CN113596827B

CN113596827B - Key generation method, device, electronic equipment and storage medium

Info

Publication number: CN113596827B
Application number: CN202110865646.6A
Authority: CN
Inventors: 李志杰
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2021-07-29
Filing date: 2021-07-29
Publication date: 2024-02-13
Anticipated expiration: 2041-07-29
Also published as: CN113596827A

Abstract

The embodiment of the application discloses a key generation method, a device, electronic equipment and a storage medium. The method comprises the following steps: the first electronic equipment responds to the received broadcast signal and establishes connection with the second electronic equipment; the first electronic equipment generates a first key and key association information corresponding to the first key; the first electronic equipment sends a first secret key and secret key association information to the second electronic equipment, wherein the first secret key and the secret key association information are used for carrying out security verification on application business between the first electronic equipment and the second electronic equipment. After the connection between the first electronic equipment and the second electronic equipment is established, the security verification can be carried out on the business between the program in the first electronic equipment and the program in the second electronic equipment through the generated first key and the key association information corresponding to the first key, and therefore the security of the business passing of the program across the equipment is improved.

Description

Key generation method, device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method and apparatus for generating a key, an electronic device, and a storage medium.

Background

In recent years, more and more intelligent devices (such as mobile phones, headphones, watches, etc.) establish a connection through a near field communication manner (such as BLE, BT, etc.). Many programs are often installed in intelligent devices, and the security of interactions between programs across devices remains to be improved.

Disclosure of Invention

In view of the above, the present application proposes a key generation method, apparatus, electronic device, and storage medium, so as to achieve improvement of the above problem.

In a first aspect, the present application provides a key generation method, the method including: the method comprises the steps that a first electronic device responds to a received broadcast signal and establishes connection with a second electronic device, wherein the second electronic device is a device for transmitting the broadcast signal; the first electronic equipment generates a first key and key association information corresponding to the first key; the first electronic device sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic device and the second electronic device.

In a second aspect, the present application provides a key generation method, the method including: the second electronic device transmits a broadcast signal; the second electronic equipment establishes connection with first electronic equipment, and the first electronic equipment is electronic equipment which receives the broadcast signal; the second electronic equipment receives a first key sent by the first electronic equipment and key association information corresponding to the first key, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic equipment and the second electronic equipment.

In a third aspect, the present application provides a key generating apparatus, operating on a first electronic device, the apparatus including: the connection unit is used for responding to the received broadcast signals and establishing connection with second electronic equipment, wherein the second electronic equipment is equipment for transmitting the broadcast signals; the first key generation unit is used for generating a first key and key association information corresponding to the first key; the information communication unit is used for sending the first secret key and the secret key association information to the second electronic equipment, and the first secret key and the secret key association information are used for carrying out security verification on application business between the first electronic equipment and the second electronic equipment.

In a fourth aspect, the present application provides a key generating apparatus, operating on a second electronic device, the apparatus comprising: a broadcast signal transmitting unit for transmitting a broadcast signal; the connection unit is used for establishing connection with first electronic equipment, and the first electronic equipment is the electronic equipment which receives the broadcast signal;

the information communication unit is used for receiving a first key sent by the first electronic equipment and key association information corresponding to the first key, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic equipment and the second electronic equipment.

In a fifth aspect, the present application provides an electronic device comprising one or more processors and a memory; one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.

In a sixth aspect, the present application provides a computer readable storage medium having program code stored therein, wherein the method described above is performed when the program code is run.

After a first electronic device responds to a received broadcast signal and establishes connection with a second electronic device, the first electronic device regenerates a first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device. After the connection between the first electronic equipment and the second electronic equipment is established, the security verification can be carried out on the business between the program in the first electronic equipment and the program in the second electronic equipment through the generated first secret key and the secret key associated information corresponding to the first secret key, and therefore the security of the business passing through the equipment by the program is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic diagram of an application scenario of a key generation method according to an embodiment of the present application;

fig. 2 is a schematic diagram of another application scenario of a key generation method according to an embodiment of the present application;

fig. 3 shows a flowchart of a key generation method according to an embodiment of the present application;

fig. 4 is a schematic diagram of security verification based on a first key and key association information according to an embodiment of the present application;

fig. 5 shows a flowchart of a key generation method according to another embodiment of the present application;

fig. 6 shows a flowchart of a key generation method according to still another embodiment of the present application;

fig. 7 is a flowchart of a key generation method according to still another embodiment of the present application;

fig. 8 is a flowchart of a key generation method according to still another embodiment of the present application;

Fig. 9 shows a flowchart of a key generation method according to still another embodiment of the present application;

fig. 10 shows a timing diagram of a key generation method according to an embodiment of the present application;

FIG. 11 is a timing diagram illustrating another key generation method according to an embodiment of the present application;

fig. 12 is a block diagram of a cell connection control device according to an embodiment of the present application;

fig. 13 is a block diagram showing a structure of a key generating apparatus according to another embodiment of the present application;

fig. 14 is a block diagram showing a structure of a key generating apparatus according to still another embodiment of the present application;

fig. 15 is a block diagram showing a structure of a key generating apparatus according to still another embodiment of the present application;

fig. 16 is a block diagram showing a structure of a key generating apparatus according to still another embodiment of the present application;

fig. 17 shows a block diagram of an electronic device proposed in the present application;

fig. 18 is a storage unit for holding or carrying program code for implementing the key generation method according to the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

With the increasing abundance of communication functions of electronic devices, more electronic devices can be connected through near field communication. The manner of near field communication may include BLE (Bluetooth Low Energy) manner, BT (Traditional Bluetooth) manner, or the like.

More programs are typically installed in electronic devices. Such as an instant messaging program or an image browsing program, etc. However, the inventors have found that the security of interactions between programs across devices remains to be improved. Wherein interactions between programs across devices may be understood as the interaction of a program in one electronic device with a program of another electronic device. The interaction may include data transmission, etc. However, in the interaction process between the cross-device programs, identity authentication is not performed on the programs, or data transmitted between the cross-device programs is not separately encrypted, so that certain potential safety hazards are caused.

Therefore, in order to improve the above-mentioned problem, the inventor proposes a key generation method, an apparatus, an electronic device and a storage medium provided by the present application, after a first electronic device establishes a connection with a second electronic device in response to a received broadcast signal, the first electronic device regenerates a first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, where the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.

Therefore, after the connection between the first electronic equipment and the second electronic equipment is established in the mode, the service between the program in the first electronic equipment and the program in the second electronic equipment can be encrypted through the generated first secret key and the secret key associated information corresponding to the first secret key, and further the safety of the service passing through the equipment by the program is improved.

An application scenario according to an embodiment of the present application will be described first.

As shown in fig. 1, an application scenario according to an embodiment of the present application includes an electronic device 100 and an electronic device 200. The connection between the network module of the electronic device 100 and the network module of the electronic device 200 may be established by means of near field communication. Further, the program in the electronic device 100 and the program in the electronic device 200 can interact with each other by establishing a connection by means of the near field communication. The interaction may include establishment of a data transmission channel and data interaction. Alternatively, the data interaction may include transferring text data or transferring image data.

It should be noted that, the electronic device 100 in fig. 1 may be understood as a first electronic device in the embodiment of the present application, and the electronic device 200 may be understood as a second electronic device in the embodiment of the present application. Wherein the types of first and second electronic devices shown in fig. 1 are exemplary only. For example, as shown in fig. 2, the second electronic device may be a wireless headset 210 in addition to the smartphone shown in fig. 1. Furthermore, the first electronic device may be a tablet computer, a computer, or other devices besides the smart phone shown in fig. 1. The second electronic device may be a device such as a smart band or a smart watch, in addition to the devices shown in fig. 1 and 2.

Embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Referring to fig. 3, a key generation method provided in an embodiment of the present application includes:

s110: the first electronic device responds to the received broadcast signals and establishes connection with the second electronic device, and the second electronic device is a device for transmitting the broadcast signals.

As a way, the second electronic device may send a broadcast signal, which may have the effect of letting the other electronic device discover itself and thus establish a connection with itself. In this embodiment of the present application, the second electronic device may start transmitting the broadcast signal in multiple cases.

As one way, the second electronic device may start transmitting the broadcast signal after power-on is started. When the second electronic device is started after being started, in order to enable other electronic devices to find itself, the second electronic device can start to send a broadcast signal. For example, taking the second electronic device as an intelligent electric device as an example, after the intelligent television is powered on and started, the intelligent television can start to send the broadcast signal, and the intelligent television can send the broadcast signal all the time in the running process.

Alternatively, the second electronic device may start transmitting the broadcast signal after detecting the user-triggered designation operation. The formulating operation may include a pressing operation acting on a specified physical key in the second electronic device, or may be a gesture operation acting on an interface displayed on the second electronic device. For example, some electronic devices may not automatically transmit a broadcast signal after being started, but may need to be operated by a user before the broadcast signal starts to be transmitted, in which case, after the second electronic device is started, the second electronic device may be triggered to transmit the broadcast signal by pressing a specific physical key in the second electronic device. For another example, after the electronic device has established a connection, the user needs to trigger the second electronic device to establish a connection with a new electronic device, and then the second electronic device may be triggered to send a broadcast signal by performing a pressing operation on a specified physical key in the second electronic device.

As yet another approach, the second electronic device may begin transmitting the broadcast signal after displaying the designated interface. It should be noted that, if some programs of the second electronic device need to perform service interaction with other electronic devices, the second electronic device may start sending a broadcast signal after detecting that the programs that need to perform service interaction with other electronic devices are running. Optionally, the second electronic device may determine whether a program that needs to perform business interaction with other electronic devices runs by detecting whether the currently displayed interface is a specified interface. Correspondingly, the designated interface is an interface of a program which needs to perform business interaction with other electronic equipment.

After receiving the broadcast signal, the first electronic device may identify the broadcast signal, and further obtain relevant network information of the electronic device sending the broadcast signal, so that connection may be established between the first electronic device and the electronic device sending the broadcast signal (the second electronic device) based on the relevant network information. For example, if the second electronic device sends the broadcast signal based on bluetooth communication, the first electronic device may obtain the relevant network information of the second electronic device after receiving the broadcast signal, and then perform bluetooth pairing with the second electronic device to achieve connection.

S120: the first electronic equipment generates a first key and key association information corresponding to the first key.

The first key is used for carrying out subsequent security verification on application business between the first electronic equipment and the second electronic equipment. The application service may include a service between a program of the first electronic device and a program of the second electronic device, and may also include a service related to a function of the second electronic device. For example, a first program is installed in the first electronic device, and a second program is installed in the second electronic device, where a service between the first program and the second program may be an application service. For another example, the second electronic device is a wireless headset, and the first electronic device is a smart phone, and the service related to the function of the wireless headset may include a service that the smart phone transmits audio data to the wireless headset. For another example, the second electronic device is a smart tv, and the first electronic device is a smart phone, and the service related to the function of the smart tv may include a service that the smart phone transmits audio and video data to the smart tv.

The security verification may include at least one of identity authentication and encryption of the traffic data. It should be noted that identity authentication may be understood as an authentication between programs, so that the programs that interact with each other may determine whether the other party is a legal program. The service data can be understood as data transmitted by each other in the process of cross-device interaction of the program, and the service data encryption can be understood as encrypting the service data.

In the embodiment of the application, the first electronic device may generate a series of random numbers as the first key based on the specified protocol, and generate another random number as key association information corresponding to the first key. Wherein, a protocol that can generate a random number can be used as the specified protocol. The protocol for generating the first key and the protocol for generating the key association information corresponding to the first key may be different or the same.

In the security verification process, the data to be encrypted can be encrypted based on the first key to obtain the encrypted data to be transmitted to the opposite terminal, and the end receiving the encrypted data can read the corresponding first key from the local based on the key association information to decrypt the received encrypted data.

S130: the first electronic device sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic device and the second electronic device.

It should be noted that, as described in the foregoing, the first key may be used for subsequent security verification of the application service. The first key and the key association information are also required to be acquired for the second electronic device involved in the application service session, so that after the first electronic device generates the first key and the key association information, the first key and the key association information are sent to the second electronic device for storage by the second electronic device.

It should be noted that, the first electronic device may generate the first key with the second electronic device and the key association information corresponding to the first key, and may also generate the first key with other electronic devices and the key association information corresponding to the first key. Also, the first key generated between the first electronic device and the different electronic devices, and the key association information corresponding to the first key may be different. In this case, in order to enable the respective electronic devices to distinguish between the different first keys and the key association information corresponding to the first keys, the first electronic device, in response to the received broadcast signal, further includes, after establishing a connection with the second electronic device: the first electronic device sends the device identification of the first electronic device to the second electronic device so that the second electronic device can store the device identification of the first electronic device, the first key and the key association information in an associated mode; the first electronic device receives the device identifier of the second electronic device, which is sent by the second electronic device, so as to store the device identifier of the second electronic device, the first key and the key association information in an associated mode.

Optionally, in the process that the first electronic device stores the first key and the key association information corresponding to the first key, the device identifier of the first electronic device, the device identifier of the second electronic device, the first key and the key association information corresponding to the first key may be stored in an associated manner, so that the first electronic device may identify the first key and the key association information corresponding to the first key, which are generated by negotiating with the second electronic device. Correspondingly, in the process of storing the first key and the key association information corresponding to the first key by the second electronic device, the device identifier of the first electronic device, the device identifier of the second electronic device, the first key and the key association information corresponding to the first key can be stored in an associated manner, so that the second electronic device can recognize that the first key and the key association information corresponding to the first key are generated by negotiation with the first electronic device.

After the first electronic device and the second electronic device negotiate to generate the first key and the key association information, security verification can be performed through the first key and the key association information corresponding to the first key in a subsequent process of performing a program service across devices.

As one way, after the first electronic device sends the first key and the key association information to the second electronic device, the method further includes: the method comprises the steps that a first electronic device obtains service data, wherein the service data are data to be sent to a second program by a first program, and the second program is a program in the second electronic device; encrypting the service data based on the first key to obtain encrypted service data; and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment. Illustratively, as shown in FIG. 4, program A in the first electronic device 100 interacts across devices with a program (not shown) in the second electronic device 210. The communication data a generated by the program a is data to be transmitted to the program in the second electronic device 210. The communication data a includes encrypted service data and key association information, where the encrypted service data is obtained by encrypting the voice data a (a service data) by the first electronic device 100 based on the first key. The key association information is not separately encrypted, so that the program in the second electronic device 210 can directly obtain the key association information without decrypting after obtaining the communication data. After obtaining the key association information, the second electronic device 210 may locally read the first key corresponding to the key association information according to the association relationship, and then decrypt the encrypted service data based on the read first key, so as to obtain the voice data a.

According to the key generation method provided by the embodiment, after the first electronic device responds to the received broadcast signal and establishes connection with the second electronic device, the first electronic device regenerates the first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device. Therefore, after the connection between the first electronic equipment and the second electronic equipment is established in the mode, the service between the program in the first electronic equipment and the program in the second electronic equipment can be encrypted through the generated first secret key and the secret key associated information corresponding to the first secret key, and further the safety of the service passing through the equipment by the program is improved.

Referring to fig. 5, a key generation method provided in an embodiment of the present application includes:

s210: the first electronic device responds to the received broadcast signals and establishes connection with the second electronic device, and the second electronic device is a device for transmitting the broadcast signals.

S220: and if the first connection is between the first electronic equipment and the second electronic equipment, the first electronic equipment negotiates with the second electronic equipment based on a designated key negotiation mode to generate a second key.

It should be noted that, in the process of negotiating the first key between the first electronic device and the second electronic device. The negotiated key and other information are transmitted between the first electronic device and the second electronic device. For example, the first electronic device may transmit its device identification and the first key to the second electronic device. However, in the process of transmitting the negotiated key and other information, there may be a possibility that the first key and other information are hijacked by an illegal device, and then the negotiated first key and other information may be encrypted and then transmitted in order to improve the security of the negotiated key and other information. In this embodiment of the present application, the first electronic device and the second electronic device may negotiate to generate the second key in multiple manners. For example, the second key may be negotiated based on the UKEY2 approach. The second key may also be generated by means of a preset key.

S230: the first electronic equipment generates a first key and key association information corresponding to the first key.

S240: and if the first connection is made between the first electronic device and the second electronic device, the first electronic device encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device.

According to the key generation method, after the connection between the first electronic device and the second electronic device is established, the service between the program in the first electronic device and the program in the second electronic device can be encrypted through the generated first key and key association information corresponding to the first key, so that the security of the service passing through the devices by the program is improved. In this embodiment, when the first connection between the first electronic device and the second electronic device is detected, a second key is negotiated between the first electronic device and the second electronic device, so that the first key and the key associated information corresponding to the first key are encrypted by the second key, thereby reducing the probability that the first key and the key associated information corresponding to the first key are hijacked, and further improving the security of subsequent interaction based on the first key and the key associated information corresponding to the first key.

Referring to fig. 6, a key generation method provided in an embodiment of the present application includes:

s310: the first electronic device responds to the received broadcast signals and establishes connection with the second electronic device, and the second electronic device is a device for transmitting the broadcast signals.

S320: and if the first connection is between the first electronic equipment and the second electronic equipment, the first electronic equipment negotiates with the second electronic equipment based on a designated key negotiation mode to generate a second key.

S330: and if the first connection is between the first electronic equipment and the second electronic equipment, the first electronic equipment generates and stores a third key and sends the third key to the second electronic equipment.

It should be noted that, a certain time is required to be consumed in the process of negotiating the first electronic device with the second electronic device to generate the second key. The third key is generated and stored firstly under the condition of first connection, so that the negotiation of the second key is not needed under the condition of subsequent non-first connection, and the data in the negotiation process can be encrypted by directly adopting the third key, thereby improving the interaction efficiency of the first electronic equipment and the second electronic equipment.

In this embodiment of the present application, there may be various ways for the first electronic device to determine whether the connection with the second electronic device is the first connection. As one way, if the received broadcast signal is a first broadcast signal, determining that the first electronic device and the second electronic device are connected for the first time; and if the received broadcast signal is a second broadcast signal, determining that the first electronic device and the second electronic device are not connected for the first time. It should be noted that, if the first electronic device establishes a connection with the second electronic device for the first time, the third key is locally generated and sent to the second electronic device. The second electronic device may detect whether the third key is stored locally or not in the process of generating the broadcast signal to be transmitted, and if it is detected that the third key is not stored locally, the second electronic device may generate the first broadcast signal, and if it is detected that the third key is stored locally, the second electronic device may generate the second broadcast signal. Alternatively, in the embodiment of the present application, a broadcast signal generated based on the adopted communication protocol may be used as the first broadcast signal. The specification information may be additionally added to the broadcast signal generated based on the employed communication protocol, and the first broadcast signal to which the specification information is added may be further regarded as the second broadcast signal. For example, the second electronic device currently communicates with the first electronic device based on the bluetooth communication protocol, and then the broadcast signal generated based on the bluetooth communication protocol is the first broadcast signal, and the broadcast signal generated based on the bluetooth communication protocol is added with the specified information and then the second broadcast signal.

In this case, the first electronic device may determine whether the received broadcast signal is the first broadcast signal or the second broadcast signal by identifying whether the specified information is carried in the received broadcast signal. The designation information may be information that is configured in advance and stored in the electronic device.

Alternatively, the first electronic device may negotiate with the second electronic device to generate a first key after establishing a connection with the second electronic device, and may store a device identifier of the second electronic device in association with the first key. If yes, determining that the first electronic device is not first connected with the second electronic device, and if no, determining that the first electronic device is not first connected with the second electronic device.

In this embodiment, after receiving the broadcast signal sent by the second electronic device, the first electronic device may identify whether the broadcast signal carries the device identifier, and if the device identifier is detected, whether the first electronic device is first connected to the second electronic device may be identified based on whether the first key corresponding to the device identifier is found. If no device identification is detected, it may be determined whether to first connect with the second electronic device based on the aforementioned identification of whether the additional information is present in the received broadcast signal.

S340: the first electronic equipment generates a first key and key association information corresponding to the first key.

S350: and if the first connection is made between the first electronic device and the second electronic device, the first electronic device encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device.

S360: and if the first electronic equipment is not connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the key association information to the second electronic equipment.

It should be noted that, in addition to the third key generated between the first electronic device and the second electronic device, the third key may also be generated between the first electronic device and other electronic devices, so that the first electronic device may locally store a plurality of third keys. As a way to select a third key adapted to a second electronic device from a plurality of third keys, the first electronic device encrypts the first key and the key association information based on the stored third key, and before sending the encrypted first key and the key association information to the second electronic device, the method further includes: if the first electronic device and the second electronic device are not connected for the first time, the first electronic device obtains a stored third key as a key to be selected; and taking a key matched with key filtering information corresponding to the second electronic equipment in the key to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic equipment is obtained from wireless data sent by the second electronic equipment. The wireless data may be wireless data carried by a second broadcast signal sent by the second electronic device, or may be wireless data carried in a wireless signal sent by the second electronic device after the second electronic device establishes connection with the first electronic device. For example, the second electronic device may send the key filtering information to the first electronic device along with the device characteristic information when sending the device characteristic information to the first electronic device. Optionally, the first electronic device may detect which specific third key of the candidate keys matches the key filtering information based on a Bloom filter algorithm, and further use the matched third key as the determined third key. In this manner, the first electronic device encrypts the first key and the key association information based on the stored third key and transmits to the second electronic device, including: and the first electronic equipment encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic equipment.

Furthermore, it should be noted that, in the embodiment of the present application, the first electronic device and the second electronic device negotiate to generate the first key. The protocols supported by different electronic devices for generating the first key may be different, so that the usage manners of the first key by different electronic devices may be different. For electronic devices with different usage manners of the first key, security verification may not be successfully completed based on the first key and key association information corresponding to the first key.

In order to avoid this problem, as one aspect, if the first electronic device and the second electronic device are connected for the first time, before the first electronic device negotiates with the second electronic device to generate the second key based on the specified key negotiation method, the method further includes: the first electronic device sends a protocol version number to the second electronic device, wherein the protocol version number is a protocol version number of a protocol used for generating a first key; the first electronic equipment receives equipment characteristic information returned by the second electronic equipment, wherein the equipment characteristic information at least comprises a protocol version number of the second electronic equipment and a designated key negotiation mode supported by the second electronic equipment, and the equipment characteristic information is sent after the second electronic equipment determines that the protocol version number of the second electronic equipment is compatible with the protocol version number of the first electronic equipment. In this way, after receiving the device feature information, if the first electronic device is connected to the second electronic device for the first time, the first electronic device may negotiate with the second electronic device to generate the second key based on a designated key negotiation manner supported by the second electronic device.

Therefore, the first electronic device and the second electronic device are compatible with each other in the mode of generating the first key and the key association information corresponding to the first key, and the first key and the key association information corresponding to the first key are used in the same mode later, so that the effectiveness of using the first key and the key association information corresponding to the first key later is improved.

According to the key generation method, after the connection between the first electronic device and the second electronic device is established, the service between the program in the first electronic device and the program in the second electronic device can be encrypted through the generated first key and key association information corresponding to the first key, so that the security of the service passing through the devices by the program is improved. In addition, in this embodiment, when the first electronic device is first connected with the second electronic device, the first electronic device may generate and store a third key, and may transmit the third key to the second electronic device, so that, when the first electronic device is not first connected with the second electronic device, negotiation of the second key may not be performed in real time, but the third key may be directly adopted to encrypt data (for example, the third key, a device identifier of the first electronic device, or a device identifier of the second electronic device) in the negotiation stage, thereby being beneficial to improving efficiency of completing transmission of the third key between the first electronic device and the second electronic device. After the second electronic device and the first electronic device are connected back, under the condition that the safety of the cross-device interaction of the program is improved, the time consumption of a negotiation stage (namely the generation and transmission of the first secret key and the previous stage) can be shortened, and further the interaction efficiency is higher.

Referring to fig. 7, a key generation method provided in an embodiment of the present application includes:

s410: the first electronic device responds to the received broadcast signals and establishes connection with the second electronic device, and the second electronic device is a device for transmitting the broadcast signals.

S420: and detecting whether the account bound by the first electronic equipment corresponds to a first key and key association information corresponding to the first key.

As one way, the electronic device may bind the account number, and the electronic device bound with the same account number may use the same first key and corresponding key association information to perform security verification on the application service. Optionally, after the first electronic device generates the first key and the corresponding key association information, the generated first key and the corresponding key association information may be synchronized to other electronic devices bound with the same account. The first electronic device may send the first key and the corresponding key association information to be synchronized to the server through the network, and then the server sends the first key and the corresponding key association information to other electronic devices bound with the same account, so that other electronic devices also bound with the account may directly use the first key and the key association information acquired from the server without executing a key negotiation step.

The key negotiation step performed differently may be understood as a step after the first electronic device establishes a connection with the second electronic device. For example, steps S120 to S130 in the foregoing embodiment, or S220 to S240 in the foregoing embodiment may be included.

S430: and if so, carrying out security verification on the service between the application program in the first electronic equipment and the application program of the second electronic equipment based on the first key corresponding to the account and the key association information corresponding to the first key.

S440: if not, the first electronic equipment generates a first key and key association information corresponding to the first key.

S450: the first electronic device sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic device and the second electronic device.

According to the key generation method, after the connection between the first electronic device and the second electronic device is established, the service between the application program in the first electronic device and the application program of the second electronic device can be encrypted through the generated first key and key association information corresponding to the first key, so that the security of the process for carrying out cross-device service traffic is improved. In addition, in this embodiment, when the first electronic device binds an account, it may be detected whether the account has a third key, and then generation of the third key is not performed in real time when the account has the third key, so that efficiency of interaction between application programs across devices is improved.

Referring to fig. 8, a key generation method provided in an embodiment of the present application includes:

s510: the second electronic device transmits a broadcast signal.

Wherein, as shown in the foregoing embodiment, the second electronic device may determine whether the transmitted broadcast signal is the first broadcast signal or the second broadcast signal by locally storing the third key, so that the first electronic device may identify whether to be first connected with the second electronic device by the broadcast signal.

S520: the second electronic device establishes connection with the first electronic device, and the first electronic device is the electronic device which receives the broadcast signal.

S530: the second electronic equipment receives a first key sent by the first electronic equipment and key association information corresponding to the first key, wherein the first key and the key association information are used for carrying out security verification on application business between the first electronic equipment and the second electronic equipment.

According to the key generation method provided by the embodiment, after the second electronic device sends the broadcast signal, if the first electronic device can receive the broadcast signal, connection can be established between the second electronic device and the first electronic device, and then the first electronic device can regenerate a first key and key association information corresponding to the first key, and send the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device. Therefore, after the connection between the first electronic equipment and the second electronic equipment is established in the mode, the service between the application program in the first electronic equipment and the application program of the second electronic equipment can be encrypted through the generated first secret key and the secret key associated information corresponding to the first secret key, and further the safety of the program in carrying out cross-equipment service communication is improved.

Referring to fig. 9, a key generation method provided in an embodiment of the present application includes:

s610: the second electronic device transmits a broadcast signal.

S620: the second electronic device establishes connection with the first electronic device, and the first electronic device is the electronic device which receives the broadcast signal.

S630: and responding to a key negotiation request, negotiating with the first electronic equipment based on a specified key negotiation mode to generate a second key, wherein the key negotiation request is sent after determining that the first electronic equipment and the second electronic equipment are connected for the first time for the first electronic equipment.

S640: if the first electronic device is connected with the second electronic device for the first time, the second electronic device receives the encrypted first key and key association information corresponding to the first key, decrypts the encrypted first key and key association information corresponding to the first key based on the second key to obtain the first key and key association information corresponding to the first key, and the first key and the key association information are used for carrying out security verification on application service between the first electronic device and the second electronic device.

As one way, after the second electronic device establishes a connection with the first electronic device, the method further includes:

the second electronic equipment receives a third key sent by the first electronic equipment, and the third key is generated and sent after the first connection between the first electronic equipment and the second electronic equipment is determined for the first electronic equipment;

the second electronic device receives a first key sent by the first electronic device and key association information corresponding to the first key, and further comprises:

if the first electronic device and the second electronic device are not connected for the first time, the second electronic device receives the encrypted first key and key association information corresponding to the first key, and decrypts the encrypted first key and key association information corresponding to the first key based on the third key to obtain the first key and key association information corresponding to the first key.

Optionally, the second electronic device sends a broadcast signal, including: if the second electronic equipment detects that the third key is not stored locally, a first broadcast signal is sent; if the second electronic equipment detects that the third secret key is locally stored, a second broadcast signal is sent; the first broadcast signal is used for the first electronic equipment to identify that the first connection is the first connection with the second electronic equipment, and the second broadcast signal is used for the first electronic equipment to identify that the second connection is the non-first connection with the second electronic equipment.

As one way, after receiving the first key sent by the first electronic device and the key association information corresponding to the first key, the second electronic device further includes: receiving communication data sent by the first electronic equipment, wherein the communication data comprises encrypted service data and key association information; obtaining a corresponding first key from the local based on the key association information; and decrypting the encrypted service data based on a first key acquired from the local to obtain the service data.

According to the key generation method, after the connection between the first electronic device and the second electronic device is established, the service between the application program in the first electronic device and the application program of the second electronic device can be encrypted through the generated first key and key association information corresponding to the first key, and therefore safety of the process for carrying out cross-device service traffic is improved. In addition, in the embodiment, the safety and efficiency of the cross-equipment application program interaction can be further improved.

In the embodiment of the present application, the steps involved in the first connection between the first electronic device and the second electronic device will be described below through a timing chart, where the first electronic device and the second electronic device in the figure establish a connection based on bluetooth communication, as shown in fig. 10. The steps in the timing diagram include:

S710: the second electronic device transmits the first broadcast signal.

S711: the first electronic device identifies the first broadcast signal.

The first electronic device can acquire relevant network information of the device transmitting the first broadcast signal by identifying the first broadcast signal so as to be paired with the second electronic device through the relevant network information.

S712: the first electronic device is paired with the second electronic device.

S720: the first electronic device establishes an RFCOMM connection with the second electronic device.

Note that, the RFCOMM connection is a connection based on bluetooth pairing. Therefore, after the first electronic device and the second electronic device are paired, the following steps of sending the first key to the second electronic device through the RFCOMM connection are completed.

S721: the first electronic device sends a protocol version number of the first electronic device to the second electronic device.

S722: and the second electronic equipment performs compatibility judgment on the protocol version number of the first electronic equipment.

The protocol version number may include information such as a major version number and a minor version number. Then, as a way, the second electronic device may compare whether the major version number of the protocol version number of the first electronic device is consistent with the major version number of the protocol version number of the second electronic device, and if so, determine that the protocol version number of the first electronic device is compatible with its own protocol version number.

S723: the second electronic device sends the protocol version number, the compatibility judgment result, the key negotiation supporting mode and the device type identifier of the second electronic device to the first electronic device.

The compatibility judging result is a result of whether the protocol version number of the characterized first electronic device is compatible with the protocol version number of the second electronic device. The key agreement support means characterizes a party supported by the second electronic device that generates the second key. And when the first electronic equipment determines that the compatibility judgment result characterizes compatibility, negotiating with the second electronic equipment based on a key negotiation supporting mode of the second electronic equipment to generate a second key.

S730: the first electronic device generates a public-private key pair through a public key and the second electronic device, and generates a second key through an ECDH (Elliptic Curve Diffie-Hellman key Exchange) mode.

The public key may be a public key of the second electronic device obtained from the cloud.

S731: the first electronic device sends encryption information and a public key in a plaintext form to the second electronic device, wherein the encryption information is obtained by encrypting the device identification of the first electronic device and the Bluetooth MAC (Media Access Control) address based on the second key.

Optionally, when the device identifier of the first electronic device and the bluetooth MAC (Media Access Control) address do not meet the byte length defined by the transmission protocol, a salt value may be added to the transmitted data, so that the length of the transmitted data meets the byte length defined by the transmission protocol.

S732: the second electronic device generates a second key based on the public key in plaintext form and the ECDH and decrypts the encrypted information with the locally generated second key.

S733: the second electronic device replies encryption information to the first electronic device, wherein the replied encryption information comprises information obtained by encrypting the device identification of the second electronic device.

S734: the first electronic equipment decrypts the received encrypted information to obtain the equipment identifier of the second electronic equipment, and stores the equipment identifier of the second electronic equipment.

It will be appreciated that the first electronic device decrypts the received encrypted information using the second key.

S741: the first electronic device generates and transmits a third key.

After the first electronic device generates the third key, the first electronic device locally stores the generated third key.

S743: the second decrypts the encrypted third key and stores the third key.

S751: the first electronic equipment generates and transmits a first key and key association information corresponding to the first key.

The first electronic equipment encrypts the first key and the key association information based on the second key and then sends the encrypted first key and the key association information to the second electronic equipment.

S753: the second electronic equipment detects whether the first secret key conflicts or not, and a conflict detection result is obtained.

In one manner, the second electronic device stores the first key in association with a device identification of the electronic device that negotiated to produce the first key when storing the first key. For example, in the embodiment of the present application, the device identifier of the electronic device that negotiates to generate the first key may include the device identifier of the first electronic device and the device identifier of the second electronic device. In this way, the second electronic device may obtain whether the first key stored in association with the device identifier of the second electronic device and the device identifier of the first electronic device is identical to the received first key, if so, the second electronic device may be characterized as having a conflict, and if not, the second electronic device may be characterized as having no conflict.

S754: and the second electronic equipment returns a conflict detection result to the first electronic equipment.

S755: and if the first electronic equipment determines that the conflict detection result represents no conflict, storing the local equipment identifier, the first key and key association information corresponding to the first key.

In the embodiment of the present application, the steps involved in the process of the non-first connection between the first electronic device and the second electronic device will be described by using a timing chart, as shown in fig. 11, where the first electronic device and the second electronic device in the figure establish a connection based on bluetooth communication. The steps in the timing diagram include:

s810: the second electronic device transmits a second broadcast signal.

S811: the first electronic device identifies the second broadcast signal and discovers the second electronic device.

S820: the first electronic device establishes an RFCOMM connection with the second electronic device.

S821: the first electronic device sends a protocol version number of the first electronic device to the second electronic device.

S822: and the second electronic equipment performs compatibility judgment on the protocol version number of the first electronic equipment.

S823: the second electronic device sends the protocol version number, the compatibility judgment result, the key negotiation supporting mode, the device type identifier and the key filtering information of the second electronic device to the first electronic device.

In this embodiment of the present application, the key filtering information may be transmitted to the first electronic device by the broadcast signal sent by the second electronic device in addition to the key filtering information may be sent to the first electronic device through S823.

S830: and the third key stored by the first electronic equipment at this time is matched with the key filtering information, and the third key successfully matched is used as the determined third key.

S831: the first electronic device sends encryption information to the second electronic device, wherein the encryption information is obtained by encrypting the device identification and the Bluetooth MAC address of the first electronic device based on the determined third key.

S832: the second electronic device selects a third key which can successfully decrypt the encrypted information from the local third keys as a third key to be used.

S833: the second electronic equipment encrypts the equipment identifier of the second electronic equipment by using the key to be used to obtain replied encryption information, and sends the replied encryption information to the first electronic equipment.

S834: the first electronic device decrypts the replied encryption information based on the determined third key to obtain and store the device identification of the second electronic device.

S841: the first electronic equipment generates and transmits a first key and key association information corresponding to the first key.

The first electronic device encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic device.

S843: the second electronic equipment detects whether the first secret key conflicts or not, and a conflict detection result is obtained.

S844: and the second electronic equipment returns a conflict detection result to the first electronic equipment.

S845: and if the first electronic equipment determines that the conflict detection result represents no conflict, storing the local equipment identifier, the first key and key association information corresponding to the first key.

It should be noted that, in the embodiment of the present application, after the first electronic device generates the first key and the key association information, the first key may be stored in the secure area of the first electronic device. The secure area may be a storage area corresponding to the secure chip, or the like. Correspondingly, after receiving the first key and the key association information, the second electronic device may store the first key and the key association information in a secure area of the second electronic device.

Referring to fig. 12, a key generating apparatus 700 provided in an embodiment of the present application, the apparatus 700 includes:

and a connection unit 710 for establishing a connection with a second electronic device, which is a device transmitting the broadcast signal, in response to the received broadcast signal.

The first key generating unit 720 is configured to generate a first key and key association information corresponding to the first key.

And the information communication unit 730 is configured to send the first key and the key association information to the second electronic device, where the first key and the key association information are used to perform security verification on an application service between the first electronic device and the second electronic device.

As one way, as shown in fig. 13, the apparatus 700 further includes: and a second key generating unit 740, configured to, if the first electronic device and the second electronic device are connected for the first time, negotiate with the second electronic device to generate a second key based on a specified key negotiation manner. In this manner, the information communication unit 730 is specifically configured to, if the first electronic device and the second electronic device are connected for the first time, encrypt the first key and the key related information based on the second key by the first electronic device, and send the encrypted first key and the encrypted key related information to the second electronic device.

As one way, as shown in fig. 14, the apparatus 700 further includes: and a third key generating unit 750, configured to generate and store a third key by the first electronic device and send the third key to the second electronic device through the information communication unit 730 if the first connection is made between the first electronic device and the second electronic device. In this way, the information communication unit 730 is specifically configured to, if the first electronic device and the second electronic device are not connected for the first time, encrypt the first key and the key association information based on the stored third key by using the first electronic device, and send the encrypted first key and the key association information to the second electronic device.

In this manner, optionally, the information communication unit 730 is specifically configured to obtain, if the first electronic device is not first connected to the second electronic device, the stored third key as the key to be selected; and taking a key matched with key filtering information corresponding to the second electronic equipment in the key to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic equipment is obtained from wireless data sent by the second electronic equipment. And encrypting the first key and the key association information based on the determined third key, and then transmitting the encrypted first key and the key association information to the second electronic equipment.

Optionally, if the received broadcast signal is a first broadcast signal, determining that the first electronic device is first connected to the second electronic device; and if the received broadcast signal is a second broadcast signal, determining that the first electronic device and the second electronic device are not connected for the first time.

The information communication unit 730 is further configured to send a protocol version number to the second electronic device, where the protocol version number is a protocol version number of a protocol used to generate the first key. And the device characteristic information is also used for receiving the device characteristic information returned by the second electronic device, the device characteristic information at least comprises a protocol version number of the second electronic device and a designated key negotiation mode supported by the second electronic device, and the device characteristic information is sent after the second electronic device determines that the protocol version number of the second electronic device is compatible with the protocol version number of the first electronic device.

The information communication unit 730 is further configured to send the device identifier of the first electronic device to the second electronic device, so that the second electronic device stores the device identifier of the first electronic device in association with the first key and the key association information. And the device identification of the second electronic device, which is sent by the second electronic device, is also used for receiving the device identification of the second electronic device, so that the device identification of the second electronic device, the first key and the key association information are associated and stored.

As a way, the information communication unit 730 is further configured to obtain service data, where the service data is data to be sent by a first application to a second application, and the second application is an application in the second electronic device; encrypting the service data based on the first key to obtain encrypted service data; and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment.

As one way, the first key generating unit 720 is specifically configured to detect whether the account bound by the first electronic device corresponds to a first key and key association information corresponding to the first key; if not, executing the generation of the first key and the key association information corresponding to the first key.

Referring to fig. 15, a key generating apparatus 800 provided in an embodiment of the present application, the apparatus 800 includes:

a broadcast signal transmitting unit 810 for transmitting a broadcast signal.

And a connection unit 820 for establishing a connection with a first electronic device, where the first electronic device is an electronic device that receives the broadcast signal.

The information communication unit 830 is configured to receive a first key sent by a first electronic device and key association information corresponding to the first key, where the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device.

Optionally, as shown in fig. 16, the apparatus 800 further includes:

the key negotiation unit 840 is configured to negotiate with the first electronic device based on a specified key negotiation manner in response to a key negotiation request to generate a second key, where the key negotiation request is sent after determining that the first electronic device is first connected with the second electronic device for the first electronic device. In this manner, the information communication unit 830 is specifically configured to, if the first electronic device is connected to the second electronic device for the first time, receive the encrypted first key and key association information corresponding to the first key, and decrypt the encrypted first key and key association information corresponding to the first key based on the second key, so as to obtain the first key and key association information corresponding to the first key.

The information communication unit 830 is further configured to receive a third key sent by the first electronic device, where the third key is generated and sent after determining that the first electronic device is first connected to the second electronic device for the first electronic device. In this manner, the information communication unit 830 is specifically configured to, if the first electronic device and the second electronic device are not connected for the first time, receive the encrypted first key and key association information corresponding to the first key, and decrypt the encrypted first key and key association information corresponding to the first key based on the third key, so as to obtain the first key and key association information corresponding to the first key.

As one way, the broadcast signal sending unit 810 is specifically configured to send the first broadcast signal if the second electronic device detects that the third key is not stored locally; if the second electronic equipment detects that the third secret key is locally stored, a second broadcast signal is sent; the first broadcast signal is used for the first electronic equipment to identify that the first connection is the first connection with the second electronic equipment, and the second broadcast signal is used for the first electronic equipment to identify that the second connection is the non-first connection with the second electronic equipment.

As a way, the information communication unit 830 is further configured to receive communication data sent by the first electronic device, where the communication data includes encrypted service data and the key association information;

obtaining a corresponding first key from the local based on the key association information; and decrypting the encrypted service data based on a first key acquired from the local to obtain the service data.

According to the key generation device provided by the embodiment, after the first electronic device responds to the received broadcast signal and establishes connection with the second electronic device, the first electronic device regenerates the first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, wherein the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device. Therefore, after the connection between the first electronic equipment and the second electronic equipment is established in the mode, the service between the application program in the first electronic equipment and the application program of the second electronic equipment can be encrypted through the generated first secret key and the secret key associated information corresponding to the first secret key, and further the safety of the program in carrying out cross-equipment service communication is improved.

It should be noted that, for convenience and brevity, specific working procedures of the apparatus and units described above may refer to corresponding procedures in the foregoing method embodiments, and are not described herein again. In several embodiments provided herein, the coupling of the modules to each other may be electrical. In addition, each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules.

An electronic device provided in the present application will be described with reference to fig. 17.

Referring to fig. 17, based on the above-mentioned key generation method and apparatus, another electronic device 100 capable of executing the above-mentioned key generation method is further provided in the embodiments of the present application. The electronic device 100 includes one or more (only one shown) processors 102, memory 104, and a wireless module 106 coupled to one another. The memory 104 stores therein a program capable of executing the contents of the foregoing embodiments, and the processor 102 can execute the program stored in the memory 104.

Wherein the processor 102 may include one or more processing cores. The processor 102 utilizes various interfaces and lines to connect various portions of the overall electronic device 100, perform various functions of the electronic device 100, and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 104, and invoking data stored in the memory 104. Alternatively, the processor 102 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 102 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 102 and may be implemented solely by a single communication chip.

The Memory 104 may include random access Memory (Random Access Memory, RAM) or Read-Only Memory (RAM). Memory 104 may be used to store instructions, programs, code sets, or instruction sets. The memory 104 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (e.g., a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described below, etc. The storage data area may also store data created by the terminal 100 in use (such as phonebook, audio-video data, chat-record data), etc.

The wireless module 106 is configured to receive and transmit electromagnetic waves, and to implement mutual conversion between the electromagnetic waves and the electrical signals, so as to communicate with a communication network or other devices, such as an audio playback device. The wireless module 106 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and the like. The wireless module 106 may communicate with various networks such as the internet, intranets, wireless networks, or other devices via wireless networks. The wireless network may include a cellular telephone network, a wireless local area network, or a metropolitan area network. For example, the wireless module 106 may interact with a base station.

Referring to fig. 18, a block diagram of a computer readable storage medium according to an embodiment of the present application is shown. The computer readable medium 1100 has stored therein program code that can be invoked by a processor to perform the methods described in the method embodiments above.

The computer readable storage medium 1100 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, computer readable storage medium 1100 includes non-volatile computer readable medium (non-transitory computer-readable storage medium). The computer readable storage medium 1100 has storage space for program code 1110 that performs any of the method steps described above. The program code can be read from or written to one or more computer program products. Program code 1110 may be compressed, for example, in a suitable form.

In summary, after a first electronic device responds to a received broadcast signal and establishes a connection with a second electronic device, the first electronic device regenerates a first key and key association information corresponding to the first key, and sends the first key and the key association information to the second electronic device, where the first key and the key association information are used for performing security verification on an application service between the first electronic device and the second electronic device. Therefore, after the connection between the first electronic equipment and the second electronic equipment is established in the mode, the service between the application program in the first electronic equipment and the application program of the second electronic equipment can be encrypted through the generated first secret key and the secret key associated information corresponding to the first secret key, and further the safety of the program in carrying out cross-equipment service communication is improved.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, one of ordinary skill in the art will appreciate that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims

1. A key generation method, the method comprising:

the method comprises the steps that a first electronic device responds to a received broadcast signal and establishes connection with a second electronic device, wherein the second electronic device is a device for transmitting the broadcast signal;

the first electronic equipment generates a first key and key association information corresponding to the first key;

if the first electronic device is connected with the second electronic device for the first time, the first electronic device negotiates with the second electronic device to generate a second key based on a specified key negotiation mode, the first electronic device generates and stores a third key and sends the third key to the second electronic device, and the first electronic device encrypts the first key and the key association information based on the second key and sends the encrypted first key and the key association information to the second electronic device; the first secret key and the secret key associated information are used for carrying out security verification on application business between first electronic equipment and the second electronic equipment;

And if the first electronic equipment is not connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the key association information to the second electronic equipment.

2. The method of claim 1, wherein the first electronic device, after encrypting the first key and the key association information based on the stored third key, further comprises, before transmitting to the second electronic device:

if the first electronic device and the second electronic device are not connected for the first time, the first electronic device obtains a stored third key as a key to be selected;

taking a key matched with key filtering information corresponding to the second electronic equipment in the key to be selected as a determined third key, wherein the key filtering information corresponding to the second electronic equipment is obtained from wireless data sent by the second electronic equipment;

the first electronic device encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the key association information to the second electronic device, and the method comprises the following steps:

and the first electronic equipment encrypts the first key and the key association information based on the determined third key and then sends the encrypted first key and the key association information to the second electronic equipment.

3. The method according to any one of claims 1-2, wherein the method further comprises:

if the received broadcast signal is a first broadcast signal, determining that the first electronic device is connected with the second electronic device for the first time;

if the received broadcast signal is a second broadcast signal, determining that the first electronic device and the second electronic device are not connected for the first time;

wherein the first broadcast signal is a broadcast signal generated based on an adopted communication protocol, and the second broadcast signal is a first broadcast signal added with specified information.

4. The method according to any one of claims 1-2, wherein if the first connection is between the first electronic device and the second electronic device, before the first electronic device negotiates with the second electronic device to generate the second key based on the specified key negotiation manner, the method further comprises:

the first electronic device sends a protocol version number to the second electronic device, wherein the protocol version number is a protocol version number of a protocol for generating a first key, and the protocol version number is used for indicating the second electronic device to perform compatibility detection on the protocol version number of the first electronic device;

The first electronic equipment receives equipment characteristic information returned by the second electronic equipment, wherein the equipment characteristic information at least comprises a protocol version number of the second electronic equipment and a designated key negotiation mode supported by the second electronic equipment, and the equipment characteristic information is sent after the second electronic equipment determines that the protocol version number of the second electronic equipment is compatible with the protocol version number of the first electronic equipment;

if the first connection is between the first electronic device and the second electronic device, the first electronic device negotiates with the second electronic device to generate a second key based on a specified key negotiation mode, including:

and if the first connection is between the first electronic equipment and the second electronic equipment, the first electronic equipment negotiates with the second electronic equipment to generate a second key based on a designated key negotiation mode supported by the second electronic equipment.

5. The method of claim 1, wherein the first electronic device, in response to the received broadcast signal, further comprises, after establishing a connection with the second electronic device:

the first electronic device sends the device identification of the first electronic device to the second electronic device so that the second electronic device can store the device identification of the first electronic device, the first key and the key association information in an associated mode;

The first electronic device receives the device identifier of the second electronic device, which is sent by the second electronic device, so as to store the device identifier of the second electronic device, the first key and the key association information in an associated mode.

6. The method according to claim 1, wherein the method further comprises:

the method comprises the steps that a first electronic device obtains service data, wherein the service data are data to be sent to a second application program by a first application program, and the second application program is an application program in the second electronic device;

encrypting the service data based on the first key to obtain encrypted service data;

and assembling the encrypted service data and the key association information into communication data, and sending the communication data to the second electronic equipment.

7. The method of claim 1, wherein prior to the first electronic device generating the first key and the key association information corresponding to the first key, further comprises:

detecting whether an account bound by the first electronic equipment corresponds to a first key and key association information corresponding to the first key;

If not, executing the generation of the first key and the key association information corresponding to the first key;

and if so, carrying out security verification on the service between the application program in the first electronic equipment and the application program of the second electronic equipment based on the first key corresponding to the account and the key association information corresponding to the first key.

8. A key generation method, the method comprising:

the second electronic device transmits a broadcast signal;

the second electronic equipment establishes connection with first electronic equipment, and the first electronic equipment is electronic equipment which receives the broadcast signal;

if the first electronic device is connected with the second electronic device for the first time, the second electronic device receives the encrypted first key and key association information corresponding to the first key, decrypts the encrypted first key and the key association information corresponding to the first key based on a second key to obtain the first key and the key association information corresponding to the first key, the second key is generated by the second electronic device in response to a key negotiation request, negotiating with the first electronic device based on a designated key negotiation mode, the key negotiation request is sent after determining that the first electronic device is connected with the second electronic device for the first electronic device, and the first key and the key association information are used for carrying out security verification on application services between the first electronic device and the second electronic device;

If the first electronic device and the second electronic device are not connected for the first time, the second electronic device receives the encrypted first key and key association information corresponding to the first key, decrypts the encrypted first key and the key association information corresponding to the first key based on a third key to obtain the first key and the key association information corresponding to the first key, and the third key determines that the first electronic device and the second electronic device are connected for the first time and then generates and sends the first key and the second key association information to the second electronic device.

9. The method of claim 8, wherein the second electronic device transmits a broadcast signal comprising:

if the second electronic equipment detects that the third key is not stored locally, a first broadcast signal is sent;

if the second electronic equipment detects that the third secret key is locally stored, a second broadcast signal is sent;

the first broadcast signal is used for the first electronic equipment to identify that the first connection is the first connection with the second electronic equipment, and the second broadcast signal is used for the first electronic equipment to identify that the second connection is the non-first connection with the second electronic equipment.

10. The method of claim 8, wherein the method further comprises:

receiving communication data sent by the first electronic equipment, wherein the communication data comprises encrypted service data and key association information;

obtaining a corresponding first key from the local based on the key association information;

and decrypting the encrypted service data based on a first key acquired from the local to obtain the service data.

11. A key generation apparatus operable on a first electronic device, the apparatus comprising:

the connection unit is used for responding to the received broadcast signals and establishing connection with second electronic equipment, wherein the second electronic equipment is equipment for transmitting the broadcast signals;

the first key generation unit is used for generating a first key and key association information corresponding to the first key;

the information communication unit is used for negotiating with the second electronic equipment to generate a second key based on a designated key negotiation mode if the first electronic equipment is connected with the second electronic equipment for the first time, generating and storing a third key by the first electronic equipment, and sending the third key to the second electronic equipment, wherein the first electronic equipment encrypts the first key and the key related information based on the second key and then sends the encrypted first key and the key related information to the second electronic equipment, and the first key and the key related information are used for carrying out security verification on application service between the first electronic equipment and the second electronic equipment; and if the first electronic equipment is not connected with the second electronic equipment for the first time, the first electronic equipment encrypts the first key and the key association information based on the stored third key and then sends the encrypted first key and the key association information to the second electronic equipment.

12. A key generation apparatus operable on a second electronic device, the apparatus comprising:

a broadcast signal transmitting unit for transmitting a broadcast signal;

the connection unit is used for establishing connection with first electronic equipment, and the first electronic equipment is the electronic equipment which receives the broadcast signal;

an information communication unit, configured to, if the first electronic device is first connected to the second electronic device, receive an encrypted first key and key association information corresponding to the first key, decrypt the encrypted first key and key association information corresponding to the first key based on a second key, so as to obtain the first key and key association information corresponding to the first key, where the second key is generated by the second electronic device negotiating with the first electronic device based on a designated key negotiation manner in response to a key negotiation request, and the key negotiation request is sent after determining that the first electronic device is first connected to the second electronic device, where the first key and the key association information are used for security verification of an application service between the first electronic device and the second electronic device; if the first electronic device and the second electronic device are not connected for the first time, the second electronic device receives the encrypted first key and key association information corresponding to the first key, decrypts the encrypted first key and the key association information corresponding to the first key based on a third key to obtain the first key and the key association information corresponding to the first key, and the third key determines that the first electronic device and the second electronic device are connected for the first time and then generates and sends the first key and the second key association information to the second electronic device.

13. An electronic device comprising one or more processors and memory;

one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods of any of claims 1-7.

14. An electronic device comprising one or more processors and memory;

one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 8-10.

15. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program code, wherein the program code, when being executed by a processor, performs the method of any of claims 1-7.