CN113596827A - Key generation method and device, electronic equipment and storage medium - Google Patents
Key generation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113596827A CN113596827A CN202110865646.6A CN202110865646A CN113596827A CN 113596827 A CN113596827 A CN 113596827A CN 202110865646 A CN202110865646 A CN 202110865646A CN 113596827 A CN113596827 A CN 113596827A
- Authority
- CN
- China
- Prior art keywords
- key
- electronic device
- electronic equipment
- association information
- electronic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 94
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000004891 communication Methods 0.000 claims description 51
- 238000001914 filtration Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 7
- 230000003993 interaction Effects 0.000 description 18
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the application discloses a secret key generation method and device, electronic equipment and a storage medium. The method comprises the following steps: the first electronic equipment responds to the received broadcast signal and establishes connection with the second electronic equipment; the first electronic equipment generates a first key and key association information corresponding to the first key; the first electronic equipment sends a first key and key association information to second electronic equipment, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic equipment and the second electronic equipment. Therefore, after the connection is established between the first electronic device and the second electronic device, the security verification can be performed on the service between the program in the first electronic device and the program in the second electronic device through the generated first key and the key association information corresponding to the first key, and the security of the service transaction of the program across devices is further improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a key generation method and apparatus, an electronic device, and a storage medium.
Background
In recent years, more and more smart devices (such as mobile phones, headsets, watches, etc.) establish connections through near field communication (such as BLE, BT, etc.). Many programs are often installed in intelligent devices, and the security of interaction between programs across devices is yet to be improved.
Disclosure of Invention
In view of the above problems, the present application provides a key generation method, device, electronic device and storage medium to achieve an improvement of the above problems.
In a first aspect, the present application provides a key generation method, including: the method comprises the steps that a first electronic device responds to a received broadcast signal and establishes connection with a second electronic device, wherein the second electronic device is a device for sending the broadcast signal; the first electronic equipment generates a first key and key association information corresponding to the first key; and the first electronic equipment sends the first key and the key association information to the second electronic equipment, wherein the first key and the key association information are used for carrying out security verification on the application service between the first electronic equipment and the second electronic equipment.
In a second aspect, the present application provides a key generation method, including: the second electronic equipment transmits a broadcast signal; the second electronic equipment is connected with first electronic equipment, and the first electronic equipment is electronic equipment receiving the broadcast signal; the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, wherein the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.
In a third aspect, the present application provides a key generation apparatus, operable on a first electronic device, the apparatus including: the connection unit is used for responding to the received broadcast signal and establishing connection with second electronic equipment, and the second electronic equipment is equipment for sending the broadcast signal; a first key generation unit, configured to generate a first key and key association information corresponding to the first key; and the information communication unit is used for sending the first key and the key association information to the second electronic equipment, and the first key and the key association information are used for performing security verification on the application service between the first electronic equipment and the second electronic equipment.
In a fourth aspect, the present application provides a key generation apparatus, operable on a second electronic device, the apparatus including: a broadcast signal transmitting unit for transmitting a broadcast signal; the connection unit is used for establishing connection with first electronic equipment, and the first electronic equipment is electronic equipment receiving the broadcast signal;
the information communication unit is configured to receive a first key sent by a first electronic device and key association information corresponding to the first key, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and a second electronic device.
In a fifth aspect, the present application provides an electronic device comprising one or more processors and a memory; one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.
In a sixth aspect, the present application provides a computer-readable storage medium having a program code stored therein, wherein the program code performs the above method when running.
According to the key generation method, the key generation device, the electronic device and the storage medium, after the first electronic device responds to a received broadcast signal and establishes connection with the second electronic device, the first electronic device regenerates a first key and key association information corresponding to the first key and sends the first key and the key association information to the second electronic device, and the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device. Therefore, after the connection is established between the first electronic device and the second electronic device, the security verification can be performed on the service between the program in the first electronic device and the program in the second electronic device through the generated first key and the key association information corresponding to the first key, and the security of the service transaction of the program across devices is further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating an application scenario of a key generation method proposed in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating another application scenario of a key generation method proposed in an embodiment of the present application;
fig. 3 is a flowchart illustrating a key generation method according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating security verification based on a first key and key association information according to an embodiment of the present application;
fig. 5 shows a flowchart of a key generation method according to another embodiment of the present application;
fig. 6 is a flowchart illustrating a key generation method according to still another embodiment of the present application;
fig. 7 shows a flowchart of a key generation method according to another embodiment of the present application;
fig. 8 shows a flowchart of a key generation method according to another embodiment of the present application;
fig. 9 shows a flowchart of a key generation method according to another embodiment of the present application;
fig. 10 is a timing diagram illustrating a key generation method according to an embodiment of the present application;
fig. 11 is a timing chart showing another key generation method proposed in the embodiment of the present application;
fig. 12 is a block diagram illustrating a cell connection control apparatus according to an embodiment of the present application;
fig. 13 is a block diagram showing a configuration of a key generation apparatus according to another embodiment of the present application;
fig. 14 is a block diagram showing a key generation apparatus according to still another embodiment of the present application;
fig. 15 is a block diagram showing a configuration of a key generation apparatus according to still another embodiment of the present application;
fig. 16 is a block diagram showing a configuration of a key generation apparatus according to still another embodiment of the present application;
fig. 17 is a block diagram illustrating an electronic device according to the present application;
fig. 18 is a storage unit for storing or carrying program codes for implementing a key generation method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
With the increasing abundance of communication functions of electronic devices, more electronic devices can be connected with each other in a near field communication manner. The near field communication method may include a ble (bluetooth Low energy) method, a bt (traditional bluetooth) method, or the like.
Many programs are typically installed in electronic devices. Such as an instant messaging program or an image browsing program. However, the inventors have found that the security of the interaction between the programs across the devices remains to be improved. Wherein, the interaction between the programs of the cross-device can be understood as the interaction between the program in one electronic device and the program of another electronic device. The interaction may include data transmission, etc. However, in the interaction process between the cross-device programs, the identity authentication of the programs is not performed any more, or the data transmitted between the cross-device programs is not encrypted independently any more, which may cause a certain potential safety hazard.
Therefore, in order to improve the above problem, the inventor proposes a key generation method, an apparatus, an electronic device, and a storage medium provided by the present application, in which after a first electronic device establishes a connection with a second electronic device in response to a received broadcast signal, the first electronic device regenerates a first key and key-related information corresponding to the first key, and sends the first key and the key-related information to the second electronic device, and the first key and the key-related information are used for performing security verification on an application service between the first electronic device and the second electronic device.
Therefore, after the connection is established between the first electronic device and the second electronic device, the service between the program in the first electronic device and the program in the second electronic device can be encrypted through the generated first key and the key association information corresponding to the first key, and the safety of the service transaction of the program across devices is further improved.
An application scenario related to the embodiment of the present application is described below.
As shown in fig. 1, an application scenario according to an embodiment of the present application includes an electronic device 100 and an electronic device 200. Wherein, the connection between the network module of the electronic device 100 and the network module of the electronic device 200 can be established by means of near field communication. Further, the program in the electronic apparatus 100 and the program in the electronic apparatus 200 may interact with each other by establishing a connection based on the near field communication. The interaction may include establishment of a data transmission channel and data interaction. Alternatively, the data interaction may include the delivery of text data or the delivery of image data.
It should be noted that the electronic device 100 in fig. 1 may be understood as a first electronic device in this embodiment, and the electronic device 200 may be understood as a second electronic device in this embodiment. Of these, the types of first and second electronic devices shown in fig. 1 are merely exemplary. For example, as shown in fig. 2, the second electronic device may be a wireless headset 210 in addition to the smartphone shown in fig. 1. Furthermore, the first electronic device may be a tablet computer, a computer, or the like, in addition to the smart phone shown in fig. 1. Moreover, the second electronic device may be the device shown in fig. 1 and fig. 2, and may also be a smart band, a smart watch, or the like.
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 3, a key generation method provided in the embodiment of the present application includes:
s110: the first electronic device responds to the received broadcast signal and establishes connection with a second electronic device, and the second electronic device is a device for sending the broadcast signal.
As one way, one function of the second electronic device sending the broadcast signal is to enable other electronic devices to discover themselves and then establish a connection with themselves. In this embodiment, the second electronic device may start to transmit the broadcast signal in multiple situations.
As one approach, the second electronic device may start transmitting the broadcast signal after power-on. After the second electronic device is powered on and started, in order to enable other electronic devices to discover itself, the second electronic device may start to transmit the broadcast signal. For example, taking the second electronic device as the smart television as an example, after the smart television is powered on and started, the smart television may start to transmit the broadcast signal, and the smart television may continue to transmit the broadcast signal during operation.
Alternatively, the second electronic device may start transmitting the broadcast signal after detecting that the user triggers the designation operation. The setting operation may include a pressing operation on a designated physical key in the second electronic device, or may be a gesture operation on an interface displayed by the second electronic device. For example, some electronic devices may not automatically transmit the broadcast signal after being started, but may start to transmit the broadcast signal after a user operates the electronic device. For another example, after the electronic device has established a connection, the user needs to trigger the second electronic device to establish a connection with a new electronic device, and then the second electronic device may be triggered to transmit a broadcast signal by pressing a designated physical key in the second electronic device.
As still another way, the second electronic device may start transmitting the broadcast signal after displaying the designated interface. It should be noted that some programs of the second electronic device need to perform service interaction with other electronic devices, and then the second electronic device may start to transmit the broadcast signal after detecting that there is a program that needs to perform service interaction with other electronic devices. Optionally, the second electronic device may determine whether a program that needs to perform service interaction with other electronic devices is running by detecting whether the currently displayed interface is a designated interface. Correspondingly, the designated interface is an interface of a program which needs to perform service interaction with other electronic equipment.
After receiving the broadcast signal, the first electronic device may identify the broadcast signal, and then acquire the related network information of the electronic device that transmits the broadcast signal, and then may establish a connection with the electronic device that transmits the broadcast signal (the second electronic device) based on the related network information. For example, if the second electronic device sends a broadcast signal based on bluetooth communication, after receiving the broadcast signal, the first electronic device may acquire the related network information of the second electronic device, and then perform bluetooth pairing with the second electronic device to implement connection.
S120: the first electronic device generates a first key and key association information corresponding to the first key.
The first key is used for performing security verification on application services between the first electronic device and the second electronic device subsequently. The application service may include a service between a program of the first electronic device and a program of the second electronic device, and may further include a service related to a function of the second electronic device. For example, a first program is installed in the first electronic device, and a second program is installed in the second electronic device, where a service between the first program and the second program may be an application service. For another example, if the second electronic device is a wireless headset and the first electronic device is a smart phone, the service related to the function of the wireless headset may include a service for transmitting audio data from the smart phone to the wireless headset. For another example, if the second electronic device is a smart television and the first electronic device is a smart phone, the service related to the function of the smart television may include a service of transmitting audio and video data from the smart phone to the smart television.
Wherein the security verification may include at least one of authentication and encryption of service data. It should be noted that the identity authentication may be understood as performing identity authentication between programs, so that the programs interacting with each other may determine whether each other is a legitimate program. The service data can be understood as data mutually transmitted in the process of performing cross-device interaction on the program, and the encryption of the service data can be understood as the encryption of the service data.
In this embodiment, the first electronic device may generate a string of random numbers as a first key based on a specified protocol, and generate another random number as key association information corresponding to the first key. The protocol that can generate random numbers can be the designated protocol. The protocol for generating the first key and the protocol for generating the key-related information corresponding to the first key may be different or the same.
In the security verification process, data to be encrypted can be encrypted based on the first key to obtain encrypted data to be transmitted to the opposite end, and for the end receiving the encrypted data, the corresponding first key can be read out from the local based on the key association information, so as to decrypt the received encrypted data.
S130: and the first electronic equipment sends the first key and the key association information to the second electronic equipment, wherein the first key and the key association information are used for carrying out security verification on the application service between the first electronic equipment and the second electronic equipment.
It should be noted that, as described in the foregoing, the first key is used for security verification of the application service. Therefore, after the first electronic device generates the first key and the key association information, the first key and the key association information are sent to the second electronic device so that the second electronic device can store the first key and the key association information.
It should be noted that the first electronic device may generate the first key and the key-related information corresponding to the first key with the second electronic device, and may also generate the first key and the key-related information corresponding to the first key with the other electronic devices. The first key generated between the first electronic device and the different electronic device and the key association information corresponding to the first key may be different. In this case, in order to enable the electronic devices to distinguish the different first keys and the key association information corresponding to the first keys, as one mode, the first electronic device further includes, after establishing a connection with the second electronic device in response to the received broadcast signal: the first electronic device sends the device identification of the first electronic device to the second electronic device, so that the second electronic device stores the device identification of the first electronic device in association with the first key and the key association information; the first electronic device receives the device identification of the second electronic device sent by the second electronic device, so as to store the device identification of the second electronic device in association with the first key and the key association information.
Optionally, in the process that the first electronic device stores the first key and the key association information corresponding to the first key, the device identifier of the first electronic device, the device identifier of the second electronic device, the first key, and the key association information corresponding to the first key may be stored in an associated manner, so that the first electronic device may recognize the first key and the key association information corresponding to the first key, and the key association information is generated by negotiation with the second electronic device. Correspondingly, in the process that the second electronic device stores the first key and the key association information corresponding to the first key, the device identifier of the first electronic device, the device identifier of the second electronic device, the first key and the key association information corresponding to the first key may be stored in an associated manner, so that the second electronic device may recognize the first key and the key association information corresponding to the first key, and the key association information is generated by negotiation with the first electronic device.
After the first electronic device and the second electronic device negotiate to generate and complete the first key and the key association information, security verification can be performed through the first key and the key association information corresponding to the first key in a subsequent cross-device program service process.
As one mode, after the first electronic device sends the first key and the key association information to the second electronic device, the method further includes: the method comprises the steps that first electronic equipment obtains service data, wherein the service data are data to be sent to a second program by a first program, and the second program is a program in second electronic equipment; encrypting the service data based on the first key to obtain encrypted service data; and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment. Illustratively, as shown in fig. 4, a program a in the first electronic device 100 interacts with a program (not shown in the figure) in the second electronic device 210 across devices. The communication data a generated by the program a is data to be transmitted to the program in the second electronic device 210. The communication data a includes encrypted service data and key association information, and the encrypted service data is obtained by encrypting, by the first electronic device 100, voice data a (a type of service data) based on the first key. The key-related information is not separately encrypted, so that the program in the second electronic device 210 can directly obtain the key-related information without decryption after obtaining the communication data. After obtaining the key association information, the second electronic device 210 may locally read a first key corresponding to the key association information according to the association relationship, and then decrypt the encrypted service data based on the read first key, so as to obtain the voice data a.
In the key generation method provided in this embodiment, after a first electronic device responds to a received broadcast signal and establishes a connection with a second electronic device, the first electronic device generates a first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device. Therefore, after the connection is established between the first electronic device and the second electronic device, the service between the program in the first electronic device and the program in the second electronic device can be encrypted through the generated first key and the key association information corresponding to the first key, and the safety of the service transaction of the program across devices is further improved.
Referring to fig. 5, a method for generating a key according to an embodiment of the present application includes:
s210: the first electronic device responds to the received broadcast signal and establishes connection with a second electronic device, and the second electronic device is a device for sending the broadcast signal.
S220: and if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment negotiates with the second electronic equipment to generate a second key based on a designated key negotiation mode.
It should be noted that, during the process of negotiating the first key, the first electronic device and the second electronic device are involved. The negotiated key and other information are transmitted between the first electronic device and the second electronic device. For example, the first electronic device may transmit its device identification and the first key to the second electronic device. However, in the process of transmitting the negotiated key and other information, an illegal device may hijack the first key and other information, and then, in order to improve the security of the negotiated key and other information, the negotiated key and other information may be encrypted and then transmitted. In this embodiment, the first electronic device and the second electronic device may negotiate to generate the second key in multiple ways. For example, the generation of the second key may be negotiated based on the UKEY2 mode. The second key may also be generated by means of a preset key.
S230: the first electronic device generates a first key and key association information corresponding to the first key.
S240: if the first electronic device and the second electronic device are connected for the first time, the first electronic device encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the key association information to the second electronic device, wherein the first key and the key association information are used for performing security verification on application services between the first electronic device and the second electronic device.
In the key generation method provided by this embodiment, after the connection is established between the first electronic device and the second electronic device, for the service between the program in the first electronic device and the program in the second electronic device, the generated first key and the key-related information corresponding to the first key may be used for encryption, so that the security of the service transaction between the programs across devices is improved. In addition, in this embodiment, when it is detected that the first electronic device and the second electronic device are connected for the first time, a second key is negotiated between the first electronic device and the second electronic device, so that the first key and the key-related information corresponding to the first key are encrypted by the second key, thereby reducing the probability that the first key and the key-related information corresponding to the first key are hijacked, and further improving the security of subsequent interaction based on the first key and the key-related information corresponding to the first key.
Referring to fig. 6, a key generation method provided in the embodiment of the present application includes:
s310: the first electronic device responds to the received broadcast signal and establishes connection with a second electronic device, and the second electronic device is a device for sending the broadcast signal.
S320: and if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment negotiates with the second electronic equipment to generate a second key based on a designated key negotiation mode.
S330: and if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment generates and stores a third key and sends the third key to the second electronic equipment.
It should be noted that a certain amount of time is required to be consumed in the process of the first electronic device and the second electronic device negotiating to generate the second key. Then, by means of generating and storing the third key first under the condition of first connection, the third key can be directly adopted to encrypt data in the negotiation process without negotiating the second key under the subsequent non-first connection condition, and therefore the interaction efficiency of the first electronic device and the second electronic device is improved.
In the embodiment of the present application, the first electronic device may have multiple ways of determining whether the connection with the second electronic device is the first connection. As a mode, if the received broadcast signal is a first broadcast signal, determining that the first electronic device and the second electronic device are connected for the first time; and if the received broadcast signal is a second broadcast signal, determining that the first electronic equipment is not connected with the second electronic equipment for the first time. It should be noted that, after the first electronic device establishes the connection with the second electronic device for the first time, the first electronic device locally generates the third key and sends the third key to the second electronic device. The second electronic device may detect whether a third key is locally stored in the process of generating the broadcast signal to be transmitted, if it is detected that the third key is not locally stored, the second electronic device may generate the first broadcast signal, and if it is detected that the third key is locally stored, the second electronic device may generate the second broadcast signal. Alternatively, in the embodiment of the present application, a broadcast signal generated based on an employed communication protocol may be used as the first broadcast signal. It is possible to additionally add designation information to a broadcast signal generated based on an employed communication protocol, and then to use a first broadcast signal to which the designation information is added as a second broadcast signal. For example, if the second electronic device is currently communicating with the first electronic device based on the bluetooth communication protocol, the broadcast signal generated based on the bluetooth communication protocol is the first broadcast signal, and if the specific information is added to the broadcast signal generated based on the bluetooth communication protocol, the broadcast signal is the second broadcast signal.
In this case, the first electronic device may determine whether the received broadcast signal is the first broadcast signal or the second broadcast signal by recognizing whether the designation information is carried in the received broadcast signal. The specific information may be information that is configured in advance and stored in the electronic device.
Alternatively, after establishing a connection with the second electronic device, the first electronic device may negotiate with the second electronic device to generate a first key, and may store a device identifier of the second electronic device in association with the first key. If the broadcast signal sent by the second electronic device carries the device identifier of the second electronic device, it may be locally searched whether there is a first key corresponding to the device identifier of the second electronic device, and if there is a first key corresponding to the device identifier of the second electronic device, it is determined that the first electronic device and the second electronic device are not connected for the first time, and if not, it is determined that the first electronic device and the second electronic device are not connected for the first time.
In this embodiment of the application, optionally, after receiving the broadcast signal sent by the second electronic device, the first electronic device may first identify whether the broadcast signal carries the device identifier, and if the device identifier is detected, may identify whether to connect to the second electronic device for the first time based on whether the first key corresponding to the device identifier is found. If no device identification is detected, it may be determined whether to connect to the second electronic device for the first time based on the aforementioned identification of whether the additional information is present in the received broadcast signal.
S340: the first electronic device generates a first key and key association information corresponding to the first key.
S350: if the first electronic device and the second electronic device are connected for the first time, the first electronic device encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the key association information to the second electronic device, wherein the first key and the key association information are used for performing security verification on application services between the first electronic device and the second electronic device.
S360: and if the first electronic equipment is not connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the encrypted key association information to the second electronic equipment.
It should be noted that, in addition to generating the third key with the second electronic device, the first electronic device may also generate the third key with other electronic devices, so that the first electronic device locally stores a plurality of third keys. As a way of selecting a third key adapted to a second electronic device from a plurality of third keys, before the first electronic device encrypts the first key and the key-related information based on the stored third key and sends the encrypted first key and the key-related information to the second electronic device, the method further includes: if the first electronic device is not connected with the second electronic device for the first time, the first electronic device acquires a stored third key as a key to be selected; and taking a key matched with key filtering information corresponding to the second electronic device in the keys to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic device is obtained from wireless data sent by the second electronic device. The wireless data may be wireless data carried in a second broadcast signal sent by the second electronic device, or wireless data carried in a wireless signal sent by the second electronic device after the second electronic device establishes a connection with the first electronic device. For example, the second electronic device may transmit the key filtering information to the first electronic device along with the device characteristic information when transmitting the device characteristic information to the first electronic device. Optionally, the first electronic device may detect, based on a Bloom filter algorithm, which specific third key in the to-be-selected keys is matched with the key filtering information, and then use the matched third key as the determined third key. In this manner, after encrypting the first key and the key association information based on the stored third key, the first electronic device sends the encrypted first key and the encrypted key association information to the second electronic device, including: and the first electronic equipment encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic equipment.
Furthermore, it should be noted that, in the embodiment of the present application, the first electronic device and the second electronic device negotiate to generate the first key. The protocol for generating the first key may be different, which is supported by different electronic devices, so that the first key may be used differently by different electronic devices. For electronic devices with different first key usage manners, it may be impossible to successfully complete security verification based on the first key and key association information corresponding to the first key.
In order to avoid this problem, as a mode, before the first electronic device negotiates with the second electronic device to generate a second key based on a specified key negotiation mode if the first electronic device and the second electronic device are connected for the first time, the method further includes: the first electronic equipment sends a protocol version number to the second electronic equipment, wherein the protocol version number is the protocol version number of a protocol used for generating a first key; and the first electronic equipment receives equipment characteristic information returned by the second electronic equipment, wherein the equipment characteristic information at least comprises a protocol version number of the second electronic equipment and a specified key negotiation mode supported by the second electronic equipment, and the equipment characteristic information is sent after the protocol version number of the second electronic equipment is determined to be compatible with the protocol version number of the first electronic equipment by the second electronic equipment. In this way, after receiving the device feature information, if the first electronic device is connected to the second electronic device for the first time, the first electronic device may negotiate with the second electronic device to generate the second key based on the specified key negotiation manner supported by the second electronic device.
Therefore, through the above manner, the manners of generating the first key and the key association information corresponding to the first key by the first electronic device and the second electronic device are mutually compatible, and the first key and the key association information corresponding to the first key are used subsequently based on the same manner, so that the effectiveness of subsequently using the first key and the key association information corresponding to the first key is further improved.
In the key generation method provided by this embodiment, after the connection is established between the first electronic device and the second electronic device, for the service between the program in the first electronic device and the program in the second electronic device, the generated first key and the key-related information corresponding to the first key may be used for encryption, so that the security of the service transaction between the programs across devices is improved. In addition, in this embodiment, under the condition that the first electronic device and the second electronic device are connected for the first time, the first electronic device may further generate and store a third key, and may transmit the third key to the second electronic device, so that under the condition that the first electronic device and the second electronic device are not connected for the first time, the third key may be directly used to encrypt data in a negotiation stage (for example, the third key, the device identifier of the first electronic device, or the device identifier of the second electronic device) without performing negotiation of the second key in real time, which is favorable for improving the efficiency of completing transmission of the third key between the first electronic device and the second electronic device. After the second electronic device is connected back to the first electronic device, the time consumed in the negotiation stage (i.e., the first key and the previous stage) can be shortened under the condition of improving the safety of cross-device interaction of the program, and therefore, the interaction efficiency is higher.
Referring to fig. 7, a key generation method provided in the embodiment of the present application includes:
s410: the first electronic device responds to the received broadcast signal and establishes connection with a second electronic device, and the second electronic device is a device for sending the broadcast signal.
S420: detecting whether an account bound by the first electronic device corresponds to a first key and key association information corresponding to the first key.
As one way, the electronic device may bind an account, and the electronic devices bound with the same account may perform security verification on the application service using the same first key and corresponding key association information. Optionally, after the first electronic device generates the first key and the corresponding key association information, the generated first key and the corresponding key association information may be synchronized to other electronic devices bound with the same account. The first electronic device may send the first key to be synchronized and the corresponding key association information to the server through the network, and then the server sends the first key and the corresponding key association information to other electronic devices bound with the same account, so that the other electronic devices also bound with the account may directly use the first key and the key association information acquired from the server without performing a key negotiation step.
The key agreement step performed differently may be understood as a step after the first electronic device establishes a connection with the second electronic device. For example, steps S120 to S130 in the foregoing embodiment, or may include steps S220 to S240 in the foregoing embodiment.
S430: and if so, performing security verification on the service between the application program in the first electronic equipment and the application program in the second electronic equipment based on the first key corresponding to the account and the key association information corresponding to the first key.
S440: and if not, the first electronic equipment generates a first key and key association information corresponding to the first key.
S450: and the first electronic equipment sends the first key and the key association information to the second electronic equipment, wherein the first key and the key association information are used for carrying out security verification on the application service between the first electronic equipment and the second electronic equipment.
In the key generation method provided by this embodiment, after the connection is established between the first electronic device and the second electronic device, for the service between the application program in the first electronic device and the application program in the second electronic device, the generated first key and the key-related information corresponding to the first key may be used for encryption, so that the security of the service transaction between the programs across devices is improved. In addition, in this embodiment, when the first electronic device is bound with an account, it may be first detected whether the account already corresponds to the third key, and then the generation of the third key is not performed in real time when the account already has the third key, so as to improve the efficiency of performing interaction between applications across devices.
Referring to fig. 8, a key generation method provided in the embodiment of the present application includes:
s510: the second electronic device transmits a broadcast signal.
As shown in the foregoing embodiment, the second electronic device may determine whether the transmitted broadcast signal is the first broadcast signal or the second broadcast signal by whether the third key is locally stored, so that the first electronic device may identify whether to connect to the second electronic device for the first time by the broadcast signal.
S520: and the second electronic equipment is connected with first electronic equipment, and the first electronic equipment is the electronic equipment receiving the broadcast signal.
S530: the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, wherein the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.
In the key generation method provided in this embodiment, after the second electronic device sends a broadcast signal, if the first electronic device can receive the broadcast signal, the second electronic device may establish a connection with the first electronic device, and then the first electronic device may regenerate a first key and key association information corresponding to the first key, and send the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device. Therefore, after the connection is established between the first electronic device and the second electronic device, the service between the application program in the first electronic device and the application program in the second electronic device can be encrypted through the generated first key and the key association information corresponding to the first key, and the safety of the cross-device service transaction of the program is further improved.
Referring to fig. 9, a key generation method provided in the embodiment of the present application includes:
s610: the second electronic device transmits a broadcast signal.
S620: and the second electronic equipment is connected with first electronic equipment, and the first electronic equipment is the electronic equipment receiving the broadcast signal.
S630: and responding to a key negotiation request, negotiating with the first electronic equipment based on a specified key negotiation mode to generate a second key, and sending the key negotiation request after determining that the first electronic equipment and the second electronic equipment are connected for the first time for the first electronic equipment.
S640: if the first electronic device and the second electronic device are connected for the first time, the second electronic device receives the encrypted first key and the key association information corresponding to the first key, and decrypts the encrypted first key and the key association information corresponding to the first key based on the second key to obtain the first key and the key association information corresponding to the first key, wherein the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.
As one mode, after the second electronic device establishes a connection with the first electronic device, the method further includes:
the second electronic equipment receives a third key sent by the first electronic equipment, and the third key is generated and sent after the first electronic equipment determines that the first electronic equipment is connected with the second electronic equipment for the first time;
the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, and further includes:
if the first electronic device and the second electronic device are not connected for the first time, the second electronic device receives the encrypted first key and the key association information corresponding to the first key, and decrypts the encrypted first key and the key association information corresponding to the first key based on the third key to obtain the first key and the key association information corresponding to the first key.
Optionally, the sending, by the second electronic device, a broadcast signal includes: if the second electronic equipment detects that the third secret key is not stored locally, sending a first broadcast signal; if the second electronic equipment detects that the third secret key is locally stored, sending a second broadcast signal; the first broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the first time, and the second broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the non-first time.
As one mode, after receiving the first key and the key association information corresponding to the first key sent by the first electronic device, the second electronic device further includes: receiving communication data sent by the first electronic device, wherein the communication data comprises encrypted service data and the key association information; acquiring a corresponding first key from local based on the key correlation information; and decrypting the encrypted service data based on a first key acquired locally to obtain service data.
According to the key generation method provided by the embodiment, after the connection is established between the first electronic device and the second electronic device, for the service between the application program in the first electronic device and the application program in the second electronic device, the generated first key and the key-related information corresponding to the first key can be used for encryption, so that the security of the cross-device service transaction of the program is improved. In addition, the safety and efficiency of application program interaction across devices can be further improved in the embodiment.
In the embodiment of the present application, steps involved in a process of first connecting between a first electronic device and a second electronic device are described below through a timing chart, as shown in fig. 10, where the first electronic device and the second electronic device in the figure establish connection based on bluetooth communication. The steps in the timing diagram include:
s710: the second electronic device transmits the first broadcast signal.
S711: the first electronic device identifies the first broadcast signal.
The first electronic device can acquire the related network information of the device sending the first broadcast signal by identifying the first broadcast signal, so that the first electronic device can be paired with the second electronic device through the related network information.
S712: the first electronic device is paired with the second electronic device.
S720: the first electronic device establishes an RFCOMM connection with the second electronic device.
It should be noted that the RFCOMM connection is a connection established on a bluetooth pairing basis. Therefore, after the first electronic device and the second electronic device are paired, the subsequent steps of sending the first key to the second electronic device by using the key association information are all completed through RFCOMM connection.
S721: the first electronic device sends the protocol version number of the first electronic device to the second electronic device.
S722: and the second electronic equipment carries out compatibility judgment on the protocol version number of the first electronic equipment.
The protocol version number may include information such as a major version number and a minor version number. As a way, the second electronic device may compare whether the major version number of the protocol version number of the first electronic device is consistent with the major version number of the protocol version number of the second electronic device, and if so, determine that the protocol version number of the first electronic device is compatible with the protocol version number of the second electronic device.
S723: and the second electronic equipment sends the protocol version number, the compatibility judgment result, the key negotiation support mode and the equipment type identification of the second electronic equipment to the first electronic equipment.
And the compatibility judgment result is whether the protocol version number of the first electronic equipment and the protocol version number of the second electronic equipment are compatible or not. The key agreement support mode characterizes a party generating the second key supported by the second electronic device. And if the first electronic device determines that the compatibility judgment result represents compatibility, negotiating with the second electronic device to generate a second key based on a key negotiation support mode of the second electronic device.
S730: the first electronic equipment generates a public-private key pair with the second electronic equipment through a public key, and generates a second key through an ECDH (explicit Current Diffie-Hellman key Exchange) mode.
The public key may be a public key of the second electronic device obtained from the cloud.
S731: the first electronic device sends encrypted information and a plaintext public key to the second electronic device, wherein the encrypted information is information obtained by encrypting a device identifier and a Bluetooth MAC (media Access control) address of the first electronic device based on the second secret key.
Optionally, when the device identifier of the first electronic device and the bluetooth mac (media Access control) address do not satisfy the byte length defined by the transmission protocol, a salt value may be added to the transmitted data, so that the length of the transmitted data satisfies the byte length defined by the transmission protocol.
S732: the second electronic device generates a second key based on the public key in the plaintext form and an ECDH manner, and decrypts the encrypted information through the locally generated second key.
S733: and the second electronic equipment replies the encrypted information to the first electronic equipment, wherein the replied encrypted information comprises information obtained by encrypting the equipment identification of the second electronic equipment.
S734: the first electronic device decrypts the received encrypted information to obtain the device identifier of the second electronic device, and stores the device identifier of the second electronic device.
It will be appreciated that the first electronic device decrypts the received encrypted information using the second key.
S741: the first electronic device generates and transmits a third key.
After the first electronic device generates the third key, the generated third key is stored locally.
S743: and the second pair of encrypted third keys is decrypted and the third keys are stored.
S751: the first electronic device generates and sends a first key and key association information corresponding to the first key.
And the first electronic equipment encrypts the first key and the key association information based on a second key and then sends the encrypted first key and the encrypted key association information to the second electronic equipment.
S753: and the second electronic equipment detects whether the first key conflicts or not and obtains a conflict detection result.
As one way, when the second electronic device stores the first key, the second electronic device stores the first key in association with the device identifier of the electronic device that negotiated to produce the first key. For example, in the embodiment of the present application, the device identifier of the electronic device that negotiates to generate the first key may include the device identifier of the first electronic device and the device identifier of the second electronic device. In this way, the second electronic device may obtain whether the first key stored in association with the device identifier of the second electronic device and the device identifier of the first electronic device is the same as the received first key, and if so, a conflict is represented, and if not, no conflict is represented.
S754: and the second electronic equipment returns a collision detection result to the first electronic equipment.
S755: and if the first electronic device determines that the conflict detection result represents no conflict, storing the local device identifier, the first key and the key association information corresponding to the first key.
As shown in fig. 11, the following describes steps involved in a non-initial connection between a first electronic device and a second electronic device in an embodiment of the present application through a timing chart, where the first electronic device and the second electronic device in the figure establish a connection based on bluetooth communication. The steps in the timing diagram include:
s810: the second electronic device transmits a second broadcast signal.
S811: the first electronic device identifies the second broadcast signal and discovers the second electronic device.
S820: the first electronic device establishes an RFCOMM connection with the second electronic device.
S821: the first electronic device sends the protocol version number of the first electronic device to the second electronic device.
S822: and the second electronic equipment carries out compatibility judgment on the protocol version number of the first electronic equipment.
S823: and the second electronic equipment sends the protocol version number, the compatibility judgment result, the key negotiation support mode, the equipment type identification and the key filtering information of the second electronic equipment to the first electronic equipment.
In this embodiment, in addition to the key filtering information that may be sent to the first electronic device through S823, the key filtering information may also be delivered to the first electronic device by a broadcast signal sent by the second electronic device.
S830: and matching the third key stored by the first electronic equipment at this time with the key filtering information, and taking the successfully matched third key as the determined third key.
S831: and the first electronic equipment sends encryption information to the second electronic equipment, wherein the encryption information is obtained by encrypting the equipment identifier and the Bluetooth MAC address of the first electronic equipment based on the determined third key.
S832: and the second electronic equipment selects a third key which can successfully decrypt the encrypted information from the local third keys as the third key to be used.
S833: the second electronic device encrypts the device identifier of the second electronic device by using the key to be used to obtain replied encryption information, and sends the replied encryption information to the first electronic device.
S834: and the first electronic equipment decrypts the replied encrypted information based on the determined third key to obtain and store the equipment identification of the second electronic equipment.
S841: the first electronic device generates and sends a first key and key association information corresponding to the first key.
And the first electronic equipment encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic equipment.
S843: and the second electronic equipment detects whether the first key conflicts or not and obtains a conflict detection result.
S844: and the second electronic equipment returns a collision detection result to the first electronic equipment.
S845: and if the first electronic device determines that the conflict detection result represents no conflict, storing the local device identifier, the first key and the key association information corresponding to the first key.
It should be noted that, in the embodiment of the present application, after the first electronic device generates the first key and the key association information, the first key and the key association information may be stored in a secure area of the first electronic device. The secure area may be a storage area corresponding to the secure chip, and the like. Correspondingly, after receiving the first key and the key-related information, the second electronic device may also store the first key and the key-related information in a secure area of the second electronic device.
Referring to fig. 12, a key generation apparatus 700 according to an embodiment of the present application includes:
a connection unit 710, configured to establish a connection with a second electronic device in response to a received broadcast signal, where the second electronic device is a device that transmits the broadcast signal.
A first key generating unit 720, configured to generate a first key and key association information corresponding to the first key.
An information communication unit 730, configured to send the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device.
As one mode, as shown in fig. 13, the apparatus 700 further includes: the second key generating unit 740 is configured to, if the first electronic device and the second electronic device are connected for the first time, negotiate with the second electronic device by the first electronic device based on a specified key negotiation manner to generate a second key. In this manner, the information communication unit 730 is specifically configured to, if the first electronic device and the second electronic device are connected for the first time, encrypt the first key and the key association information based on the second key by the first electronic device, and then send the encrypted first key and the key association information to the second electronic device.
As one mode, as shown in fig. 14, the apparatus 700 further includes: a third key generating unit 750, configured to, if the first electronic device and the second electronic device are connected for the first time, generate and store a third key by the first electronic device, and send the third key to the second electronic device through the information communication unit 730. In this manner, the information communication unit 730 is specifically configured to, if the first electronic device and the second electronic device are not connected for the first time, encrypt the first key and the key association information based on the stored third key by the first electronic device, and then send the encrypted first key and the key association information to the second electronic device.
In this manner, optionally, the information communication unit 730 is specifically configured to, if the first electronic device and the second electronic device are not connected for the first time, acquire the stored third key as the candidate key; and taking a key matched with key filtering information corresponding to the second electronic device in the keys to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic device is obtained from wireless data sent by the second electronic device. And encrypting the first key and the key association information based on the determined third key, and then sending the encrypted first key and the key association information to the second electronic equipment.
Optionally, if the received broadcast signal is a first broadcast signal, determining that the first electronic device and the second electronic device are connected for the first time; and if the received broadcast signal is a second broadcast signal, determining that the first electronic equipment is not connected with the second electronic equipment for the first time.
As one mode, the information communication unit 730 is further configured to send a protocol version number to the second electronic device, where the protocol version number is a protocol version number of a protocol used for generating the first key. And the device feature information is also used for receiving device feature information returned by the second electronic device, the device feature information at least comprises a protocol version number of the second electronic device and a specified key negotiation mode supported by the second electronic device, and the device feature information is sent after the protocol version number of the second electronic device is determined to be compatible with the protocol version number of the first electronic device for the second electronic device.
As a manner, the information communication unit 730 is further configured to send the device identifier of the first electronic device to the second electronic device, so that the second electronic device stores the device identifier of the first electronic device in association with the first key and the key association information. And the device identification of the second electronic device sent by the second electronic device is received, so that the device identification of the second electronic device is stored in association with the first key and the key association information.
As a manner, the information communication unit 730 is further configured to obtain service data, where the service data is data to be sent by a first application program to a second application program, and the second application program is an application program in the second electronic device; encrypting the service data based on the first key to obtain encrypted service data; and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment.
As a manner, the first key generating unit 720 is specifically configured to detect whether an account bound to the first electronic device corresponds to a first key and key association information corresponding to the first key; and if not, executing to generate a first key and key association information corresponding to the first key.
Referring to fig. 15, a key generation apparatus 800 according to an embodiment of the present application includes:
a broadcast signal transmitting unit 810 for transmitting a broadcast signal.
A connection unit 820, configured to establish a connection with a first electronic device, where the first electronic device is an electronic device that receives the broadcast signal.
The information communication unit 830 is configured to receive a first key sent by a first electronic device and key association information corresponding to the first key, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and a second electronic device.
Optionally, as shown in fig. 16, the apparatus 800 further includes:
a key agreement unit 840, configured to, in response to a key agreement request, negotiate with the first electronic device to generate a second key based on a specified key agreement manner, where the key agreement request is sent after determining, for the first electronic device, that the first electronic device is connected to the second electronic device for the first time. In this manner, the information communication unit 830 is specifically configured to, if the first electronic device and the second electronic device are connected for the first time, receive the encrypted first key and the key association information corresponding to the first key by the second electronic device, and decrypt the encrypted first key and the key association information corresponding to the first key based on the second key to obtain the first key and the key association information corresponding to the first key.
The information communication unit 830 is further configured to receive a third key sent by the first electronic device, where the third key is generated and sent after the first electronic device determines that the first electronic device and the second electronic device are connected for the first time. In this manner, the information communication unit 830 is specifically configured to, if the first electronic device and the second electronic device are not connected for the first time, receive the encrypted first key and the key-related information corresponding to the first key by the second electronic device, and decrypt the encrypted first key and the key-related information corresponding to the first key based on the third key to obtain the first key and the key-related information corresponding to the first key.
As a mode, the broadcast signal sending unit 810 is specifically configured to send a first broadcast signal if the second electronic device detects that the third key is not locally stored; if the second electronic equipment detects that the third secret key is locally stored, sending a second broadcast signal; the first broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the first time, and the second broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the non-first time.
As a mode, the information communication unit 830 is further configured to receive communication data sent by the first electronic device, where the communication data includes encrypted service data and the key association information;
acquiring a corresponding first key from local based on the key correlation information; and decrypting the encrypted service data based on a first key acquired locally to obtain service data.
In the key generation apparatus provided in this embodiment, after a first electronic device establishes a connection with a second electronic device in response to a received broadcast signal, the first electronic device generates a first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device. Therefore, after the connection is established between the first electronic device and the second electronic device, the service between the application program in the first electronic device and the application program in the second electronic device can be encrypted through the generated first key and the key association information corresponding to the first key, and the safety of the cross-device service transaction of the program is further improved.
It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the above-described apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In several embodiments provided herein, the coupling of modules to each other may be electrical. In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
An electronic device provided by the present application will be described below with reference to fig. 17.
Referring to fig. 17, based on the key generation method and the apparatus, another electronic device 100 capable of performing the key generation method is further provided in the embodiment of the present application. Electronic device 100 includes one or more processors 102 (only one shown), memory 104, and wireless module 106 coupled to each other. The memory 104 stores programs that can execute the content of the foregoing embodiments, and the processor 102 can execute the programs stored in the memory 104.
The Memory 104 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory 104 may be used to store instructions, programs, code sets, or instruction sets. The memory 104 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like. The storage data area may also store data created by the terminal 100 in use, such as a phonebook, audio-video data, chat log data, and the like.
The wireless module 106 is configured to receive and transmit electromagnetic waves, and achieve interconversion between the electromagnetic waves and the electrical signals, so as to communicate with a communication network or other devices, for example, an audio playing device. The wireless module 106 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The wireless module 106 may communicate with various networks, such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. For example, the wireless module 106 may interact with a base station.
Referring to fig. 18, a block diagram of a computer-readable storage medium according to an embodiment of the present application is shown. The computer-readable medium 1100 has stored therein program code that can be called by a processor to perform the method described in the above-described method embodiments.
The computer-readable storage medium 1100 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium 1100 includes a non-volatile computer-readable storage medium. The computer readable storage medium 1100 has storage space for program code 1110 for performing any of the method steps of the method described above. The program code can be read from or written to one or more computer program products. The program code 1110 may be compressed, for example, in a suitable form.
To sum up, according to the key generation method, apparatus, electronic device and storage medium provided by the present application, after a first electronic device responds to a received broadcast signal and establishes a connection with a second electronic device, the first electronic device generates a first key and key association information corresponding to the first key again, and sends the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device. Therefore, after the connection is established between the first electronic device and the second electronic device, the service between the application program in the first electronic device and the application program in the second electronic device can be encrypted through the generated first key and the key association information corresponding to the first key, and the safety of the cross-device service transaction of the program is further improved.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (19)
1. A method of key generation, the method comprising:
the method comprises the steps that a first electronic device responds to a received broadcast signal and establishes connection with a second electronic device, wherein the second electronic device is a device for sending the broadcast signal;
the first electronic equipment generates a first key and key association information corresponding to the first key;
and the first electronic equipment sends the first key and the key association information to the second electronic equipment, wherein the first key and the key association information are used for carrying out security verification on the application service between the first electronic equipment and the second electronic equipment.
2. The method of claim 1, wherein before the first electronic device sends the first key and the key association information to the second electronic device, further comprising:
if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment negotiates with the second electronic equipment to generate a second key based on a designated key negotiation mode;
the first electronic device sends the first key and the key association information to the second electronic device, including:
and if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the encrypted key association information to the second electronic equipment.
3. The method of claim 2, wherein the first electronic device further comprises, after establishing a connection with the second electronic device in response to the received broadcast signal:
if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment generates and stores a third secret key and sends the third secret key to the second electronic equipment;
the first electronic device sends the first key and the key association information to the second electronic device, and further includes:
and if the first electronic equipment is not connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the encrypted key association information to the second electronic equipment.
4. The method according to claim 3, wherein the step of, after encrypting the first key and the key association information based on the stored third key, sending the encrypted first key and the key association information to the second electronic device, further comprises:
if the first electronic device is not connected with the second electronic device for the first time, the first electronic device acquires a stored third key as a key to be selected;
taking a key matched with key filtering information corresponding to second electronic equipment in the keys to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic equipment is acquired from wireless data sent by the second electronic equipment;
the first electronic device encrypts the first key and the key association information based on the stored third key, and sends the encrypted first key and the key association information to the second electronic device, including:
and the first electronic equipment encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic equipment.
5. The method according to any one of claims 2-4, further comprising:
if the received broadcast signal is a first broadcast signal, determining that the first electronic device is connected with the second electronic device for the first time;
if the received broadcast signal is a second broadcast signal, determining that the first electronic device is not connected with the second electronic device for the first time;
the first broadcast signal is a broadcast signal generated based on an employed communication protocol, and the second broadcast signal is the first broadcast signal added with the designation information.
6. The method according to any one of claims 2 to 4, wherein before the first electronic device negotiates with the second electronic device to generate the second key based on the specified key negotiation manner if the first electronic device is connected to the second electronic device for the first time, the method further comprises:
the first electronic device sends a protocol version number to the second electronic device, wherein the protocol version number is a protocol version number of a protocol used for generating a first key, and the protocol version number is used for indicating the second electronic device to perform compatibility detection on the protocol version number of the first electronic device;
the first electronic device receives device feature information returned by the second electronic device, wherein the device feature information at least comprises a protocol version number of the second electronic device and a specified key negotiation mode supported by the second electronic device, and the device feature information is sent after the protocol version number of the second electronic device is determined to be compatible with the protocol version number of the first electronic device by the second electronic device;
if the first electronic device and the second electronic device are connected for the first time, the first electronic device negotiates with the second electronic device to generate a second key based on a specified key negotiation mode, including:
and if the first electronic equipment is connected with the second electronic equipment for the first time, the first electronic equipment negotiates with the second electronic equipment to generate a second key based on the appointed key negotiation mode supported by the second electronic equipment.
7. The method of claim 1, wherein the first electronic device further comprises, after establishing a connection with a second electronic device in response to the received broadcast signal:
the first electronic device sends the device identification of the first electronic device to the second electronic device, so that the second electronic device stores the device identification of the first electronic device in association with the first key and the key association information;
the first electronic device receives the device identification of the second electronic device sent by the second electronic device, so as to store the device identification of the second electronic device in association with the first key and the key association information.
8. The method of claim 1, wherein after the first electronic device sends the first key and the key association information to the second electronic device, further comprising:
the method comprises the steps that first electronic equipment obtains service data, wherein the service data are data to be sent to second application programs by first application programs, and the second application programs are application programs in the second electronic equipment;
encrypting the service data based on the first key to obtain encrypted service data;
and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment.
9. The method of claim 1, wherein before the first electronic device generates the first key and the key association information corresponding to the first key, the method further comprises:
detecting whether an account bound by the first electronic device corresponds to a first key and key association information corresponding to the first key;
if not, executing the generation of the first key and key association information corresponding to the first key;
and if so, performing security verification on the service between the application program in the first electronic equipment and the application program in the second electronic equipment based on the first key corresponding to the account and the key association information corresponding to the first key.
10. A method of key generation, the method comprising:
the second electronic equipment transmits a broadcast signal;
the second electronic equipment is connected with first electronic equipment, and the first electronic equipment is electronic equipment receiving the broadcast signal;
the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, wherein the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.
11. The method according to claim 10, wherein before the second electronic device receives the first key and the key association information corresponding to the first key sent by the first electronic device, the method further comprises:
responding to a key negotiation request, negotiating with the first electronic equipment based on a specified key negotiation mode to generate a second key, and sending the key negotiation request after determining that the first electronic equipment is connected with the second electronic equipment for the first electronic equipment;
the second electronic device receives a first key sent by a first electronic device and key association information corresponding to the first key, and the method includes:
if the first electronic device and the second electronic device are connected for the first time, the second electronic device receives the encrypted first key and the key association information corresponding to the first key, and decrypts the encrypted first key and the key association information corresponding to the first key based on the second key to obtain the first key and the key association information corresponding to the first key.
12. The method of claim 11, wherein after the second electronic device establishes the connection with the first electronic device, further comprising:
the second electronic equipment receives a third key sent by the first electronic equipment, and the third key is generated and sent after the first electronic equipment determines that the first electronic equipment is connected with the second electronic equipment for the first time;
the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, and further includes:
if the first electronic device and the second electronic device are not connected for the first time, the second electronic device receives the encrypted first key and the key association information corresponding to the first key, and decrypts the encrypted first key and the key association information corresponding to the first key based on the third key to obtain the first key and the key association information corresponding to the first key.
13. The method of claim 12, wherein the second electronic device transmits a broadcast signal comprising:
if the second electronic equipment detects that the third secret key is not stored locally, sending a first broadcast signal;
if the second electronic equipment detects that the third secret key is locally stored, sending a second broadcast signal;
the first broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the first time, and the second broadcast signal is used for the first electronic device to identify that the first electronic device is connected with the second electronic device for the non-first time.
14. The method according to claim 10, wherein after receiving the first key and the key association information corresponding to the first key sent by the first electronic device, the second electronic device further comprises:
receiving communication data sent by the first electronic device, wherein the communication data comprises encrypted service data and the key association information;
acquiring a corresponding first key from local based on the key correlation information;
and decrypting the encrypted service data based on a first key acquired locally to obtain service data.
15. A key generation apparatus, operable on a first electronic device, the apparatus comprising:
the connection unit is used for responding to the received broadcast signal and establishing connection with second electronic equipment, and the second electronic equipment is equipment for sending the broadcast signal;
a first key generation unit, configured to generate a first key and key association information corresponding to the first key;
and the information communication unit is used for sending the first key and the key association information to the second electronic equipment, and the first key and the key association information are used for performing security verification on the application service between the first electronic equipment and the second electronic equipment.
16. A key generation apparatus, operable on a second electronic device, the apparatus comprising:
a broadcast signal transmitting unit for transmitting a broadcast signal;
the connection unit is used for establishing connection with first electronic equipment, and the first electronic equipment is electronic equipment receiving the broadcast signal;
the information communication unit is configured to receive a first key sent by a first electronic device and key association information corresponding to the first key, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and a second electronic device.
17. An electronic device comprising one or more processors and memory;
one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 1-9.
18. An electronic device comprising one or more processors and memory;
one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 10-14.
19. A computer-readable storage medium, having a program code stored therein, wherein the program code when executed by a processor performs the method of any of claims 1-9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110865646.6A CN113596827B (en) | 2021-07-29 | 2021-07-29 | Key generation method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110865646.6A CN113596827B (en) | 2021-07-29 | 2021-07-29 | Key generation method, device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113596827A true CN113596827A (en) | 2021-11-02 |
CN113596827B CN113596827B (en) | 2024-02-13 |
Family
ID=78252006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110865646.6A Active CN113596827B (en) | 2021-07-29 | 2021-07-29 | Key generation method, device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113596827B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024087384A1 (en) * | 2022-10-27 | 2024-05-02 | 深圳市正浩创新科技股份有限公司 | Bluetooth connection establishment method, electronic device and computer storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104540132A (en) * | 2015-01-15 | 2015-04-22 | 天地融科技股份有限公司 | Communication method of Bluetooth devices, mobile device, electronic signature device and server |
CN105450269A (en) * | 2015-12-21 | 2016-03-30 | 飞天诚信科技股份有限公司 | Method and device for realizing safe interaction and pairing authentication between Bluetooth devices |
KR101777052B1 (en) * | 2016-05-17 | 2017-09-11 | 한양대학교 산학협력단 | Apparatus and method for BLE(Bluetooth Low Energy) communication |
CN107197424A (en) * | 2017-06-06 | 2017-09-22 | 欧普照明股份有限公司 | Bluetooth connecting method, bluetooth equipment and bluetooth connection system |
CN109246581A (en) * | 2017-05-17 | 2019-01-18 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of communication |
US20190044930A1 (en) * | 2017-08-04 | 2019-02-07 | Apple Inc. | Secure authentication of device identification for low throughput device-to-device wireless communication |
CN110933614A (en) * | 2019-10-12 | 2020-03-27 | 阿里巴巴集团控股有限公司 | Communication processing method and device and electronic equipment |
CN111554008A (en) * | 2020-04-22 | 2020-08-18 | 支付宝(杭州)信息技术有限公司 | Digital key binding method, digital key verification method, mobile electronic equipment and near field communication device |
CN112291773A (en) * | 2020-12-31 | 2021-01-29 | 飞天诚信科技股份有限公司 | Authenticator and communication method thereof |
WO2021043170A1 (en) * | 2019-09-06 | 2021-03-11 | 华为技术有限公司 | Bluetooth connection method and related apparatus |
-
2021
- 2021-07-29 CN CN202110865646.6A patent/CN113596827B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104540132A (en) * | 2015-01-15 | 2015-04-22 | 天地融科技股份有限公司 | Communication method of Bluetooth devices, mobile device, electronic signature device and server |
CN105450269A (en) * | 2015-12-21 | 2016-03-30 | 飞天诚信科技股份有限公司 | Method and device for realizing safe interaction and pairing authentication between Bluetooth devices |
KR101777052B1 (en) * | 2016-05-17 | 2017-09-11 | 한양대학교 산학협력단 | Apparatus and method for BLE(Bluetooth Low Energy) communication |
CN109246581A (en) * | 2017-05-17 | 2019-01-18 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of communication |
CN107197424A (en) * | 2017-06-06 | 2017-09-22 | 欧普照明股份有限公司 | Bluetooth connecting method, bluetooth equipment and bluetooth connection system |
US20190044930A1 (en) * | 2017-08-04 | 2019-02-07 | Apple Inc. | Secure authentication of device identification for low throughput device-to-device wireless communication |
WO2021043170A1 (en) * | 2019-09-06 | 2021-03-11 | 华为技术有限公司 | Bluetooth connection method and related apparatus |
CN110933614A (en) * | 2019-10-12 | 2020-03-27 | 阿里巴巴集团控股有限公司 | Communication processing method and device and electronic equipment |
CN111554008A (en) * | 2020-04-22 | 2020-08-18 | 支付宝(杭州)信息技术有限公司 | Digital key binding method, digital key verification method, mobile electronic equipment and near field communication device |
CN112291773A (en) * | 2020-12-31 | 2021-01-29 | 飞天诚信科技股份有限公司 | Authenticator and communication method thereof |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024087384A1 (en) * | 2022-10-27 | 2024-05-02 | 深圳市正浩创新科技股份有限公司 | Bluetooth connection establishment method, electronic device and computer storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN113596827B (en) | 2024-02-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI634771B (en) | Wisdom device and method and device for establishing Bluetooth connection between devices | |
CN107231627B (en) | Bluetooth network and network distribution method | |
JP2020109671A (en) | Method and device for personal authentication | |
EP2806703B1 (en) | Method and terminal device for establishing wireless network connection | |
US9628585B2 (en) | Systems and methods for cross-layer secure connection set up | |
CN102916869B (en) | Instant messaging method and system | |
US7603083B2 (en) | Controlling visibility of a wireless device in discoverable mode | |
WO2018049892A1 (en) | Data transmission method and apparatus, and terminal | |
CN111131300B (en) | Communication method, terminal and server | |
CN110493455B (en) | Equipment control method and device and mobile terminal | |
EP4152791A1 (en) | Electronic device and method for electronic device to provide ranging-based service | |
CN114039734A (en) | Device resetting method and device | |
CN111479263A (en) | Communication connection method, terminal and computer storage medium | |
CN113596827B (en) | Key generation method, device, electronic equipment and storage medium | |
CN113992427A (en) | Data encryption sending method and device based on adjacent nodes | |
EP3163831A1 (en) | Challenge-response-test image to phone for secure pairing | |
CN107396319B (en) | A kind of method of wireless network authentication, equipment, storage medium and terminal reclaimer | |
CN107172718B (en) | Information processing method and electronic equipment | |
CN106685931B (en) | Smart card application management method and system, terminal and smart card | |
CN115834115A (en) | Equipment authentication networking method, device, equipment and storage medium | |
KR101853970B1 (en) | Method for Relaying Authentication Number | |
CN113569247B (en) | Equipment upgrading method, device and system and electronic equipment | |
CN105722080B (en) | Bluetooth pairing method, master intelligent terminal and slave intelligent terminal | |
EP4436005A1 (en) | Nfc wireless charging method and system, and electronic device and readable storage medium | |
CN106230799A (en) | The sending method of a kind of information, method of reseptance and associated terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |