CN114826574A - Intelligent household safety communication system and communication method - Google Patents

Intelligent household safety communication system and communication method Download PDF

Info

Publication number
CN114826574A
CN114826574A CN202210408989.4A CN202210408989A CN114826574A CN 114826574 A CN114826574 A CN 114826574A CN 202210408989 A CN202210408989 A CN 202210408989A CN 114826574 A CN114826574 A CN 114826574A
Authority
CN
China
Prior art keywords
key
authentication
control center
message
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210408989.4A
Other languages
Chinese (zh)
Inventor
张亮亮
李扬
徐兵杰
黄伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202210408989.4A priority Critical patent/CN114826574A/en
Publication of CN114826574A publication Critical patent/CN114826574A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an intelligent home safety communication system and a communication method. The invention can meet the requirement of mass data one-time pad encryption, and the double-key XOR encryption and decryption in a remote access and near-field access reduces the risk of stealing the information of the whole device, thereby greatly improving the safety of the intelligent home system.

Description

Intelligent household safety communication system and communication method
Technical Field
The invention belongs to the technical field of intelligent home communication, and particularly relates to an intelligent home safety communication system and a communication method.
Background
With the popularization of the mobile internet, the smart home devices are more in the aspects of people's life, so that protection on identity authentication, user data and privacy in the smart home devices is very important. However, at present, a key for identity authentication, user data and privacy protection in the smart home device is a series of pseudo random numbers generated by traditional key generation equipment and technology, and the pseudo random numbers are predictable to a certain extent, so that great leakage risks are brought to the user data and the privacy. Meanwhile, the conventional intelligent household equipment is relatively simple in process flow in the aspects of identity authentication and data encryption and decryption, and certain hidden danger is brought to the safety of the intelligent household equipment.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides an intelligent home security communication system and a communication method, can meet the encryption requirement of mass data one-time pad, reduces the risk of stealing the information of the whole device by a remote access double-authentication mode and near-field access double-key XOR encryption and decryption, and greatly improves the security of the intelligent home system.
The purpose of the invention is realized by the following technical scheme:
an intelligent home safety communication system comprises an instruction initiating terminal, a control center, an intelligent gateway and intelligent home equipment;
the instruction initiating terminal is directly communicated with the intelligent home equipment through near field communication or is communicated with the intelligent home equipment through the control center, a key storage medium is bound to the instruction initiating terminal, and the instruction initiating terminal and the key storage medium mutually record and store physical hardware information of the other party;
the instruction initiating terminal may be a general mobile device such as a mobile phone or an ipad, a dedicated mobile control device, a general fixed device such as a desktop computer, or a dedicated fixed control device.
The key storage medium is used for bearing the true random numbers generated by the true random number generator and packaging the true random numbers into a quantum key product.
The intelligent gateway divides an internal network and an external network, transfers communication data of the external network to a control center accessed to the internal network, and provides internal network access for the control center and the intelligent household equipment;
the control center comprises a true random number generator, a key storage area, an encryption and decryption algorithm storage area and a user information storage area, and is communicated with the intelligent home equipment through the intelligent gateway;
wherein the true random number generator may be a general purpose high speed quantum random number generator.
The key storage area comprises an authentication key storage area, a storage key storage area and a transmission key storage area, and the control center encapsulates the true random numbers generated by the true random number generator into an authentication key, a storage key and a transmission key, stores the authentication key in the authentication key storage area, stores the storage key in the storage key storage area and stores the transmission key in the transmission key storage area.
Further, the true random number generator comprises a main true random number generator and a standby true random number generator, and when the working state of the main true random number generator is abnormal, the standby true random number generator is switched to generate true random numbers.
Further, the encryption algorithm in the encryption and decryption algorithm storage area is stored in a grading mode according to the computing power size and the encryption strength which can be supported by the equipment type of the intelligent home security communication system.
Further, the packaging format of the authentication key, the storage key and the transmission key includes a production date of the key and an expiration date of the key.
Further, the key storage medium includes a quantum key fob.
Further, the true random number generator comprises a high-speed quantum random number generator.
On the other hand, the present invention further provides a communication method of any one of the foregoing smart home security communication systems, where the instruction initiating terminal communicates with the smart home device through the control center, and the communication method includes:
accessing the key storage medium and the intelligent household equipment to a control center for registration;
wherein the key storage medium registration includes: connecting a key storage medium to the control center in a down-line manner, respectively injecting a certain number of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center;
the intelligent household equipment registration comprises: the intelligent household equipment is accessed to a control center through an intranet for registration, and the control center injects an authentication key and a transmission key into the accessed intelligent household equipment;
the instruction initiating terminal initiates a first re-authentication request to the control center, and the first re-authentication request is used for authenticating the correctness and the legality of the accessed instruction initiating terminal and the key storage medium;
after the instruction initiating terminal passes the first re-authentication, the control center generates a second re-authentication key K1 through the true random number generator, packages the key and stores the key;
dynamically selecting an encryption and decryption algorithm to encrypt the message containing the second re-authentication key K1, and sending the encrypted message to the instruction initiating terminal;
the instruction initiating terminal receives the encrypted message, analyzes the message, stores a second re-authentication key K1, and initiates a second re-authentication request for authenticating the correctness and validity of the user identity;
after the second authentication is passed, the initiating terminal is instructed to extract the transmission key, an encryption and decryption algorithm is dynamically selected to encrypt the control information or the data information, and the encrypted control information or the data information, the message type, the hash value of the transmission key and the length information of the transmission key are sent to the control center;
the control center analyzes the received message and transmits a control instruction or data to the intelligent home equipment through the intranet.
Further, the first re-authentication request specifically includes:
the method comprises the steps that an instruction initiating terminal initiates an authentication request to a control center, wherein the authentication request comprises user account information, network information, instruction initiating terminal physical hardware information and key storage medium physical hardware information;
the request message of authentication is used for encrypting the authentication message by extracting an authentication key in a key storage medium as an encryption key and dynamically selecting an encryption and decryption algorithm, and meanwhile, the message type, the key hash value and the key length are sent to a control center;
after receiving an authentication request from the instruction initiating terminal, the control center dynamically selects an encryption and decryption algorithm to select the encryption and decryption algorithm, extracts a corresponding decryption key according to a key hash value and a key length in the request message, and solves a plaintext;
and comparing the user account information input by the control center with the user account information in the authentication request, rejecting the authentication request if the results are inconsistent, and passing the authentication if the results are consistent.
Further, the second re-authentication request specifically includes:
collecting user biological characteristic information to form a double-authentication message, and extracting an authentication key K2 from a key storage medium;
taking the result of the XOR operation of K1 and K2 as an encryption key, dynamically selecting an encryption and decryption algorithm to encrypt the double authentication message, and sending the message type, the key hash value and the key length to a control center;
the control center locally acquires a second double-authentication key K1 and an authentication key K2 according to the key hashed value in the double-authentication message, analyzes the double-authentication message, compares the user biological characteristic information stored in the control center with the user biological characteristic information in the double-authentication message, if the user biological characteristic information is consistent with the user biological characteristic information in the double-authentication message, the double-authentication is passed, and otherwise, the authentication request is rejected.
On the other hand, the present invention further provides a communication method of any one of the foregoing smart home security communication systems, where the instruction initiating terminal directly communicates with the smart home device through near field communication, and the communication method includes:
accessing the key storage medium and the intelligent household equipment to a control center for registration;
wherein the key storage medium registration includes: connecting a key storage medium to the control center in a down-line manner, respectively injecting a certain number of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center;
the intelligent household equipment registration comprises: the intelligent home equipment is accessed to the control center through the intranet for registration, and the control center injects an authentication key and a transmission key into the accessed intelligent home equipment;
the method comprises the steps that an instruction initiating terminal sends an authentication access request to corresponding intelligent home equipment in a near field communication mode, wherein the authentication access request comprises user account information, user biological characteristic information, instruction initiating terminal physical hardware information and key storage medium physical hardware information, a message of the authentication access request is encrypted by extracting an authentication key in a key storage medium as an encryption key and dynamically selecting an encryption algorithm, and meanwhile, the message type, a key hash value and the key length are sent to the intelligent home equipment;
after receiving the authentication request message, the intelligent home equipment forwards the authentication request message to the control center through the intranet for analysis, compares user account information, user biological characteristic information, instruction initiating terminal physical hardware information and key storage medium physical hardware information, and informs the intelligent home equipment of allowing access if the comparison is successful, or refuses the access;
after the instruction initiating terminal is successfully accessed to the intelligent home equipment, the intelligent home equipment is controlled in real time, control information and data form a control message, the control message is encrypted by extracting a transmission key in a key storage medium in an exclusive-or encryption mode, and meanwhile, the message type, the key hash value and the key length are sent to the intelligent home equipment;
after receiving the control message, the intelligent household equipment extracts a transmission key in the intelligent household equipment, encrypts the control message and simultaneously sends a key hash value and a key length to a control center;
the control center analyzes the control message, extracts the corresponding transmission key through the key hash value of the transmission key encrypted by the retrieval instruction initiating terminal and the intelligent home equipment respectively, decrypts the ciphertext, and then directly issues the control instruction or the data to the intelligent home equipment.
The invention has the beneficial effects that:
the intelligent home security communication system and the communication method provided by the invention can effectively prevent the prediction of the secret key, can meet the encryption requirement of mass data one-time pad, reduce the risk of stealing the information of the whole device by a remote access double-key authentication mode and near-field access double-key XOR encryption and decryption, and greatly improve the security of the intelligent home system.
Drawings
Fig. 1 is a schematic structural diagram of an intelligent home security communication system provided in this embodiment;
fig. 2 is a flowchart of a method for communicating an instruction initiating terminal with an intelligent home device through a control center according to the present embodiment;
fig. 3 is a flowchart of a method for directly communicating with an intelligent home device through near field communication by an instruction initiating terminal according to this embodiment.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, keys for identity authentication, user data and privacy protection in intelligent home equipment are a series of pseudo random numbers generated by traditional key generation equipment and technology, the pseudo random numbers are predictable to a certain extent, great leakage risks are brought to the user data and the privacy, and meanwhile, the key rate generated by the traditional mode is low, so that a one-time encryption mode cannot be performed on massive data, and the safety of a related system is reduced. Meanwhile, the conventional intelligent household equipment is relatively simple in process flow in the aspects of identity authentication and data encryption and decryption, and certain hidden danger is brought to the safety of the intelligent household equipment.
In order to solve the above technical problems, the following embodiments of the smart home security communication system and the communication method of the present invention are proposed.
In order to solve the safety problem of the traditional intelligent household equipment, the invention improves the traditional intelligent household equipment from two aspects. The method is characterized in that the method completely has no predictability, so that the leakage of the encryption key can be effectively prevented, meanwhile, the high-speed quantum random number generator can generate a large amount of true random numbers in a short time, and the one-time pad requirement of mass data can be met. Secondly, designing a complex and reasonable identity authentication and encryption and decryption strategy, such as dynamically selecting an encryption and decryption algorithm, thereby preventing an illegal user from accessing and preventing a ciphertext from being cracked.
Example 1
Referring to fig. 1, as shown in fig. 1, a schematic structural diagram of an intelligent home security communication system provided in this embodiment is shown. The system specifically comprises the following structure:
the whole device consists of an Intelligent Control Center (ICC), an intelligent gateway, intelligent home equipment, mobile equipment and a quantum key storage card.
The intelligent control center mainly comprises a main QRNG (high-speed quantum random number generator), a standby QRNG, a key storage area and an encryption and decryption algorithm storage area. When the main QRNG is in a normal working state, a true random number is generated and packaged into a quantum key product to be stored in a key storage area. When the working state of the main QRNG is abnormal, the standby QRNG is switched to generate true random numbers. The encryption algorithm storage area is preset with encryption algorithms such as AES and RC4 and a one-time pad XOR encryption algorithm, the algorithms are used for dynamically encrypting keys, user data, privacy information and the like, and the number of the algorithms can be dynamically increased and decreased. The encryption algorithm is classified according to the size of the computing power (encryption and decryption speed and resource consumption) supported by the type of the relevant equipment and the encryption strength, and different encryption algorithms are classified into different grades. The intelligent control center is communicated with the intelligent home equipment and other equipment through the internal network and the external network of the intelligent gateway respectively.
The intelligent control center encapsulates the true random numbers generated by the QRNG into three types of keys, namely an authentication key, a storage key and a transmission key, and stores the keys in a key storage area.
The general encapsulation format for the three types of keys is shown in the following table:
Figure BDA0003603349120000091
table 1 key generic encapsulation format
The types respectively correspond to an authentication key, a storage key and a transmission key and are used for distinguishing different key types, a hash value is obtained by calculating a key with a fixed size (100M, 500M and 1G bytes) and is used for uniquely identifying the key, the length of the key data is recorded, the time point of generation of the key product is recorded on the production date, and the effective time point of the key product is recorded on the expiration date. Each field in the packaging format can be added, deleted and modified according to the requirement.
The intelligent control center can dynamically select an encryption and decryption algorithm to encrypt and decrypt data, wherein the dynamic selection of the encryption and decryption algorithm firstly selects an algorithm base with the same grade according to the calculation force of hardware of both encryption and decryption parties, and secondly selects a certain encryption and decryption algorithm from the selected algorithm base according to a time synchronization type dynamic password algorithm (TOTP), and the local time of both encryption and decryption parties is consistent, so that all devices in the device system are required to be synchronized periodically. Meanwhile, the intelligent control center can store the biological characteristic information of the user so as to carry out relevant identity authentication. As shown in fig. 3: in the encryption and decryption algorithms and the biological characteristic storage area, various key algorithms can be preset, the number of the key algorithms can be dynamically increased and decreased, the key algorithms can be configured according to needs, the encryption algorithms are classified according to the size of computing power (encryption and decryption speed, resource consumption and the like) which can be supported by related equipment and the encryption strength, and different encryption algorithms are classified into different grades. In addition, biometric information includes, but is not limited to, human face, fingerprint, iris, vein, etc.
The intelligent gateway is responsible for dividing an internal network and an external network, transferring communication data of the external network into an intelligent control center accessed to the internal network, and simultaneously providing internal network access for the intelligent control center and the intelligent household equipment so that the intelligent control center and the intelligent household equipment can communicate with each other;
the intelligent home equipment comprises an intelligent door lock, an intelligent television, an intelligent sound box, an intelligent water heater and the like, is controlled by an intelligent control center through an access intranet, and can also be controlled through near field communication of related mobile equipment;
the mobile equipment comprises a mobile phone, special equipment, a bracelet and the like, can be accessed into the intelligent gateway through an external network, can be communicated with the intelligent control center through near field communication, and can also be directly communicated with the intelligent home equipment through the near field communication.
The intelligent home security communication system provided by the embodiment can effectively prevent the prediction of the secret key, can meet the encryption requirement of mass data one-time pad, reduces the risk of stealing the information of the whole device by a remote access double-key authentication mode and near-field access double-key XOR encryption and decryption, and greatly improves the security of the intelligent home system.
Example 2
The specific working principle and the flow of the intelligent home safety communication system are divided into two scenes, namely a scene that the mobile terminal is communicated with the intelligent control center to control the intelligent home and a scene that the mobile terminal is directly communicated with the intelligent home equipment through near field communication to control the intelligent home. The embodiment provides a scene process for controlling the smart home by communicating the mobile terminal with the smart control center.
Before the instruction initiating terminal communicates with the intelligent household equipment through the control center, the method also comprises a registration step, wherein the key storage medium and the intelligent household equipment are accessed to the control center for registration;
wherein the key storage medium registration includes: connecting a key storage medium to the control center in a down-line manner, respectively injecting a certain number of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center;
the intelligent household equipment registration comprises: the intelligent home equipment is accessed to the control center through the intranet for registration, and the control center injects an authentication key and a transmission key into the accessed intelligent home equipment;
referring to fig. 2, as shown in fig. 2, a flowchart of a method for a command initiating terminal to communicate with an intelligent home device through a control center is provided in this embodiment. The method specifically comprises the following steps:
the method comprises the following steps: the mobile terminal performs initialization association binding on the blank quantum key card, and records and stores the physical hardware information of the opposite side mutually, so that the mobile terminal equipment can be used when accessing the quantum key card to read the physical hardware information of the opposite side in real time and compare the physical hardware information with the local stored information each time. The quantum key card is accessed to the intelligent control center through a offline mode, after hardware authentication and identification, the intelligent control center injects keys into the quantum key card, and a certain number of authentication keys and transmission keys are respectively injected according to requirements. And the quantum key card also registers the physical information of the quantum key card in the intelligent control center. Meanwhile, the user needs to enter relevant biological feature information including but not limited to a human face, a fingerprint, an iris, veins and the like in the intelligent control center.
Step two: the intelligent home equipment is accessed to the intelligent control center through the intranet to perform binding and associated registration, and registers and retains the physical hardware information of the intelligent home equipment in the intelligent control center. Meanwhile, the intelligent control center injects authentication and transmission keys into the accessed intelligent household equipment.
Step three: the mobile terminal starts a client program, and then automatically initiates an authentication request to the intelligent control center, wherein the authentication is a first re-authentication which mainly authenticates the correctness and the legality of the accessed mobile terminal and the quantum key fob. The authentication request information comprises account information of a mobile terminal user, network information, physical hardware information of the mobile terminal and physical hardware information of the quantum key fob. The authentication request message is encrypted by extracting an authentication key stored in the quantum key card as an encryption key and selecting an encryption and decryption algorithm according to a dynamic encryption and decryption selection algorithm, and simultaneously carries the message type, the hash value and the key length of the used key and sends the message type, the hash value and the key length to the intelligent control center.
The intelligent home security communication system is classified according to the size of computing power (encryption and decryption speed and resource consumption) supported by the type of the related equipment and the encryption strength, and different encryption algorithms are classified into different grades. The dynamic encryption and decryption algorithm is therefore selected based on the amount of effort and encryption strength that can be supported by the relevant device type. The size of computing power (encryption and decryption speed and resource consumption) supported by the type of the related equipment and the encryption strength grading are self-defined attributes, and can be set according to the encryption strength requirement and the software and hardware computing capacity of the related equipment.
The intelligent control center selects an encryption and decryption algorithm according to the dynamic key selection algorithm after receiving the authentication request from the mobile terminal, extracts a corresponding decryption key according to the key hash value and the key length in the request message, decodes a plaintext, compares the related information of the user and the like according to the data in the database, rejects the authentication request if the results are inconsistent, and passes the authentication otherwise.
It should be noted that, because the encryption party and the decryption party do not know what encryption algorithm the other party uses, the decryption party also needs to dynamically select a corresponding algorithm according to the type of the related device to perform decryption, and such an encryption and decryption manner greatly improves the security of the smart home authentication.
Step IV: and after the mobile terminal passes the first re-authentication, the intelligent control center generates a double-authentication quantum key K1 in real time through QRNG, packages the double-authentication quantum key K1 and stores the double-authentication quantum key K1 in a local area, selects an encryption and decryption algorithm through a dynamic encryption and decryption selection algorithm to encrypt the message containing K1, and sends the message to the mobile terminal in the step three.
After receiving the message sent by the step (iv), the mobile terminal analyzes and stores K1, and simultaneously starts double authentication, namely, collects the biological characteristic information of the user in real time to form a double authentication message, extracts an authentication key K2 from the quantum key card, uses K1 ^ K2 as an encryption key, selects an encryption and decryption algorithm by adopting a dynamic encryption and decryption selection algorithm to encrypt the double authentication message, and simultaneously carries the message type, the hash value of K1 and K2, the key length and other information, and then sends the message to the intelligent control center. The intelligent control center locally obtains K1 and K2 according to the hash value information in the message, analyzes the message, compares the biological characteristic information, if the two authentication passes, otherwise, the access of the mobile terminal is refused.
Wherein the content of the first and second substances,
Figure BDA0003603349120000121
indicating that k1 and k2 are exclusive-ored.
Step (c): the mobile terminal encrypts the control information or the data information by extracting the transmission key and selecting an encryption and decryption algorithm by adopting a dynamic encryption selection algorithm, and simultaneously sends the information such as the message type, the hash value and the length of the encryption key to the intelligent control center.
Step (c): and c, the intelligent control center analyzes the messages sent by the mobile terminal in the step c and sends control instructions or data to the intelligent home equipment through the intranet.
The intelligent home security communication method provided by the embodiment can effectively prevent the prediction of the secret key, can meet the encryption requirement of mass data one-time pad, reduces the risk of stealing the information of the whole device in a remote access double authentication mode, and greatly improves the security of an intelligent home system.
Example 3
The embodiment provides a scene process in which the mobile terminal directly communicates with the smart home device through near field communication so as to control the smart home.
Before the instruction initiating terminal directly communicates with the intelligent household equipment through near field communication, the method also comprises a registration step, wherein a key storage medium and the intelligent household equipment are accessed to a control center for registration;
wherein the key storage medium registration includes: and connecting the key storage medium to the control center in a down-line manner, respectively injecting a certain quantity of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center.
Referring to fig. 3, as shown in fig. 3, a flowchart of a method for the instruction initiating terminal to directly communicate with the smart home device through the near field communication is shown. The method specifically comprises the following steps:
the method comprises the following steps: the mobile terminal sends an authentication access request to the corresponding intelligent home equipment in a near field communication mode, wherein the authentication access request comprises user account information, biological characteristic information, mobile terminal physical hardware information and quantum key card physical hardware information. The authentication request message is encrypted by extracting an authentication key stored in the quantum key card as an encryption key and selecting an encryption algorithm according to a dynamic encryption selection algorithm, and simultaneously carries the message type, the hash value and the key length of the used key and sends the message type, the hash value and the key length to the intelligent home equipment.
Step two: and after receiving the authentication request message, the intelligent home equipment forwards the authentication request message to the intelligent control center through the intranet. And after the intelligent control center analyzes the message, the corresponding authentication information is compared, if the comparison is successful, the intelligent home equipment is informed of allowing access, and if not, the access is refused.
Step three: after the mobile terminal is successfully accessed to the intelligent home equipment, the intelligent home equipment is controlled in real time, control information and data form a message, the message is encrypted by extracting a transmission key in a quantum key card in an exclusive-or encryption mode, and meanwhile, the message type, hash value of the used encryption key and other information are carried and sent to the intelligent home equipment. After receiving the message, the intelligent home equipment extracts the transmission key of the intelligent home equipment, encrypts the message in an exclusive or encryption mode, adds information such as a hash value of the used encryption key and the like, and sends the information to an intelligent control center.
Step IV: the intelligent control center message analyzes the message, extracts a corresponding transmission key through a transmission key hashed value obtained by searching the mobile terminal and the intelligent home equipment and respectively carrying out XOR encryption, carries out XOR decryption on the ciphertext, and then directly issues a corresponding control instruction or data to the intelligent home equipment.
The intelligent home security communication method provided by the embodiment can effectively prevent the prediction of the secret key, can meet the encryption requirement of mass data one-time pad, reduces the risk of stealing the information of the whole device by the double-key XOR encryption and decryption of near-field access, and greatly improves the security of the intelligent home system.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. An intelligent home safety communication system is characterized by comprising an instruction initiating terminal, a control center, an intelligent gateway and intelligent home equipment;
the instruction initiating terminal is directly communicated with the intelligent home equipment through near field communication or is communicated with the intelligent home equipment through the control center, a key storage medium is bound to the instruction initiating terminal, and the instruction initiating terminal and the key storage medium mutually record and store physical hardware information of the other party;
the intelligent gateway divides an internal network and an external network, transfers communication data of the external network to a control center accessed to the internal network, and provides internal network access for the control center and the intelligent household equipment;
the control center comprises a true random number generator, a key storage area, an encryption and decryption algorithm storage area and a user information storage area, and is communicated with the intelligent home equipment through the intelligent gateway;
the key storage area comprises an authentication key storage area, a storage key storage area and a transmission key storage area, and the control center encapsulates the true random numbers generated by the true random number generator into an authentication key, a storage key and a transmission key, stores the authentication key in the authentication key storage area, stores the storage key in the storage key storage area and stores the transmission key in the transmission key storage area.
2. The smart home security communication system of claim 1, wherein the true random number generator comprises a main true random number generator and a standby true random number generator, and when the working state of the main true random number generator is abnormal, the standby true random number generator is switched to generate the true random number.
3. The smart home security communication system according to claim 1, wherein the encryption algorithms in the encryption and decryption algorithm storage area are stored in a hierarchical manner according to the computing power and the encryption strength that can be supported by the device type of the smart home security communication system.
4. The smart home security communication system of claim 1, wherein the packaging format of the authentication key, the storage key and the transmission key comprises a production date of the key and an expiration date of the key.
5. The smart home security communication system of claim 4, wherein the key storage medium comprises a quantum key fob.
6. The smart home security communication system of claim 1, wherein the true random number generator comprises a high-speed quantum random number generator.
7. The communication method of the smart home security communication system according to any one of claims 1 to 6, wherein the command initiating terminal communicates with the smart home device through the control center, and the communication method includes:
accessing the key storage medium and the intelligent household equipment to a control center for registration;
wherein the key storage medium registration includes: connecting a key storage medium into the control center in a down-line manner, respectively injecting a certain quantity of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center;
the intelligent household equipment registration comprises: the intelligent home equipment is accessed to the control center through the intranet for registration, and the control center injects an authentication key and a transmission key into the accessed intelligent home equipment;
the instruction initiating terminal initiates a first re-authentication request to the control center, and the first re-authentication request is used for authenticating the correctness and the legality of the accessed instruction initiating terminal and the key storage medium;
after the instruction initiating terminal passes the first re-authentication, the control center generates a second re-authentication key K1 through the true random number generator, packages the key and stores the key;
dynamically selecting an encryption and decryption algorithm to encrypt the message containing the second re-authentication key K1, and sending the encrypted message to the instruction initiating terminal;
the instruction initiating terminal receives the encrypted message, analyzes the message, stores a second re-authentication key K1, and initiates a second re-authentication request for authenticating the correctness and validity of the user identity;
after the second authentication is passed, the initiating terminal is instructed to extract the transmission key, an encryption and decryption algorithm is dynamically selected to encrypt the control information or the data information, and the encrypted control information or the data information, the message type, the hash value of the transmission key and the length information of the transmission key are sent to the control center;
the control center analyzes the received message and transmits a control instruction or data to the intelligent home equipment through the intranet.
8. The smart home security communication method according to claim 7, wherein the first re-authentication request specifically includes:
the method comprises the steps that an instruction initiating terminal initiates an authentication request to a control center, wherein the authentication request comprises user account information, network information, instruction initiating terminal physical hardware information and key storage medium physical hardware information;
the request message of authentication is used for encrypting the authentication message by extracting an authentication key in a key storage medium as an encryption key and dynamically selecting an encryption and decryption algorithm, and meanwhile, the message type, the key hash value and the key length are sent to a control center;
after receiving an authentication request from the instruction initiating terminal, the control center dynamically selects an encryption and decryption algorithm to select the encryption and decryption algorithm, extracts a corresponding decryption key according to a key hash value and a key length in the request message, and solves a plaintext;
and comparing the user account information input by the control center with the user account information in the authentication request, rejecting the authentication request if the results are inconsistent, and passing the authentication if the results are consistent.
9. The smart home security communication method according to claim 7, wherein the second re-authentication request specifically includes:
collecting user biological characteristic information to form a double-authentication message, and extracting an authentication key K2 from a key storage medium;
taking the result of the XOR operation of K1 and K2 as an encryption key, dynamically selecting an encryption and decryption algorithm to encrypt the double authentication message, and sending the message type, the key hash value and the key length to a control center;
the control center locally acquires a second double-authentication key K1 and an authentication key K2 according to the key hash value in the double-authentication message, analyzes the double-authentication message, compares the user biological characteristic information stored in the control center with the user biological characteristic information in the double-authentication message, if the user biological characteristic information is consistent with the user biological characteristic information in the double-authentication message, the double-authentication is passed, otherwise, the authentication request is rejected.
10. The communication method of the smart home security communication system according to any one of claims 1 to 5, wherein the instruction initiating terminal directly communicates with the smart home device through near field communication, and the communication method includes:
accessing the key storage medium and the intelligent household equipment to a control center for registration;
wherein the key storage medium registration includes: connecting a key storage medium to the control center in a down-line manner, respectively injecting a certain number of authentication keys and transmission keys into the key storage medium according to requirements, registering physical hardware information of the key storage medium in the control center, and inputting biological characteristic information of a user in the control center;
the intelligent household equipment registration comprises: the intelligent home equipment is accessed to the control center through the intranet for registration, and the control center injects an authentication key and a transmission key into the accessed intelligent home equipment;
the method comprises the steps that an instruction initiating terminal sends an authentication access request to corresponding intelligent home equipment in a near field communication mode, wherein the authentication access request comprises user account information, user biological characteristic information, instruction initiating terminal physical hardware information and key storage medium physical hardware information, a message of the authentication access request is encrypted by extracting an authentication key in a key storage medium as an encryption key and dynamically selecting an encryption algorithm, and meanwhile, the message type, a key hash value and the key length are sent to the intelligent home equipment;
after receiving the authentication request message, the intelligent home equipment forwards the authentication request message to the control center through the intranet for analysis, compares user account information, user biological characteristic information, instruction initiating terminal physical hardware information and key storage medium physical hardware information, and informs the intelligent home equipment of allowing access if the comparison is successful, or refuses the access;
after the instruction initiating terminal is successfully accessed to the intelligent home equipment, the intelligent home equipment is controlled in real time, control information and data form a control message, the control message is encrypted by extracting a transmission key in a key storage medium in an exclusive-or encryption mode, and meanwhile, the message type, the key hash value and the key length are sent to the intelligent home equipment;
after receiving the control message, the intelligent household equipment extracts a transmission key in the intelligent household equipment, encrypts the control message and simultaneously sends a key hash value and a key length to a control center;
the control center analyzes the control message, extracts the corresponding transmission key through the key hash value of the transmission key encrypted by the retrieval instruction initiating terminal and the intelligent home equipment respectively, decrypts the ciphertext, and then directly issues the control instruction or the data to the intelligent home equipment.
CN202210408989.4A 2022-04-19 2022-04-19 Intelligent household safety communication system and communication method Pending CN114826574A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210408989.4A CN114826574A (en) 2022-04-19 2022-04-19 Intelligent household safety communication system and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210408989.4A CN114826574A (en) 2022-04-19 2022-04-19 Intelligent household safety communication system and communication method

Publications (1)

Publication Number Publication Date
CN114826574A true CN114826574A (en) 2022-07-29

Family

ID=82505494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210408989.4A Pending CN114826574A (en) 2022-04-19 2022-04-19 Intelligent household safety communication system and communication method

Country Status (1)

Country Link
CN (1) CN114826574A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170233A (en) * 2023-04-23 2023-05-26 广州河东科技有限公司 User terminal communication security authentication system of smart home
CN116909161A (en) * 2023-09-11 2023-10-20 南昌理工学院 Smart home control method and system based on wearable equipment

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011153737A1 (en) * 2010-06-09 2011-12-15 中兴通讯股份有限公司 Device, system and method for implementing smart home applications
CN102833075A (en) * 2012-09-05 2012-12-19 北京市科学技术情报研究所 Identity authentication and digital signature method based on three-layered overlapping type key management technology
CN105141584A (en) * 2015-07-29 2015-12-09 宇龙计算机通信科技(深圳)有限公司 Smart home system equipment authentication methods, and devices
CN105512578A (en) * 2015-12-08 2016-04-20 北京元心科技有限公司 Methods and devices for storing, deleting and reading data on SD (secure digital) card
CN106888084A (en) * 2017-01-04 2017-06-23 浙江神州量子网络科技有限公司 A kind of quantum fort machine system and its authentication method
CN206922774U (en) * 2017-03-28 2018-01-23 浙江神州量子网络科技有限公司 A kind of on-site verification system based on mobile terminal
CN108122316A (en) * 2017-12-21 2018-06-05 美的集团股份有限公司 Door lock communication system and method based on safety chip
CN109120408A (en) * 2017-06-26 2019-01-01 中国电信股份有限公司 For authenticating the methods, devices and systems of user identity
US20200028672A1 (en) * 2017-03-29 2020-01-23 Yunding Network Technology (Beijing) Co., Ltd. Secure communication method and smart lock system based thereof
CN112003868A (en) * 2020-08-28 2020-11-27 苏州中科安源信息技术有限公司 Intelligent household system secure communication method based on white-box encryption
CN213279683U (en) * 2020-05-22 2021-05-25 南京如般量子科技有限公司 Mobile quantum random number supplementing device and system
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011153737A1 (en) * 2010-06-09 2011-12-15 中兴通讯股份有限公司 Device, system and method for implementing smart home applications
CN102833075A (en) * 2012-09-05 2012-12-19 北京市科学技术情报研究所 Identity authentication and digital signature method based on three-layered overlapping type key management technology
CN105141584A (en) * 2015-07-29 2015-12-09 宇龙计算机通信科技(深圳)有限公司 Smart home system equipment authentication methods, and devices
CN105512578A (en) * 2015-12-08 2016-04-20 北京元心科技有限公司 Methods and devices for storing, deleting and reading data on SD (secure digital) card
CN106888084A (en) * 2017-01-04 2017-06-23 浙江神州量子网络科技有限公司 A kind of quantum fort machine system and its authentication method
CN206922774U (en) * 2017-03-28 2018-01-23 浙江神州量子网络科技有限公司 A kind of on-site verification system based on mobile terminal
US20200028672A1 (en) * 2017-03-29 2020-01-23 Yunding Network Technology (Beijing) Co., Ltd. Secure communication method and smart lock system based thereof
CN109120408A (en) * 2017-06-26 2019-01-01 中国电信股份有限公司 For authenticating the methods, devices and systems of user identity
CN108122316A (en) * 2017-12-21 2018-06-05 美的集团股份有限公司 Door lock communication system and method based on safety chip
CN213279683U (en) * 2020-05-22 2021-05-25 南京如般量子科技有限公司 Mobile quantum random number supplementing device and system
CN112003868A (en) * 2020-08-28 2020-11-27 苏州中科安源信息技术有限公司 Intelligent household system secure communication method based on white-box encryption
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
YUJIE LUO ET AL.: "Optimization of the Randomness Extraction Based on Toeplitz Matrix for High-Speed QRNG Post-Processing on GPU", 2021 13TH INTERNATIONAL CONFERENCE ON COMMUNICATION SOFTWARE AND NETWORKS (ICCSN), 25 June 2021 (2021-06-25) *
张宇: "智能家居通信系统设计与实现", 工程科技II辑, no. 2018, 31 December 2018 (2018-12-31) *
每天学点电脑知识: "什么是内网、外网?内网、外网有啥区别?", Retrieved from the Internet <URL:https://www.zhihu.com/tardis/zm/art/147282153?source_id=1005> *
秦利红等: "基于Android平台智能家居客户端的设计与实现", 计算机应用与软件, no. 09, 15 September 2016 (2016-09-15) *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170233A (en) * 2023-04-23 2023-05-26 广州河东科技有限公司 User terminal communication security authentication system of smart home
CN116170233B (en) * 2023-04-23 2023-07-18 广州河东科技有限公司 User terminal communication security authentication system of smart home
CN116909161A (en) * 2023-09-11 2023-10-20 南昌理工学院 Smart home control method and system based on wearable equipment
CN116909161B (en) * 2023-09-11 2023-12-12 南昌理工学院 Smart home control method and system based on wearable equipment

Similar Documents

Publication Publication Date Title
CN104579694B (en) A kind of identity identifying method and system
US20200104826A1 (en) Contactless card emulation system and method
CN104852925B (en) Mobile intelligent terminal anti-data-leakage secure storage, backup method
CN100559393C (en) RFID label and reader thereof, reading system and safety certifying method
CN101350724B (en) Encrypting method base on biology characteristic information
CN109145540B (en) Intelligent terminal identity authentication method and device based on block chain
CN110291754A (en) It is accessed using the system of mobile device
CN114826574A (en) Intelligent household safety communication system and communication method
CN103124269A (en) Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment
TW200421095A (en) Mobile network authentication for protecting content
CN104579649A (en) Identity recognition method and system
CN111954211B (en) Novel authentication key negotiation system of mobile terminal
CN111274599A (en) Data sharing method based on block chain and related device
CN113541935B (en) Encryption cloud storage method, system, equipment and terminal supporting key escrow
CN101656748A (en) Second-generation ID card online inquiry system and method based on secure network
CN110225014B (en) Internet of things equipment identity authentication method based on fingerprint centralized issuing mode
CN103971426A (en) PSAM safety control-based access control system and safe access control method using the same
CN108809936A (en) A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm
CN106789024A (en) A kind of remote de-locking method, device and system
CN112565265A (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN101944216A (en) Two-factor online transaction safety authentication method and system
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
JP2001523407A (en) Mutual authentication method between two entities
CN107333263A (en) A kind of follow-on SIM card and mobile communication personal identification method and system
CN110224816A (en) Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination