CN113301537B - Method, device, electronic equipment and storage medium for establishing communication connection - Google Patents

Method, device, electronic equipment and storage medium for establishing communication connection Download PDF

Info

Publication number
CN113301537B
CN113301537B CN202110546984.3A CN202110546984A CN113301537B CN 113301537 B CN113301537 B CN 113301537B CN 202110546984 A CN202110546984 A CN 202110546984A CN 113301537 B CN113301537 B CN 113301537B
Authority
CN
China
Prior art keywords
key
connection
communication connection
timestamp
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110546984.3A
Other languages
Chinese (zh)
Other versions
CN113301537A (en
Inventor
张志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shining Reality Wuxi Technology Co Ltd
Original Assignee
Shining Reality Wuxi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shining Reality Wuxi Technology Co Ltd filed Critical Shining Reality Wuxi Technology Co Ltd
Priority to CN202110546984.3A priority Critical patent/CN113301537B/en
Publication of CN113301537A publication Critical patent/CN113301537A/en
Application granted granted Critical
Publication of CN113301537B publication Critical patent/CN113301537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

The application discloses a method, a device, an electronic device and a storage medium for establishing communication connection. The specific implementation scheme is as follows: the method comprises the steps that first equipment receives a first key sent by second equipment, wherein the first key carries a first timestamp corresponding to first key generation time; the first device generates a second key, and matches the first key with the second key based on a first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key; in response to determining that the second device authentication is successful, the first device sends the connection information to the second device, so that the second device sends the connection information to the third device after the third device authentication is successful; the first device responds to a connection establishment request sent by the third device to establish communication connection with the third device.

Description

Method, device, electronic equipment and storage medium for establishing communication connection
Technical Field
The present application relates to the field of wireless communications, and in particular, to a method, an apparatus, an electronic device, and a storage medium for establishing a communication connection.
Background
With the development of intelligent home and intelligent wearable equipment and the rising of the technology of the Internet of things, a user can access the Internet or communicate with each other to conduct data transfer by using intelligent terminal equipment such as a mobile phone, a PC and a tablet in daily life. In addition, various intelligent home furnishings, intelligent home appliances, wearable devices and the like can be interconnected through short-distance wireless communication and other technologies, and even the intelligent home appliances, the wearable devices and the like can be directly connected to the Internet through a gateway, so that everything interconnection is truly realized, and the daily life of a user is greatly facilitated.
Disclosure of Invention
The embodiment of the disclosure provides a method, a device, electronic equipment and a storage medium for establishing communication connection.
In a first aspect, embodiments of the present disclosure provide a method for establishing a communication connection, the method comprising: the first equipment receives a first key sent by the second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; the first device generates a second key, and matches the first key with the second key based on a first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key; in response to determining that the second device authentication is successful, the first device sends connection information to the second device, so that the second device sends the connection information to the third device after the third device successfully authenticates the second device, wherein the connection information is used for establishing communication connection between the third device and the first device; the first device responds to a connection establishment request sent by the third device, and establishes communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on connection information.
In a second aspect, embodiments of the present disclosure provide an apparatus for establishing a communication connection, the apparatus comprising: a receiving unit configured to receive a first key transmitted by a second device based on an established communication connection; the first key carries a first timestamp corresponding to the first key generation time; an authentication unit configured to generate a second key, and match the first key with the second key based on a first timestamp and a second timestamp carried by the second key, so as to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key; a transmitting unit configured to transmit connection information to the second device in response to determining that the second device authentication is successful, so that the second device transmits the connection information to the third device after the third device successfully authenticates the second device, wherein the connection information is used for establishing communication connection between the third device and the first device; and a connection establishment unit configured to establish a communication connection with the third device in response to a connection establishment request transmitted by the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
In a third aspect, embodiments of the present disclosure provide an electronic device comprising:
one or more processors; a storage device having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement: receiving a first key sent by the second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key with the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the second equipment authentication is successful, sending connection information to the second equipment, so that the second equipment sends the connection information to the third equipment after the third equipment successfully authenticates the second equipment, wherein the connection information is used for establishing communication connection between the third equipment and the first equipment; and responding to a connection establishment request sent by the third device, and establishing communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
In a fourth aspect, embodiments of the present disclosure provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform: receiving a first key sent by the second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key with the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the second equipment authentication is successful, sending connection information to the second equipment, so that the second equipment sends the connection information to the third equipment after the third equipment successfully authenticates the second equipment, wherein the connection information is used for establishing communication connection between the third equipment and the first equipment; and responding to a connection establishment request sent by the third device, and establishing communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
Drawings
Other features, objects and advantages of the present disclosure will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present application may be applied;
fig. 2 is a schematic flow chart of a method for establishing a communication connection according to an embodiment of the present application;
fig. 3 is a schematic diagram of a specific structure of an apparatus for establishing a communication connection according to an embodiment of the present application;
fig. 4 is a schematic diagram of a specific structure of an electronic device for establishing a communication connection according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the present application are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
FIG. 1 illustrates an exemplary system architecture to which embodiments of a method or web page generation apparatus for establishing a communication connection of the present application may be applied.
As shown in fig. 1, the system architecture may include a first device, a second device, and a third device. The second device can be used as an intermediary between the first device and the third device to assist the first device and the third device in establishing communication connection.
The first, second and third devices may be electronic devices having various means for their connection to other devices, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic imaging expert compression standard audio plane 3), laptop portable computers, desktop computers, servers, appliances, etc.
The method and the device provided by the embodiment of the application can be applied to various fields, such as the field of intelligent home. As an example, in the smart home field, when communication connection is established between different home appliances, a situation may occur that the smart home is large, inconvenient to move or has no display panel (for example, communication connection between a smart air conditioner and a smart refrigerator needs to be established), at this time, communication connection may not be established between the smart air conditioner and the smart refrigerator in a direct connection manner, and in this case, establishment of communication connection between the smart air conditioner (first device) and the smart refrigerator (third device) may be assisted by using a mobile phone (second device) which is convenient to move as a medium.
It should be noted that, the method for establishing a communication connection provided in the embodiment of the present application may be generally performed by the first device, and accordingly, the apparatus for establishing a communication connection is generally provided in the first device. The method for establishing communication connection provided by the embodiment of the application is used for solving the problems that the connection operation is complex and the safety of communication connection cannot be ensured when equipment communication connection is performed by adopting the related communication connection establishment method.
The specific implementation flow diagram of the method for establishing communication connection provided by the application, as shown in fig. 2, mainly comprises the following steps:
the first device receives a first key sent by the second device based on the established communication connection, step 11.
Wherein the first device may have established a communication connection with the second device by means of short-range wireless communication or the like. It will be appreciated that the first device may typically establish a connection with the second device via wireless communication technologies such as near field communication technology (Near Field Communication, NFC), radio frequency identification technology (Radio Frequency Identification, RFID), bluetooth technology (bluetooth), etc.
In general, to ensure that a first device and a second device may establish a communication connection, the first device and the second device may include the same communication connection component. For example, the first device may establish a communication connection with the second device through NFC, and then the first device and the second device may include NFC devices for establishing an NFC connection (where the NFC devices may include chips and circuits that support an NFC protocol, etc.). When the first device needs to establish communication connection with the second device, the second device is only required to be close to the first device, and communication connection between the first device and the second device can be established.
In this embodiment, in order to ensure the security of the first device and the second device sending information through the established communication connection, the first device may authenticate the reliability of the second device before transmitting data to the second device. In order to facilitate authentication of the second device by the first device, the second device may generate a key and send the generated key to the first device in case it establishes a communication connection with the first device, so that the first device may authenticate the second device by means of the key. And under the condition that the secret key generated by the fixed character string is used for authentication, the secret key is in risk of leakage (or decoding), and the security is low. In order to solve the problem, in the embodiment of the application, a time stamp authentication mode is introduced, and authentication is performed by adding the time stamp into the secret key, so that the accuracy of an authentication result can be improved, and the safety of communication connection is further improved.
In the embodiment of the present application, the key generated by the second device and used by the first device to authenticate the second device may be a first key, where the first key may carry a first timestamp. The first timestamp may represent a time of the first key generation. The first device may perform a timestamp authentication on the second device according to a first timestamp carried in the first key. The specific authentication procedure of the first device to the second device is described in detail below and will not be described here again.
It can be appreciated that the first key may carry not only the first timestamp but also the seed file. The seed file may include a string that satisfies a preset length and format. The second device may process the first timestamp and the seed file using a TOTP algorithm (Time-based One-Time Password algorithm) or the like to generate the first key. Alternatively, embodiments of the present application may also process the timestamp and seed file to generate the key using an HOTP (HMAC-based One-Time Password) or similar algorithm, without limitation. In general, the second device may continuously generate the key when the second device is used as an intermediary between the first device and the third device to assist the first device and the third device in establishing the communication connection. In this case, when the first device needs to authenticate the second device, the most recently generated key may be acquired from the second device as the first key. Or under the condition that the second device is used as an intermediary between the first device and the third device to assist the first device and the third device to establish communication connection, the second device starts to generate a key under the condition that the first device receives a notification that the first device needs to authenticate the first device, so that the first device can authenticate the second device by using the generated key as the first key.
Step 12, the first device generates a second key, and matches the first key with the second key based on the first timestamp and a second timestamp carried by the second key, so as to authenticate the second device.
In this embodiment, to ensure that the first device can authenticate the second device based on the time stamp, the first device may determine the second time stamp from the time of receipt of the first key. The second timestamp may characterize a time at which the first key was received by the first device. The first device may match the first key with a second key generated by the first device itself based on the first key received in step 11, so as to facilitate authentication of the second device by the first device. It will be appreciated that, similar to the second device, the first device may also generate the second key by using the seed file and the timestamp, which will not be described herein.
In general, the first device may generate the key in real time, and in case that the first key is received, acquire the key generated at the latest moment as the second key. Alternatively, the first device may start generating the key after establishing communication with the second device, and when receiving the first key, acquire the key generated at the latest time as the second key. In the embodiment of the application, the first device and the second device can comprise an encryption and decryption module, so that the encryption and decryption module can generate a secret key and authenticate the secret key.
Thus, the first device may authenticate the second device by: the first device obtains a first key sent by the second device, determines a second timestamp corresponding to the received first key, generates a second key by encrypting the second timestamp and the seed file, further utilizes an encryption and decryption module to match the obtained first key with the second key generated by the first device, and if the first key and the second key are matched, authentication passes, otherwise, authentication fails. Here, the fact that the keys of the two devices match is understood to mean that the key acquired by the first device from the second device and the key generated by the first device are composed of the same timestamp and seed file.
And step 13, in response to determining that the second device authentication is successful, the first device sends the connection information to the second device, so that the second device sends the connection information to the third device after the third device successfully authenticates the second device.
Under the condition that the second device is used as an intermediary to assist the first device and the third device to establish communication connection, the first device needs to authenticate the second device, and the third device also needs to authenticate the second device.
In this embodiment, when the authentication of the first device to the second device passes, the connection information may be sent to the second device. The connection information may be used to establish a communication connection between the third device and the first device, where the connection information may include various information related to the communication connection, for example, whether the first device supports a wireless communication function such as wifi or bluetooth, an SN address, a bt name, a bt address, a bt dual-mode single-mode device type, whether the first device is connectable, and so on. The second device may then send the received connection information to the third device in case the third device authenticates the second device. It will be appreciated that the first device, the second device and the third device may support the same wireless communication protocol such that the first device and the third device may establish a communication connection. For example, if the first device, the second device, and the third device each establish a communication connection through NFC, the first device, the second device, and the third device each need to support an NFC communication protocol, and may at least include NFC means for establishing an NFC connection.
In general, in the case that the first device and the third device have a requirement of establishing a wireless communication connection, if the first device and the third device have problems of inconvenient movement, long distance between the first device and the third device when in use, and the like, the first device and the third device cannot be in communication connection, and at this time, the first device and the third device can be assisted in communication connection by taking the middle of the second device (such as a mobile phone) as an intermediary.
In step 14, the first device responds to the connection establishment request sent by the third device to establish a communication connection with the third device.
In this embodiment, when the third device receives the connection information of the first device from the second device, the third device may analyze the received connection information. Then, the third device may send a connection establishment request to the first device based on the analysis result. The connection establishment request may be a request generated by the third device based on the connection information sent by the first device, for requesting to establish a connection relationship between the third device and the first device. The first device may respond to the connection establishment request, so that the first device and the third device may establish a communication connection. Of course, the first device may not respond to the connection request, and the first device may not establish a communication connection with the third device.
By adopting the method for establishing communication connection provided by the embodiment of the application, the first equipment can send the connection information to the second equipment through the established communication connection, and the second equipment is used as a medium to forward the connection information to the third equipment, so that the third equipment can send a connection request to the first equipment according to the received connection information, and the first equipment can establish communication connection with the third equipment in response to the connection establishment request sent by the third equipment, thereby conveniently completing the establishment of the communication connection between the first equipment and the third equipment under the conditions that the first equipment and the third equipment are inconvenient to move, a display panel is not provided, and the like. Meanwhile, before information transmission is carried out by the first equipment and the third equipment through the second equipment as media, the first equipment and the third equipment respectively authenticate the second equipment, so that the safety of communication connection between the first equipment and the third equipment which are respectively and intermediately established by the second equipment is ensured, and the safety of communication connection between the first equipment and the third equipment which are intermediately established by the second equipment is further ensured.
In some optional embodiments, in order to ensure information security of the first device and the second device, when the first device and the second device transfer information, encryption technologies such as asymmetric encryption and the like may be utilized to encrypt information to be transferred, so as to realize encrypted communication between the first device and the second device, and ensure information security of the first device and the second device.
As an example, the first device and the second device may encrypt information transmitted therebetween using an asymmetric encryption algorithm (e.g., an RSA encryption algorithm, an elliptic curve encryption algorithm, an ElGamal encryption algorithm, etc.). In this case, the above step 13 may further include specific processes of the following sub-steps 1310 to 1320.
Sub-step 1310, the first device receives the second device public key.
The basic idea of asymmetric encryption is generally: "public key encryption, private key decryption". Therefore, when asymmetric encryption is performed, the two parties need to exchange public keys first, after the authentication of the first device to the second device is successful, the first device can send the own public key to the second device through the communication connection established between the first device and the second device (or can carry the own public key to send the second device together with the encryption information sent to the second device), and receive the public key of the second device.
In sub-step 1320, the first device encrypts the connection information using the second device public key through an asymmetric encryption algorithm to obtain encrypted information, and sends the encrypted information and the first device public key to the second device, so that the second device decrypts the encrypted information using the second device private key to obtain the connection information.
When the first device needs to send the connection information to the second device, the first device may encrypt the connection information using the public key of the second device, and send the encrypted information to the second device. After receiving the encrypted information, the second device can decrypt the encrypted information through the private key of the second device, and then connection information sent by the first device is obtained. Similarly, when the second device needs to send information to the first device, the second device may encrypt the information by using the public key of the first device, and send the encrypted information to the first device, and after receiving the encrypted information, the first device may decrypt the encrypted information by using its own private key, so as to obtain information sent by the second device.
It will be appreciated that in step 13, in addition to the encryption of information by using an asymmetric encryption algorithm, the first device and the second device may also encrypt information by using one or more of various other encryption algorithms, such as a data encryption standard algorithm (Data Encryption Standard, DES), a 3DES algorithm (Triple DES), a TDEA algorithm, a Blowfish algorithm, an RC5 algorithm, and an IDEA algorithm. The method for encrypting the information between the first device and the second device by using the encryption algorithm belongs to a conventional technical means in the technical field of data encryption, and is not described herein.
In some alternative embodiments, when the first device authenticates the second device, there is typically a time difference in information transfer, where the time difference may cause a difference between the time when the first device receives the first key sent by the second device and the time when the second device generates the first key, and thus may cause the authentication of the second device by the first device to fail. For example, the second device is a first key generated at "12:39:59" and sent to the first device, and the time for the first device to receive the first key is: "12:40:00", then the first timestamp carried in the first key in this case is: "12:39", and the second timestamp carried in the second key is: and 12:40, when the first equipment authenticates the second equipment, the first timestamp 12:39 is not matched with the second timestamp 12:40, so that the authentication failure of the first equipment to the second equipment is caused, and the subsequent data transmission of the first equipment and the second equipment is influenced.
In order to avoid the above problem, in this embodiment, the first device may authenticate the second device by two or more times of key matching, and if there is one authentication success, it may be determined that the second device authentication is successful.
As an example, after the authentication of the first device to the second device fails, the first device may send an authentication failure notification to the second device, and the second device may send a key with a new timestamp to the first device again in response to the authentication failure notification, so that the first device may re-authenticate the second device based on the key. In this case, the above step 12 may further include the specific processing procedures of sub-step 1210 to sub-step 1220 described below.
Sub-step 1210, in response to determining that the first key does not match the second key, the first device fails to authenticate the second device, and the first device sends an authentication failure notification to the second device.
After the authentication of the first device to the second device fails, the first device may send an authentication failure notification to the second device, and further, the second device may generate a new key, i.e. a fifth key, again according to the current timestamp in response to the authentication failure notification, and send the new fifth key to the first device.
In sub-step 1220, the second device is authenticated in response to the first device receiving the fifth key sent by the second device. Wherein the fifth key is generated by the second device in response to the authentication failure notification.
It will be appreciated that there may be two situations in which the second device receives the authentication failure notification sent by the first device. In the first case, the second device itself has a reliability problem, and thus, the first device fails to authenticate the second device. In the second case, the second device is a reliable device, but the first timestamp and the second timestamp have the problem of jumping at adjacent moments, so that authentication fails, and the case belongs to misjudgment. In order to further improve the accuracy of authentication and avoid the problem of misjudgment, the second device may request the first device to authenticate again after receiving the notification of authentication failure. Specifically, the second device may send the fifth key to the first device, so that the first device authenticates the first device based on the fifth key in an authentication manner similar to that provided in the above embodiment. The fifth key may be generated by the second device based on the current time in response to receiving the notification of authentication failure, and the fifth key may include a time stamp for generating the fifth key, so that the first device may re-authenticate the second device based on the time stamp. It will be appreciated that if the second device fails authentication based on the second scenario, the first device may pass the authentication when it re-authenticates it. Therefore, the probability of authentication failure is reduced, and the accuracy of authentication is improved. It can be understood that, in some alternative implementations of this embodiment, the problem of the authentication failure of the second device caused by the second case may be further processed by the following schemes:
The first device may acquire a previous key (which may be a key generated before the second key in the above embodiment is generated, and there is no other key between the key and the second key) from the key generated by itself, and then update the above second key, and re-determine the previous key as the second key. The first device may authenticate the second device using the updated second key. Here, the first device may authenticate the second device in a similar way as in the above-described embodiments. By adopting the scheme, the problem of authentication failure of the second equipment caused by time stamp jump can be avoided, and after the authentication failure for the first time, the authentication failure message is not required to be transmitted between the first equipment and the second equipment, so that the authentication efficiency of the first equipment to the second equipment is further improved.
In this embodiment, in order to ensure the security of the communication connection established between the first device and the third device, the first device may perform identity authentication on the third device when establishing the communication connection with the third device, and establish the communication connection with the third device after determining that the identity of the third device is legal.
As an example, when the first device receives the connection establishment request sent by the third device, the first device may perform authentication on the third device according to the unique identification information of the third device and/or the key of the third device, and determine whether a communication connection can be established with the third device according to the authentication result, where in this case, step 14 may further include the following specific processing procedures of sub-steps 1410-1440.
Sub-step 1410, the first device receives a connection establishment request sent by the third device.
The connection establishment request may carry unique identification information of the third device, where the unique identification information may be, for example, an id of the third device or a device number of the third device.
Sub-step 1420, the first device determines whether the third device is a trusted device based on the unique identification information of the third device.
In this embodiment, if the third device has established communication connection with the first device for multiple times, it may indicate that the third device is generally safer, and further, the devices with the number of times of accumulated connection with the first device exceeding a threshold number of times may be used as trusted devices of the first device, and further, the first device may store unique identification information corresponding to the trusted devices, so that the subsequent first device may directly determine, according to the unique identification information, whether the device to be established communication connection is the trusted device, thereby improving efficiency of establishing communication connection with the third device. The threshold value can be set by itself according to actual needs, and is usually at least 1.
Sub-step 1430, if the third device is determined to be a trusted device, the first device establishes a communication connection with the third device.
In order to avoid the problem that the first device needs to perform identity authentication on the device sending the connection establishment request before establishing the communication connection every time, so that the equipment computing resource is wasted, and the communication connection establishment efficiency is reduced.
Sub-step 1440, if it is determined that the third device is an untrusted device, the first device performs identity authentication on the third device according to a third key obtained from the third device, and establishes a communication connection with the third device after determining that the third device identity is legal. Wherein the third key carries a third timestamp characterizing a time at which the connection establishment request was generated by the third device.
The first device may indicate that the third device is the first establishment of a communication connection with the first device in the case when it is determined that the third device is an untrusted device. In this case, in order to ensure the information security of the first device and the security of the communication connection established between the first device and the second device, the first device generally needs to perform identity authentication on the third device, and determines that the communication connection is established with the third device if the identity authentication of the third device passes. The embodiment can avoid the first equipment from establishing connection with the third equipment with illegal identity, and ensures the safety of the first equipment.
Alternatively, the first device may authenticate the third device by verifying the key carrying the timestamp. For example, after the first device determines that the third device is an untrusted device, the first device may acquire a third key from the third device (or the third key may also be directly carried in a connection establishment request sent by the third device to the first device, where the acquiring manner and the acquiring timing of the third key are not limited in the embodiment of the present application), and perform identity authentication on the third device based on the third key. In this case, sub-step 1440 may also include the specific processing of sub-step 1441-1444 described below.
Sub-step 1441, the first device may determine a fourth timestamp.
Wherein the fourth timestamp may be used to characterize a time at which the connection establishment request was received by the first device.
Sub-step 1442, the first device generates a fourth key. Wherein the fourth key may carry a fourth timestamp.
The first device may encrypt the fourth timestamp by an encryption algorithm (e.g., a TOTP algorithm, an RSA encryption algorithm, an elliptic curve encryption algorithm, an ElGamal encryption algorithm, etc.) to generate a fourth key.
Sub-step 1443, the first device determines whether the third key and the fourth key match based on the third timestamp and the fourth timestamp.
The first device can decrypt the obtained third key and the fourth key generated by the first device by using the encryption and decryption module to obtain a third timestamp carried by the third key and a fourth timestamp carried by the fourth key, and further the first device can determine whether the third key and the fourth key are matched by judging whether the third timestamp is identical to the fourth timestamp, and further determine whether the third device identity is legal according to the matching result.
In sub-step 1444, in response to determining that the third key matches the fourth key, the first device determines that the third device identity is legitimate.
In addition, when the first device performs identity authentication on the third device, there may also occur a problem that the time when the first device receives the connection establishment request sent by the third device and the time when the third device generates the connection establishment request change due to a time difference of information transfer, so that the identity authentication of the first device on the third device is not passed. In order to avoid the above problem, the first device may perform identity authentication on the third device by matching the key generated near the time stamp change critical point by two or more times, and may determine that the identity of the third device is legal if there is one pass of matching. By adopting the scheme, the problem that the authentication of the third equipment fails due to time variation can be avoided, so that the efficiency of establishing communication connection between the third equipment and the first equipment is improved. Specifically, the first device may use the same processing scheme as that for the second device authentication failure problem caused by the change of the timestamp to process the third device authentication failure problem, and the detailed scheme is described above, and will not be repeated here.
After the communication connection between the first device and the third device is established, the first device may store device information (such as a device ID or a device number) of the third device, record the accumulated connection times with the third device, and further, after the first device receives a new connection establishment request, the first device may determine, according to the stored information and the connection times threshold, whether the device sent to the connection establishment request is a trusted device, and determine, based on a determination result, whether identity authentication needs to be performed on the device.
In some alternative embodiments, whether the first device can establish a communication connection with the third device may need to ensure that, in addition to determining that the identity of the third device is legal, the current connection state of the first device is in a normal state, rather than an abnormal state (the abnormal state indicates that the first device cannot currently establish a communication connection, and the abnormal state may be caused by the number of the current connection devices of the first device reaching an upper limit, or a problem that a current wireless communication module of the first device fails, etc.), so as to ensure that after the identity authentication of the third device is legal, the first device may successfully establish a communication connection with the third device, so in this embodiment, before the first device establishes a communication connection with the third device, the current connection state of the first device needs to be determined.
Alternatively, the first device may determine the current connection state of the first device according to the number of devices for which the connection is currently established. In this case, the first device may determine its current connection state by: the method comprises the steps that a first device obtains the current device connection number; in response to the current device connection number being greater than or equal to the connection threshold, the first device determining that the current connection state is an abnormal state; and in response to the current device connection number being less than the connection threshold, the first device determines that the current connection state is a normal state.
When the first device determines that the current connection state is a normal state and the identity of the third device is legal (or the third device is a trusted device), the first device may establish a communication connection with the third device.
In this embodiment, when the first device determines that the current connection state is an abnormal state, the first device may determine, according to whether the third device is a trusted device, a subsequent processing manner of a connection establishment request for the third device, so that the efficiency of establishing the communication connection is ensured, and meanwhile, the security of the established communication connection is ensured. It will be appreciated that the subsequent handling of the request for the third device connection establishment may also be determined in other ways, which are not limited solely here. As an example, even if the first device determines that the current connection state is an abnormal state, the user may still need to establish a communication connection between the first device and the third device due to the use need. In this example, the user may cancel the abnormal state of the first device by means of a manual operation or the like, and execute the above steps 11 to 14 again to establish a communication connection between the first device and the third device.
As an example, when the first device determines that the current connection state is an abnormal state, the following manner may be adopted for the trusted device and the untrusted device, respectively:
1. for the case where the third device is a trusted device:
if the first device determines that the current connection state is an abnormal state, the first device may interrupt the communication connection established with the other device and establish a communication connection with the third device.
By the scheme, the first equipment can be guaranteed to be preferentially connected with the trust equipment in a communication mode, so that the information safety of the first equipment is guaranteed, and meanwhile, the communication connection establishment efficiency aiming at the trust equipment is improved.
2. For the case where the third device is an untrusted device:
if the first device determines that the current connection state is an abnormal state, the first device may send an abnormal notification to the third device and stop establishing the communication connection with the third device.
Through the scheme, the stability of the established communication connection of the first equipment is ensured, and meanwhile, potential safety hazards possibly caused by directly establishing the communication connection with the non-trusted equipment are avoided.
In some alternative embodiments, when the distance between the first device and the third device is too long, even though the second device is used as an intermediary, the first device may still be caused to fail to establish a connection with the third device. Or even after the first device establishes a communication connection with the third device through the second device as a medium, a link instability may exist, which affects normal use of the devices.
In order to avoid the above problem, in some alternative embodiments, the distance between the first device and the third device may be determined by the second device, and the second device may establish a communication connection with the first device only when the distance between the first device and the third device is smaller than the preset distance, and further, the second device is used as an intermediary to assist the first device to establish a communication connection with the third device. As an example, the second device may establish a communication connection with the first device in the following way: the second device obtains the distance between the first device and the third device, and establishes communication connection with the first device under the condition that the distance is smaller than the preset distance.
By adopting the scheme, when the distance between the first equipment and the third equipment is too large, the second equipment can refuse to establish communication connection with the first equipment, so that the problem that the first equipment can not be normally used due to unstable communication connection link even after the connection with the third equipment is established due to the fact that the first equipment takes the second equipment as a medium to establish processing resources consumed in the communication connection process with the third equipment is solved.
In general, the distance between two electronic devices when they establish a communication connection cannot exceed the communication distance of the wireless technology itself, and thus, when the distance between the first device and the third device exceeds the distance, a good communication connection cannot be established between the two devices. In order to solve the problem that the first device and the second device cannot be connected due to the long distance, in some alternative embodiments, the second device may also be used as a relay to realize communication connection between the first device and the third device which are far away.
In this embodiment, when the second device is used as an intermediary to assist the first device and the third device in establishing a communication connection, the second device may determine whether to enable the wireless relay function according to the actually measured distance between the first device and the third device. The second device may set the maximum communication distance between the first device and the third device to be not more than 2 times the communication distance of the wireless technology itself (for example, the WIFI communication distance is generally about 30 meters, and then the second device may set the maximum communication distance between the first device and the third device to be 60 meters according to the actual communication distance of the current WIFI device). As an example, the second device may calculate the distance between the first device and the third device, thereby determining whether the wireless relay function needs to be activated:
the second device is firstly connected with the first device, then the second device is moved to a third device which needs to be in communication connection with the first device proposal, and the distance between the first device and the third device is calculated on the second device; the second device can then determine whether to start the wireless relay function according to whether the distance between the first device and the third device exceeds a preset maximum communication distance; if the second device judges that the wireless relay function needs to be started, the second device can prompt a user to place the second device at an intermediate position between the first device and the third device; after the placement is completed, the second device may be used as a wireless repeater, at which time the third device may send a connection request to the second device, so that the second device may send the received second device to the first device; the first device responds to the connection establishment request of the third device, and can establish communication connection with the third device through the second device. Under the condition, when the first equipment and the third equipment transmit signals, the communication signals are firstly transmitted to the second equipment, and the second equipment is used for transmitting signals to assist the first equipment and the third equipment in transmitting signals, and after the wireless signals between the first equipment and the third equipment are stable, the wireless relay function of the second equipment can be regarded as being started.
Optionally, for the difference of wireless communication technologies used when the communication connection is established between the devices, the second device may be used as a wireless relay to implement the establishment of the communication connection between the first device and the third device in the following two manners:
(1) The first device, the second device and the third device are connected by using the same wireless technology;
if the first device, the second device and the third device all use wifi to perform wireless communication, when the second device is used as a wireless relay, the second device can respectively establish wireless connection with the first device and the second device through wifi, when data transmission is performed, the first device firstly sends information to the second device, and the second device forwards the information to the third device, and reverse transmission is the same.
(2) The first device, the second device and the third device are connected by using different wireless technologies;
if the first device and the third device use bluetooth to perform wireless communication, the second device uses wifi to perform wireless communication, when the second device is used as a wireless relay, the second device can respectively establish wireless connection with the first device and the second device through wifi, when data transmission is performed, the first device firstly sends information to the second device, and the second device forwards the information to the third device, and reverse transmission is the same.
In some alternative embodiments, the second device may determine whether the connection information of the fourth device received from the fourth device is already stored therein before assisting in establishing the communication connection between the first device and the third device as an intermediate device. If the connection information of the fourth device is already stored in the second device, the connection information of the fourth device may be deleted, and the communication connection between the first device and the third device may be established as an auxiliary intermediate device after the connection information of the fourth device is deleted. For example, there may be four devices currently, namely, a first device, a third device, and a fourth device, and a second device serving as an intermediary, where the device that needs to establish a connection is the first device and the third device, and where the user uses the second device to touch the fourth device by mistake, so as to ensure that the subsequent establishment of a communication connection between the first device and the third device may be assisted by the second device, the second device may clear connection information of the fourth device thereon according to an operation of the user, and so on.
Optionally, after the second device receives the connection information of the fourth device, the second device may automatically clear the connection information of the fourth device if the preset time period is exceeded. The implementation manner can facilitate the subsequent continuous use of the second device as an intermediary to assist other devices in communication connection.
By adopting the method for establishing communication connection provided by the embodiment of the application, the first equipment can send the connection information to the second equipment through the established communication connection, and the second equipment is used as a medium to forward the connection information to the third equipment, so that the third equipment can send a connection request to the first equipment according to the received connection information, and the first equipment can establish communication connection with the third equipment in response to the connection establishment request sent by the third equipment, thereby conveniently completing the establishment of the communication connection between the first equipment and the third equipment under the conditions that the first equipment and the third equipment are inconvenient to move, a display panel is not provided, and the like. Meanwhile, before information transmission is carried out by the first equipment and the third equipment through the second equipment as media, the first equipment and the third equipment can respectively authenticate the second equipment, so that the safety of communication connection between the first equipment and the third equipment which are established by taking the second equipment as media is ensured, and the safety of communication connection between the first equipment and the third equipment which are established by taking the second equipment as media is further ensured.
In addition, the embodiment of the application also provides a device for establishing communication connection, which is used for solving the problems that the connection operation is complex and the safety of the communication connection cannot be ensured when the equipment is in communication connection by adopting the related communication connection establishment method. The specific structure diagram of the communication connection establishment device is shown in fig. 3, and includes: a receiving unit 21, an authentication unit 22, a transmitting unit 23, and a connection establishment unit 24. Wherein the receiving unit 21 is configured to receive a first key transmitted by the second device based on the established communication connection; the first key carries a first timestamp corresponding to the first key generation time; an authentication unit 22 configured to generate a second key and match the first key with the second key based on a first timestamp and a second timestamp carried by the second key, to authenticate the second device, wherein the second timestamp is used to characterize a time when the first key was received by the first device; a transmitting unit 23 configured to transmit, in response to determining that the authentication of the second device is successful, connection information to the second device, so that the second device transmits the connection information to the third device after the authentication of the second device by the third device is successful, wherein the connection information is used for establishing a communication connection between the third device and the first device; a connection establishment unit 24 configured to establish a communication connection with the third device in response to a connection establishment request sent by the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
In one embodiment, the connection establishment unit 24 is further configured to: receiving a connection establishment request sent by a third device, wherein the connection establishment request carries unique identification information of the third device; judging whether the third device is a trusted device according to the unique identification information of the third device, wherein the trusted device represents the device which establishes communication connection exceeding a threshold number of times; if yes, establishing communication connection with third equipment; if not, carrying out identity authentication on the third equipment according to a third key acquired from the third equipment, and after determining that the third equipment identity is legal, establishing communication connection with the third equipment, wherein the third key carries a third timestamp which is used for representing the time of the third equipment for generating a connection establishment request.
In one embodiment, the connection establishment unit 24 is further configured to: determining a fourth timestamp, wherein the fourth timestamp is used for representing the time when the connection establishment request is received; generating a fourth key, wherein the fourth key carries a fourth timestamp; determining whether the third key and the fourth key match based on the third timestamp and the fourth timestamp; in response to determining that the third key matches the fourth key, the third device identity is determined to be legitimate.
In one embodiment, the transmitting unit 23 is further configured to: receiving a second device public key; and encrypting the connection information by using the second equipment public key through an asymmetric encryption algorithm to obtain encrypted information, and sending the encrypted information and the first equipment public key to the second equipment so that the second equipment decrypts the encrypted information by using the second equipment private key to obtain the connection information.
In one embodiment, the connection establishment unit 24 is further configured to: determining a current connection state; if the current connection state is a normal state, establishing communication connection with third equipment; if the current connection state is abnormal, interrupting the communication connection established with other equipment and establishing communication connection with third equipment.
In one embodiment, the connection establishment unit 24 is further configured to: determining a current connection state; if the current connection state is a normal state, establishing communication connection with third equipment; if the current connection state is an abnormal state, the first device sends an abnormal notification to the third device and stops establishing communication connection with the third device.
In one embodiment, the connection establishment unit 24 is further configured to: acquiring the current equipment connection number; determining that the current connection state is an abnormal state in response to the current equipment connection number being greater than or equal to the connection threshold; and determining that the current connection state is a normal state in response to the current device connection number being less than the connection threshold.
In one embodiment, the connection establishment unit 24 is further configured to: and saving the device information of the third device and the accumulated connection times with the third device.
In one embodiment, the authentication unit 22 is further configured to: in response to determining that the first key does not match the second key, failing to authenticate the second device; sending an authentication failure notification to the second device; and authenticating the second device in response to receiving a fifth key sent by the second device, wherein the fifth key is generated by the second device in response to the authentication failure notification.
In one embodiment, the receiving unit 21 is further configured to: and acquiring the distance between the third device and the first device, and establishing communication connection with the first device under the condition that the distance is smaller than the preset distance.
By adopting the device for establishing communication connection provided by the embodiment of the application, the first equipment can send the connection information to the second equipment through the established communication connection, and the second equipment is used as a medium to forward the connection information to the third equipment, so that the third equipment can send a connection request to the first equipment according to the received connection information, and the first equipment can establish communication connection with the third equipment in response to the connection establishment request sent by the third equipment, thereby conveniently completing the establishment of the communication connection between the first equipment and the third equipment under the conditions that the first equipment and the third equipment are inconvenient to move and the display panel is not provided. Meanwhile, before information transmission is carried out by the first equipment and the third equipment through the second equipment as media, the first equipment and the third equipment respectively authenticate the second equipment, so that the safety of communication connection between the first equipment and the third equipment which are respectively and intermediately established by the second equipment is ensured, and the safety of communication connection between the first equipment and the third equipment which are intermediately established by the second equipment is further ensured.
Fig. 4 is a schematic structural view of an electronic device according to an embodiment of the present application. Referring to fig. 4, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 4, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs, and forms a data synchronization device on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations: receiving a first key sent by the second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key with the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the second equipment authentication is successful, transmitting connection information to the second equipment, so that the second equipment transmits the connection information to the third equipment after the third equipment successfully authenticates the second equipment, wherein the connection information is used for establishing communication connection with the third equipment; and responding to a connection establishment request sent by the third device, and establishing communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
The method performed by the electronic device for establishing a communication connection as disclosed in the embodiment of fig. 3 of the present application may be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
Of course, other implementations, such as a logic device or a combination of hardware and software, are not excluded from the electronic device of the present application, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or a logic device.
The embodiments of the present application also provide a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment of fig. 2, and in particular to perform the operations of: receiving a first key sent by the second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key with the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the second equipment authentication is successful, transmitting connection information to the second equipment, so that the second equipment transmits the connection information to the third equipment after the third equipment successfully authenticates the second equipment, wherein the connection information is used for establishing communication connection with the third equipment; and responding to a connection establishment request sent by the third device, and establishing communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the application in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the application. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.

Claims (16)

1. A method for establishing a communication connection, applied to the field of smart home, comprising:
The method comprises the steps that first equipment receives a first key sent by second equipment based on an established communication connection, wherein the first key carries a first timestamp corresponding to first key generation time;
the first device generates a second key, and matches the first key with the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key;
in response to determining that the second device authentication is successful, the first device sends connection information to the second device, so that the second device sends the connection information to a third device after the second device authentication is successful, wherein the connection information is used for establishing communication connection between the third device and the first device;
the first device responds to a connection establishment request sent by the third device, and judges whether the third device is a trusted device according to unique identification information of the third device carried in the connection establishment request, wherein the connection establishment request is a request generated by the third device based on the connection information, and the trusted device represents a device which establishes communication connection with the first device for more than a threshold number of times;
And if the third device is a trusted device, the first device establishes a communication connection with the third device.
2. The method of claim 1, further comprising:
if the third device is not a trusted device, the first device performs identity authentication on the third device according to a third key acquired from the third device, and establishes communication connection with the third device after determining that the third device identity is legal, wherein the third key carries a third timestamp, and the third timestamp is used for representing the time when the third device generates the connection establishment request.
3. The method of claim 2, wherein the first device authenticating the third device according to a third key obtained from the third device comprises:
the first device determining a fourth timestamp, wherein the fourth timestamp is used for characterizing the time when the connection establishment request is received by the first device;
the first device generates a fourth key, wherein the fourth key carries the fourth timestamp;
the first device determining, based on the third timestamp and fourth timestamp, whether the third key and fourth key match;
In response to determining that the third key matches the fourth key, the first device determines that the third device identity is legitimate.
4. The method of claim 1, wherein the sending connection information to the second device comprises:
the first device receives a second device public key;
the first device encrypts the connection information by using the second device public key through an asymmetric encryption algorithm to obtain encrypted information, and sends the encrypted information and the first device public key to the second device so that the second device decrypts the encrypted information by using the second device private key to obtain the connection information.
5. The method of claim 2, wherein the first device establishes a communication connection with the third device, further comprising:
the first device determines a current connection state;
if the current connection state is a normal state, the first device establishes communication connection with the third device;
and if the current connection state is an abnormal state, the first device interrupts the communication connection established with other devices and establishes communication connection with the third device.
6. The method of claim 2, wherein, after the first device authenticates the third device based on the third key obtained from the third device and determines that the third device identity is legitimate, the method further comprises:
the first device determines a current connection state;
if the current connection state is a normal state, the first device establishes communication connection with the third device;
and if the current connection state is an abnormal state, the first device sends an abnormal notification to the third device and stops establishing communication connection with the third device.
7. The method of claim 5 or 6, wherein the first device determining a current connection state comprises:
the first equipment acquires the current equipment connection number;
in response to the current device connection number being greater than or equal to a connection threshold, the first device determining that the current connection state is an abnormal state;
and in response to the current device connection number being less than the connection threshold, the first device determines that the current connection state is a normal state.
8. The method of claim 1, wherein after the first device establishes a communication connection with the third device, the method further comprises:
The first device stores the device information of the third device and the accumulated connection times with the third device.
9. The method of claim 1, wherein, in response to determining that the second device authentication was successful, the first device sends connection information to the second device, the method further comprising:
in response to determining that the first key does not match the second key, the first device fails to authenticate the second device;
the first device sends authentication failure notification to the second device;
and authenticating the second device in response to the first device receiving a fifth key sent by the second device, wherein the fifth key is generated by the second device in response to the authentication failure notification.
10. The method of claim 1, wherein prior to the first device receiving the first key sent by the second device based on the established communication connection, the method further comprises:
the second device obtains the distance between the first device and the third device, and establishes communication connection with the first device when the distance is smaller than a preset distance.
11. An apparatus for establishing a communication connection, disposed at a first device, the apparatus comprising:
a receiving unit configured to receive a first key transmitted by a second device based on an established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time;
an authentication unit configured to generate a second key and match the first key with the second key based on the first timestamp and a second timestamp carried by the second key, so as to authenticate the second device, wherein the second timestamp is used for characterizing the time when the first device receives the first key;
a sending unit configured to send connection information to a second device in response to determining that authentication of the second device is successful, so that the second device sends the connection information to a third device after authentication of the second device is successful by the third device, wherein the connection information is used for establishing communication connection between the third device and the first device;
a connection establishment unit configured to respond to a connection establishment request sent by the third device, and judge whether the third device is a trusted device according to unique identification information of the third device carried in the connection establishment request, wherein the connection establishment request is a request generated by the third device based on the connection information, and the trusted device represents a device which establishes communication connection with the first device for more than a threshold number of times; and if the third device is a trusted device, establishing communication connection with the third device.
12. The apparatus of claim 11, wherein the connection establishment unit is further configured to:
if the third device is not a trusted device, performing identity authentication on the third device according to a third key acquired from the third device, and after determining that the third device identity is legal, establishing communication connection with the third device, wherein the third key carries a third timestamp, and the third timestamp is used for representing the time when the third device generates the connection establishment request.
13. The apparatus of claim 12, the connection establishment unit configured to:
determining a current connection state;
when the current connection state is a normal state, establishing communication connection with the third device;
and when the current connection state is an abnormal state, interrupting the communication connection established with other equipment and establishing communication connection with the third equipment.
14. The apparatus of claim 12, the connection establishment unit configured to:
determining a current connection state;
when the current connection state is a normal state, establishing communication connection with the third device;
And when the current connection state is an abnormal state, sending an abnormal notification to the third device, and stopping establishing communication connection with the third device.
15. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-10.
16. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-10.
CN202110546984.3A 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection Active CN113301537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110546984.3A CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110546984.3A CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Publications (2)

Publication Number Publication Date
CN113301537A CN113301537A (en) 2021-08-24
CN113301537B true CN113301537B (en) 2023-09-15

Family

ID=77322816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110546984.3A Active CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Country Status (1)

Country Link
CN (1) CN113301537B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114916091A (en) * 2022-04-20 2022-08-16 Oppo广东移动通信有限公司 Equipment interconnection method and device, electronic equipment and storage medium
CN115242390B (en) * 2022-09-26 2023-01-06 杭州思拓瑞吉科技有限公司 Energy storage control data packet transmission method and assembly based on timestamp

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702605A (en) * 2017-06-30 2018-10-23 华为技术有限公司 A kind of method and apparatus that wireless communication connection is established
CN109510798A (en) * 2017-09-14 2019-03-22 深圳光峰科技股份有限公司 Method for authenticating and control equipment, middle control service equipment
CN110611905A (en) * 2019-08-09 2019-12-24 华为技术有限公司 Information sharing method, terminal device, storage medium, and computer program product
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702605A (en) * 2017-06-30 2018-10-23 华为技术有限公司 A kind of method and apparatus that wireless communication connection is established
CN109510798A (en) * 2017-09-14 2019-03-22 深圳光峰科技股份有限公司 Method for authenticating and control equipment, middle control service equipment
CN110611905A (en) * 2019-08-09 2019-12-24 华为技术有限公司 Information sharing method, terminal device, storage medium, and computer program product
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium

Also Published As

Publication number Publication date
CN113301537A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
US10733603B2 (en) Method and apparatus for facilitating electronic payments using a wearable device
CN110995642B (en) Providing secure connections using pre-shared keys
KR101671351B1 (en) Privacy enhanced key management for a web service provider using a converged security engine
US9509502B2 (en) Symmetric keying and chain of trust
US9621540B2 (en) Secure provisioning of computing devices for enterprise connectivity
US9762567B2 (en) Wireless communication of a user identifier and encrypted time-sensitive data
JP2018515011A (en) Method and apparatus for authenticating user, method and apparatus for registering wearable device
WO2019201154A1 (en) Method and apparatus for communication between internet of things devices
JP2017518651A (en) Wireless communication connection establishment method and system
EP3457656B1 (en) Identity verification method and system, and intelligent wearable device
US20150264021A1 (en) Pseudonymous remote attestation utilizing a chain-of-trust
CN113301537B (en) Method, device, electronic equipment and storage medium for establishing communication connection
CN109862560B (en) Bluetooth authentication method, device, equipment and medium
CN111355684B (en) Internet of things data transmission method, device and system, electronic equipment and medium
US8918844B1 (en) Device presence validation
JP6650513B2 (en) Method and device for registering and authenticating information
EP4068834A1 (en) Initial security configuration method, security module, and terminal
WO2023279897A1 (en) Secure binding method and system, storage medium, and electronic apparatus
CN107026730B (en) Data processing method, device and system
WO2023279283A1 (en) Method for establishing secure vehicle communication, and vehicle, terminal and system
EP3221996B1 (en) Symmetric keying and chain of trust
CN109960935B (en) Method, device and storage medium for determining trusted state of TPM (trusted platform Module)
WO2017044677A1 (en) Method and apparatus for facilitating electronic payments using a wearable device
KR102434275B1 (en) Remote resetting to factory default settings, a method and a device
US20210400492A1 (en) Secure pairing and pairing lock for accessory devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant