CN114157413A - Information processing method, device, equipment and storage medium - Google Patents

Information processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114157413A
CN114157413A CN202010925363.1A CN202010925363A CN114157413A CN 114157413 A CN114157413 A CN 114157413A CN 202010925363 A CN202010925363 A CN 202010925363A CN 114157413 A CN114157413 A CN 114157413A
Authority
CN
China
Prior art keywords
key
information
networked
equipment
calculation parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010925363.1A
Other languages
Chinese (zh)
Inventor
罗朝明
茹昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202010925363.1A priority Critical patent/CN114157413A/en
Priority to CN202180042424.2A priority patent/CN115769542A/en
Priority to PCT/CN2021/079365 priority patent/WO2022048125A1/en
Publication of CN114157413A publication Critical patent/CN114157413A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides an information processing method, an information processing device, information processing equipment and a storage medium, and relates to the technical field of communication. The method comprises the following steps: the method comprises the steps that a device to be networked broadcasts a beacon of a first access point, the beacon comprises a secret key calculation parameter and/or a device identification of the device to be networked, and the secret key calculation parameter is used for determining an access secret key for performing identity authentication between the device to be networked and a distribution network device; the distribution network equipment receives a beacon of the first access point. According to the method and the device, the key calculation parameter is added to the beacon of the access point started by the device to be networked, and is used for determining the access key for executing identity authentication between the device to be networked and the distribution network device, so that a basis is provided for executing identity authentication between the device to be networked and the distribution network device, and the realization of identity authentication between the subsequent device to be networked and the distribution network device is facilitated.

Description

Information processing method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an information processing method, an information processing apparatus, an information processing device, and a storage medium.
Background
Intelligent devices (Intelligent devices) include devices, instruments, machines, etc. having computing and processing capabilities. In general, when the smart device is used for the first time or in a use scenario in which the smart device is replaced (for example, the smart device is replaced from one network environment to another network environment), the smart device needs to be distributed, so that the smart device is connected to the network, and the control of the smart device is realized through the network.
The related technology provides a method for accessing a network by various configured intelligent devices, which mainly comprises the following steps: a soft AP (Access Point) distribution network (hereinafter referred to as "soft AP distribution network") and a code scanning distribution network. The main flow of the soft AP distribution network is as follows: the intelligent device starts the soft AP and broadcasts a beacon (beacon) of the soft AP; after the distribution network equipment scans the beacon of the soft AP, the beacon is added into the soft AP; through the soft AP, the distribution network equipment can send network configuration information of the AP needing to be accessed to the intelligent equipment, and then the intelligent equipment closes the soft AP and accesses the AP according to the network configuration information, so that the distribution network process is completed. The main flow of the code scanning distribution network is as follows: the network configuration information of the AP needing to be accessed is displayed in a two-dimensional code form by the network distribution equipment; the intelligent device scans the two-dimensional code displayed by the distribution network device to acquire network configuration information, and then accesses the AP according to the network configuration information to complete the distribution network process.
However, the process of the distribution network does not involve identity authentication of the intelligent device, so that it is highly likely that the counterfeit intelligent device acquires the network configuration information of the AP, which causes leakage of the network configuration information of the AP and poses a great threat to the security of the AP. Therefore, how to implement identity authentication on the smart device to improve the security of the AP needs to be further discussed and studied.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device, information processing equipment and a storage medium. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, and the method includes:
and broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
On the other hand, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
receiving a beacon of a first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, and the method includes:
displaying a first graphic code, wherein the first graphic code comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used for determining an information decryption key, the information decryption key is used for decrypting network configuration information from distribution network equipment, and the network configuration information is used for configuring the equipment to be networked to access a second access point.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
scanning a first graphic code of a device to be accessed to a network, wherein the first graphic code comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the device to be accessed to the network to access a second access point.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, where the method includes:
scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
Displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, where the method includes:
first information from distribution network equipment is received, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
and sending first information to the equipment to be accessed to the network, wherein the first information comprises a key calculation parameter which is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
and the beacon broadcasting module is used for broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be accessed to the network and the network distribution device.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
and the beacon receiving module is used for receiving a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the first display module is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network equipment, and the network configuration information is used to configure the equipment to be networked to access the second access point.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the second scanning module is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the third scanning module is used for scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the third display module is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the first receiving module is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the device comprises a first sending module and a second sending module, wherein the first sending module is used for sending first information to the device to be accessed to the network, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the network distribution device.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
The transceiver is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for scanning a third graphic code displayed by the distribution network equipment, and the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In a further aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of a device to be networked to implement the information processing method on the side of the device to be networked.
In a further aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of a distribution network device to implement the information processing method on the distribution network device side.
In a further aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs on a device to be networked, the chip is configured to implement the information processing method on the device to be networked.
In a further aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs on a distribution network device, the chip is configured to implement the information processing method on the distribution network device side.
In a further aspect, an embodiment of the present application provides a computer program product, which is used to implement the information processing method on the side of the to-be-networked device when the computer program product runs on the to-be-networked device.
In a further aspect, an embodiment of the present application provides a computer program product, which is used to implement the information processing method on the side of the distribution network device when the computer program product runs on the distribution network device.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
the key calculation parameter is added to the beacon of the access point started by the equipment to be networked, and is used for determining the access key for executing identity authentication between the equipment to be networked and the distribution network equipment, so that a basis is provided for executing identity authentication between the equipment to be networked and the distribution network equipment, and the realization of identity authentication between the subsequent equipment to be networked and the distribution network equipment is facilitated. In addition, in the embodiment of the application, before the network configuration information is acquired by the equipment to be networked, the identity authentication between the equipment to be networked and the distribution network equipment, that is, the network configuration information can be acquired by the equipment to be networked only when the identity authentication passes, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a distribution network system according to an embodiment of the present application;
fig. 2 is a flowchart of a soft AP distribution network according to an embodiment of the present application;
fig. 3 is a flowchart of a code-scanning distribution network according to an embodiment of the present application;
FIG. 4 is a flow diagram of security authentication provided by one embodiment of the present application;
FIG. 5 is a flow chart of an information processing method provided by an embodiment of the present application;
FIG. 6 is a flow chart of a method for determining an access key provided by an embodiment of the present application;
FIG. 7 is a flow chart of an information processing method provided by another embodiment of the present application;
FIG. 8 is a flow chart of an information processing method provided by yet another embodiment of the present application;
FIG. 9 is a flow chart of a method for determining an information decryption key and an information encryption key provided by one embodiment of the present application;
FIG. 10 is a flow chart of an information processing method provided by yet another embodiment of the present application;
fig. 11 is a block diagram of an information processing apparatus provided in an embodiment of the present application;
fig. 12 is a block diagram of an information processing apparatus according to another embodiment of the present application;
fig. 13 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 14 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 15 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 16 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 17 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 18 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 19 is a schematic structural diagram of a device to be networked according to an embodiment of the present application;
fig. 20 is a schematic structural diagram of a distribution network device according to an embodiment of the present application;
fig. 21 is a flowchart of an information processing method according to still another embodiment of the present application;
FIG. 22 is a flow chart of a method for determining an information decryption key and an information encryption key as provided by another embodiment of the present application;
fig. 23 is a flowchart of an information processing method according to still another embodiment of the present application;
Fig. 24 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 25 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 26 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 27 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 28 is a flowchart of an information processing method according to still another embodiment of the present application;
FIG. 29 is a flow chart of a method for determining an information decryption key and an information encryption key as provided in yet another embodiment of the present application;
fig. 30 is a flowchart of an information processing method coupled to a distribution network process according to an embodiment of the present application;
fig. 31 is a flowchart of an information processing method for decoupling with a distribution network process according to an embodiment of the present application;
fig. 32 is a flowchart of an information processing method for decoupling with a distribution network process according to another embodiment of the present application;
fig. 33 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 34 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 35 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 36 is a block diagram of an information processing apparatus according to still another embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Please refer to fig. 1, which shows a schematic diagram of a distribution network system according to an embodiment of the present application, where the distribution network system may include: a device to be networked 110 and a network distribution device 120.
The device to be networked 110 refers to a device with network access capability, for example, a device with WiFi (Wireless Fidelity) access capability. Optionally, the device to be networked 110 is an intelligent device (such as VR (Virtual Reality) glasses, a smart wearable device, and the like), a terminal device, or another device with a network access capability, which is not limited in this embodiment of the present application. In an example, as shown in fig. 1, in a case where the distribution network system is applied to smart home life, the device to be networked 110 may be a smart television, a smart sound box, a smart air conditioner, a smart lamp, a smart door/window, a smart curtain, a smart socket, or other smart home devices. Optionally, there is one device to be networked 110, or there are multiple devices to be networked 110, which is not limited in this embodiment of the application, and in practical application, the number of the devices to be networked 110 may be determined by combining application requirements or the maximum number of devices that can be managed by the distribution network device 120.
The distribution network device 120 is a device with a network configuration and access capability, and optionally, the distribution network device 120 may be a server, a terminal device, a router, a terminal device, a mobile phone, a tablet computer, a wearable device, or other devices with a network configuration and access capability. In an example, as shown in fig. 1, in a case that the distribution network system is applied to smart home life, considering that a home environment has characteristics of a small area, frequent activities, and the like, normal home life may be affected by using a distribution network device 120 that occupies a large space, and the distribution network device 120 may be implemented as a router, a terminal device, a mobile phone, a tablet computer, a wearable device, and the like. Optionally, for a certain distribution network system, the number of the distribution network devices corresponding to the distribution network system may be one or multiple, which is not limited in the embodiment of the present application, and generally, in consideration of resource saving and the like, the number of the distribution network devices corresponding to the certain distribution network system is one. Optionally, the distribution network devices corresponding to different distribution network systems are different, so that the device 110 to be networked under a certain distribution network system is bound to the distribution network device 120 under the distribution network system, for example, when the distribution network system is implemented as an intelligent home life, the device to be networked in a certain home is bound to the distribution network device of the home by taking the home as a unit.
In this embodiment, the distribution network device 120 can configure the device to be networked 110 to access the AP, that is, configure the device to be networked 110 to access the network. In the related art, there are two main ways to configure the device to be networked 110 for network access: soft AP joins in marriage the net and sweep a yard net. The following description will be directed to these two distribution network schemes.
Please refer to fig. 2, which shows a flowchart of a soft AP distribution network according to an embodiment of the present application. As shown in fig. 2, the process of the soft AP distribution network mainly includes the following steps:
step 210, the device to be networked starts the soft AP and broadcasts the beacon of the soft AP.
In the embodiment of the application, the device to be networked can start the soft AP under the condition of entering the network distribution mode. After the device to be networked starts the soft AP, a beacon of the soft AP may be broadcast, and optionally, the beacon of the soft AP includes at least one of the following: an Identifier (ID) of the device to be networked, a user-defined network name, a protocol name of the application protocol, and the like. The device ID may be a Media Access Control (MAC) Address of the device to be networked. Optionally, the beacon of the soft AP includes at least one of the following fields: a BSSID (Basic Service Set Identifier) field, an SSID (Service Set Identifier) field, and a Vendor Specific (Vendor Specific) field.
And step 220, adding the distribution network equipment to the soft AP under the condition that the beacon of the soft AP is scanned.
The distribution network equipment can scan beacons broadcast by other equipment on different channels, and when the distribution network equipment scans the beacon of the soft AP on the channel of the beacon of the soft AP broadcast by the equipment to be networked, the distribution network equipment can join the soft AP. Optionally, after scanning the beacon of the soft AP, the distribution network device determines whether an SSID field in the beacon conforms to a preset format, and adds the SSID field to the soft AP when the SSID field conforms to the preset format.
And step 230, establishing communication connection between the distribution network equipment and the equipment to be networked.
After the network is connected to the soft AP, the network distribution equipment can be in communication connection with the equipment to be connected through the soft AP. Optionally, communication between the distribution network device and the device to be networked satisfies a TCP (Transmission Control Protocol) Protocol, and thus, communication connection between the distribution network device and the device to be networked may also be referred to as TCP connection; or, the communication between the distribution network device and the device to be networked satisfies a UDP (User data packet Protocol) Protocol, so the communication connection between the distribution network device and the device to be networked may also be referred to as UDP connection.
And 240, the distribution network equipment sends an information acquisition request to the equipment to be networked.
The information acquisition request is used to request to acquire information related to an AP that can be accessed by the device to be networked, and optionally, the information acquisition request is used to request to acquire an SSID field of the AP that can be accessed by the device to be networked and/or signal strength of the accessible AP. In the embodiment of the application, after the device to be networked enters the network distribution mode, the device to be networked may scan the beacon of the AP according to a certain period (e.g., 10 seconds), and determine whether the AP can be accessed according to the SSID field in the beacon.
And step 250, the equipment to be networked sends the accessible AP information to the distribution network equipment.
After receiving the information acquisition request, the device to be networked sends information related to the AP accessible by the device to be networked to the distribution network device in response to the information acquisition request, that is, the AP information can be accessed. Optionally, the accessible AP information comprises at least one of: SSID field of accessible AP, signal strength of accessible AP.
And step 260, the distribution network equipment sends network configuration information to the equipment to be connected.
After the distribution network equipment receives the accessible AP information sent by the equipment to be accessed, the AP to be accessed by the equipment to be accessed can be selected according to the accessible AP information. The method for selecting the AP to be accessed by the network access equipment by the network distribution equipment is not limited, and optionally, the network distribution equipment determines the AP with the highest signal strength indicated by the accessible AP information as the AP to be accessed by the network access equipment. After the distribution network equipment selects the AP to which the equipment to be accessed is accessed, the network configuration information can be sent to the equipment to be accessed so as to configure the AP to which the equipment to be accessed is accessed. Optionally, the network configuration information comprises at least one of: the SSID field of the AP accessed by the equipment to be accessed into the network and the authentication information of the AP accessed by the equipment to be accessed into the network. Optionally, the authentication information of the AP to be accessed by the device to be accessed includes a password of the AP to be accessed by the device to be accessed.
Step 270, the device to be networked sends a configuration response message to the distribution network device.
The configuration response message is used for responding to the network configuration information sent by the distribution network equipment so as to indicate whether the network configuration information is received by the equipment to be networked to the distribution network equipment. Optionally, the network configuration device defaults that the network configuration information is received by the network to be accessed device after sending the network configuration information to the network to be accessed device, and may not send a configuration response message to the network configuration device under the condition that the network configuration information is successfully received by the network to be accessed device; under the condition that the to-be-accessed device does not successfully receive the network configuration information, for example, under the condition that the to-be-accessed device cannot analyze the network configuration information, the to-be-accessed device can send a configuration response message to the distribution network device.
And step 280, the distribution network equipment cancels the access to the soft AP.
After the network configuration information is sent to the equipment to be networked by the network distribution equipment, the connection between the soft AP and the soft AP started by the equipment to be networked can be disconnected, namely, the soft AP is not accessed. Optionally, after the network configuration information is sent by the network distribution equipment, the access to the soft AP is cancelled; or after the distribution network equipment receives the configuration response message, the distribution network equipment cancels the access to the soft AP, and the embodiment of the application does not limit the time for the distribution network equipment to cancel the access to the soft AP.
And 290, closing the soft AP by the equipment to be networked.
Since the device to be networked usually cannot access two APs simultaneously, the device to be networked needs to close the soft AP to access the AP indicated by the network configuration information. Optionally, after receiving the network configuration information, the device to be networked closes the soft AP; or after the equipment to be networked sends the configuration response message to the distribution network equipment, closing the soft AP; or after the distribution network equipment cancels to access the soft AP, the to-be-accessed equipment closes the soft AP, and the time for closing the soft AP by the to-be-accessed equipment is not limited in the embodiment of the application.
After the equipment to be accessed to the network cancels the access to the soft AP, the equipment to be accessed to the AP indicated by the network configuration information according to the authentication information in the network configuration information. After the distribution network equipment cancels the access to the soft AP, the distribution network equipment can also access the AP indicated by the network configuration information in order to realize the control, management and the like of the equipment to be accessed continuously. Therefore, the distribution network equipment and the equipment to be networked establish communication connection through the accessed AP.
Please refer to fig. 3, which shows a flowchart of a code-scanning distribution network according to an embodiment of the present application. As shown in fig. 3, the process of scanning the code distribution network mainly includes the following steps:
And step 310, the distribution network equipment scans the two-dimensional code of the equipment to be networked.
Under the condition that the equipment to be networked has a screen display function, the equipment to be networked can display the two-dimensional code in a screen of the equipment to be networked; under the condition that the equipment to be networked does not have the screen display function, an equipment manufacturer of the equipment to be networked can paste the two-dimensional code on the equipment to be networked when the equipment to be networked leaves a factory. In this embodiment of the application, the two-dimensional code of the device to be networked indicates device information of the device to be networked, and optionally, the device information includes at least one of the following: the device type and the device public key of the device to be networked. The distribution network equipment scans the two-dimensional code of the equipment to be networked to obtain the equipment information of the equipment to be networked.
And 320, generating the two-dimensional code by the distribution network equipment according to the network configuration information and displaying the two-dimensional code.
The network distribution device may determine an AP to be accessed by the network access device, and determine network configuration information corresponding to the AP, where optionally, the network configuration information includes at least one of the following: the SSID field of the AP accessed by the equipment to be accessed into the network and the authentication information of the AP accessed by the equipment to be accessed into the network. Optionally, the authentication information of the AP to be accessed by the device to be accessed includes a password of the AP to be accessed by the device to be accessed. The network distribution equipment can encrypt the network configuration information according to the scanned equipment public key of the equipment to be networked, and generate a two-dimensional code for scanning of the equipment to be networked according to the encrypted network configuration information.
Step 330, the device to be networked scans the two-dimensional code provided by the network distribution device to obtain network configuration information.
And the network configuration information provided by the network distribution equipment can be acquired by scanning the two-dimensional code provided by the network distribution equipment by the network access equipment. The two-dimensional code provided by the distribution network equipment is generated after the network configuration information is encrypted through the equipment public key of the equipment to be networked, because the encrypted network configuration information is obtained after the two-dimensional code provided by the distribution network equipment is scanned by the equipment to be networked, and the network configuration information can be obtained by decrypting the encrypted network configuration information through the equipment public key.
And step 340, accessing the device to be networked to the AP.
The AP indicated by the network configuration information can be accessed according to the authentication information of the scanned AP, and after the access equipment accesses the AP, the access equipment can further access the cloud platform for authentication and the like.
It can be seen from the above distribution network flow that the distribution network flow does not involve identity authentication of the intelligent device, so that it is highly likely that the counterfeit intelligent device acquires the network configuration information of the AP, which causes leakage of the network configuration information of the AP and poses a great threat to the security of the AP. In addition, for the soft AP distribution network, if the identity of the equipment to be networked needs to be verified in the soft AP distribution network process, the distribution network equipment is required to be used as a proxy service, that is, the equipment certificate of the equipment to be networked is acquired when the distribution network equipment is connected with the soft AP started by the equipment to be networked; then, the distribution network equipment is switched from the soft AP to the AP to be accessed by the equipment to be accessed to connect the cloud service, the equipment certificate of the equipment to be accessed to the cloud service is forwarded, and the cloud service passes the verification and then feeds back the verification result to the distribution network equipment; then, the distribution network device needs to switch back to the soft AP from the AP to which the device to be accessed needs to access, and then sets network configuration information (such as SSID, password, and the like) of the AP to which the device to be accessed needs to access. Therefore, the process needs to switch the distribution network equipment back and forth between different access points, and is complex to operate and low in efficiency.
Based on this, embodiments of the present application provide an information processing method, which may be used to solve the above technical problem. The technical solution of the present application will be described below with reference to several embodiments.
Before describing the technical scheme of the present application, a description is first given to a security authentication procedure related to the embodiment of the present application. The embodiment of the application adopts a 4-way handshake flow to perform security authentication, wherein:
4-Way Handshake Message 1 (Message 1 in 4-Way Handshake): an Authenticator (Authenticator) sends EAPOL (extended Authentication Protocol) -Key (Key) carrying ANonce (random number generated by AP) to a Supplicant (Supplicant).
4-Way Handshake Message 2 (Message 2 in 4-Way Handshake): supplant sends an EAPOL-Key carrying SNonce (random number generated by STA) and other information to the Authenticator. After receiving the ANonce, the suppernant may calculate a PTK (pair Transient Key) according to the ANonce, where a calculation formula of the PTK is as follows:
PTK=PRF–Length(PMK,“Pairwise key expansion”,Min(AA,SPA)||Max(AA,SPA)||Min(ANonce,SNonce)||Max(ANonce,SNonce))。
after receiving the SNonce, the Authenticator can generate a PTK, compare the received MIC with the MIC generated by the Authenticator for integrity check, and if the check fails, the handshake fails.
4-Way Handshake Message 3 (Message 3 in 4-Way Handshake): the Authenticator sends EAPOL-Key carrying GTK (Group Transient Key) and MIC (Message Integrity Code) to the Supplicant.
4-Way Handshake Message 4 (Message 4 in 4-Way Handshake): the supplant sends an EAPOL-Key for confirmation to the Authenticator. After receiving the 4-Way handset Message 3, the suppernant may decrypt the GTK using the PTK generated by the suppernant, verify the MIC, and send an ACK (acknowledgement) to the Authenticator for confirmation if the MIC is correct.
After the Authenticator and the Supplicant complete authentication, the control port of the Authenticator is opened, so that the data frame of 802.11 can pass normally, all unicast data frames are protected by the PTK, and all multicast data and broadcast data are protected by the GTK.
As can be seen from the 4-way handshake flow, the computation parameters of the PTK include the PMK, and if the PMKs of the two parties are inconsistent, the computed PTKs are inconsistent, the two parties cannot correctly analyze the data of the other party, and the handshake cannot be completed, so that the supervisory cannot access the Authenticator. In addition, in the related art, the PMK is a common key (i.e., password of Authenticator) predicted by the Supplicant and the Authenticator, which has a great risk of disclosure and is not beneficial to security protection.
Referring to fig. 5, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 510, the device to be networked broadcasts a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the network distribution device.
The first access point can be started when the device to be networked enters the distribution network mode, optionally, the device to be networked automatically enters the distribution network mode when the device to be networked is started for the first time, or the device to be networked is passively triggered to enter the distribution network mode by user operation. Optionally, the first access point is a soft AP started by the device to be networked.
In this embodiment of the present application, after the device to be networked starts the first access point, a beacon of the first access point may be broadcast, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked. The device identifier of the device to be networked includes a device ID of the device to be networked, so as to uniquely identify the device to be networked. And the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment. Optionally, the length of the key calculation parameter is greater than or equal to one byte. The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a predefined numerical value; alternatively, the key calculation parameter comprises a random number. In the embodiment of the present application, a generation manner of the key calculation parameter is not limited, and optionally, the key calculation parameter is preconfigured by an equipment cloud platform (a cloud platform corresponding to the equipment to be networked); or the key calculation parameter is generated by the device to be networked. In one example, in order to reduce the risk of leakage of the key calculation parameter and improve the security of the key calculation parameter, the key calculation parameter includes a random number generated by the device to be networked. Optionally, the beacon of the first access point further includes a pre-shared authentication identifier F, and optionally, the pre-shared authentication identifier occupies at least 1 bit.
In one example, the beacon of the first access point includes at least one of the following fields: BSSID field, SSID field, custom field (e.g., Vendor Specific field). Optionally, any one of the key calculation parameter and the device identifier of the device to be networked may be set in any one of the fields, that is, the BSSID field includes the key calculation parameter and/or the device identifier of the device to be networked; or the SSID field comprises a key calculation parameter and/or a device identifier of the device to be networked; or the custom field comprises a key calculation parameter and/or a device identification of the device to be networked. For example, the key calculation parameter is set in the SSID field, and the device identification of the device to be networked is set in the BSSID field. In general, due to the permission limitation, the custom field sometimes cannot be acquired by other devices, and the compatibility is poor, so that the key calculation parameter and the device identifier of the device to be networked can be in fields other than the custom field, so as to avoid that the distribution network device cannot acquire the key.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
For the calculation process of the access key (first access key) on the device side to be networked, please refer to the following method embodiment, which is not described herein again.
In step 520, the distribution network device receives a beacon of the first access point.
The distribution network device may scan beacons broadcast by other devices on different channels, so that the distribution network device may scan the beacon of the first access point on the channel on which the device to be networked broadcasts the beacon of the first access point, that is, the distribution network device may receive the beacon of the first access point. Optionally, after receiving the beacon of the first access point, the network distribution device may further analyze the beacon of the first access point to obtain a device identifier and/or a key calculation parameter of the device to be networked. And then the distribution network equipment can send the key calculation parameters and/or the equipment identifier of the equipment to be networked to the distribution network cloud platform, and the distribution network cloud platform and the equipment cloud platform calculate an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
For the calculation process of the access key (second access key) on the side of the distribution network device, please refer to the following method embodiment, which is not described herein again.
To sum up, in the technical scheme provided in the embodiment of the present application, a key calculation parameter is added to a beacon of an access point started by a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and a distribution network device, so as to provide a basis for performing identity authentication between the device to be networked and the distribution network device, and facilitate the implementation of identity authentication between the subsequent device to be networked and the distribution network device. In addition, in the embodiment of the application, before the network configuration information is acquired by the equipment to be networked, the identity authentication between the equipment to be networked and the distribution network equipment, that is, the network configuration information can be acquired by the equipment to be networked only when the identity authentication passes, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
The following describes a calculation process of an access key (first access key) on a device side to be networked and an access key (second access key) on a device side to be networked.
First, a description will be given of a calculation procedure of an access key (first access key) on the device side to be networked.
In one example, as shown in fig. 6, the method further includes the following steps:
and 531, determining a first access key by the device to be networked according to the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the first access key according to the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may process the key calculation parameter and the first device key by using a key generation algorithm, and optionally, step 531 includes: the device to be accessed to the network processes the key calculation parameter and the first device key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain a first access key. Since the first encryption key obtained by the first key generation algorithm is usually binary data, in order to obtain the first access key in the form of a visible character string, the first encryption key needs to be encoded, and in the embodiment of the present application, the first encryption key is encoded by using the first encoding method. Optionally, the first encoding method includes: base64 (binary data is represented based on 64 printable characters). Optionally, the first key generation algorithm comprises any one of: AES (Advanced Encryption Standard), 128-CMAC (Cypher-Based Message Authentication Code, which implements Message Authentication Based on a symmetric Encryption manner), HKDF (HMAC (Hash-Based Message Authentication Code), Hash-operated Message Authentication Code) -Based KDF (Key Derivation Function), HMAC-Based Key Derivation Function), PBKDF (Password-Based Key Derivation Function, cipher-Based Key Derivation Function), SHA (Secure Hash Algorithm ), DES (Data Encryption Standard), 3DES (Triple DES, Triple Data Encryption Standard).
Next, a description will be given of a calculation process of the distribution network device side access key (second access key).
In one example, as shown in fig. 6, the method further includes the following steps:
step 532, the distribution network device sends a first obtaining request to the distribution network cloud platform, where the first obtaining request is used for requesting to obtain the second access key.
In order to enable the access keys generated by the distribution network device and the device to be networked to be consistent, the calculation parameters of the second access key and the calculation parameters of the first access key need to be the same. The calculation parameters of the first access key include a key calculation parameter and a first device key, and therefore, the calculation parameters of the second access key also include a key calculation parameter and a device key of the device to be networked. In general, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is only held by the device to be networked and a cloud platform of a device vendor of the device to be networked (i.e., a device cloud platform), and therefore, the device cloud platform needs to participate in the computation of the second access key.
After receiving the beacon of the first access point, the distribution network device may obtain the device identifier and/or the key calculation parameter of the device to be networked from the beacon of the first access point, and then the distribution network device sends a first obtaining request to the distribution network cloud platform to request to obtain the second access key. The content of the first acquisition request is not limited in the embodiment of the application, and optionally, the first acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the first obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the first acquisition request to the distribution network cloud platform.
In the embodiment of the application, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is also not held by the distribution network cloud platform, and therefore, after receiving the first acquisition request, the distribution network cloud platform needs to further acquire the second access key from the device cloud platform. That is, as shown in fig. 6, after the step 532, the following steps are also included:
step 53A, the distribution network cloud platform determines the device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the first acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
And step 53B, the distribution network cloud platform sends a third acquisition request to the device cloud platform, where the third acquisition request is used for requesting to acquire the second access key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a third acquisition request to the device cloud platform to request the device cloud platform to calculate the second access key, and request the device cloud platform to send the second access key to the distribution network cloud platform. The content of the third acquisition request is not limited in the embodiment of the application, and optionally, the third acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the third obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a third acquisition request to the device cloud platform.
Step 53C, the device cloud platform calculates the second access key.
Since the third acquisition request carries the key calculation parameter and/or the device identifier of the device to be networked, after receiving the third acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the first access key and the second access key to be consistent, the calculation mode of the first access key and the calculation mode of the second access key should also be consistent, and therefore, the device cloud platform should calculate the second access key in a mode of calculating the first access key with the device to be networked. Optionally, if the device to be networked calculates the first access key by using the step 531, a process of calculating the second access key by the device cloud platform is as follows: the device cloud platform processes the key calculation parameters and the second device key by adopting a first key generation algorithm to obtain a second encryption key; and processing the second encryption key by adopting a first coding mode to obtain a second access key. For an introduction description of the first key generation algorithm and the first encoding method, please refer to the above method embodiment, which is not described herein again.
Optionally, in order to distribute the computational overhead of the second access key, the encoding process of the second encryption key may also be implemented by the distribution network cloud platform or the distribution network device. That is, after the device cloud platform calculates the second encryption key according to the key calculation parameter and the second device key, the encoding process of the second encryption key may be implemented by any one of the device cloud platform, the distribution network cloud platform, and the distribution network device.
And step 53D, the equipment cloud platform sends the access key information to the distribution network cloud platform.
As can be seen from the above description, the device cloud platform may directly calculate the second access key and send the second access key to the distribution network cloud platform, or may calculate the second encryption key first and send the second encryption key to the distribution network cloud platform. Therefore, the access key information sent by the device cloud platform to the distribution network cloud platform includes the second access key or the second encryption key.
Step 534, the distribution network cloud platform sends access key information to the distribution network device, and the access key information is used for determining the second access key.
Optionally, in a case that the access key information includes the second access key, the distribution network cloud platform may directly forward the access key information to the distribution network device after receiving the access key information. Optionally, in a case that the access key information includes the second encryption key, the distribution network cloud platform may also directly forward the access key information to the distribution network device, and then the distribution network device performs encoding processing on the second encryption key, that is, after the step 534, the method further includes: the distribution network equipment processes the second encryption key by adopting a first coding mode to obtain a second access key; or, the distribution network cloud platform may encode the second encryption key to obtain a second access key, and send the second access key to the distribution network device.
It should be noted that, fig. 6 is described by taking an example in which the device cloud platform calculates the second access key and sends the second access key to the distribution network cloud platform, but this does not limit the technical solution of the present application, and in actual application, the distribution network cloud platform or the distribution network device may also perform encoding processing on the second encryption key.
In one example, the method further comprises: and the equipment to be networked and the distribution network equipment execute identity authentication respectively based on the first access key and the second access key.
And under the condition that the equipment to be networked calculates the first access key and the distribution network equipment obtains the second access key, the equipment to be networked and the distribution network equipment can execute identity authentication based on the first access key and the second access key. Optionally, in the embodiment of the present application, the 4-way handshake flow is used to perform identity authentication, then the device to be networked corresponds to a Supplicant in the 4-way handshake flow, the network distribution device corresponds to an Authenticator in the 4-way handshake flow, the first access key corresponds to a PMK on the Supplicant side in the 4-way handshake flow, and the second access key corresponds to a PMK on the Authenticator side in the 4-way handshake flow. The identity authentication can pass under the condition that the first access key is consistent with the second access key determined by the distribution network equipment; and in the case that the first access key is inconsistent with the second access key determined by the distribution network equipment, the identity authentication cannot be passed. For a specific process of performing identity authentication on the device to be networked and the distribution network device, please refer to the 4-way handshake process, which is not described herein again.
In one example, the method further comprises: and under the condition that the identity authentication is passed, the distribution network equipment accesses the first access point. After the identity authentication is passed, the distribution network device may access the first access point where the device to be networked is started, and optionally, after the distribution network device accesses the first access point, the distribution network device sends network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point.
It should be noted that, the embodiment of the present application is illustrated by only calculating the access key according to the key calculation parameter and the device key of the device to be networked, and after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the access key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, the device to be networked and the distribution network device respectively obtain the access key according to the key calculation parameter, and perform identity authentication according to the respectively obtained access key, so that the identity of the device to be networked is authenticated before the device to be networked accesses the network or before the device to be networked acquires the network configuration information, thereby avoiding leakage of the network configuration information and improving the security of the access point. In addition, in the embodiment of the application, in order to fully ensure the security of the device key of the device to be networked, the access key of the distribution network device side is calculated by the cloud platform corresponding to the device to be networked, so that the device key of the device to be networked is prevented from being leaked, and the validity of identity authentication is improved.
The following describes the technical solution of the present application by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 7, the information processing method provided in the embodiment of the present application includes the following steps:
step 700, broadcasting the beacon of the soft AP by the equipment to be networked. The beacon comprises a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
Step 710, the distribution network equipment receives a beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identification and/or the key calculation parameter of the equipment to be networked.
And step 720, the device to be networked determines a first access key according to the key calculation parameter and the first device key. The device to be accessed to the network processes the key calculation parameter and the first device key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain a first access key.
Step 730, the distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire the second access key. The first obtaining request comprises a key calculation parameter and/or a device identification of the device to be networked. Optionally, as shown in fig. 7, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the first acquisition request to the distribution network cloud platform.
Step 740, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 750, the distribution network cloud platform sends a third obtaining request to the device cloud platform, where the third obtaining request is used to request to obtain the second access key. Optionally, as shown in fig. 7, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a third acquisition request to the device cloud platform.
The device cloud platform calculates 760 the second access key. After receiving the third acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. Then, the device cloud platform processes the key calculation parameters and the second device key by adopting a first key generation algorithm to obtain a second encryption key; and processing the second encryption key by adopting a first coding mode to obtain a second access key.
Step 770, the device cloud platform sends the second access key to the distribution network cloud platform.
Step 780, the distribution network cloud platform sends the second access key to the distribution network device.
And step 790, performing identity authentication on the equipment to be networked and the distribution network equipment respectively based on the first access key and the second access key. And under the condition that the first access key is consistent with the second access key, the identity authentication is passed, the distribution network equipment can access the soft AP, and network configuration information of the family WiFi network is sent to the equipment to be accessed.
It should be noted that, in the embodiment of the present application, the execution order of each step is not limited, and on the premise of meeting the logic requirement, each step may be combined in any execution order. For example, the step 720 may be performed before the step 710, or the step 720 may be performed after the step 780. All of which are intended to be within the scope of the present application.
Referring to fig. 28, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 2810, the distribution network device sends first information to the device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
After the distribution network equipment is connected with the first access point started by the equipment to be networked, communication connection is established between the distribution network equipment and the equipment to be networked. Optionally, the communication connection between the distribution network device and the device to be networked is a TCP connection or a UDP connection. After the communication connection is established, data can be transmitted between the distribution network device and the device to be networked. In the embodiment of the application, the distribution network equipment sends first information to the equipment to be networked, wherein the first information comprises a key calculation parameter. The device to be networked may determine the first information key by using the key calculation parameter, where the first information key may be used to decrypt the second information encrypted by using the second information key or the network configuration information encrypted by using the second information key, and may also be used to encrypt the first reference information. Under the condition that the first information key is consistent with the second information key, the equipment to be networked can successfully analyze the network configuration information or the second information encrypted by the second information key, and then the equipment to be networked passes identity authentication; or, under the condition that the first information key is consistent with the second information key and the first reference information is consistent with the second reference information, the first reference information encrypted by the first encryption key and the second reference information encrypted by the second encryption key can be consistent, and the device to be networked passes identity authentication.
The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value. Optionally, the key calculation parameter is generated by a device cloud platform (a cloud platform corresponding to the device to be networked). Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determination time of the key calculation parameter is not limited in the embodiment of the application, and optionally, the device cloud platform generates the key calculation parameter after receiving a request for acquiring the second information key or the fourth reference information; or, the device cloud platform generates a key calculation parameter in advance, and after subsequently receiving a request for acquiring the second information key or the fourth reference information, directly calculates the second information key according to the key calculation parameter and the device key of the device to be networked.
The embodiment of the application provides two modes for identity authentication under a soft AP distribution network, wherein one mode is that an identity authentication process is coupled with a distribution network process, and the other mode is that the identity authentication process is decoupled with the distribution network process. The following description will be made for these two modes, respectively.
First, a description is given of the manner in which the identity authentication process is coupled to the distribution network process.
In one example, the first information further includes network configuration information encrypted by using a second information key; the method further comprises the following steps: the distribution network cloud platform sends the key calculation parameters and the second information key to the distribution network equipment; and the distribution network equipment determines the first information according to the key calculation parameter, the second information key and the network configuration information.
The network configuration information is used for configuring the equipment to be accessed to access the second access point, the network configuration information corresponding to the second access point needs to be sent to the equipment to be accessed in the process of configuring the equipment to be accessed to access the second access point, and the subsequent equipment to be accessed can access the second access point according to the network configuration information. In the embodiment of the application, the network distribution equipment does not directly send the network configuration information to the equipment to be accessed, but sends the encrypted network configuration information to the equipment to be accessed after processing the network configuration information by using the second information key, and if the subsequent equipment to be accessed can successfully decrypt the encrypted network configuration information, the subsequent equipment to be accessed can access the second access point by using the obtained network configuration information.
In order to ensure that the first information key calculated by the device to be networked is consistent with the second information key, the distribution network device also needs to send the key calculation parameter used in the calculation process of the second information key to the device to be networked, so that the subsequent device to be networked determines the first information key according to the key calculation parameter and the device key of the device to be networked. For the calculation process of the first information key and the second information key, please refer to the following method embodiments, which are not described herein again.
As can be seen from the above description, the distribution network device needs to send at least the following information to the device to be networked: and network configuration information and key calculation parameters encrypted by adopting a second information key. Therefore, the network distribution device needs to determine the network configuration information encrypted by the second information key according to the network configuration information and the second information key, and then send the network configuration information encrypted by the second information key and the key calculation parameter to the device to be networked. Based on this, optionally, the determining the first information according to the key calculation parameter, the second information key, and the network configuration information includes: processing the network configuration information by adopting a fourth encryption algorithm and a second information key to obtain the network configuration information encrypted by adopting the second information key; and determining the first information according to the key calculation parameter and the network configuration information encrypted by adopting the second information key.
Optionally, the fourth encryption algorithm is a symmetric encryption algorithm. Optionally, the fourth encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, AES 256-GCM.
After the distribution network equipment sends the first information to the equipment to be networked, the equipment to be networked determines a first information key according to key calculation parameters in the first information, and then network configuration information encrypted by a second information key in the first information is decrypted by using the first information key. In one example, the method further comprises: the device to be accessed to the network decrypts the network configuration information encrypted by the second information key by adopting the first information key; under the condition that the first information key is consistent with the second information key, the identity authentication of the equipment to be accessed can be successful, and then the equipment to be accessed successfully acquires the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the identity authentication of the equipment to be accessed fails, and further the equipment to be accessed fails to acquire the network configuration information.
Next, a method for explaining decoupling of the identity authentication process and the distribution network process is introduced. The embodiment of the application also provides two modes aiming at the mode of decoupling the identity authentication process and the network distribution process, wherein one mode is that the network distribution equipment performs identity authentication according to data encrypted by respectively adopting a first information key and a second information key, and the other mode is that the network distribution equipment performs identity authentication according to data respectively from an equipment cloud platform and equipment to be networked. These two modes will be described separately below.
The first method is as follows:
in one example, the method further comprises: the device to be accessed to the network obtains first encryption information according to the first information key and the first reference information; and the equipment to be networked sends the first encryption information to the distribution network equipment.
The first reference information is used for the identity authentication process of the equipment to be networked. Optionally, the device manufacturer of the device to be networked uniquely allocates reference information to the device to be networked, and pre-configures the reference information into the device to be networked (the reference information pre-configured in the device to be networked is referred to as "first reference information"). Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the reference information. The device manufacturer of the device to be networked may upload the device identifier and the reference information of the device to be networked to a device cloud platform (that is, a cloud platform corresponding to the device to be networked) (the reference information stored in the device cloud platform is referred to as "second reference information"). Optionally, the reference information is a preconfigured numerical value, or the reference information is a preconfigured random number, and the content of the reference information is not limited in the embodiment of the present application.
In order to ensure the security of the first reference information and the second reference information, the first reference information and the second reference information are respectively held by the device to be networked and the device cloud platform (cloud platform corresponding to the device to be networked), and the distribution network device cannot directly acquire the second reference information but acquires the first reference information (i.e. the second encrypted information) encrypted by using the second information key. That is, the above method further includes: and the distribution network cloud platform sends second encryption information to the distribution network equipment.
In the embodiment of the application, the device cloud platform may calculate a second information key according to the key calculation parameter, encrypt second reference information by using the second information key to obtain second encrypted information, send the second encrypted information and the key calculation parameter to the distribution network cloud platform, and further send the distribution network cloud platform to the distribution network device. After the distribution network device and the device to be networked establish communication connection, the key calculation parameter may be sent to the device to be networked, so that the subsequent device to be networked calculates a first information key by using the key calculation parameter, encrypts the first reference information by using the first information key to obtain first encrypted information, and further sends the first encrypted information to the distribution network device.
The distribution network equipment receives first encryption information from the equipment to be networked on one hand and receives second encryption information from the distribution network cloud platform on the other hand, the distribution network equipment can further compare the first encryption information with the second encryption information, if the two pieces of encryption information are the same, the identity authentication of the equipment to be networked is passed, and the distribution network equipment can further send network configuration information to the equipment to be networked. Based on this, the above method further comprises: and the network distribution equipment sends network configuration information to the equipment to be accessed under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to access the second access point.
It should be noted that, in this embodiment of the application, when the first reference information and the second reference information are not consistent, the identity authentication of the device to be networked fails, and in addition, when the first information key determined by the device to be networked is not consistent with the second information key determined by the device cloud platform, the identity authentication of the device to be networked also fails. That is, only when the first information key is consistent with the second information key and the first reference information is consistent with the second reference information, the identity authentication of the device to be networked can be successful, and then the device to be networked can acquire the network configuration information.
The second method comprises the following steps:
in one example, the first information further includes second information encrypted by using a second information key; the method further comprises the following steps: decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information; and sending the third reference information to the distribution network equipment.
The second information is used for the identity authentication process of the equipment to be accessed to the network. And the second information obtained by decrypting the network access equipment comprises third reference information. Optionally, the third reference information is a preconfigured numerical value, or the third reference information is a preconfigured random number, and the content of the third reference information is not limited in this embodiment of the application. In an example, in order to improve the validity of the identity authentication, the second information decrypted by the device to be networked may further include a predefined value, and the predefined value is only held by the device to be networked and the device cloud platform.
In this embodiment, the device cloud platform may calculate a second information key according to the key calculation parameter, and encrypt the second information using the second information key to obtain encrypted second information (when the device cloud platform encrypts the second information, reference information in the second information is referred to as "fourth reference information"), and then send the reference information, the encrypted second information, and the key calculation parameter to the distribution network cloud platform, and the distribution network cloud platform further sends the reference information, the encrypted second information, and the key calculation parameter to the distribution network device. After the distribution network device and the device to be networked establish communication connection, the key calculation parameter and the encrypted second information may be sent to the device to be networked, so that the subsequent device to be networked calculates a first information key by using the key calculation parameter, decrypts the encrypted second information by using the first information key, obtains reference information in the second information (the reference information in the second information obtained by decryption at the device side to be networked is referred to as "third reference information"), and further sends the reference information to the distribution network device.
The distribution network equipment receives third reference information from the equipment to be networked on one hand and receives fourth reference information from the distribution network cloud platform on the other hand, the distribution network equipment can further compare the third reference information with the fourth reference information, if the two pieces of reference information are the same, the identity authentication of the equipment to be networked is passed, and the distribution network equipment can further send network configuration information to the equipment to be networked. Based on this, the above method further comprises: the equipment to be networked sends third reference information to the distribution network equipment; the distribution network cloud platform sends fourth reference information to the distribution network equipment; and the network distribution equipment sends network configuration information to the equipment to be accessed under the condition that the third reference information is consistent with the fourth reference information, wherein the network configuration information is used for configuring the equipment to be accessed to access the second access point.
It should be noted that, in this embodiment of the application, when the third reference information is inconsistent with the fourth reference information, the identity authentication of the device to be networked fails, and in addition, when the first information key determined by the device to be networked is inconsistent with the second information key determined by the device cloud platform, the identity authentication of the device to be networked also fails. That is, only when the first information key is consistent with the second information key and the third reference information is consistent with the fourth reference information, the identity authentication of the device to be networked can be successful, and then the device to be networked can acquire the network configuration information.
In summary, in the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the distribution network device, and the key calculation parameter is used to calculate the information key, where the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the device to be networked can also be decoupled from the distribution network process, that is, the distribution network device sends network configuration information to the device to be networked after the identity authentication of the device to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
The following describes a calculation process of a first information key at a network device side and a second information key at a network distribution device side.
First, a description will be given of a calculation process of the first information key on the side of the device to be networked.
In one example, as shown in fig. 29, the method further includes the following steps:
Step 2831, the device to be networked determines the first information key according to the key calculation parameter and the first device key.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a device cloud platform (i.e., a cloud platform corresponding to the device to be networked). The first device key is the device key of the device to be accessed, which is preset in the device to be accessed. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the first information key according to the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may use a key generation algorithm to process the key calculation parameter and the first device key, and optionally, step 2831 includes: and the device to be accessed to the network processes the key calculation parameter and the first device key by adopting a fourth key generation algorithm to obtain a first information key. Optionally, the fourth key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a calculation process of the second information key on the distribution network device side is described. In the embodiment of the present application, the identity authentication process and the network distribution process of the device to be networked may be coupled or decoupled, and descriptions are respectively provided below for these two cases.
The first condition is as follows: the identity authentication process of the equipment to be networked is coupled with the process of the distribution network:
in one example, as shown in fig. 29, the method further includes the following steps:
step 2841, the distribution network device receives a beacon of the first access point started by the device to be networked, where the beacon includes a device identifier of the device to be networked.
The first access point can be started when the device to be networked enters the distribution network mode, optionally, the device to be networked automatically enters the distribution network mode when the device to be networked is started for the first time, or the device to be networked is passively triggered to enter the distribution network mode by user operation. Optionally, the first access point is a soft AP started by the device to be networked. After entering the distribution network mode, the device to be networked may broadcast a beacon of the first access point, where the beacon includes a device identifier of the device to be networked. The device identifier of the device to be networked includes a device ID of the device to be networked, so as to uniquely identify the device to be networked. Optionally, the beacon of the first access point comprises at least one of the following fields: BSSID field, SSID field, custom field (e.g., Vendor Specific field). Optionally, the device identifier of the device to be networked is set in the BSSID field.
The distribution network device may scan beacons broadcast by other devices on different channels, so that the distribution network device may scan the beacon of the first access point on the channel on which the device to be networked broadcasts the beacon of the first access point, that is, the distribution network device may receive the beacon of the first access point.
Step 2842, the distribution network device sends a seventh obtaining request to the distribution network cloud platform, where the seventh obtaining request is used to request to obtain the second information key.
The seventh acquisition request is for requesting acquisition of the second information key. The second information key is obtained by the equipment cloud platform through calculation, so that the distribution network equipment can send a seventh obtaining request to the distribution network cloud platform under the condition that the second information key needs to be obtained, so that the second information key can be further obtained through the distribution network cloud platform. In the embodiment of the present application, the content of the seventh obtaining request is not limited, and optionally, the seventh obtaining request includes an equipment identifier of the equipment to be networked; or, the seventh obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 29, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then sends a seventh obtaining request to the distribution network cloud platform.
Step 2843, the distribution network cloud platform determines the device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the seventh obtaining request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 2844, the distribution network cloud platform sends an eighth obtaining request to the device cloud platform, where the eighth obtaining request is used to request to obtain the second information key.
The eighth obtaining request is used for requesting to obtain the second information key, and based on this, after the distribution network cloud platform determines the device cloud platform corresponding to the device to be networked, the distribution network cloud platform may further send the eighth obtaining request to the device cloud platform so as to request the device cloud platform to calculate the second information key, and request the device cloud platform to send the second information key to the distribution network cloud platform. In the embodiment of the present application, the content of the eighth obtaining request is not limited, and optionally, the eighth obtaining request includes an equipment identifier of the equipment to be networked; or, the eighth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 29, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends an eighth obtaining request to the device cloud platform.
Step 2845, the device cloud platform calculates the second information key.
Since the eighth acquisition request carries the device identifier of the device to be networked, after receiving the eighth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked, which is stored in the device cloud platform, that is, the key K. In order to enable the first information key and the second information key to be consistent, the calculation mode of the first information key and the calculation mode of the second information key should also be consistent, and therefore, the device cloud platform should calculate the second information key in a mode of calculating the first information key with the device to be networked. Optionally, if the device to be networked calculates the first information key by using the step 2831, a process of calculating the second information key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a fourth key generation algorithm to obtain a second information key. For an explanation on the introduction of the fourth key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 2846, the device cloud platform sends the second information key and the key calculation parameter to the distribution network cloud platform.
After the device cloud platform calculates the second information key, the device cloud platform can send the second information key and the key calculation parameter to the distribution network cloud platform.
Step 2847, the distribution network cloud platform sends the second information key to the distribution network device.
And after receiving the second information key, the distribution network cloud platform further sends the second information key and the key calculation parameter to the distribution network equipment so as to respond to a seventh acquisition request of the distribution network equipment.
Case two: decoupling the identity authentication process of the equipment to be networked from the distribution network process:
in one example, as shown in fig. 29, the method further includes the following steps:
step 2851, the distribution network device receives a beacon of the first access point started by the device to be networked, where the beacon includes a device identifier of the device to be networked.
For the description of step 2851, please refer to the description of step 2841, which is not repeated herein.
Step 2852, the distribution network device sends a ninth obtaining request to the distribution network cloud platform.
The ninth acquisition request is for requesting acquisition of the second reference information or the second information. Since the reference information of the device to be networked is held by the device cloud platform and the device to be networked (the second information also includes the reference information of the device to be networked), the distribution network device may send a ninth acquisition request to the distribution network cloud platform when the second reference information or the second information needs to be acquired, so as to further acquire the second reference information or the second information through the distribution network cloud platform. In the embodiment of the present application, the content of the ninth obtaining request is not limited, and optionally, the ninth obtaining request includes a device identifier of a device to be networked; or, the ninth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 29, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then sends a ninth obtaining request to the distribution network cloud platform.
Step 2853, the distribution network cloud platform determines the device cloud platform.
For an introduction description of step 2853, please refer to step 2843 above, which is not described herein.
Step 2854, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform.
The tenth acquisition request is used for requesting to acquire the second reference information or the second information, and based on this, the distribution network cloud platform may further send the tenth acquisition request to the device cloud platform after determining the device cloud platform corresponding to the device to be networked, so as to request the device cloud platform to send the second reference information or the second information to the distribution network cloud platform. In the embodiment of the present application, the content of the tenth acquisition request is not limited, and optionally, the tenth acquisition request includes a device identifier of a device to be networked; or, the tenth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 29, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
Step 2855, the device cloud platform calculates the second information key.
Since the tenth acquisition request carries the device identifier of the device to be networked, after receiving the tenth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the first information key and the second information key to be consistent, the calculation mode of the first information key and the calculation mode of the second information key should also be consistent, and therefore, the device cloud platform should calculate the second information key in a mode of calculating the first information key with the device to be networked. Optionally, if the device to be networked calculates the first information key by using the step 2831, a process of calculating the second information key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a fourth key generation algorithm to obtain a second information key. For an explanation on the introduction of the fourth key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 2856, the device cloud platform encrypts the second reference information or the second information using the second information key.
In order to ensure the security of the reference information of the device to be networked, the reference information of the device to be networked is held by the device cloud platform and the device to be networked, so that the device cloud platform encrypts the second reference information or the second information by using the second information key after determining the second information key, so as to avoid the leakage of the reference information of the device to be networked.
Step 2857, the device cloud platform sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network cloud platform.
Step 2858, the distribution network cloud platform sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network device.
After receiving the key calculation parameter from the equipment cloud platform and the second reference information or the second information encrypted by the second information key, the distribution network cloud platform further sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network equipment so as to respond to a ninth acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, only the first information key and the second information key are calculated according to the key calculation parameter and the device key of the device to be networked, which is described as an example, after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the information key by using other calculation parameters, such as calculating the first information key and the second information key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, and these should fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, under the condition that the identity authentication process of the device to be networked is coupled with the network distribution process, the key calculation parameter is generated through the cloud platform corresponding to the device to be networked, and the information key is determined according to the key calculation parameter and the device key of the device to be networked, so that the information key and the key calculation parameter are further sent to the network distribution device, thereby avoiding revealing the device key of the device to be networked, and improving the validity of identity authentication. Under the condition that the identity authentication process of the equipment to be networked is decoupled from the distribution network process, a key calculation parameter is generated through a cloud platform corresponding to the equipment to be networked, an information key is determined according to the key calculation parameter and an equipment key of the equipment to be networked, then reference information is further encrypted by the information key, and the key calculation parameter and the encrypted reference information are sent to the distribution network equipment, so that the equipment key and the reference information of the equipment to be networked are prevented from being revealed, and the validity of identity authentication is improved.
In the following, an identity authentication process coupled with a distribution network process is described by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 30, the information processing method provided in the embodiment of the present application includes the following steps:
Step 3001, the device to be networked broadcasts a beacon of the soft AP. The beacon includes the device identifier of the device to be networked.
Step 3002, the network distribution equipment receives beacon of soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identifier of the equipment to be networked.
Step 3003, the distribution network device sends a seventh obtaining request to the distribution network cloud platform, where the seventh obtaining request is used to request to obtain the second information key. The seventh obtaining request comprises the device identification of the device to be accessed to the network. Optionally, as shown in fig. 30, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a seventh obtaining request to the distribution network cloud platform.
Step 3004, the distribution network cloud platform determines an equipment cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 3005, the distribution network cloud platform sends an eighth acquisition request to the device cloud platform. The eighth acquisition request is for requesting acquisition of the second information key. Optionally, as shown in fig. 30, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends an eighth obtaining request to the device cloud platform.
Step 3006, the device cloud platform calculates a second information key. After receiving the eighth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
Step 3007, the device cloud platform sends the second information key and the key calculation parameter to the distribution network cloud platform.
Step 3008, the distribution network cloud platform sends the second information key and the key calculation parameter to the distribution network device.
Step 3009, the distribution network device determines the first information according to the second information key, the key calculation parameter, and the network configuration information. Optionally, the network configuration information is processed by the distribution network equipment by using a third encryption algorithm and an information encryption key to obtain the network configuration information encrypted by using the information encryption key; and determining the first information according to the key calculation parameter and the network configuration information encrypted by the information encryption key.
Step 3010, the distribution network device sends the first information to the device to be networked.
Step 3011, the device to be networked determines a first information key according to the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
Step 3012, the device to be networked decrypts the network configuration information encrypted by the second information key by using the first information key.
Under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
An identity authentication process for decoupling with the distribution network process is described below by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 31, the information processing method provided in the embodiment of the present application includes the following steps:
step 3101, the device to be networked broadcasts a beacon of soft AP. The beacon includes the device identifier of the device to be networked.
At step 3102, the network distribution device receives a beacon for the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identifier of the equipment to be networked.
Step 3103, the distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth obtaining request is for requesting to obtain the second reference information. The ninth obtaining request comprises the device identification of the device to be networked. Optionally, as shown in fig. 31, if the distribution network device is not in secure connection with the distribution network cloud platform, the distribution network device needs to establish secure connection with the distribution network cloud platform first, and then sends a ninth obtaining request to the distribution network cloud platform.
Step 3104, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 3105, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth obtaining request is for requesting to obtain the second reference information. Optionally, as shown in fig. 31, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
At step 3106, the device cloud platform calculates a second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
Step 3107, the device cloud platform encrypts the second reference information using the second information key to obtain second encrypted information. Because the reference information of the device to be networked is held by the device cloud platform and the device to be networked, in order to avoid leakage of the reference information of the device to be networked, the device cloud platform needs to encrypt the second reference information.
Step 3108, the device cloud platform sends the key calculation parameters and the second encryption information to the distribution network cloud platform.
Step 3109, the distribution network cloud platform sends the key calculation parameter and the second encryption information to the distribution network device.
Step 3110, the distribution network device sends the key calculation parameter to the device to be networked.
Step 3111, the device to be networked determines a first information key according to the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
Step 3112, the device to be networked encrypts the first reference information by using the first information key to obtain first encrypted information. The reference information of the device to be networked is pre-configured in the device to be networked by a device manufacturer of the device to be networked, and then the device to be networked can encrypt the first reference information by using the first information key after calculating the first information key. Optionally, the device to be networked processes the first reference information by using the first reference information and a third encryption algorithm to obtain first encryption information.
Step 3113, the device to be networked sends the first encrypted information to the distribution network device.
Step 3114, the network distribution device sends the network configuration information to the device to be networked, when the first encryption information is consistent with the second encryption information. The distribution network equipment receives second encrypted information from the distribution network cloud platform on one hand, receives first encrypted information from the equipment to be networked on the other hand, and then compares the first encrypted information with the second encrypted information. And under the condition that the first encryption information is consistent with the second encryption information, confirming that the equipment to be accessed passes the identity authentication, and sending network configuration information to the equipment to be accessed, wherein the network configuration information is used for configuring the equipment to be accessed to be added into the family WiFi network. And after the network access equipment receives the network configuration information, the network access equipment can join the family WiFi network according to the network configuration information.
Another identity authentication process for decoupling with the distribution network process is described below by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 32, the information processing method provided in the embodiment of the present application includes the following steps:
step 3201, the device to be networked broadcasts a beacon of the soft AP. The beacon includes the device identifier of the device to be networked.
Step 3202, the network distribution device receives the beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identifier of the equipment to be networked.
Step 3203, the distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth obtaining request is for requesting to obtain the second information. The ninth obtaining request comprises the device identification of the device to be networked. Optionally, as shown in fig. 32, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a ninth obtaining request to the distribution network cloud platform.
Step 3204, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 3205, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth obtaining request is for requesting to obtain the second information. Optionally, as shown in fig. 32, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
At step 3206, the device cloud platform computes a second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
At step 3207, the device cloud platform encrypts the second information using the second information key. Because the reference information of the device to be networked is held by the device cloud platform and the device to be networked, in order to avoid leakage of the reference information of the device to be networked, the device cloud platform needs to encrypt the reference information, and then obtains second information encrypted by a second information encryption key, wherein the second information includes the reference information of the device to be networked.
Step 3208, the device cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network cloud platform.
Step 3209, the distribution network cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network device.
In step 3210, the distribution network device sends the key calculation parameter and the second information to the device to be networked.
Step 3211, the device to be networked determines a first information key according to the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
Step 3212, the device to be networked decrypts the second information by using the first information key to obtain third reference information. The device to be networked decrypts the second information, and may obtain the reference information of the device to be networked in the second information, that is, the third reference information.
And 3213, the device to be networked sends third reference information to the network distribution device.
And 3214, the network configuration device sends network configuration information to the device to be networked under the condition that the third reference information is consistent with the fourth reference information. And the distribution network equipment receives fourth reference information from the distribution network cloud platform on one hand and receives third reference information from the equipment to be networked on the other hand, and then the fourth reference information and the third reference information are compared. And under the condition that the fourth reference information is consistent with the third reference information, confirming that the equipment to be accessed passes the identity authentication, and sending network configuration information to the equipment to be accessed, wherein the network configuration information is used for configuring the equipment to be accessed to be added into the family WiFi network. And after the network access equipment receives the network configuration information, the network access equipment can join the family WiFi network according to the network configuration information.
Referring to fig. 8, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
Step 810, the device to be networked displays a first graphic code, the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network device, and the network configuration information is used to configure the device to be networked to access the second access point.
For the equipment to be networked with the scanning function or the camera shooting function, the equipment can be accessed to the network in a network scanning and distribution mode. Aiming at the scanning distribution network, the embodiment of the application also provides an identity authentication mode.
The method comprises the steps that a device to be networked firstly displays a first graphic code, and optionally, the first graphic code is displayed in a screen of the device to be networked under the condition that the device to be networked has a screen display function; under the condition that the device to be networked does not have the screen display function, the first image code can be pasted on the surface of the device to be networked by a device manufacturer of the device to be networked or on a packaging box of the device to be networked, and the embodiment of the application does not limit the first image code. Alternatively, the first graphic code is represented as a two-dimensional code, a bar code, or the like. In this embodiment of the present application, the first graphic code includes a key calculation parameter and/or a device identifier of a device to be networked. Optionally, the first graphic code further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like.
The key calculation parameter is used to determine an information decryption key for decrypting the network configuration information. Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determination method of the key calculation parameters is not limited in the embodiment of the application, and optionally, the key calculation parameters are pre-configured by the device cloud platform; or the key calculation parameter is generated by the device to be networked. Under the condition that the equipment to be networked does not have the screen display function, the key calculation parameters can be pre-configured by an equipment cloud platform corresponding to the equipment to be networked; under the condition that the device to be networked has the screen display function, the key calculation parameter can be generated by the device to be networked. The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
In step 820, the distribution network device scans a first graphic code of the device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
The network distribution equipment scans the first graphic code of the equipment to be networked, and then the key calculation parameter and/or the equipment identification of the equipment to be networked can be obtained. For the device to be accessed to the network, the key calculation parameter is used for determining an information decryption key for decrypting the network configuration information; for the distribution network equipment, the key calculation parameter is used for determining an information encryption key for encrypting the network configuration information.
The network distribution equipment is used for distributing the network for the equipment to be networked in a code scanning network distribution mode, so after the network distribution equipment obtains the information encryption key, the second graphic code needs to be further displayed so that the equipment to be networked can scan and obtain the network configuration information. Optionally, the method further includes: the distribution network equipment determines a second graphic code according to the network configuration information and the information encryption key; and displaying the second graphic code. The information encryption key is used for encrypting the network configuration information, that is, the network configuration equipment can process the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain the encrypted network configuration information, and then generates a second graphic code according to the encrypted network configuration information. Optionally, the first encryption algorithm is a symmetric encryption algorithm. Optionally, the first encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC (Cipher Block Chaining), AES128-GCM (Galois/Counter Mode), AES256-CMAC, AES256-CBC, AES 256-GCM.
In one example, the method further comprises: and scanning a second graphic code displayed by the distribution network equipment by the equipment to be networked, wherein the second graphic code comprises network configuration information encrypted by using an information encryption key. The equipment to be networked scans the second image code to obtain the network configuration information encrypted by the information encryption key, and because the equipment to be networked determines the information decryption key according to the key calculation parameter, the equipment to be networked decrypts the network configuration information by using the information decryption key, and under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully obtains the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
To sum up, according to the technical scheme provided by the embodiment of the application, by adding the key calculation parameter to the graphic code of the device to be networked, the device to be networked can determine the information decryption key by using the key calculation parameter, the distribution network device can obtain the information encryption key through the key calculation parameter, and then the device to be networked can decrypt the network configuration information encrypted by the distribution network device by using the information encryption key by using the information decryption key, only under the condition that the information encryption key is consistent with the information decryption key, the device to be networked can obtain the network configuration information, so that the identity of the device to be networked is authenticated, and the network configuration information is prevented from being leaked.
The following describes a calculation process of an information decryption key at a network device side and an information encryption key at a distribution network device side.
First, a description will be given of a calculation process of an information decryption key on the side of a device to be networked.
In one example, as shown in fig. 9, the method further includes the following steps:
and 831, the device to be networked determines an information decryption key according to the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the information decryption key according to the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may use a key generation algorithm to process the key calculation parameter and the first device key, and optionally, step 831 includes: and the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain an information decryption key. Optionally, the second key generation algorithm comprises any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a calculation process of the information encryption key on the distribution network device side is described.
In one example, as shown in fig. 9, the method further includes the following steps:
in step 832, the distribution network device sends a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the information encryption key.
In order to enable the information encryption key generated by the distribution network equipment to be consistent with the information decryption key generated by the equipment to be networked, the calculation parameters of the information encryption key and the calculation parameters of the information decryption key need to be the same. The calculation parameters of the information decryption key include a key calculation parameter and a first device key, and therefore, the calculation parameters of the information encryption key also include a key calculation parameter and a device key of the device to be networked. In general, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is held only by the device to be networked and a cloud platform of a device vendor of the device to be networked (i.e., a device cloud platform), and therefore, the information encryption key needs to be involved in computing by the device cloud platform.
The distribution network equipment scans the graphic code of the equipment to be networked, acquires the equipment identification and/or the key calculation parameter of the equipment to be networked, and then sends a second acquisition request to the distribution network cloud platform to request for acquiring the information encryption key. The content of the second acquisition request is not limited in the embodiment of the application, and optionally, the second acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the second obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the second acquisition request to the distribution network cloud platform.
In the embodiment of the application, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is also not held by the distribution network cloud platform, and therefore, after the distribution network cloud platform receives the second acquisition request, the information encryption key needs to be further acquired from the device cloud platform. That is, as shown in fig. 9, after the step 832, the following steps are also included:
and 83A, determining the equipment cloud platform by the distribution network cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the second acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
And step 83B, the distribution network cloud platform sends a fourth acquisition request to the device cloud platform, where the fourth acquisition request is used to request to acquire the information encryption key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a fourth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key to the distribution network cloud platform. The content of the fourth acquisition request is not limited in the embodiment of the application, and optionally, the fourth acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the fourth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 9, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a fourth acquisition request to the device cloud platform.
Step 83C, the device cloud platform calculates the information encryption key.
Since the fourth acquisition request carries the key calculation parameter and/or the device identifier of the device to be networked, after receiving the fourth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the information decryption key to be consistent with the information encryption key, the information decryption key should be calculated in a consistent manner with the information encryption key, and therefore, the device cloud platform should calculate the information encryption key in a manner similar to that of the device to be networked. Optionally, if the to-be-networked device calculates the information decryption key in step 831, the process of calculating the information encryption key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a second key generation algorithm to obtain an information encryption key. For an explanation on the introduction of the second key generation algorithm, please refer to the above method embodiment, which is not described herein again.
And 83D, the equipment cloud platform sends the information encryption key to the distribution network cloud platform.
After the device cloud platform calculates the information encryption key, the device cloud platform can send the information encryption key to the distribution network cloud platform.
And 834, the distribution network cloud platform sends the information encryption key to the distribution network equipment.
And after receiving the information encryption key, the distribution network cloud platform further sends the information encryption key to the distribution network equipment so as to respond to a second acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, the information encryption key and the information decryption key are only calculated according to the key calculation parameter and the device key of the device to be networked for example, after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the information encryption key and the information decryption key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, the to-be-networked device and the distribution network device respectively obtain the information decryption key and the information encryption key according to the key calculation parameter, the subsequent distribution network device uses the information encryption key to encrypt the network configuration information, the to-be-networked device uses the information decryption key to decrypt the network configuration information encrypted by the information encryption key, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked device can obtain the network configuration information, so that before the to-be-networked device obtains the network configuration information, the identity of the to-be-networked device is authenticated, the leakage of the network configuration information is avoided, and the security of the access point is improved. In addition, in the embodiment of the application, in order to fully ensure the security of the device key of the device to be networked, the information encryption key on the side of the distribution network device is calculated by the cloud platform corresponding to the device to be networked, so that the device key of the device to be networked is prevented from being revealed, and the validity of identity authentication is improved.
The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in fig. 10, the information processing method provided in the embodiment of the present application includes the following steps:
step 1000, the distribution network equipment scans a first graphic code of the equipment to be networked, wherein the first graphic code comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the equipment to be networked to access the family WiFi network. The network distribution equipment scans the first graphic code of the equipment to be networked, and then the key calculation parameter and/or the equipment identification of the equipment to be networked can be obtained.
Step 1010, the distribution network device sends a second acquisition request to the distribution network cloud platform. The second acquisition request is for requesting acquisition of the information encryption key. The second obtaining request comprises a key calculation parameter and/or a device identifier of the device to be networked. Optionally, as shown in fig. 10, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the second acquisition request to the distribution network cloud platform.
Step 1020, the distribution network cloud platform determines a device cloud platform. The second acquisition request sent by the distribution network equipment to the distribution network cloud platform includes the equipment manufacturer name of the equipment to be networked, and then the distribution network cloud platform can determine the corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 1030, the distribution network cloud platform sends a fourth obtaining request to the device cloud platform, where the fourth obtaining request is used to request to obtain the information encryption key. The fourth obtaining request comprises a key calculation parameter and/or a device identifier of the device to be networked. Optionally, as shown in fig. 10, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a fourth acquisition request to the device cloud platform.
Step 1040, the device cloud platform calculates the information encryption key. After receiving the fourth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked stored by the device cloud platform. And then, the device cloud platform processes the key calculation parameters and the second device key by adopting a second key generation algorithm to obtain an information encryption key.
Step 1050, the device cloud platform sends the information encryption key to the distribution network cloud platform.
Step 1060, the distribution network cloud platform sends the information encryption key to the distribution network device.
Step 1070, the network configuration equipment processes the network configuration information by adopting a first encryption algorithm and an information encryption key to obtain encrypted network configuration information; and generating a second graphic code according to the encrypted network configuration information, and displaying the second graphic code.
Step 1080, the device to be networked calculates the information decryption key. And the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain an information decryption key.
And step 1090, the device to be networked scans the second graphic code. The equipment to be networked scans the second image code to obtain the network configuration information encrypted by the information encryption key, and because the equipment to be networked determines the information decryption key according to the key calculation parameter, the equipment to be networked decrypts the network configuration information by using the information decryption key, and under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully obtains the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
It should be noted that, in the embodiment of the present application, the execution order of each step is not limited, and on the premise of meeting the logic requirement, each step may be combined in any execution order. For example, step 1080 may be performed before step 1000, or step 1080 may be performed after step 1040. All of which are intended to be within the scope of the present application.
Referring to fig. 21, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 2110, the distribution network equipment displays a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
The embodiment of the application also provides an information processing method for the scanning distribution network. The distribution network equipment firstly displays the third graphic code, and optionally, the third graphic code is represented as a two-dimensional code, a bar code and the like. In the embodiment of the present application, the third graphic code includes network configuration information encrypted by using an information encryption key, and a key calculation parameter. For the distribution network equipment side, the key calculation parameter is used for determining an information encryption key; for the device side to be networked, the key calculation parameter is used for determining the information decryption key. For the determination process of the information encryption key and the information decryption key, please refer to the following method embodiments, which are not described herein again.
The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value. Optionally, the key calculation parameter is generated by a device cloud platform (a cloud platform corresponding to the device to be networked). Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determination time of the key calculation parameters is not limited, and optionally, the device cloud platform generates the key calculation parameters after receiving a request for obtaining the information encryption key; or, the device cloud platform generates a key calculation parameter in advance, and after subsequently receiving a request for obtaining an information encryption key, the device cloud platform calculates the information encryption key directly according to the key calculation parameter and the device key of the device to be networked.
In order to avoid leakage of the device key of the device to be networked, the information encryption key which takes the device key of the device to be networked as the calculation parameter is calculated by the device cloud platform, and then the device cloud platform further sends the information encryption key and the key calculation parameter to the distribution network device through the distribution network cloud platform. After the distribution network device receives the information encryption key and the key calculation parameter, a third graphic code needs to be generated according to the information encryption key and the key calculation parameter, so that the distribution network device can be scanned by the device to be networked. Thus, in one example, the method further comprises: the method comprises the steps that the distribution network equipment receives an information encryption key, key calculation parameters and network configuration information from a distribution network cloud platform; and determining a third graphic code according to the information encryption key, the key calculation parameter and the network configuration information.
Optionally, the determining the third graphic code according to the information encryption key, the key calculation parameter, and the network configuration information includes: processing the network configuration information by adopting a second encryption algorithm and an information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating a third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter. Because the key calculation parameter is not encrypted by using the information encryption key, that is, the key calculation parameter is plaintext, the device to be networked can obtain the key calculation parameter by scanning the third graphic code. Optionally, the second encryption algorithm is a symmetric encryption algorithm. Optionally, the second encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, AES 256-GCM.
And step 2120, the to-be-networked device scans a third graphic code displayed by the distribution network device.
And scanning the third graphic code displayed by the distribution network equipment by the equipment to be networked to obtain the key calculation parameter of the plaintext and the network configuration information encrypted by the information encryption key. Then, the device to be networked needs to further determine an information decryption key according to the key calculation parameter to decrypt the network configuration information encrypted by the information encryption key. For the process of determining the information decryption key by the device to be networked, please refer to the following method embodiments, which are not described herein again. In the embodiment of the application, under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter and the network configuration information encrypted by the information encryption key are added to the graphic code displayed by the distribution network equipment, and then the to-be-networked equipment scans the graphic code to obtain the key calculation parameter, so that the information decryption key is determined according to the key calculation parameter, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked equipment can obtain the network configuration information, so that the identity of the to-be-networked equipment is authenticated, and the network configuration information is prevented from being leaked. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
The following describes a calculation process of an information decryption key at a network device side and an information encryption key at a distribution network device side.
First, a description will be given of a calculation process of an information decryption key on the side of a device to be networked.
In one example, as shown in fig. 22, the method further includes the following steps:
step 2131, the device to be networked determines an information decryption key according to the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the information decryption key according to the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may use a key generation algorithm to process the key calculation parameter and the first device key, and optionally, step 2131 includes: and the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain an information decryption key. Optionally, the third key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a calculation process of the information encryption key on the distribution network device side is described.
In one example, as shown in fig. 22, the method further includes the following steps:
Step 2132, the distribution network device scans a fourth graphic code of the device to be networked, where the fourth graphic code includes a device identifier of the device to be networked.
The device to be networked can display the fourth graphic code, and optionally, the fourth graphic code is displayed in a screen of the device to be networked under the condition that the device to be networked has a screen display function; under the condition that the device to be networked does not have the screen display function, the fourth image code can be pasted on the surface of the device to be networked by a device manufacturer of the device to be networked or on a packaging box of the device to be networked, and the fourth image code is not limited by the embodiment of the application. Alternatively, the fourth graphic code is represented as a two-dimensional code, a barcode, or the like. In this embodiment of the application, the fourth graphic code includes an equipment identifier of the equipment to be networked. Optionally, the fourth graphic code further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. And the distribution network equipment can acquire the equipment identifier of the equipment to be networked by scanning the fourth graphic code.
Step 2133, the distribution network device sends a fifth obtaining request to the distribution network cloud platform, where the fifth obtaining request is used for requesting to obtain the information encryption key.
The information encryption key is obtained by the equipment cloud platform through calculation, so that the distribution network equipment can send a fifth obtaining request to the distribution network cloud platform under the condition that the information encryption key needs to be obtained, and the information encryption key can be further obtained through the distribution network cloud platform. The content of the fifth acquisition request is not limited in the embodiment of the application, and optionally, the fifth acquisition request includes a device identifier of a device to be networked; or, the fifth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 22, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a fifth acquisition request to the distribution network cloud platform.
Step 2134, the distribution network cloud platform determines a device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the second acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 2135, the distribution network cloud platform sends a sixth obtaining request to the device cloud platform, where the sixth obtaining request is used for requesting to obtain the information encryption key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a sixth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key to the distribution network cloud platform. In the embodiment of the present application, the content of the sixth acquisition request is not limited, and optionally, the sixth acquisition request includes a device identifier of a device to be networked; or, the sixth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 22, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a sixth acquisition request to the device cloud platform.
Step 2136, the device cloud platform calculates the information encryption key.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
Since the sixth acquisition request carries the device identifier of the device to be networked, after receiving the sixth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the information decryption key to be consistent with the information encryption key, the information decryption key should be calculated in a consistent manner with the information encryption key, and therefore, the device cloud platform should calculate the information encryption key in a manner similar to that of the device to be networked. Optionally, if the device to be networked calculates the information decryption key in step 2131, the process of calculating the information encryption key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a third key generation algorithm to obtain an information encryption key. For an explanation on the introduction of the third key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 2137, the device cloud platform sends the information encryption key and the key calculation parameters to the distribution network cloud platform.
After the device cloud platform calculates the information encryption key, the device cloud platform can send the information encryption key and the key calculation parameter to the distribution network cloud platform.
Step 2138, the distribution network cloud platform sends the information encryption key to the distribution network equipment.
After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key and the key calculation parameter to the distribution network equipment so as to respond to a fifth acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, the information encryption key and the information decryption key are only calculated according to the key calculation parameter and the device key of the device to be networked for example, after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the information encryption key and the information decryption key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
In summary, according to the technical scheme provided by the embodiment of the application, the key calculation parameter is generated by the cloud platform corresponding to the device to be networked, and the information encryption key is determined according to the key calculation parameter and the device key of the device to be networked, so that the information encryption key and the key calculation parameter are further sent to the distribution network device, thereby avoiding disclosure of the device key of the device to be networked, and improving validity of identity authentication.
The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in fig. 23, the information processing method provided in the embodiment of the present application includes the following steps:
step 2301, the distribution network device scans a fourth graphic code of the device to be networked. The fourth graphic code comprises the device identification of the device to be networked. And the distribution network equipment scans the fourth graphic code of the equipment to be networked, so that the equipment identification of the equipment to be networked can be obtained.
Step 2302, the distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire the information encryption key. The fifth obtaining request comprises the device identification of the device to be accessed to the network. Optionally, as shown in fig. 23, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a fifth acquisition request to the distribution network cloud platform.
Step 2303, the distribution network cloud platform determines a device cloud platform. The fifth acquisition request sent by the distribution network device to the distribution network cloud platform includes the device manufacturer name of the device to be networked, and the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be networked.
Step 2304, the distribution network cloud platform sends a sixth obtaining request to the device cloud platform, where the sixth obtaining request is used to request to obtain the information encryption key. The sixth obtaining request comprises the device identification of the device to be networked. Optionally, as shown in fig. 23, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a sixth acquisition request to the device cloud platform.
Step 2304, the device cloud platform calculates the information encryption key. After receiving the sixth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked stored by the device cloud platform. And then, the device cloud platform processes the key calculation parameters and the second device key by adopting a third key generation algorithm to obtain an information encryption key.
Step 2305, the device cloud platform sends the information encryption key and the key calculation parameter to the distribution network cloud platform.
Step 2306, the distribution network cloud platform sends the information encryption key and the key calculation parameter to the distribution network device.
Step 2307, the distribution network equipment processes the network configuration information by using a second encryption algorithm and an information encryption key to obtain the network configuration information encrypted by using the information encryption key; and generating a third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter, and displaying the third graphic code.
Step 2308, the device to be networked scans the third graphic code. And the equipment to be networked scans the third image code to obtain the network configuration information and the key calculation parameters encrypted by the information encryption key.
Step 2309, the device to be networked calculates the information decryption key. And the equipment to be accessed to the network determines an information decryption key according to the key calculation parameter and the first equipment key. Optionally, the device to be networked processes the key calculation parameter and the first device key by using a third key generation algorithm to obtain an information decryption key.
At step 2310, the device to be networked acquires network configuration information. The network access equipment can adopt the calculated information decryption key to decrypt the acquired network configuration information encrypted by the information encryption key, and under the condition that the information decryption key is consistent with the information encryption key, the network access equipment successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
The information processing method provided by the embodiment of the application is introduced and explained from the perspective of interaction among the device to be networked, the network distribution device, the network distribution cloud platform and the device cloud platform. The steps executed by the equipment to be accessed can be independently realized as an information processing method on the side of the equipment to be accessed; the steps executed by the distribution network equipment can be independently realized as an information processing method on the side of the distribution network equipment.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Referring to fig. 11, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 11, the apparatus 1100 may include: beacon broadcast module 1110.
The beacon broadcasting module 1110 is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, as shown in fig. 12, the apparatus 1100 further comprises: a first key determining module 1120, configured to determine a first access key according to the key calculation parameter and the first device key.
In one example, as shown in fig. 12, the first key determination module 1120 is configured to: processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain the first access key.
In one example, as shown in fig. 12, the apparatus 1100 further comprises: an identity authentication module 1130, configured to perform the identity authentication with the distribution network device based on the first access key; the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and under the condition that the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, as shown in fig. 12, the apparatus 1100 further comprises: a configuration information receiving module 1140, configured to receive network configuration information from the distribution network device when the identity authentication passes, where the network configuration information is used to configure the device to be networked to access the second access point.
To sum up, in the technical scheme provided in the embodiment of the present application, a key calculation parameter is added to a beacon of an access point started by a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and a distribution network device, so as to provide a basis for performing identity authentication between the device to be networked and the distribution network device, and facilitate the implementation of identity authentication between the subsequent device to be networked and the distribution network device. In addition, in the embodiment of the application, before the network configuration information is acquired by the equipment to be networked, the identity authentication between the equipment to be networked and the distribution network equipment, that is, the network configuration information can be acquired by the equipment to be networked only when the identity authentication passes, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
Referring to fig. 13, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 13, the apparatus 1300 may include: a beacon reception module 1310.
A beacon receiving module 1310, configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, as shown in fig. 14, the apparatus 1300 further comprises: a first request sending module 1320, configured to send a first obtaining request to the distribution network cloud platform, where the first obtaining request is used to request to obtain a second access key; a key information receiving module 1330, configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
In one example, the access key information includes the second access key.
In one example, the access key information includes a second encryption key; as shown in fig. 14, the apparatus 1300 further comprises: the second key determining module 1340 is configured to process the second encryption key in the first encoding manner to obtain the second access key.
In an example, the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, as shown in fig. 14, the apparatus 1300 further comprises: an identity authentication module 1350, configured to perform the identity authentication with the device to be networked based on the second access key; the identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, as shown in fig. 14, the apparatus 1300 further comprises: an accessing module 1360 configured to access the first access point if the identity authentication is passed.
In one example, as shown in fig. 14, the apparatus 1300 further comprises: a configuration information sending module 1370, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point.
To sum up, in the technical scheme provided in the embodiment of the present application, a key calculation parameter is added to a beacon of an access point started by a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and a distribution network device, so as to provide a basis for performing identity authentication between the device to be networked and the distribution network device, and facilitate the implementation of identity authentication between the subsequent device to be networked and the distribution network device. In addition, in the embodiment of the application, before the network configuration information is acquired by the equipment to be networked, the identity authentication between the equipment to be networked and the distribution network equipment, that is, the network configuration information can be acquired by the equipment to be networked only when the identity authentication passes, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
Referring to fig. 33, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 33, the apparatus 3300 may include: a first receiving module 3310.
The first receiving module 3310 is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In one example, as shown in fig. 34, the apparatus 3300 further comprises: a first key determining module 3320, configured to determine the first information key according to the key calculation parameter and the first device key.
In one example, as shown in fig. 34, the first key determination module 3320 is configured to: and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
In one example, the first information further includes network configuration information encrypted by using a second information key, where the network configuration information is used to configure the device to be networked to access a second access point; as shown in fig. 34, the apparatus 3300 further includes: a first decryption module 3330, configured to decrypt, using the first information key, the network configuration information encrypted using the second information key; under the condition that the first information key is consistent with the second information key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, as shown in fig. 34, the apparatus 3300 further comprises: the first encryption module 3340, configured to obtain first encryption information according to the first information key and the first reference information; a first information sending module 3350, configured to send the first encrypted information to the distribution network device.
In one example, as shown in fig. 34, the first encryption module 3350 is configured to: and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
In one example, the first information further comprises second information encrypted with a second information key; as shown in fig. 34, the apparatus 3300 further includes: the second decryption module 3360 is configured to decrypt, using the first information key, the second information encrypted using the second information key to obtain third reference information; a third information sending module 3370, configured to send the third reference information to the distribution network device.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In summary, in the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the distribution network device, and the key calculation parameter is used to calculate the information key, where the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the device to be networked can also be decoupled from the distribution network process, that is, the distribution network device sends network configuration information to the device to be networked after the identity authentication of the device to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
Referring to fig. 35, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 35, the apparatus 3500 may include: a first transmission module 3510.
A first sending module 3510, configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In one example, the first information further includes network configuration information encrypted by using a second information key, where the network configuration information is used to configure the device to be networked to access a second access point; as shown in fig. 36, the apparatus 3500 further comprises: a first receiving module 3520, configured to receive the key calculation parameter and the second information key from the distribution network cloud platform; a second determining module 3530, configured to determine the first information according to the key calculation parameter, the second information key and the network configuration information.
In one example, as shown in FIG. 36, the second determining module 3530 is configured to: processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key; and determining the first information according to the key calculation parameter and the network configuration information encrypted by adopting the second information key.
In one example, as shown in fig. 36, the apparatus 3500 further comprises: a first information receiving module 3540, configured to receive first encrypted information from the device to be networked, where the first encrypted information includes first reference information encrypted by using the first information key; a second information receiving module 3550, configured to receive second encrypted information from the distribution network cloud platform, where the second encrypted information includes second reference information encrypted with a second information key; a configuration information sending module 3560, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point, if the first encryption information is consistent with the second encryption information.
In one example, as shown in fig. 36, the apparatus 3500 further comprises: a third information receiving module 3570, configured to receive the third reference information from the distribution network device; a fourth information receiving module 3580, configured to receive fourth reference information from the distribution network cloud platform; a configuration information sending module 3560, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point, if the third reference information is consistent with the fourth reference information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In summary, in the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the distribution network device, and the key calculation parameter is used to calculate the information key, where the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the device to be networked can also be decoupled from the distribution network process, that is, the distribution network device sends network configuration information to the device to be networked after the identity authentication of the device to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
Referring to fig. 15, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 15, the apparatus 1500 may include: the first display module 1510.
The first display module 1510 is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an apparatus identifier of the apparatus to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network apparatus, and the network configuration information is used to configure the apparatus to be networked to access a second access point.
In one example, as shown in fig. 16, the apparatus 1500 further comprises: a decryption key determining module 1520, configured to determine the information decryption key according to the key calculation parameter and the first device key.
In one example, as shown in fig. 16, the decryption key determination module 1520 is configured to: and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
In one example, as shown in fig. 16, the apparatus 1500 further comprises: the first scanning module 1530 is configured to scan a second graphic code displayed by the distribution network device, where the second graphic code includes the network configuration information encrypted by using an information encryption key; under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, by adding the key calculation parameter to the graphic code of the device to be networked, the device to be networked can determine the information decryption key by using the key calculation parameter, the distribution network device can obtain the information encryption key through the key calculation parameter, and then the device to be networked can decrypt the network configuration information encrypted by the distribution network device by using the information encryption key by using the information decryption key, only under the condition that the information encryption key is consistent with the information decryption key, the device to be networked can obtain the network configuration information, so that the identity of the device to be networked is authenticated, and the network configuration information is prevented from being leaked.
Referring to fig. 17, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 17, the apparatus 1700 may include: a second scanning module 1710.
The second scanning module 1710 is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, as shown in fig. 18, the apparatus 1700 further comprises: a second request sending module 1720, configured to send a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the information encryption key; the encryption key receiving module 1730 is configured to receive the information encryption key from the distribution network cloud platform.
In an example, the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, as shown in fig. 18, the apparatus 1700 further comprises: a graphic code determining module 1740, configured to determine a second graphic code according to the network configuration information and the information encryption key; and a second display module 1750, configured to display the second graphic code.
In one example, as shown in fig. 18, the graphics code determining module 1740 is configured to: processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information; and generating the second graphic code according to the encrypted network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, by adding the key calculation parameter to the graphic code of the device to be networked, the device to be networked can determine the information decryption key by using the key calculation parameter, the distribution network device can obtain the information encryption key through the key calculation parameter, and then the device to be networked can decrypt the network configuration information encrypted by the distribution network device by using the information encryption key by using the information decryption key, only under the condition that the information encryption key is consistent with the information decryption key, the device to be networked can obtain the network configuration information, so that the identity of the device to be networked is authenticated, and the network configuration information is prevented from being leaked.
Referring to fig. 24, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 24, the apparatus 2400 may include: a third scanning module 2410.
A third scanning module 2410, configured to scan a third graphical code displayed by the distribution network device, where the third graphical code includes network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, as shown in fig. 25, the apparatus 2400 further includes: a decryption key determination module 2420 configured to determine the information decryption key according to the key calculation parameter and the first device key.
In one example, as shown in fig. 25, the decryption key determination module 2420 is configured to: and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
In an example, when the information decryption key is consistent with the information encryption key, the device to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter and the network configuration information encrypted by the information encryption key are added to the graphic code displayed by the distribution network equipment, and then the to-be-networked equipment scans the graphic code to obtain the key calculation parameter, so that the information decryption key is determined according to the key calculation parameter, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked equipment can obtain the network configuration information, so that the identity of the to-be-networked equipment is authenticated, and the network configuration information is prevented from being leaked. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
Referring to fig. 26, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 26, the apparatus 2600 may comprise: a third display module 2610.
A third display module 2610, configured to display a third graphical code, where the third graphical code includes network configuration information encrypted by an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, as shown in fig. 27, the apparatus 2600 further comprises: the information receiving module 2620 is configured to receive the information encryption key, the key calculation parameter, and the network configuration information from the distribution network cloud platform; the graphic code determining module 2630 is configured to determine the third graphic code according to the information encryption key, the key calculation parameter, and the network configuration information.
In one example, as shown in fig. 27, the graphic code determination module 2630 is configured to: processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating the third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter and the network configuration information encrypted by the information encryption key are added to the graphic code displayed by the distribution network equipment, and then the to-be-networked equipment scans the graphic code to obtain the key calculation parameter, so that the information decryption key is determined according to the key calculation parameter, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked equipment can obtain the network configuration information, so that the identity of the to-be-networked equipment is authenticated, and the network configuration information is prevented from being leaked. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the above functional modules is illustrated, and in practical applications, the above functions may be distributed by different functional modules according to actual needs, that is, the content structure of the device is divided into different functional modules, so as to complete all or part of the functions described above.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Referring to fig. 19, a schematic structural diagram of a device to be networked 190 according to an embodiment of the present application is shown, for example, the device to be networked may be used to execute the method for processing information on the device to be networked side. Specifically, the device to be networked 190 may include: a processor 191, and a transceiver 192 coupled to the processor 191; wherein:
the processor 191 includes one or more processing cores, and the processor 191 executes various functional applications and information processing by executing software programs and modules.
The transceiver 192 includes a receiver and a transmitter. Optionally, the transceiver 192 is a communication chip.
In one example, the device to be networked 190 further includes: a memory and a bus. The memory is connected to the processor by a bus. The memory may be configured to store a computer program, and the processor is configured to execute the computer program to implement the steps performed by the device to be networked in the foregoing method embodiment.
Further, the memory may be implemented by any type or combination of volatile or non-volatile storage devices, including, but not limited to: RAM (Random-Access Memory) and ROM (Read-Only Memory), EPROM (Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other solid state storage technology, CD-ROM (Compact Disc Read-Only Memory), DVD (Digital Video Disc) or other optical storage, magnetic tape cartridge, magnetic tape, magnetic disk storage or other magnetic storage devices. Wherein:
in a possible implementation manner, the transceiver 192 is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, the processor 191 is configured to: and determining a first access key according to the key calculation parameter and the first device key.
In one example, the processor 191 is configured to: processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain the first access key.
In one example, the processor 191 is configured to: performing the identity authentication with the distribution network equipment based on the first access key; the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and under the condition that the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, the transceiver 192 is configured to: and receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access a second access point.
In another possible implementation manner, the processor 191 is configured to display a first graphical code, where the first graphical code includes a key calculation parameter and/or a device identifier of the device to be networked, where the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, the processor 191 is configured to: and determining the information decryption key according to the key calculation parameter and the first equipment key.
In one example, the processor 191 is configured to: and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
In one example, the processor 191 is configured to: scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key; under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In yet another possible implementation, the processor 191 is configured to scan a third graphic code displayed by the distribution network device, where the third graphic code includes network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, the processor 191 is further configured to: and determining the information decryption key according to the key calculation parameter and the first equipment key.
In one example, the processor 191 is further configured to: and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
In an example, when the information decryption key is consistent with the information encryption key, the device to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte. In yet another possible implementation, the transceiver 192 is configured to receive a first message from a distribution network device, where the first message includes a key calculation parameter and a second message encrypted by using a message encryption key, the key calculation parameter is used to determine a message decryption key, and the message decryption key is used to decrypt the second message encrypted by using the message encryption key.
In one example, the processor 191 is configured to: and determining the information decryption key according to the key calculation parameter and the first equipment key.
In one example, the processor 191 is configured to: and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the information decryption key.
In one example, the second information includes first reference information; the processor 191 is configured to decrypt, using the information decryption key, the second information encrypted with the information encryption key to obtain the first reference information; the transceiver 192 is configured to receive network configuration information from the distribution network device when the first reference information and the second reference information are consistent, where the network configuration information is used to configure the device to be networked to access the second access point.
In one example, the second information includes network configuration information, where the network configuration information is used to configure the device to be networked to access a second access point; under the condition that the information encryption key is consistent with the information decryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information encryption key is inconsistent with the information decryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
Please refer to fig. 20, which shows a schematic structural diagram of a distribution network device 200 according to an embodiment of the present application, for example, the distribution network device may be used to execute the distribution network device side information processing method. Specifically, the distribution network device 200 may include: a processor 201, and a transceiver 202 connected to the processor 201; wherein:
the processor 201 includes one or more processing cores, and the processor 201 executes various functional applications and information processing by running software programs and modules.
The transceiver 202 includes a receiver and a transmitter. Optionally, the transceiver 202 is a communication chip.
In one example, the distribution network device 200 further includes: a memory and a bus. The memory is connected to the processor by a bus. The memory may be used for storing a computer program, and the processor may be used for executing the computer program to implement the steps performed by the distribution network device in the above-described method embodiments.
Further, the memory may be implemented by any type or combination of volatile or non-volatile storage devices, including, but not limited to: RAM and ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Wherein:
In a possible implementation manner, the transceiver 202 is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, the transceiver 202 is configured to: sending a first acquisition request to a distribution network cloud platform, wherein the first acquisition request is used for requesting to acquire a second access key; and receiving access key information from the distribution network cloud platform, wherein the access key information is used for determining the second access key.
In one example, the access key information includes the second access key.
In one example, the processor 201 is configured to: and processing the second encryption key by adopting a first coding mode to obtain the second access key.
In an example, the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the processor 201 is configured to: based on the second access key, the identity authentication is executed between the device to be accessed to the network and the second access key; the identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, the processor 201 is configured to: and accessing the first access point under the condition that the identity authentication is passed.
In one example, the transceiver 202 is configured to: and sending network configuration information to the equipment to be accessed to the network, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
In another possible implementation manner, the processor 201 is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, the transceiver 202 is configured to: sending a second acquisition request to a distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key; and receiving the information encryption key from the distribution network cloud platform.
In an example, the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the processor 201 is configured to: determining a second graphic code according to the network configuration information and the information encryption key; and displaying the second graphic code.
In one example, the processor 201 is configured to: processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information; and generating the second graphic code according to the encrypted network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In yet another possible implementation, the processor 201 is configured to display a third graphic code, where the third graphic code includes network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, the processor 201 is further configured to: receiving the information encryption key, the key calculation parameter and the network configuration information from a distribution network cloud platform; and determining the third graphic code according to the information encryption key, the key calculation parameter and the network configuration information.
In one example, the processor 201 is further configured to: processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating the third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In a further possible implementation manner, the transceiver 202 is configured to send first information to a device to be networked, where the first information includes a key calculation parameter and second information encrypted by using an information encryption key, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the second information encrypted by using the information encryption key.
In one example, the second information includes first reference information; the method further comprises the following steps: the transceiver 202 is configured to receive the key calculation parameter and the second information encrypted by using the information encryption key from the distribution network cloud platform; the processor 201 is configured to determine the first information according to the key calculation parameter and the second information encrypted by using the information encryption key.
In one example, the second information includes network configuration information, where the network configuration information is used to configure the device to be networked to access a second access point; the transceiver 202 is configured to receive the key calculation parameter and the information encryption key from the distribution network cloud platform; the processor 201 is configured to determine the first information according to the key calculation parameter, the information encryption key, and the network configuration information.
In one example, the processor 201 is configured to: processing the network configuration information by adopting a third encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and determining the first information according to the key calculation parameter and the network configuration information encrypted by adopting the information encryption key.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
The embodiment of the application further provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of the device to be networked to implement the method for processing information on the side of the device to be networked.
The embodiment of the application also provides a computer-readable storage medium, in which a computer program is stored, and the computer program is used for being executed by a processor of the distribution network equipment to implement the distribution network equipment side information processing method.
The embodiment of the application further provides a chip, which comprises a programmable logic circuit and/or a program instruction, and when the chip runs on the device to be networked, the chip is used for realizing the information processing method on the device to be networked.
The embodiment of the application also provides a chip, which comprises a programmable logic circuit and/or a program instruction, and when the chip runs on the distribution network equipment, the chip is used for realizing the distribution network equipment side information processing method.
The embodiment of the present application further provides a computer program product, which is used for implementing the information processing method at the side of the device to be networked as described above when the computer program product runs on the device to be networked.
The embodiment of the application also provides a computer program product, and when the computer program product runs on the distribution network equipment, the method is used for realizing the distribution network equipment side information processing method.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (132)

1. An information processing method is applied to a device to be networked, and the method comprises the following steps:
and broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
2. The method of claim 1, further comprising:
and determining a first access key according to the key calculation parameter and the first device key.
3. The method of claim 2, wherein determining the first access key based on the key calculation parameter and the first device key comprises:
processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key;
and processing the first encryption key by adopting a first coding mode to obtain the first access key.
4. The method of claim 2, wherein after determining the first access key based on the key calculation parameter and the first device key, further comprising:
performing the identity authentication with the distribution network equipment based on the first access key;
the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and under the condition that the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
5. The method of claim 1, wherein the beacon comprises at least one of: basic service set identification BSSID field, service set identification SSID field and custom field;
the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
6. The method of claim 1, wherein the key calculation parameter comprises a random number.
7. The method of claim 1, wherein the key calculation parameter has a length greater than or equal to one byte.
8. The method according to any one of claims 1 to 7, further comprising:
and receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access a second access point.
9. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
receiving a beacon of a first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
10. The method of claim 9, further comprising:
sending a first acquisition request to a distribution network cloud platform, wherein the first acquisition request is used for requesting to acquire a second access key;
and receiving access key information from the distribution network cloud platform, wherein the access key information is used for determining the second access key.
11. The method of claim 10, wherein the access key information comprises the second access key.
12. The method of claim 10, wherein the access key information comprises a second encryption key; after receiving the access key information from the distribution network cloud platform, the method further includes:
and processing the second encryption key by adopting a first coding mode to obtain the second access key.
13. The method according to claim 10, wherein the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
14. The method of claim 10, wherein after receiving the access key information from the distribution network cloud platform, further comprising:
based on the second access key, the identity authentication is executed between the device to be accessed to the network and the second access key;
the identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
15. The method of claim 9, wherein the beacon comprises at least one of: basic service set identification BSSID field, service set identification SSID field and custom field;
the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
16. The method of claim 9, wherein the key calculation parameter comprises a random number.
17. The method of claim 9, wherein the key calculation parameter has a length greater than or equal to one byte.
18. The method according to any one of claims 9 to 17, further comprising:
and accessing the first access point under the condition that the identity authentication is passed.
19. The method of claim 18, wherein after accessing the first access point, further comprising:
and sending network configuration information to the equipment to be accessed to the network, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
20. An information processing method is applied to a device to be networked, and the method comprises the following steps:
displaying a first graphic code, wherein the first graphic code comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used for determining an information decryption key, the information decryption key is used for decrypting network configuration information from distribution network equipment, and the network configuration information is used for configuring the equipment to be networked to access a second access point.
21. The method of claim 20, further comprising:
and determining the information decryption key according to the key calculation parameter and the first equipment key.
22. The method of claim 21, wherein determining an information decryption key based on the key calculation parameter and a first device key comprises:
and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
23. The method of claim 20, further comprising:
scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key;
Under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
24. The method according to any one of claims 20 to 23, wherein the key calculation parameter comprises a random number.
25. The method according to any of claims 20 to 23, wherein the key calculation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
26. The method according to any of claims 20 to 23, wherein the length of the key calculation parameter is greater than or equal to one byte.
27. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
scanning a first graphic code of a device to be accessed to a network, wherein the first graphic code comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the device to be accessed to the network to access a second access point.
28. The method of claim 27, further comprising:
sending a second acquisition request to a distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key;
and receiving the information encryption key from the distribution network cloud platform.
29. The method according to claim 28, wherein the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
30. The method of claim 27, further comprising:
determining a second graphic code according to the network configuration information and the information encryption key;
and displaying the second graphic code.
31. The method according to claim 30, wherein said determining a second graphical code based on said network configuration information and said information encryption key comprises:
processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information;
and generating the second graphic code according to the encrypted network configuration information.
32. The method according to any one of claims 27 to 31, wherein the key calculation parameter comprises a random number.
33. The method according to any of claims 27 to 31, wherein the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
34. The method according to any one of claims 27 to 31, wherein the length of the key calculation parameter is greater than or equal to one byte.
35. An information processing method is applied to a device to be networked, and the method comprises the following steps:
scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
36. The method of claim 35, wherein after scanning the third graphic code displayed by the distribution network device, further comprising:
and determining the information decryption key according to the key calculation parameter and the first equipment key.
37. The method of claim 36, wherein determining the information decryption key based on the key calculation parameter and the first device key comprises:
and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
38. The method of claim 35,
under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information;
and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
39. The method according to any one of claims 35 to 38, wherein the key calculation parameter comprises a random number.
40. The method according to any one of claims 35 to 38, wherein the length of the key calculation parameter is greater than or equal to one byte.
41. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
The network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
42. The method of claim 41, further comprising:
receiving the information encryption key and the key calculation parameter from the distribution network cloud platform;
and determining the third graphic code according to the information encryption key, the key calculation parameter and the network configuration information.
43. The method according to claim 42, wherein said determining the third graphical code based on the information encryption key, the key calculation parameter, and the network configuration information comprises:
processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key;
and generating the third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter.
44. The method according to any one of claims 41 to 43, wherein the key calculation parameter comprises a random number.
45. The method according to any one of claims 41 to 43, wherein the length of the key calculation parameter is greater than or equal to one byte.
46. An information processing method is applied to a device to be networked, and the method comprises the following steps:
first information from distribution network equipment is received, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
47. The method of claim 46, wherein after receiving the first information from the distribution network device, further comprising:
and determining the first information key according to the key calculation parameter and the first equipment key.
48. The method of claim 47, wherein determining the first information key based on the key calculation parameter and the first device key comprises:
and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
49. The method of claim 46, wherein the first information further includes network configuration information encrypted by using a second information key, and the network configuration information is used for configuring the device to be networked to access a second access point; after receiving the first information from the distribution network device, the method further includes:
Decrypting the network configuration information encrypted by the second information key by using the first information key;
under the condition that the first information key is consistent with the second information key, the equipment to be accessed to the network successfully acquires the network configuration information;
and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
50. The method of claim 46, wherein after receiving the first information from the distribution network device, further comprising:
obtaining first encryption information according to the first information key and first reference information;
and sending the first encryption information to the distribution network equipment.
51. The method of claim 50, wherein obtaining the first encrypted information according to the first information key and the first reference information comprises:
and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
52. The method of claim 46, wherein the first information further comprises second information encrypted using a second information key; after receiving the first information from the distribution network device, the method further includes:
Decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information;
and sending the third reference information to the distribution network equipment.
53. The method according to any one of claims 46 to 52, wherein the key calculation parameter comprises a random number.
54. The method according to any one of claims 46 to 52, wherein the length of the key calculation parameter is greater than or equal to one byte.
55. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
and sending first information to the equipment to be accessed to the network, wherein the first information comprises a key calculation parameter which is used for determining a first information key.
56. The method of claim 55, wherein the first information further includes network configuration information encrypted by using a second information key, and the network configuration information is used for configuring the device to be networked to access a second access point; the method further comprises the following steps:
receiving the key calculation parameter and the second information key from the distribution network cloud platform;
and determining the first information according to the key calculation parameter, the second information key and the network configuration information.
57. The method of claim 56, wherein determining the first information according to the key calculation parameter, the second information key, and the network configuration information comprises:
processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key;
and determining the first information according to the key calculation parameter and the network configuration information encrypted by adopting the second information key.
58. The method of claim 55, further comprising:
receiving first encryption information from the equipment to be accessed to the network, wherein the first encryption information comprises first reference information encrypted by adopting the first information key;
receiving second encrypted information from the distribution network cloud platform, wherein the second encrypted information comprises second reference information encrypted by a second information key;
and sending network configuration information to the equipment to be accessed to the network under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
59. The method of claim 55, further comprising:
receiving the third reference information from the distribution network equipment;
receiving fourth reference information from a distribution network cloud platform;
and sending network configuration information to the equipment to be accessed to the network under the condition that the third reference information is consistent with the fourth reference information, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
60. The method according to any one of claims 55 to 59, wherein said key calculation parameter comprises a random number.
61. The method according to any one of claims 55 to 59, wherein the length of the key calculation parameter is greater than or equal to one byte.
62. An information processing apparatus provided in a device to be networked, the apparatus comprising:
and the beacon broadcasting module is used for broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be accessed to the network and the network distribution device.
63. The apparatus of claim 62, further comprising:
And the first key determining module is used for determining a first access key according to the key calculation parameter and the first equipment key.
64. The apparatus of claim 63, wherein the first key determination module is configured to:
processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key;
and processing the first encryption key by adopting a first coding mode to obtain the first access key.
65. The apparatus of claim 63, further comprising:
the identity authentication module is used for executing the identity authentication with the distribution network equipment based on the first access key;
the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and under the condition that the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
66. The apparatus of claim 62, wherein the beacon comprises at least one of: basic service set identification BSSID field, service set identification SSID field and custom field;
The BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
67. The apparatus according to claim 62, wherein the key calculation parameter comprises a random number.
68. The apparatus of claim 62, wherein the key calculation parameter has a length greater than or equal to one byte.
69. The apparatus of any one of claims 62 to 68, further comprising:
and the configuration information receiving module is used for receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access the second access point.
70. An information processing apparatus provided in a distribution network device, the apparatus comprising:
and the beacon receiving module is used for receiving a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
71. The apparatus of claim 70, further comprising:
the first request sending module is used for sending a first obtaining request to the distribution network cloud platform, wherein the first obtaining request is used for requesting to obtain a second access key;
and the key information receiving module is used for receiving access key information from the distribution network cloud platform, and the access key information is used for determining the second access key.
72. The apparatus of claim 71, wherein the access key information comprises the second access key.
73. The apparatus of claim 71, wherein the access key information comprises a second encryption key; the device further comprises:
and the second key determining module is used for processing the second encryption key by adopting a first coding mode to obtain the second access key.
74. The apparatus according to claim 71, wherein the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
75. The apparatus of claim 71, further comprising:
the identity authentication module is used for executing the identity authentication with the equipment to be accessed to the network based on the second access key;
The identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
76. The apparatus of claim 70, wherein the beacon comprises at least one of: basic service set identification BSSID field, service set identification SSID field and custom field;
the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
77. The apparatus according to claim 70, wherein the key calculation parameter comprises a random number.
78. The apparatus of claim 70, wherein the key calculation parameter has a length greater than or equal to one byte.
79. The apparatus of any one of claims 70 to 78, further comprising:
And the access module is used for accessing the first access point under the condition that the identity authentication is passed.
80. The apparatus of claim 79, further comprising:
and the configuration information sending module is used for sending network configuration information to the equipment to be accessed to the network, and the network configuration information is used for configuring the equipment to be accessed to the second access point.
81. An information processing apparatus provided in a device to be networked, the apparatus comprising:
the first display module is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network equipment, and the network configuration information is used to configure the equipment to be networked to access the second access point.
82. The apparatus of claim 81, further comprising:
and the decryption key determining module is used for determining the information decryption key according to the key calculation parameter and the first equipment key.
83. The apparatus according to claim 82, wherein said decryption key determining module is configured to:
And processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
84. The apparatus of claim 81, further comprising:
the first scanning module is used for scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key;
under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
85. The apparatus according to any one of claims 81 to 84, wherein the key calculation parameter comprises a random number.
86. The apparatus according to any one of claims 81 to 84, wherein the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
87. The apparatus according to any one of claims 81 to 84, wherein the length of the key calculation parameter is greater than or equal to one byte.
88. An information processing apparatus provided in a distribution network device, the apparatus comprising:
the second scanning module is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
89. The apparatus of claim 88, further comprising:
the second request sending module is used for sending a second acquisition request to the distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key;
and the encryption key receiving module is used for receiving the information encryption key from the distribution network cloud platform.
90. The apparatus according to claim 89, wherein the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
91. The apparatus of claim 88, further comprising:
The graphic code determining module is used for determining a second graphic code according to the network configuration information and the information encryption key;
and the second display module is used for displaying the second graphic code.
92. The apparatus as claimed in claim 91, wherein the graphic code determination module is configured to:
processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information;
and generating the second graphic code according to the encrypted network configuration information.
93. The apparatus according to any one of claims 88 to 92, wherein said key calculation parameter comprises a random number.
94. The apparatus of any one of claims 88 to 92, wherein the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
95. The apparatus of any one of claims 88 to 92, wherein the key calculation parameter has a length greater than or equal to one byte.
96. An information processing apparatus provided in a device to be networked, the apparatus comprising:
The third scanning module is used for scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
97. The apparatus of claim 96, further comprising:
and the decryption key determining module is used for determining the information decryption key according to the key calculation parameter and the first equipment key.
98. The apparatus according to claim 97, wherein said decryption key determining module is configured to:
and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
99. The apparatus according to claim 96,
under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information;
And under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
100. The apparatus according to any one of claims 96 to 99, wherein the key calculation parameter comprises a random number.
101. The apparatus according to any one of claims 96 to 99, wherein the length of the key calculation parameter is greater than or equal to one byte.
102. An information processing apparatus provided in a distribution network device, the apparatus comprising:
the third display module is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
103. The apparatus of claim 102, further comprising:
the information receiving module is used for receiving the information encryption key and the key calculation parameter from the distribution network cloud platform;
And the graphic code determining module is used for determining the third graphic code according to the information encryption key, the key calculation parameter and the network configuration information.
104. The apparatus according to claim 103, wherein the graphic code determining module is configured to:
processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key;
and generating the third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter.
105. The apparatus according to any one of claims 102 to 104, wherein the key calculation parameter comprises a random number.
106. The apparatus according to any one of claims 102 to 104, wherein the length of the key calculation parameter is greater than or equal to one byte.
107. An information processing apparatus provided in a device to be networked, the apparatus comprising:
the first receiving module is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
108. The apparatus as claimed in claim 107, further comprising:
and the first key determining module is used for determining the first information key according to the key calculation parameter and the first equipment key.
109. The apparatus of claim 108, wherein the first key determination module is configured to:
and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
110. The apparatus according to claim 107, wherein the first information further includes network configuration information encrypted by using a second information key, and the network configuration information is used to configure the device to be networked to access a second access point; the device further comprises:
the first decryption module is used for decrypting the network configuration information encrypted by the second information key by using the first information key;
under the condition that the first information key is consistent with the second information key, the equipment to be accessed to the network successfully acquires the network configuration information;
and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
111. The apparatus as claimed in claim 107, further comprising:
the first encryption module is used for obtaining first encryption information according to the first information key and the first reference information;
and the first information sending module is used for sending the first encrypted information to the distribution network equipment.
112. The apparatus according to claim 111, wherein the first encryption module is configured to:
and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
113. The apparatus according to claim 107, wherein the first information further comprises second information encrypted with a second information key; the device further comprises:
the second decryption module is used for decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information;
and the third information sending module is used for sending the third reference information to the distribution network equipment.
114. The apparatus according to any one of claims 107 to 113, wherein the key calculation parameter comprises a random number.
115. The apparatus according to any of the claims 107 to 113, wherein the length of the key calculation parameter is larger than or equal to one byte.
116. An information processing apparatus provided in a distribution network device, the apparatus comprising:
the device comprises a first sending module and a second sending module, wherein the first sending module is used for sending first information to the device to be accessed to the network, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
117. The apparatus according to claim 116, wherein the first information further includes network configuration information encrypted by using a second information key, and the network configuration information is used to configure the device to be networked to access a second access point; the device further comprises:
the first receiving module is used for receiving the key calculation parameters and the second information key from the distribution network cloud platform;
and the second determining module is used for determining the first information according to the key calculation parameter, the second information key and the network configuration information.
118. The apparatus according to claim 117, wherein the second determining means is configured to:
processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key;
And determining the first information according to the key calculation parameter and the network configuration information encrypted by adopting the second information key.
119. The apparatus according to claim 116, further comprising:
a first information receiving module, configured to receive first encrypted information from the device to be networked, where the first encrypted information includes first reference information encrypted by using the first information key;
the second information receiving module is used for receiving second encrypted information from the distribution network cloud platform, wherein the second encrypted information comprises second reference information encrypted by a second information key;
and the configuration information sending module is used for sending network configuration information to the equipment to be accessed under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to a second access point.
120. The apparatus according to claim 116, further comprising:
a third information receiving module, configured to receive the third reference information from the distribution network device;
the fourth information receiving module is used for receiving fourth reference information from the distribution network cloud platform;
And a configuration information sending module, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point, when the third reference information is consistent with the fourth reference information.
121. The apparatus according to any one of claims 116 to 120, wherein the key calculation parameter comprises a random number.
122. The apparatus according to any one of claims 116 to 120, wherein the length of the key calculation parameter is greater than or equal to one byte.
123. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the network distribution device.
124. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
The transceiver is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
125. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
126. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
127. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for scanning a third graphic code displayed by the distribution network equipment, and the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
128. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
129. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
130. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
131. A computer-readable storage medium, in which a computer program is stored, the computer program being configured to be executed by a processor of a device to be networked to implement the information processing method according to any one of claims 1 to 8, or the information processing method according to any one of claims 20 to 26, or the information processing method according to any one of claims 35 to 40, or the information processing method according to any one of claims 46 to 54.
132. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program for execution by a processor of a network distribution device to implement the information processing method of any one of claims 9 to 19, or to implement the information processing method of any one of claims 27 to 34, or to implement the information processing method of any one of claims 41 to 45, or to implement the information processing method of any one of claims 55 to 61.
CN202010925363.1A 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium Pending CN114157413A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202010925363.1A CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium
CN202180042424.2A CN115769542A (en) 2020-09-06 2021-03-05 Information processing method, device, equipment and storage medium
PCT/CN2021/079365 WO2022048125A1 (en) 2020-09-06 2021-03-05 Information processing method and apparatus, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010925363.1A CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114157413A true CN114157413A (en) 2022-03-08

Family

ID=80460645

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010925363.1A Pending CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium
CN202180042424.2A Pending CN115769542A (en) 2020-09-06 2021-03-05 Information processing method, device, equipment and storage medium

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202180042424.2A Pending CN115769542A (en) 2020-09-06 2021-03-05 Information processing method, device, equipment and storage medium

Country Status (2)

Country Link
CN (2) CN114157413A (en)
WO (1) WO2022048125A1 (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8254572B2 (en) * 2008-09-30 2012-08-28 Apple Inc. Secure provisioning of a portable device using a representation of a key
CN102395216A (en) * 2011-12-21 2012-03-28 上海云联计算机系统有限公司 Method for rapidly accessing to wireless local area network and mobile terminal thereof
CN102802155A (en) * 2012-08-17 2012-11-28 珠海金山办公软件有限公司 Method for rapidly establishing connection between mobile terminal and intelligent display equipment
CN105682088B (en) * 2014-11-18 2020-08-04 腾讯科技(武汉)有限公司 Wireless network sharing method and terminal
CN106851632B (en) * 2017-01-22 2019-11-08 海尔优家智能科技(北京)有限公司 A kind of method and device of smart machine access WLAN
CN106850209A (en) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 A kind of identity identifying method and device
CN108632056B (en) * 2017-03-17 2023-01-31 阿里云计算有限公司 Intelligent equipment network configuration method and system
CN111510919B (en) * 2019-01-31 2023-02-03 阿里巴巴集团控股有限公司 Network configuration method, device, equipment and system

Also Published As

Publication number Publication date
WO2022048125A1 (en) 2022-03-10
CN115769542A (en) 2023-03-07

Similar Documents

Publication Publication Date Title
US10601594B2 (en) End-to-end service layer authentication
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
CN108781366B (en) Authentication mechanism for 5G technology
US10638321B2 (en) Wireless network connection method and apparatus, and storage medium
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
US11075752B2 (en) Network authentication method, and related device and system
US20190199532A1 (en) Authentication method, authentication apparatus, and authentication system
US7123721B2 (en) Enhanced subscriber authentication protocol
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
US10652738B2 (en) Authentication module
CN111669276A (en) Network verification method, device and system
EP3537652B1 (en) Method for securely controlling smart home appliance and terminal device
CN105554747A (en) Wireless network connecting method, device and system
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN110192381A (en) The transmission method and equipment of key
WO2022111187A1 (en) Terminal authentication method and apparatus, computer device, and storage medium
WO2023083170A1 (en) Key generation method and apparatus, terminal device, and server
US20230308875A1 (en) Wi-fi security authentication method and communication apparatus
CN113545115A (en) Communication method and device
CN109561431B (en) WLAN access control system and method based on multi-password identity authentication
CN114390521A (en) Key updating method, device, equipment and storage medium
CN110831002B (en) Method and device for key deduction and computing storage medium
US20220400006A1 (en) Touchless key provisioning operation for communication devices
CN114157413A (en) Information processing method, device, equipment and storage medium
CN114390520A (en) Key updating method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination