising:

sending a second message encrypted by the key to the second device; and/or decrypting the received first message sent by the second device by using the key.

13. The communication method according to claim 11,

the first device stores the first data, or

The method further comprises the following steps: and sending the equipment identification information to the server, and receiving first data which is sent by the server and corresponds to the equipment identification information.

14. A communication method, adapted to be performed by a first device, comprising:

sending equipment identification information and second data to second equipment, wherein the equipment identification information is used for representing the identity of the first equipment;

15. The communication method according to claim 14, further comprising:

16. The communication method according to claim 14,

the first device stores the first data, or

17. A communication method, adapted to be executed by a server, comprising:

the method comprises the steps of associatively saving equipment identification information and first data aiming at first equipment, wherein the equipment identification information is used for identifying the identity of the first equipment;

receiving equipment identification information and second data sent by second equipment;

searching first data corresponding to the equipment identification information;

calculating a key based on the second data and the first data;

and sending the key to the second equipment.

18. The communication method of claim 17, wherein the step of sending the key to the second device comprises:

and sending the key to the second equipment by utilizing a hypertext transfer security protocol.

19. The communication method according to claim 17, further comprising:

verifying the identity of the second device;

and under the condition that the identity of the second equipment is legal, executing the step of searching the first data corresponding to the equipment identification information.

20. The communication method according to claim 17, further comprising:

receiving equipment identification information sent by the first equipment;

and sending first data corresponding to the equipment identification information to the first equipment.

21. A communication method, adapted to be executed by a server, comprising:

receiving equipment identification information sent by second equipment;

searching first data corresponding to the equipment identification information;

generating second data for participating in the generation of the key;

calculating a key based on the second data and the first data;

and sending the key and the second data to the second equipment.

22. A communication method, adapted to be executed by a server, comprising:

the method comprises the steps of associatively saving equipment identification information and first data aiming at first equipment, wherein the equipment identification information is used for identifying the identity of the first equipment, and the first data is partial data participating in key generation;

receiving equipment identification information sent by second equipment;

searching first data corresponding to the equipment identification information;

and sending the searched first data to the second equipment.

23. The communication method according to claim 22, further comprising:

generating second data for participating in the generation of the key;

and sending the second data to the second equipment.

24. A second apparatus, comprising: a receiving module, a sending module and a calculating module,

the receiving module is configured to receive device identification information sent by a first device, where the device identification information is used to characterize an identity of the first device,

the sending module is configured to send the device identification information to a server,

the receiving module is further configured to receive first data corresponding to the device identification information sent by the server,

the calculation module is configured to calculate a key based on the first data and the second data,

the sending module is further configured to send the second data to the first device.

25. The second device of claim 24, further comprising: an encryption module and/or a decryption module,

the encryption module is configured to encrypt the first message using the key, the sending module is further configured to send the encrypted first message to the first device,

the receiving module is further configured to receive a second message sent by the first device, and the decryption module is configured to decrypt the second message using the key.

26. The second apparatus of claim 24,

the second data is data generated by the second device, or

The receiving module is further configured to receive second data sent by the server.

27. A second apparatus, comprising:

the device comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving device identification information sent by first equipment, and the device identification information is used for representing the identity of the first equipment;

a sending module for sending the device identification information to a server,

the receiving module is further configured to receive a key sent by the server, where the key is obtained by the server based on the second data and the first data corresponding to the device identification information,

28. A second apparatus, comprising: a receiving module, a sending module and a calculating module,

the receiving module is configured to receive device identification information and second data sent by a first device, where the device identification information is used to characterize an identity of the first device,

the calculation module is configured to calculate a key based on the first data and the second data.

29. A second apparatus, comprising:

the receiving module is used for receiving equipment identification information and second data sent by first equipment, wherein the equipment identification information is used for representing the identity of the first equipment;

a sending module for sending the device identification information and the second data to a server,

the receiving module is further configured to receive a key sent by the server, where the key is obtained by the server based on the second data and the first data corresponding to the device identification information.

30. A first device, comprising:

a sending module, configured to send device identification information to a second device, where the device identification information is used to characterize an identity of the first device;

a receiving module, configured to receive second data sent by the second device;

a calculation module for calculating a key based on the second data and the first data corresponding to the device identification information.

31. The first device of claim 30, further comprising: an encryption module and/or a decryption module,

the encryption module is configured to encrypt a second message using the key, the sending module is further configured to send the encrypted second message to the second device,

the receiving module is further configured to receive a first message sent by the second device, and the decryption module is configured to decrypt the first message using the key.

32. The first apparatus of claim 30,

the first device further comprises a storage module for storing the first data, or

The sending module is further configured to send the device identification information to the server, and the receiving module is further configured to receive first data sent by the server and corresponding to the device identification information.

33. A first device, comprising:

a sending module, configured to send device identification information and second data to a second device, where the device identification information is used to characterize an identity of the first device;

34. A server, comprising:

the device comprises a storage module, a first processing module and a second processing module, wherein the storage module is used for storing device identification information and first data for first equipment in a correlated manner, the device identification information is used for identifying the identity of the first equipment, and the first data is partial data participating in key generation;

the receiving module is used for receiving the equipment identification information and the second data sent by the second equipment;

the searching module is used for searching first data corresponding to the equipment identification information;

a calculation module for calculating a key based on the second data and the first data;

and the sending module is used for sending the key to the second equipment.

35. A server, comprising:

the receiving module is used for receiving the equipment identification information sent by the second equipment;

a generation module for generating second data for participating in generating a key;

and the sending module is used for sending the key and the second data to the second equipment.

36. A server, comprising:

and the sending module is used for sending the searched first data to the second equipment.

37. A communication system, comprising:

a second device as claimed in any one of claims 24 to 29;

a first device as claimed in any one of claims 30 to 33; and

a server as claimed in any one of claims 34 to 36.

38. A smart device, comprising:

the intelligent device comprises a storage module, a key generation module and a key generation module, wherein the storage module is used for storing equipment identification information and first data, the equipment identification information is used for identifying the identity of the intelligent device, and the first data is first part data participating in key generation;

the access point sends a probe request frame to the access point in response to receiving a beacon frame sent by the access point, where the probe request frame includes the device identification information, and the access point sends a probe reply frame to the access point, where the probe reply frame includes second data and encrypted data obtained by encrypting a network password with a key, and the second data is a second part of data that participates in generating the key;

a calculation module for calculating a key based on the first data and the second data;

the decryption module is used for decrypting the encrypted data based on the calculated secret key to obtain a network password; and

and the networking module is used for accessing a network corresponding to the access point based on the network password.

39. The smart device of claim 38,

the beacon frame includes first identification information and/or second identification information for identifying the access point,

the probe request frame further includes the first identification information and/or the second identification information.

40. An access point, comprising:

the system comprises a transceiving module, a receiving and sending module and a processing module, wherein the transceiving module is used for sending a beacon frame in a broadcast mode, the transceiving module is also used for receiving a detection request frame sent by an intelligent device, the detection request frame comprises device identification information of the intelligent device, the transceiving module also sends the device identification information to a server, and receives first data which is sent by the server and corresponds to the device identification information, and the first data is first part of data participating in key generation;

the generating module is used for generating second data, and the second data is a second part of data participating in key generation;

a calculation module for calculating a key based on the first data and the second data,

the transceiver module is further configured to send a probe reply frame to the smart device, where the probe reply frame includes the second data and encrypted data obtained by encrypting a network password with a key.

41. The access point of claim 40, further comprising: a first interactive module, the transceiver module transmitting a beacon frame in a broadcast form in response to an operation performed by a user with respect to the first interactive module.

42. The access point of claim 40, further comprising:

the prompting module is used for outputting equipment information of intelligent equipment which is expected to access the network corresponding to the access point to a user;

and the transceiver module is used for sending the equipment identification information to a server in response to the operation of allowing the intelligent equipment to access the network, which is executed by the user through the second interaction module.

43. The access point of claim 40,

the access point is a vehicle machine or gateway equipment.

44. A computing device, comprising:

a processor; and

a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any of claims 1 to 23.

45. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 1-23.