CN114039727A - Data transmission method and device, intelligent terminal and gateway equipment - Google Patents
Data transmission method and device, intelligent terminal and gateway equipment Download PDFInfo
- Publication number
- CN114039727A CN114039727A CN202111500287.0A CN202111500287A CN114039727A CN 114039727 A CN114039727 A CN 114039727A CN 202111500287 A CN202111500287 A CN 202111500287A CN 114039727 A CN114039727 A CN 114039727A
- Authority
- CN
- China
- Prior art keywords
- key
- gateway
- terminal
- data transmission
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 89
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000004044 response Effects 0.000 claims description 24
- 238000004364 calculation method Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 abstract description 41
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000006467 substitution reaction Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/06—Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Abstract
The invention provides a data transmission method, a device, an intelligent terminal and a gateway device, which are applied to the technical field of communication. The method realizes the encryption transmission of the data to be transmitted, and ensures the safety of data transmission as a substitution method under the condition that the data encryption method carried by the wireless communication technology cannot be used.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a data transmission method and device, an intelligent terminal and gateway equipment.
Background
Most wireless communication technologies such as bluetooth wireless communication and the like are provided with a data encryption transmission mechanism, for example, an information transmission channel is encrypted, and the encryption transmission mechanism can ensure that data transmitted by two communication parties during communication cannot be tampered or intercepted by a third party.
However, in practical applications, situations often occur in which the data encryption method of the wireless communication technology itself cannot be used, for example, the hardware bottom layer driver does not support the self-contained encryption algorithm, and if data transmission is performed without taking any encryption measures, the security of the data transmission is seriously affected.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a data transmission method, an apparatus, an intelligent terminal and a gateway device, which are capable of generating a shared key for encrypting data, so as to implement encrypted transmission of data to be transmitted, and ensure security of data transmission as a replacement method in a case where a data encryption method carried by a wireless communication technology cannot be used, and the specific scheme is as follows:
in a first aspect, the present invention provides a data transmission method, applied to a gateway device, where the method includes:
acquiring a secret key seed;
generating a gateway side key pair, wherein the gateway side key pair comprises a gateway public key and a gateway private key;
sending the gateway public key and the key seed to an intelligent terminal;
receiving a terminal public key and a first ciphertext of the intelligent terminal;
the intelligent terminal generates a first shared key based on a terminal private key, the gateway public key and the key seed, and encrypts the key seed through the first shared key to obtain the first ciphertext;
generating a second shared secret key according to the terminal public key, the gateway private key and the secret key seed;
encrypting the key seed based on the second shared key to obtain a second ciphertext;
and if the first ciphertext is consistent with the second ciphertext, sending response information representing that data transmission can be carried out to the intelligent terminal.
Optionally, the generating a gateway side key pair includes:
performing a 2-odd operation on the key seed to obtain a first calculation result;
determining a first target curve used by an elliptic curve Diffie-Hellman key exchange ECDH algorithm according to the first calculation result;
and generating a gateway side key pair based on the ECDH algorithm and the first target curve.
Optionally, after sending the response message, the method further includes:
and carrying out data transmission based on the second shared secret key and a preset encryption algorithm.
In a second aspect, the present invention provides a data transmission method, which is applied to an intelligent terminal, and the method includes:
receiving a key seed and a gateway public key of the gateway device from the gateway device;
generating a terminal side key pair, wherein the terminal side key pair comprises a terminal public key and a terminal private key;
generating a first shared key according to the gateway public key, the terminal private key and the key seed;
encrypting the key seed based on the first shared key to obtain a first ciphertext;
sending the first ciphertext and the terminal public key to the gateway device;
receiving response information representing that data transmission can be carried out;
wherein the response information is sent by the gateway device under the condition that the first ciphertext and the second ciphertext are consistent;
and the second cipher text is obtained by the gateway equipment generating a second shared key according to the terminal public key, the gateway private key of the gateway equipment and the key seed and encrypting the key seed based on the second shared key.
Optionally, the generating a terminal-side key pair includes:
performing a 2-odd operation on the key seed to obtain a second calculation result;
determining a second target curve used by the elliptic curve diffie-hellman key exchange ECDH algorithm according to the second calculation result;
and generating a terminal side key pair based on the ECDH algorithm and the second target curve.
Optionally, after the response information is acquired, the method further includes:
and carrying out data transmission based on the first shared secret key and a preset encryption algorithm.
In a third aspect, the present invention provides a data transmission apparatus, applied to a gateway device, where the apparatus includes:
an obtaining unit configured to obtain a key seed;
the first generation unit is used for generating a gateway side key pair, and the gateway side key pair comprises a gateway public key and a gateway private key;
the first sending unit is used for sending the gateway public key and the key seed to the intelligent terminal;
the first receiving unit is used for acquiring a terminal public key and a first ciphertext of the intelligent terminal;
the intelligent terminal generates a first shared key based on a terminal private key, the gateway public key and the key seed, and encrypts the key seed through the first shared key to obtain the first ciphertext;
the second generation unit is used for generating a second shared secret key according to the terminal public key, the gateway private key and the secret key seed;
the first encryption unit is used for encrypting the key seed based on the second shared key to obtain a second ciphertext;
and the second sending unit is used for sending response information representing that data transmission can be carried out to the intelligent terminal if the first ciphertext is consistent with the second ciphertext.
In a fourth aspect, the present invention provides a data transmission device, which is applied to an intelligent terminal, and the device includes:
a second receiving unit, configured to receive, from the gateway device, the key seed and a gateway public key of the gateway device;
a third generating unit, configured to generate a terminal-side key pair, where the terminal-side key pair includes a terminal public key and a terminal private key;
a fourth generating unit, configured to generate a first shared key according to the gateway public key, the terminal private key, and the key seed;
a second encryption unit, configured to encrypt the key seed based on the first shared key to obtain a first ciphertext;
a third sending unit, configured to send the first ciphertext and the terminal public key to the gateway device;
a third receiving unit, configured to receive response information indicating that data transmission is possible;
wherein the response information is sent by the gateway device under the condition that the first ciphertext and the second ciphertext are consistent;
and the second cipher text is obtained by the gateway equipment generating a second shared key according to the terminal public key, the gateway private key of the gateway equipment and the key seed and encrypting the key seed based on the second shared key.
In a fifth aspect, the present invention provides a gateway device, including: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the data transmission method according to any one of the first aspect of the present invention.
In a sixth aspect, the present invention provides an intelligent terminal, including: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the data transmission method according to any one of the second aspect of the present invention.
Based on the technical scheme, after the gateway equipment acquires the key seed and generates the gateway side key pair comprising the gateway public key and the gateway private key, the gateway public key and the key seed are sent to the intelligent terminal, the intelligent terminal generates a first shared key based on the terminal private key, the gateway public key and the key seed, then encrypts the key seed through the first shared key to obtain a first ciphertext, the gateway device further receives the terminal public key and the first ciphertext of the intelligent terminal, and generates a second shared secret key according to the terminal public key, the gateway private key and the secret key seed, encrypts the secret key seed based on the second shared secret key to obtain a second ciphertext, and finally, the gateway equipment compares the consistency of the first ciphertext and the second ciphertext, and if the first ciphertext is consistent with the second ciphertext, sending response information representing that data transmission can be carried out to the terminal equipment. According to the data transmission method provided by the invention, the terminal equipment and the gateway equipment can generate the shared secret key for encrypting data, so that the encryption transmission of the data to be transmitted is realized, and the data transmission method can be used as a replacement method under the condition that the data encryption method carried by the wireless communication technology cannot be used, so that the safety of data transmission is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention;
fig. 2 is a block diagram of a data transmission apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram of another data transmission apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram of a data transmission apparatus according to another embodiment of the present invention;
fig. 5 is a block diagram of a data transmission apparatus according to another embodiment of the present invention;
fig. 6 is a block diagram of an intelligent terminal according to an embodiment of the present invention;
fig. 7 is a block diagram of a gateway device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a data transmission method provided in an embodiment of the present invention, where the flowchart of the data transmission method provided in this embodiment includes:
s100, the gateway equipment acquires the key seed.
In practical applications, a random number may be used as the key seed, and of course, other information may also be used as the key seed, which is not listed here, and any information or data that can be used as the key seed falls within the protection scope of the present invention without departing from the scope of the core idea of the present invention.
Optionally, when a random number is selected as the key seed, the random number may be obtained by a random number generator, and may of course be obtained by other manners.
S110, the gateway device generates a gateway side key pair.
The data transmission method provided in this embodiment is implemented on the basis of the asymmetric encryption concept, and therefore, after obtaining the key seed, a gateway-side key pair is first generated. According to the implementation principle of the asymmetric encryption algorithm, the gateway side key pair described in this embodiment includes a gateway public key and a gateway private key.
Optionally, in a case that the key seed is implemented by using a random number, the gateway-side key pair may be generated based on an ECDH (Elliptic Curve Diffie-Hellman key Exchange) algorithm. First, a 2-remainder operation is performed on a key seed to obtain a first calculation result, and then a first target curve used by the ECDH algorithm is determined according to the first calculation result, for example, if the first calculation result is 0, the SECP256K1 curve is used as the first target curve, if the first calculation result is 1, the SECP256P1 curve is used as the first target curve, and after the first target curve is determined, a gateway-side key pair can be generated based on the ECDH algorithm and the first target curve.
As for the specific implementation process of generating the gateway side key pair based on the ECDH algorithm and the first target curve, the implementation process may be implemented based on the prior art, and the present invention is not limited to this.
And S120, the gateway equipment sends the gateway public key and the key seed to the intelligent terminal.
S130, the intelligent terminal receives the key seed and the gateway public key from the gateway equipment.
And S140, the intelligent terminal generates a terminal side key pair.
Similar to the gateway-side key pair, the terminal-side key pair mentioned in this step includes a terminal public key and a terminal private key. It should be noted that, based on the basic principle of the asymmetric encryption algorithm, it is known that the intelligent terminal needs to generate a terminal-side key pair by using the same algorithm as the gateway device, and therefore, after obtaining the key seed provided by the gateway device, the intelligent terminal also needs to perform a 2-remainder operation on the key seed to obtain a second calculation result, and determines a second target curve used by the ECDH algorithm according to the second calculation result, and as for the determination process of the second target curve, the determination process is the same as the determination process of the first target curve, which is not repeated here, and after determining the second target curve, the intelligent terminal can generate the terminal-side key pair based on the ECDH algorithm and the second target curve.
S150, the intelligent terminal generates a first shared secret key according to the gateway public key, the terminal private key and the secret key seed.
It should be noted that the specific process of generating the first shared key by the intelligent terminal according to the gateway public key, the terminal private key and the key seed may be obtained based on a key generation algorithm in the prior art, which is not specifically limited in the present invention.
S160, the intelligent terminal encrypts the key seed based on the first shared key to obtain a first ciphertext.
The process of obtaining the first ciphertext by the intelligent terminal based on the first shared key encryption key seed may be implemented based on a preset encryption algorithm, which is not specifically limited in the present invention.
S170, the intelligent terminal sends the first ciphertext and the terminal public key to the gateway device.
And S180, the gateway equipment receives the terminal public key and the first ciphertext of the intelligent terminal.
And S190, the gateway equipment generates a second shared secret key according to the terminal public key, the gateway private key and the secret key seed.
It should be noted that, when the gateway device generates the second shared key, the same encryption algorithm as that used when the intelligent terminal generates the first shared key should be used, and when the data transmission channel is secure and the transmission data is not tampered, the second shared key of the gateway device and the first shared key of the intelligent terminal should be the same in content, which is a precondition and a basis for implementing the security verification of the present invention.
S200, the gateway equipment encrypts the key seed based on the second shared key to obtain a second ciphertext.
Firstly, it should be emphasized that the gateway device and the intelligent terminal should use the same encryption algorithm to encrypt the key seed, as described above, on the premise that the data transmission channel is safe and the transmission data is not tampered, the second shared key has the same content as the first shared key, the gateway device and the intelligent terminal use the same encryption key and the same encryption algorithm to encrypt the same key seed, and the obtained ciphertext should be the same, which is the key point of performing key agreement in the present invention.
Based on the above content, after the gateway device generates the second shared key, the key seed may be encrypted by combining the second shared key and the preset encryption algorithm to obtain a second ciphertext.
S210, the gateway equipment sends response information representing that data transmission can be carried out to the intelligent terminal under the condition that the first ciphertext is consistent with the second ciphertext.
As described above, if the data transmission channel is secure, the first ciphertext and the second ciphertext should be consistent, otherwise, the first ciphertext and the second ciphertext are not consistent, and based on this, the gateway device sends response information representing that data transmission can be performed, so as to inform the final result of key agreement of the intelligent terminal, when the first ciphertext and the second ciphertext are consistent.
And S220, the intelligent terminal receives the response information.
After the intelligent terminal obtains the response information, the intelligent terminal can determine that the key negotiation is successful, and can perform the subsequent data transmission steps.
In summary, in the data transmission method provided by the present invention, both the terminal device and the gateway device can generate the shared key for encrypting data, so as to implement encrypted transmission of data to be transmitted, and ensure the security of data transmission as a replacement method in the case where the data encryption method carried by the wireless communication technology cannot be used.
Optionally, after the key agreement process is successfully completed, the gateway device may encrypt the data to be transmitted or decrypt a ciphertext fed back by the intelligent terminal based on the second shared key obtained in the previous step and a corresponding preset encryption algorithm (a preset encryption algorithm used when encrypting the key seed, such as an AES256-CTR algorithm), so as to implement data transmission with the intelligent terminal; correspondingly, the intelligent terminal can decrypt the obtained ciphertext of the data to be transmitted based on the same preset encryption algorithm and the first shared key, and can encrypt the data to be transmitted based on the preset encryption algorithm and the first shared key.
On the basis of the embodiment shown in fig. 1, the data transmission method provided in this embodiment can further implement encrypted transmission of data, and in the specific implementation process, after a communication connection is established between two communication parties, multiple communications can be performed until the connection is disconnected; meanwhile, a shared key is generated, the shared key is used for communication in multiple connected communications, data are encrypted by a sending party in each data transmission process, and a receiving party decrypts the data, so that the data security can be effectively guaranteed.
It can be understood that the data transmission method provided by any of the above embodiments is implemented on the premise that the intelligent terminal and the gateway device already establish a communication connection relationship. The intelligent terminal may be an electronic device such as a smart phone and a palm computer in practical application, and of course, may also be other devices capable of communicating with the gateway device, which is not listed here.
The data transmission device described below may be regarded as a functional module architecture that needs to be set in the central device to implement the data transmission method provided by the embodiment of the present invention; the following description may be cross-referenced with the above.
Referring to fig. 2, fig. 2 is a block diagram of a data transmission device according to an embodiment of the present invention, where the data transmission device according to the embodiment includes:
an obtaining unit 1, configured to obtain a key seed;
the first generating unit 2 is configured to generate a gateway side key pair, where the gateway side key pair includes a gateway public key and a gateway private key;
the first sending unit 3 is used for sending the gateway public key and the key seed to the intelligent terminal;
the first receiving unit 4 is used for receiving a terminal public key and a first ciphertext of the intelligent terminal;
the intelligent terminal generates a first shared key based on a terminal private key, a gateway public key and a key seed, and encrypts the key seed through the first shared key to obtain a first ciphertext;
the second generating unit 5 is configured to generate a second shared key according to the terminal public key, the gateway private key, and the key seed;
the first encryption unit 6 is configured to encrypt the key seed based on the second shared key to obtain a second ciphertext;
and the second sending unit 7 is configured to send response information representing that data transmission can be performed to the intelligent terminal if the first ciphertext is consistent with the second ciphertext.
Optionally, the first generating unit 2 is configured to generate a gateway-side key pair, and includes:
performing a 2-odd operation on the key seed to obtain a first calculation result;
determining a first target curve used by an elliptic curve Diffie-Hellman key exchange ECDH algorithm according to the first calculation result;
and generating a gateway side key pair based on the ECDH algorithm and the first target curve.
Optionally, referring to fig. 3, fig. 3 is a block diagram of another data transmission apparatus provided in the embodiment of the present invention, and on the basis of the embodiment shown in fig. 2, the data transmission apparatus further includes:
and the first transmission unit 8 is used for carrying out data transmission based on the second shared secret key and a preset encryption algorithm.
Optionally, referring to fig. 4, fig. 4 is a block diagram of a structure of another data transmission apparatus provided in an embodiment of the present invention, where the apparatus includes:
a second receiving unit 9, configured to receive, from the gateway device, the key seed and a gateway public key of the gateway device;
a third generating unit 10, configured to generate a terminal-side key pair, where the terminal-side key pair includes a terminal public key and a terminal private key;
a fourth generating unit 11, configured to generate a first shared key according to the gateway public key, the terminal private key, and the key seed;
a second encryption unit 12, configured to encrypt the key seed based on the first shared key to obtain a first ciphertext;
a third sending unit 13, configured to send the first ciphertext and the terminal public key to the gateway device;
a third receiving unit 14, configured to receive response information indicating that data transmission is possible;
wherein the response information is sent by the gateway device under the condition that the first ciphertext and the second ciphertext are consistent;
and the second cipher text is obtained by the gateway equipment generating a second shared key according to the terminal public key, the gateway private key of the gateway equipment and the key seed and encrypting the key seed based on the second shared key.
Optionally, the third generating unit 10 is configured to generate a terminal-side key pair, and includes:
performing a 2-odd operation on the key seed to obtain a second calculation result;
determining a second target curve used by the elliptic curve Diffie-Hellman key exchange ECDH algorithm according to the second calculation result;
and generating a terminal side key pair based on the ECDH algorithm and the second target curve.
Optionally, referring to fig. 5, fig. 5 is a block diagram of a structure of another data transmission apparatus provided in the embodiment of the present invention, and on the basis of the embodiment shown in fig. 4, the data transmission apparatus further includes:
and a second transmission unit 15, configured to perform data transmission based on the first shared key and a preset encryption algorithm.
Optionally, referring to fig. 6, fig. 6 is a block diagram of a structure of an intelligent terminal provided in an embodiment of the present invention, and as shown in fig. 6, the structure may include: at least one processor 100, at least one communication interface 200, at least one memory 300, and at least one communication bus 400;
in the embodiment of the present invention, the number of the processor 100, the communication interface 200, the memory 300, and the communication bus 400 is at least one, and the processor 100, the communication interface 200, and the memory 300 complete the communication with each other through the communication bus 400; it is clear that the communication connections shown by the processor 100, the communication interface 200, the memory 300 and the communication bus 400 shown in fig. 6 are only optional;
optionally, the communication interface 200 may be an interface of a communication module;
the processor 100 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention.
The memory 300, which stores application programs, may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 100 is specifically configured to execute an application program in the memory, so as to implement any embodiment of the method executed by the intelligent terminal in the data transmission method described above.
Optionally, referring to fig. 7, fig. 7 is a block diagram of a gateway device according to an embodiment of the present invention, and referring to fig. 7, the gateway device may include: at least one processor 500, at least one communication interface 600, at least one memory 700, and at least one communication bus 800;
in the embodiment of the present invention, the number of the processor 500, the communication interface 600, the memory 700, and the communication bus 800 is at least one, and the processor 500, the communication interface 600, and the memory 700 complete the communication with each other through the communication bus 800; it should be apparent that the communication connections shown by processor 500, communication interface 600, memory 700, and communication bus 800 shown in FIG. 7 are merely optional;
optionally, the communication interface 600 may be an interface of a communication module;
the processor 500 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention.
The memory 700, which stores application programs, may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 500 is specifically configured to execute an application program in the memory, so as to implement any embodiment of the method executed by the gateway device in the data transmission method described above.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data transmission method, applied to a gateway device, the method comprising:
acquiring a secret key seed;
generating a gateway side key pair, wherein the gateway side key pair comprises a gateway public key and a gateway private key;
sending the gateway public key and the key seed to an intelligent terminal;
receiving a terminal public key and a first ciphertext of the intelligent terminal;
the intelligent terminal generates a first shared key based on a terminal private key, the gateway public key and the key seed, and encrypts the key seed through the first shared key to obtain the first ciphertext;
generating a second shared secret key according to the terminal public key, the gateway private key and the secret key seed;
encrypting the key seed based on the second shared key to obtain a second ciphertext;
and if the first ciphertext is consistent with the second ciphertext, sending response information representing that data transmission can be carried out to the intelligent terminal.
2. The data transmission method according to claim 1, wherein the generating a gateway-side key pair comprises:
performing a 2-odd operation on the key seed to obtain a first calculation result;
determining a first target curve used by an elliptic curve Diffie-Hellman key exchange ECDH algorithm according to the first calculation result;
and generating a gateway side key pair based on the ECDH algorithm and the first target curve.
3. The data transmission method according to claim 1, further comprising, after transmitting the response message:
and carrying out data transmission based on the second shared secret key and a preset encryption algorithm.
4. A data transmission method is applied to an intelligent terminal, and the method comprises the following steps:
receiving a key seed and a gateway public key of the gateway device from the gateway device;
generating a terminal side key pair, wherein the terminal side key pair comprises a terminal public key and a terminal private key;
generating a first shared key according to the gateway public key, the terminal private key and the key seed;
encrypting the key seed based on the first shared key to obtain a first ciphertext;
sending the first ciphertext and the terminal public key to the gateway device;
receiving response information representing that data transmission can be carried out;
wherein the response information is sent by the gateway device under the condition that the first ciphertext and the second ciphertext are consistent;
and the second cipher text is obtained by the gateway equipment generating a second shared key according to the terminal public key, the gateway private key of the gateway equipment and the key seed and encrypting the key seed based on the second shared key.
5. The data transmission method according to claim 4, wherein the generating a terminal-side key pair comprises:
performing a 2-odd operation on the key seed to obtain a second calculation result;
determining a second target curve used by the elliptic curve diffie-hellman key exchange ECDH algorithm according to the second calculation result;
and generating a terminal side key pair based on the ECDH algorithm and the second target curve.
6. The data transmission method according to claim 4, further comprising, after acquiring the response information:
and carrying out data transmission based on the first shared secret key and a preset encryption algorithm.
7. A data transmission apparatus, applied to a gateway device, the apparatus comprising:
an obtaining unit configured to obtain a key seed;
the first generation unit is used for generating a gateway side key pair, and the gateway side key pair comprises a gateway public key and a gateway private key;
the first sending unit is used for sending the gateway public key and the key seed to the intelligent terminal;
the first receiving unit is used for receiving a terminal public key and a first ciphertext of the intelligent terminal;
the intelligent terminal generates a first shared key based on a terminal private key, the gateway public key and the key seed, and encrypts the key seed through the first shared key to obtain the first ciphertext;
the second generation unit is used for generating a second shared secret key according to the terminal public key, the gateway private key and the secret key seed;
the first encryption unit is used for encrypting the key seed based on the second shared key to obtain a second ciphertext;
and the second sending unit is used for sending response information representing that data transmission can be carried out to the intelligent terminal if the first ciphertext is consistent with the second ciphertext.
8. A data transmission device is characterized in that the data transmission device is applied to an intelligent terminal, and the device comprises:
a second receiving unit, configured to receive, from the gateway device, the key seed and a gateway public key of the gateway device;
a third generating unit, configured to generate a terminal-side key pair, where the terminal-side key pair includes a terminal public key and a terminal private key;
a fourth generating unit, configured to generate a first shared key according to the gateway public key, the terminal private key, and the key seed;
a second encryption unit, configured to encrypt the key seed based on the first shared key to obtain a first ciphertext;
a third sending unit, configured to send the first ciphertext and the terminal public key to the gateway device;
a third receiving unit, configured to receive response information indicating that data transmission is possible;
wherein the response information is sent by the gateway device under the condition that the first ciphertext and the second ciphertext are consistent;
and the second cipher text is obtained by the gateway equipment generating a second shared key according to the terminal public key, the gateway private key of the gateway equipment and the key seed and encrypting the key seed based on the second shared key.
9. A gateway device, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the data transmission method of any one of claims 1 to 3.
10. An intelligent terminal, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the data transmission method of any one of claims 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500287.0A CN114039727A (en) | 2021-12-09 | 2021-12-09 | Data transmission method and device, intelligent terminal and gateway equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500287.0A CN114039727A (en) | 2021-12-09 | 2021-12-09 | Data transmission method and device, intelligent terminal and gateway equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114039727A true CN114039727A (en) | 2022-02-11 |
Family
ID=80146606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111500287.0A Pending CN114039727A (en) | 2021-12-09 | 2021-12-09 | Data transmission method and device, intelligent terminal and gateway equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114039727A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001741A (en) * | 2022-04-22 | 2022-09-02 | 山东云海国创云计算装备产业创新中心有限公司 | Data encryption method and related components |
| CN115484131A (en) * | 2022-08-31 | 2022-12-16 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
| CN106845304A (en) * | 2017-01-22 | 2017-06-13 | 国网江苏省电力公司电力科学研究院 | A kind of method and system for realizing reader and smart-tag authentication in rfid system |
| CN110661748A (en) * | 2018-06-28 | 2020-01-07 | 武汉斗鱼网络科技有限公司 | Log encryption method, log decryption method and log encryption device |
| CN111431717A (en) * | 2020-03-31 | 2020-07-17 | 兴唐通信科技有限公司 | Encryption method for satellite mobile communication system |
| CN111917790A (en) * | 2020-08-10 | 2020-11-10 | 南京信息工程大学 | Hybrid encryption method for Internet of things security |
| CN112165386A (en) * | 2020-09-22 | 2021-01-01 | 深圳市明华澳汉智能卡有限公司 | Data encryption method and system based on ECDSA |
| WO2021011343A1 (en) * | 2019-07-12 | 2021-01-21 | Ethopass, Llc | Data protection and recovery systems and methods |
| CN112636906A (en) * | 2020-12-11 | 2021-04-09 | 海光信息技术股份有限公司 | Key agreement method and device |
| CN112737766A (en) * | 2020-12-25 | 2021-04-30 | 国网浙江省电力有限公司营销服务中心 | Bluetooth communication dynamic key pairing method suitable for installation type electric energy meter |
-
2021
- 2021-12-09 CN CN202111500287.0A patent/CN114039727A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
| CN106845304A (en) * | 2017-01-22 | 2017-06-13 | 国网江苏省电力公司电力科学研究院 | A kind of method and system for realizing reader and smart-tag authentication in rfid system |
| CN110661748A (en) * | 2018-06-28 | 2020-01-07 | 武汉斗鱼网络科技有限公司 | Log encryption method, log decryption method and log encryption device |
| WO2021011343A1 (en) * | 2019-07-12 | 2021-01-21 | Ethopass, Llc | Data protection and recovery systems and methods |
| CN111431717A (en) * | 2020-03-31 | 2020-07-17 | 兴唐通信科技有限公司 | Encryption method for satellite mobile communication system |
| CN111917790A (en) * | 2020-08-10 | 2020-11-10 | 南京信息工程大学 | Hybrid encryption method for Internet of things security |
| CN112165386A (en) * | 2020-09-22 | 2021-01-01 | 深圳市明华澳汉智能卡有限公司 | Data encryption method and system based on ECDSA |
| CN112636906A (en) * | 2020-12-11 | 2021-04-09 | 海光信息技术股份有限公司 | Key agreement method and device |
| CN112737766A (en) * | 2020-12-25 | 2021-04-30 | 国网浙江省电力有限公司营销服务中心 | Bluetooth communication dynamic key pairing method suitable for installation type electric energy meter |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001741A (en) * | 2022-04-22 | 2022-09-02 | 山东云海国创云计算装备产业创新中心有限公司 | Data encryption method and related components |
| CN115001741B (en) * | 2022-04-22 | 2024-02-23 | 山东云海国创云计算装备产业创新中心有限公司 | Data encryption method and related components |
| CN115484131A (en) * | 2022-08-31 | 2022-12-16 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
| CN115484131B (en) * | 2022-08-31 | 2024-04-12 | 江苏奥立信数字科技有限公司 | Internet of things gateway and equipment data storage system for same |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6535980B1 (en) | Keyless encryption of messages using challenge response | |
| US7716483B2 (en) | Method for establishing a communication between two devices | |
| EP2173055A1 (en) | A method, a system, a client and a server for key negotiating | |
| US7424115B2 (en) | Generating asymmetric keys in a telecommunications system | |
| CN111130803B (en) | Method, system and device for digital signature | |
| EP0938209A3 (en) | Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN114039727A (en) | Data transmission method and device, intelligent terminal and gateway equipment | |
| CN109068322B (en) | Decryption method, system, mobile terminal, server and storage medium | |
| CN104917807A (en) | Resource transfer method, apparatus and system | |
| CN112672342B (en) | Data transmission method, device, equipment, system and storage medium | |
| US20190173671A1 (en) | System and method for obtaining a common session key between devices | |
| CN112602290B (en) | Identity authentication method and device and readable storage medium | |
| CN115021932A (en) | Authentication method for handshake process of TLCP protocol | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN105471896A (en) | Agent method, device and system based on SSL (Secure Sockets Layer) | |
| CN105678542B (en) | payment service interaction method, payment terminal and payment cloud terminal | |
| CN109246156B (en) | Login authentication method and device, login method and device, and login authentication system | |
| CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
| CN112422530B (en) | Key security protection method and password device for server in TLS handshake process | |
| CN112822015B (en) | Information transmission method and related device | |
| CN114244513A (en) | Key agreement method, device and storage medium | |
| CN103812644A (en) | Information configuration method, device and system | |
| CN115334480A (en) | Bluetooth peripheral and central equipment and verification method | |
| CN114258013A (en) | Data encryption method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |