CN115769542A - Information processing method, device, equipment and storage medium - Google Patents

Information processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN115769542A
CN115769542A CN202180042424.2A CN202180042424A CN115769542A CN 115769542 A CN115769542 A CN 115769542A CN 202180042424 A CN202180042424 A CN 202180042424A CN 115769542 A CN115769542 A CN 115769542A
Authority
CN
China
Prior art keywords
key
information
networked
equipment
calculation parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202180042424.2A
Other languages
Chinese (zh)
Inventor
罗朝明
茹昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN115769542A publication Critical patent/CN115769542A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides an information processing method, an information processing device, information processing equipment and a storage medium, and relates to the technical field of communication. The method comprises the following steps: the method comprises the steps that a device to be networked broadcasts a beacon of a first access point, the beacon comprises a secret key calculation parameter and/or a device identification of the device to be networked, and the secret key calculation parameter is used for determining an access secret key for performing identity authentication between the device to be networked and a distribution network device; the distribution network equipment receives a beacon of the first access point. According to the method and the device, the key calculation parameter is added to the beacon of the access point started by the device to be accessed, and is used for determining the access key for executing the identity authentication between the device to be accessed and the distribution network device, so that a basis is provided for executing the identity authentication between the device to be accessed and the distribution network device, and the realization of the identity authentication between the subsequent device to be accessed and the distribution network device is facilitated.

Description

Information processing method, device, equipment and storage medium
The present application claims priority from chinese patent application No. 202010925363.1 entitled "information processing method, apparatus, device, and storage medium" filed on 09/06/2020, which is incorporated herein by reference in its entirety.
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an information processing method, an information processing apparatus, an information processing device, and a storage medium.
Background
Intelligent devices (Intelligent devices) include devices, instruments, machines, etc. having computing and processing capabilities. In general, when the smart device is used for the first time or in a use scenario in which the smart device is replaced (for example, the smart device is replaced from one network environment to another network environment), the smart device needs to be distributed, so that the smart device is connected to the network, and the control of the smart device is realized through the network.
The related technology provides a method for accessing a network by various configured intelligent devices, which mainly comprises the following steps: a soft AP (Access Point) distribution network (hereinafter referred to as "soft AP distribution network") and a code scanning distribution network. The main flow of the soft AP distribution network is as follows: the intelligent device starts the soft AP and broadcasts a beacon (beacon) of the soft AP; after the distribution network equipment scans the beacon of the soft AP, the beacon is added into the soft AP; through the soft AP, the distribution network equipment can send network configuration information of the AP needing to be accessed to the intelligent equipment, and then the intelligent equipment closes the soft AP and accesses the AP according to the network configuration information, so that the distribution network process is completed. The main flow of the code scanning distribution network is as follows: the distribution network equipment displays the network configuration information of the AP needing to be accessed in a two-dimensional code mode; the intelligent device scans the two-dimensional code displayed by the distribution network device to acquire network configuration information, and then accesses the AP according to the network configuration information to complete the distribution network process.
However, the above process of the distribution network does not involve identity authentication of the intelligent device, so that it is highly likely that a counterfeit intelligent device acquires the network configuration information of the AP, which causes leakage of the network configuration information of the AP and poses a great threat to the security of the AP. Therefore, how to implement identity authentication on the smart device to improve the security of the AP needs to be further discussed and studied.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device, information processing equipment and a storage medium. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, and the method includes:
and broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
On the other hand, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
receiving a beacon of a first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, where the method includes:
displaying a first graphic code, wherein the first graphic code comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used for determining an information decryption key, the information decryption key is used for decrypting network configuration information from distribution network equipment, and the network configuration information is used for configuring the equipment to be networked to access a second access point.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
scanning a first graphic code of a device to be accessed to a network, wherein the first graphic code comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the device to be accessed to the network to access a second access point.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, where the method includes:
scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
The network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In another aspect, an embodiment of the present application provides an information processing method, which is applied to a network distribution device, and the method includes:
displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be networked, where the method includes:
first information from distribution network equipment is received, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:
And sending first information to the equipment to be accessed to the network, wherein the first information comprises a key calculation parameter which is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
and the beacon broadcasting module is used for broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of the device to be accessed to the network, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be accessed to the network and the network distribution device.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the beacon receiving module is used for receiving a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or a device identifier of a device to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be networked and the distribution network device.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the first display module is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network equipment, and the network configuration information is used to configure the equipment to be networked to access the second access point.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the second scanning module is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the third scanning module is used for scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, where the apparatus is disposed in a network distribution device, and the apparatus includes:
The third display module is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a device to be networked, and the apparatus includes:
the first receiving module is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides an information processing apparatus, which is disposed in a distribution network device, and the apparatus includes:
the first sending module is used for sending first information to the equipment to be networked, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In another aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
The transceiver is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the network distribution device.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for scanning a third graphic code displayed by the distribution network equipment, and the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
the processor is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In a further aspect, an embodiment of the present application provides a device to be networked, where the device to be networked includes: a processor, and a transceiver coupled to the processor; wherein:
the transceiver is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
In a further aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver coupled to the processor; wherein:
The transceiver is configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In a further aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of a device to be networked to implement the information processing method on the side of the device to be networked.
In another aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of a distribution network device, so as to implement the information processing method on the distribution network device side.
In another aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs on a device to be networked, the chip is configured to implement the information processing method on the device to be networked.
In a further aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs on a distribution network device, the chip is configured to implement the information processing method on the distribution network device side.
In a further aspect, an embodiment of the present application provides a computer program product, which is used to implement the information processing method on the side of the to-be-networked device when the computer program product runs on the to-be-networked device.
In another aspect, an embodiment of the present application provides a computer program product, which is configured to implement the information processing method on the distribution network device side when the computer program product runs on a distribution network device.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a distribution network system according to an embodiment of the present application;
fig. 2 is a flowchart of a soft AP distribution network according to an embodiment of the present application;
fig. 3 is a flowchart of a code-scanning distribution network according to an embodiment of the present application;
FIG. 4 is a flow diagram of security authentication provided by one embodiment of the present application;
FIG. 5 is a flowchart of an information processing method according to an embodiment of the present application;
FIG. 6 is a flow chart of a method for determining an access key provided by an embodiment of the present application;
FIG. 7 is a flow chart of an information processing method provided by another embodiment of the present application;
FIG. 8 is a flow chart of an information processing method provided by yet another embodiment of the present application;
FIG. 9 is a flow chart of a method for determining an information decryption key and an information encryption key provided by one embodiment of the present application;
fig. 10 is a flowchart of an information processing method coupled to a distribution network process according to an embodiment of the present application;
fig. 11 is a flowchart of an information processing method for decoupling with a distribution network process according to an embodiment of the present application;
fig. 12 is a flowchart of an information processing method for decoupling from a distribution network process according to another embodiment of the present application;
FIG. 13 is a flow chart of an information processing method provided by yet another embodiment of the present application;
FIG. 14 is a flow chart of a method for determining an information decryption key and an information encryption key as provided in another embodiment of the present application;
fig. 15 is a flowchart of an information processing method according to still another embodiment of the present application;
FIG. 16 is a flowchart of an information processing method according to yet another embodiment of the present application;
FIG. 17 is a flow chart of a method for determining an information decryption key and an information encryption key as provided in yet another embodiment of the present application;
Fig. 18 is a flowchart of an information processing method according to still another embodiment of the present application;
fig. 19 is a block diagram of an information processing apparatus provided in an embodiment of the present application;
fig. 20 is a block diagram of an information processing apparatus according to another embodiment of the present application;
fig. 21 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 22 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 23 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 24 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
FIG. 25 is a block diagram of an information processing apparatus according to yet another embodiment of the present application;
fig. 26 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 27 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 28 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 29 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
FIG. 30 is a block diagram of an information processing apparatus according to yet another embodiment of the present application;
fig. 31 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
Fig. 32 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
fig. 33 is a block diagram of an information processing apparatus according to still another embodiment of the present application;
FIG. 34 is a block diagram of an information processing apparatus according to yet another embodiment of the present application;
fig. 35 is a schematic structural diagram of a device to be networked according to an embodiment of the present application;
fig. 36 is a schematic structural diagram of a distribution network device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Please refer to fig. 1, which shows a schematic diagram of a distribution network system according to an embodiment of the present application, where the distribution network system may include: a device to be networked 110 and a network distribution device 120.
The device to be networked 110 refers to a device with network access capability, for example, a device with WiFi (Wireless Fidelity) access capability. Optionally, the device to be networked 110 is an intelligent device (such as VR (Virtual Reality) glasses, a smart wearable device, and the like), a terminal device, or another device with a network access capability, which is not limited in this embodiment of the present application. In an example, as shown in fig. 1, in a case where the distribution network system is applied to smart home life, the device to be networked 110 may be a smart television, a smart sound box, a smart air conditioner, a smart lamp, a smart door/window, a smart curtain, a smart socket, or other smart home devices. Optionally, there is one device 110 to be networked, or there are multiple devices 110 to be networked, which is not limited in this embodiment of the present application, and in practical applications, the number of the devices 110 to be networked may be determined by combining application requirements or the maximum number of devices that can be managed by the distribution network device 120.
The distribution network device 120 is a device with a network access configuration capability, and optionally, the distribution network device 120 may be a server, a terminal device, a router, a terminal device, a mobile phone, a tablet computer, a wearable device, or another device with a network access configuration capability. In an example, as shown in fig. 1, in a case that the distribution network system is applied to smart home life, considering that a home environment has characteristics of a small area and frequent activities, a normal home life may be affected by using the distribution network device 120 that occupies a large space, and the distribution network device 120 may be implemented as a router, a terminal device, a mobile phone, a tablet computer, a wearable device, and the like. Optionally, for a certain distribution network system, the number of the distribution network devices corresponding to the distribution network system may be one or multiple, which is not limited in the embodiment of the present application, and generally, in consideration of resource saving and the like, the number of the distribution network devices corresponding to the certain distribution network system is one. Optionally, the distribution network devices corresponding to different distribution network systems are different, so that the device 110 to be networked under a certain distribution network system is bound to the distribution network device 120 under the distribution network system, for example, when the distribution network system is implemented as an intelligent home life, the device to be networked in a certain home is bound to the distribution network device of the home by taking the home as a unit.
In this embodiment, the distribution network device 120 can configure the device to be networked 110 to access the AP, that is, configure the device to be networked 110 to access the network. In the related art, there are two main ways to configure the device to be networked 110 for network access: soft AP joins in marriage the net and sweep a yard net. The following description will be directed to these two distribution network schemes.
Please refer to fig. 2, which illustrates a flowchart of a soft AP distribution network according to an embodiment of the present application. As shown in fig. 2, the process of the soft AP distribution network mainly includes the following steps:
and step 210, starting the soft AP by the equipment to be networked and broadcasting a beacon of the soft AP.
In the embodiment of the application, the device to be networked can start the soft AP under the condition of entering the network distribution mode. After the device to be networked starts the soft AP, a beacon of the soft AP may be broadcast, and optionally, the beacon of the soft AP includes at least one of the following: an Identifier (ID) of the device to be networked, a user-defined network name, a protocol name of the application protocol, and the like. The device ID may be a Media Access Control (MAC) Address of the device to be networked. Optionally, the beacon of the soft AP includes at least one of the following fields: a BSSID (Basic Service Set Identifier) field, an SSID (Service Set Identifier) field, and a Vendor Specific (Vendor Specific) field.
And step 220, adding the distribution network equipment to the soft AP under the condition that the beacon of the soft AP is scanned.
The distribution network equipment can scan beacons broadcast by other equipment on different channels, and when the distribution network equipment scans the beacon of the soft AP on the channel of the beacon of the soft AP broadcast by the equipment to be networked, the distribution network equipment can join the soft AP. Optionally, after scanning the beacon of the soft AP, the distribution network device determines whether an SSID field in the beacon conforms to a preset format, and adds the SSID field to the soft AP when the SSID field conforms to the preset format.
And step 230, establishing communication connection between the distribution network equipment and the equipment to be networked.
After the network equipment is connected to the soft AP, the network equipment can be in communication connection with the equipment to be connected through the soft AP. Optionally, communication between the distribution network device and the device to be networked satisfies a TCP (Transmission Control Protocol) Protocol, and thus, communication connection between the distribution network device and the device to be networked may also be referred to as TCP connection; or, the communication between the distribution network device and the device to be networked satisfies a UDP (User data packet Protocol) Protocol, so the communication connection between the distribution network device and the device to be networked may also be referred to as UDP connection.
And 240, the distribution network equipment sends an information acquisition request to the equipment to be networked.
The information acquisition request is used to request to acquire information related to an AP that can be accessed by the device to be networked, and optionally, the information acquisition request is used to request to acquire an SSID field of the AP that can be accessed by the device to be networked and/or signal strength of the accessible AP. In the embodiment of the application, after the device to be networked enters the network distribution mode, the device to be networked may scan the beacon of the AP according to a certain period (e.g., 10 seconds), and determine whether the AP can be accessed according to the SSID field in the beacon.
And step 250, the equipment to be networked sends accessible AP information to the distribution network equipment.
After receiving the information acquisition request, the device to be networked sends information related to the AP accessible by the device to be networked to the distribution network device in response to the information acquisition request, that is, the AP information can be accessed. Optionally, the accessible AP information includes at least one of: SSID field of accessible AP, signal strength of accessible AP.
And step 260, the distribution network equipment sends network configuration information to the equipment to be connected.
After the distribution network equipment receives the accessible AP information sent by the equipment to be accessed, the AP to be accessed by the equipment to be accessed can be selected according to the accessible AP information. The method for selecting the AP to be accessed by the network access equipment by the network distribution equipment is not limited, and optionally, the network distribution equipment determines the AP with the highest signal strength indicated by the accessible AP information as the AP to be accessed by the network access equipment. After the distribution network equipment selects the AP to which the equipment to be accessed is accessed, the network configuration information can be sent to the equipment to be accessed so as to configure the AP to which the equipment to be accessed is accessed. Optionally, the network configuration information comprises at least one of: the SSID field of the AP accessed by the equipment to be accessed into the network and the authentication information of the AP accessed by the equipment to be accessed into the network. Optionally, the authentication information of the AP to be accessed by the device to be accessed includes a password of the AP to be accessed by the device to be accessed.
Step 270, the device to be networked sends a configuration response message to the distribution network device.
The configuration response message is used for responding to the network configuration information sent by the distribution network equipment so as to indicate whether the network configuration information is received by the equipment to be networked to the distribution network equipment. Optionally, the network configuration device defaults that the network configuration information is received by the network to be accessed device after sending the network configuration information to the network to be accessed device, and may not send a configuration response message to the network configuration device under the condition that the network configuration information is successfully received by the network to be accessed device; under the condition that the to-be-accessed device does not successfully receive the network configuration information, for example, under the condition that the to-be-accessed device cannot analyze the network configuration information, the to-be-accessed device can send a configuration response message to the distribution network device.
And step 280, the distribution network equipment cancels the access to the soft AP.
After the network configuration information is sent to the equipment to be networked by the network distribution equipment, the connection between the soft AP and the soft AP started by the equipment to be networked can be disconnected, namely, the soft AP is not accessed. Optionally, after the network configuration information is sent by the network distribution equipment, the access to the soft AP is cancelled; or after the distribution network equipment receives the configuration response message, the distribution network equipment cancels the access to the soft AP, and the embodiment of the application does not limit the time for the distribution network equipment to cancel the access to the soft AP.
And 290, closing the soft AP by the equipment to be networked.
Since the device to be networked usually cannot access two APs simultaneously, the device to be networked needs to close the soft AP to access the AP indicated by the network configuration information. Optionally, after receiving the network configuration information, the device to be networked closes the soft AP; or after the equipment to be networked sends the configuration response message to the distribution network equipment, closing the soft AP; or after the distribution network equipment cancels to access the soft AP, the to-be-accessed equipment closes the soft AP, and the time for closing the soft AP by the to-be-accessed equipment is not limited in the embodiment of the application.
After the equipment to be accessed to the network cancels the access to the soft AP, the equipment to be accessed to the AP indicated by the network configuration information according to the authentication information in the network configuration information. After the distribution network equipment cancels the access to the soft AP, the distribution network equipment can also access the AP indicated by the network configuration information in order to realize the control, management and the like of the equipment to be accessed continuously. Therefore, the distribution network equipment and the equipment to be networked establish communication connection through the accessed AP.
Please refer to fig. 3, which illustrates a flowchart of a code scanning distribution network according to an embodiment of the present application. As shown in fig. 3, the process of code scanning distribution network mainly includes the following steps:
And step 310, the distribution network equipment scans the two-dimensional code of the equipment to be networked.
Under the condition that the equipment to be networked has a screen display function, the equipment to be networked can display the two-dimensional code in a screen of the equipment to be networked; under the condition that the equipment to be networked does not have the screen display function, equipment manufacturers of the equipment to be networked can paste the two-dimensional codes on the equipment to be networked when the equipment to be networked leaves a factory. In this embodiment of the application, the two-dimensional code of the device to be networked indicates device information of the device to be networked, and optionally, the device information includes at least one of the following: the device type and the device public key of the device to be networked. The distribution network equipment scans the two-dimensional code of the equipment to be networked to obtain the equipment information of the equipment to be networked.
And 320, generating the two-dimensional code by the distribution network equipment according to the network configuration information and displaying the two-dimensional code.
The distribution network device may determine an AP to which the device to be networked accesses, and determine network configuration information corresponding to the AP, where optionally, the network configuration information includes at least one of the following: the SSID field of the AP accessed by the equipment to be accessed into the network and the authentication information of the AP accessed by the equipment to be accessed into the network. Optionally, the authentication information of the AP to be accessed by the device to be accessed includes a password of the AP to be accessed by the device to be accessed. The distribution network equipment can encrypt network configuration information according to the scanned equipment public key of the equipment to be networked, and generate a two-dimensional code for scanning of the equipment to be networked according to the encrypted network configuration information.
Step 330, the device to be networked scans the two-dimensional code provided by the network distribution device to obtain network configuration information.
And the network configuration information provided by the network distribution equipment can be acquired by scanning the two-dimensional code provided by the network distribution equipment by the network access equipment. The two-dimensional code provided by the distribution network equipment is generated after the network configuration information is encrypted through the equipment public key of the equipment to be networked, because the encrypted network configuration information is obtained after the two-dimensional code provided by the distribution network equipment is scanned by the equipment to be networked, and the network configuration information can be obtained by decrypting the encrypted network configuration information through the equipment public key.
And step 340, accessing the device to be networked to the AP.
The AP indicated by the network configuration information can be accessed according to the authentication information of the scanned AP, and after the access equipment accesses the AP, the access equipment can further access the cloud platform for authentication and the like.
It can be seen from the above distribution network flow that the above distribution network flow does not involve identity authentication of the intelligent device, so that it is highly likely that a counterfeit intelligent device acquires the network configuration information of the AP, which causes leakage of the network configuration information of the AP and poses a great threat to the security of the AP. In addition, for the soft AP distribution network, if the identity of the equipment to be networked needs to be verified in the soft AP distribution network process, the distribution network equipment is required to be used as a proxy service, namely, the equipment certificate of the equipment to be networked is obtained when the distribution network equipment is connected with the soft AP started by the equipment to be networked; then, the distribution network equipment is switched from the soft AP to the AP to be accessed by the equipment to be accessed to connect the cloud service, the equipment certificate of the equipment to be accessed to the cloud service is forwarded, and the cloud service passes the verification and then feeds back the verification result to the distribution network equipment; then, the distribution network device needs to switch back to the soft AP from the AP to which the device to be accessed needs to access, and then sets network configuration information (such as SSID, password, and the like) of the AP to which the device to be accessed needs to access. Therefore, the process needs to switch the distribution network equipment back and forth between different access points, and is complex to operate and low in efficiency.
Based on this, embodiments of the present application provide an information processing method, which may be used to solve the above technical problem. The technical solution of the present application will be described below with reference to several embodiments.
Before describing the technical solution of the present application, a security authentication procedure related to the embodiments of the present application is described. The embodiment of the application adopts a 4-way handshake flow to perform security authentication, wherein:
4-Way Handshake Message 1 (Message 1 in 4-Way Handshake): an Authenticator (Authenticator) sends EAPOL (extended Authentication Protocol) -Key (Key) carrying ANonce (random number generated by AP) to a Supplicant (Supplicant).
4-Way Handshake Message 2 (Message 2 in 4-Way Handshake): supplant sends an EAPOL-Key carrying SNonce (random number generated by STA) and other information to the Authenticator. After receiving the ANonce, the suppernant may calculate a PTK (pair Transient Key) according to the ANonce, where a calculation formula of the PTK is as follows:
PTK=PRF–Length(PMK,“Pairwise key expansion”,Min(AA,SPA)||Max(AA,SPA)||Min(ANonce,SNonce)||Max(ANonce,SNonce))。
after the Authenticator receives the SNonce, the PTK can be generated, the received MIC and the MIC generated by the Authenticator are compared for integrity check, and if the check fails, the handshake fails.
4-Way Handshake Message 3 (Message 3 in 4-Way Handshake): the Authenticator sends EAPOL-Key carrying GTK (Group Transient Key) and MIC (Message Integrity Code) to the Supplicant.
4-Way Handshake Message 4 (Message 4 in 4-Way Handshake): the supplant sends an EAPOL-Key for confirmation to the Authenticator. After receiving the 4-Way handset Message 3, the suppernant may decrypt the GTK using the PTK generated by the suppernant, verify the MIC, and send an ACK (acknowledgement) to the Authenticator for confirmation if the MIC is correct.
After the Authenticator and the Supplicant complete authentication, the control port of the Authenticator is opened, so that the data frame of 802.11 can pass normally, all unicast data frames are protected by the PTK, and all multicast data and broadcast data are protected by the GTK.
As can be seen from the above 4-way handshake flow, the computation parameter of the PTK includes the PMK, and if the PMKs of the two parties are inconsistent, the computed PTKs are inconsistent, the two parties cannot correctly analyze the data of the other party, and the handshake cannot be completed, so the predictive cannot access the Authenticator. In addition, in the related art, the PMK is a common key (i.e., password of Authenticator) predicted by the Supplicant and the Authenticator, which has a great risk of disclosure and is not beneficial to security protection.
Referring to fig. 5, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 510, the device to be networked broadcasts a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
The first access point can be started when the device to be networked enters the distribution network mode, optionally, the device to be networked automatically enters the distribution network mode when the device to be networked is started for the first time, or the device to be networked is operated by a user to be passively triggered to enter the distribution network mode. Optionally, the first access point is a soft AP started by the device to be networked.
In this embodiment of the present application, after the device to be networked starts the first access point, a beacon of the first access point may be broadcast, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked. The device identifier of the device to be networked includes a device ID of the device to be networked, so as to uniquely identify the device to be networked. And the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment. Optionally, the length of the key calculation parameter is greater than or equal to one byte. The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a predefined numerical value; alternatively, the key calculation parameter comprises a random number. The generation mode of the key calculation parameters is not limited, and optionally, the key calculation parameters are preconfigured by a device cloud platform (a cloud platform corresponding to a device to be networked); or the key calculation parameter is generated by the device to be networked. In one example, in order to reduce the risk of leakage of the key calculation parameter and improve the security of the key calculation parameter, the key calculation parameter includes a random number generated by the device to be networked. Optionally, the beacon of the first access point further includes a pre-shared authentication flag F, and optionally, the pre-shared authentication flag occupies at least 1 bit.
In one example, the beacon of the first access point includes at least one of the following fields: BSSID field, SSID field, custom field (e.g., vendor Specific field). Optionally, any one of the key calculation parameter and the device identifier of the device to be networked may be set in any one of the fields, that is, the BSSID field includes the key calculation parameter and/or the device identifier of the device to be networked; or the SSID field comprises a key calculation parameter and/or a device identifier of the device to be networked; or the custom field comprises a key calculation parameter and/or a device identification of the device to be networked. For example, the key calculation parameter is set in the SSID field, and the device identification of the device to be networked is set in the BSSID field. In general, due to the permission limitation, the custom field sometimes cannot be acquired by other devices, and the compatibility is poor, so that the key calculation parameter and the device identifier of the device to be networked can be in fields other than the custom field, so as to avoid that the distribution network device cannot be acquired.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
For the calculation process of the access key (first access key) on the device side to be networked, please refer to the following method embodiment, which is not described herein again.
In step 520, the distribution network device receives a beacon of the first access point.
The distribution network device may scan beacons broadcast by other devices on different channels, so that the distribution network device may scan the beacon of the first access point on the channel on which the device to be networked broadcasts the beacon of the first access point, that is, the distribution network device may receive the beacon of the first access point. Optionally, after receiving the beacon of the first access point, the network distribution device may further analyze the beacon of the first access point to obtain a device identifier and/or a key calculation parameter of the device to be networked. And then the distribution network equipment can send the key calculation parameters and/or the equipment identification of the equipment to be networked to the distribution network cloud platform, and the distribution network cloud platform and the equipment cloud platform calculate an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
For the calculation process of the access key (second access key) on the side of the distribution network device, please refer to the following method embodiments, which are not described herein again.
To sum up, in the technical scheme provided in the embodiment of the present application, a key calculation parameter is added to a beacon of an access point started by a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and a distribution network device, so as to provide a basis for performing identity authentication between the device to be networked and the distribution network device, and facilitate the implementation of identity authentication between the subsequent device to be networked and the distribution network device. In addition, in the embodiment of the application, the identity authentication between the equipment to be networked and the distribution network equipment is performed before the equipment to be networked acquires the network configuration information, that is, the equipment to be networked can acquire the network configuration information only under the condition that the identity authentication is passed, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
The following describes a calculation process of an access key (first access key) on a device side to be networked and an access key (second access key) on a device side to be networked.
First, a description will be given of a calculation procedure of an access key (first access key) on the device side to be networked.
In one example, as shown in fig. 6, the method further includes the following steps:
step 531, the device to be networked determines a first access key based on the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the first access key based on the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may process the key calculation parameter and the first device key by using a key generation algorithm, and optionally, step 531 includes: the device to be accessed to the network processes the key calculation parameter and the first device key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain a first access key. Since the first encryption key obtained by the first key generation algorithm is usually binary data, in order to obtain the first access key in the form of a visible character string, the first encryption key needs to be encoded. Optionally, the first encoding method includes: base64 (binary data is represented based on 64 printable characters). Optionally, the first key generation algorithm includes any one of: AES (Advanced Encryption Standard), 128-CMAC (Cypher-Based Message Authentication Code, which implements Message Authentication Based on a symmetric Encryption manner), HKDF (HMAC (Hash-Based Message Authentication Code), hash-operated Message Authentication Code) -Based KDF (Key Derivation Function), HMAC-Based Key Derivation Function), PBKDF (Password-Based Key Derivation Function, cipher-Based Key Derivation Function), SHA (Secure Hash Algorithm ), DES (Data Encryption Standard), 3DES (Triple DES, triple Data Encryption Standard).
Next, a description will be given of a calculation process of the distribution network device side access key (second access key).
In one example, as shown in fig. 6, the method further includes the following steps:
step 532, the distribution network device sends a first obtaining request to the distribution network cloud platform, where the first obtaining request is used for requesting to obtain the second access key.
In order to enable the access keys generated by the distribution network device and the device to be networked to be consistent, the calculation parameters of the second access key and the calculation parameters of the first access key need to be the same. The calculation parameters of the first access key include a key calculation parameter and a first device key, and therefore, the calculation parameters of the second access key also include a key calculation parameter and a device key of the device to be networked. In general, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is held only by the device to be networked and a cloud platform of a device vendor of the device to be networked (i.e., a device cloud platform), and thus, the device cloud platform needs to participate in the computation.
After receiving the beacon of the first access point, the distribution network device may obtain the device identifier and/or the key calculation parameter of the device to be networked from the beacon of the first access point, and then the distribution network device sends a first obtaining request to the distribution network cloud platform to request to obtain the second access key. The content of the first acquisition request is not limited in the embodiment of the application, and optionally, the first acquisition request includes a key calculation parameter and/or an equipment identifier of equipment to be networked; or, the first acquisition request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the first acquisition request to the distribution network cloud platform.
In the embodiment of the application, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is also not held by the distribution network cloud platform, and therefore, after receiving the first acquisition request, the distribution network cloud platform needs to further acquire the second access key from the device cloud platform. That is, as shown in fig. 6, after the step 532, the following steps are also included:
step 53A, the distribution network cloud platform determines the device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the first acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 53B, the distribution network cloud platform sends a third obtaining request to the device cloud platform, where the third obtaining request is used to request to obtain the second access key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a third acquisition request to the device cloud platform to request the device cloud platform to calculate the second access key, and request the device cloud platform to send the second access key to the distribution network cloud platform. The content of the third acquisition request is not limited in the embodiment of the application, and optionally, the third acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the third obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a third acquisition request to the device cloud platform.
Step 53C, the device cloud platform calculates the second access key.
Since the third acquisition request carries the key calculation parameter and/or the device identifier of the device to be networked, after receiving the third acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key, that is, a key K, of the device to be networked stored in the device cloud platform. In order to enable the first access key and the second access key to be consistent, the calculation mode of the first access key and the calculation mode of the second access key should also be consistent, and therefore, the device cloud platform should calculate the second access key in a mode of calculating the first access key with the device to be networked. Optionally, if the device to be networked calculates the first access key by using the step 531, the process of calculating, by the device cloud platform, the second access key is as follows: the device cloud platform processes the key calculation parameters and the second device key by adopting a first key generation algorithm to obtain a second encryption key; and processing the second encryption key by adopting a first coding mode to obtain a second access key. For an introduction description of the first key generation algorithm and the first encoding method, please refer to the above method embodiment, which is not described herein again.
Optionally, in order to distribute the computational overhead of the second access key, the encoding process of the second encryption key may also be implemented by the distribution network cloud platform or the distribution network device. That is, after the device cloud platform calculates the second encryption key based on the key calculation parameter and the second device key, the encoding process of the second encryption key may be implemented by any one of the device cloud platform, the distribution network cloud platform, and the distribution network device.
And step 53D, the equipment cloud platform sends the access key information to the distribution network cloud platform.
As can be seen from the above description, the device cloud platform may directly calculate the second access key and send the second access key to the distribution network cloud platform, or may calculate the second encryption key first and send the second encryption key to the distribution network cloud platform. Therefore, the access key information sent by the device cloud platform to the distribution network cloud platform includes the second access key or the second encryption key.
Step 534, the distribution network cloud platform sends access key information to the distribution network device, and the access key information is used for determining the second access key.
Optionally, in a case that the access key information includes the second access key, the distribution network cloud platform may directly forward the access key information to the distribution network device after receiving the access key information. Optionally, in a case that the access key information includes the second encryption key, the distribution network cloud platform may also directly forward the access key information to the distribution network device, and then the distribution network device performs encoding processing on the second encryption key, that is, after the step 534, the method further includes: the distribution network equipment processes the second encryption key by adopting a first coding mode to obtain a second access key; or, the distribution network cloud platform may encode the second encryption key to obtain a second access key, and send the second access key to the distribution network device.
It should be noted that, fig. 6 is only described by taking an example that the device cloud platform calculates the second access key and sends the second access key to the distribution network cloud platform, but this does not limit the technical solution of the present application, and in practical applications, the distribution network cloud platform or the distribution network device may also perform encoding processing on the second encryption key.
In one example, the method further comprises: and the equipment to be networked and the distribution network equipment execute identity authentication respectively based on the first access key and the second access key.
And under the condition that the equipment to be networked calculates the first access key and the distribution network equipment obtains the second access key, the equipment to be networked and the distribution network equipment can execute identity authentication based on the first access key and the second access key. Optionally, in the embodiment of the present application, the 4-way handshake flow is used to perform identity authentication, then the device to be networked corresponds to a Supplicant in the 4-way handshake flow, the network distribution device corresponds to an Authenticator in the 4-way handshake flow, the first access key corresponds to a PMK on the Supplicant side in the 4-way handshake flow, and the second access key corresponds to a PMK on the Authenticator side in the 4-way handshake flow. The identity authentication can pass under the condition that the first access key is consistent with the second access key determined by the distribution network equipment; and in the case that the first access key is inconsistent with the second access key determined by the distribution network equipment, the identity authentication cannot be passed. For a specific process of performing identity authentication on the device to be networked and the distribution network device, please refer to the 4-way handshake process, which is not described herein again.
In one example, the method further comprises: and under the condition that the identity authentication is passed, the distribution network equipment accesses the first access point. After the identity authentication is passed, the distribution network device may access the first access point where the device to be networked is started, and optionally, after the distribution network device accesses the first access point, the distribution network device sends network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point.
It should be noted that, the embodiment of the present application is illustrated by only calculating the access key based on the key calculation parameter and the device key of the device to be networked, and after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the access key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, the device to be networked and the distribution network device respectively obtain the access key according to the key calculation parameter, and perform identity authentication according to the respectively obtained access key, so that the identity of the device to be networked is authenticated before the device to be networked accesses the network or before the device to be networked acquires the network configuration information, thereby avoiding leakage of the network configuration information and improving the security of the access point. In addition, in the embodiment of the application, in order to fully ensure the security of the device key of the device to be networked, the access key of the distribution network device side is calculated by the cloud platform corresponding to the device to be networked, so that the device key of the device to be networked is prevented from being leaked, and the validity of identity authentication is improved.
The following describes the technical solution of the present application by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 7, an information processing method provided in an embodiment of the present application includes the following steps:
step 700, the device to be networked broadcasts a beacon of the soft AP. The beacon comprises a key calculation parameter and/or a device identifier of the device to be accessed into the network, and the key calculation parameter is used for determining an access key for performing identity authentication between the device to be accessed into the network and the distribution network device.
Step 710, the distribution network equipment receives a beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identification and/or the key calculation parameter of the equipment to be networked.
Step 720, the device to be networked determines a first access key based on the key calculation parameter and the first device key. The device to be accessed to the network processes the key calculation parameter and the first device key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain a first access key.
Step 730, the distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire the second access key. The first obtaining request comprises a key calculation parameter and/or a device identification of the device to be networked. Optionally, as shown in fig. 7, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the first acquisition request to the distribution network cloud platform.
Step 740, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 750, the distribution network cloud platform sends a third obtaining request to the device cloud platform, where the third obtaining request is used to request to obtain the second access key. Optionally, as shown in fig. 7, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a third acquisition request to the device cloud platform.
The device cloud platform calculates 760 the second access key. After receiving the third acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. Then, the device cloud platform processes the key calculation parameters and the second device key by adopting a first key generation algorithm to obtain a second encryption key; and processing the second encryption key by adopting a first coding mode to obtain a second access key.
Step 770, the device cloud platform sends the second access key to the distribution network cloud platform.
Step 780, the distribution network cloud platform sends the second access key to the distribution network device.
And step 790, the equipment to be networked and the distribution network equipment perform identity authentication respectively based on the first access key and the second access key. And under the condition that the first access key is consistent with the second access key, the identity authentication is passed, the distribution network equipment can access the soft AP, and network configuration information of the family WiFi network is sent to the equipment to be networked.
It should be noted that, in the embodiment of the present application, the execution order of each step is not limited, and on the premise of meeting the logic requirement, each step may be combined in any execution order. For example, the step 720 may be performed before the step 710, or the step 720 may be performed after the step 780. All of which are intended to be within the scope of the present application.
Referring to fig. 8, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 810, the distribution network device sends first information to the device to be networked, the first information includes a key calculation parameter, and the key calculation parameter is used for determining a first information key.
After the distribution network equipment is connected with the first access point started by the equipment to be networked, communication connection is established between the distribution network equipment and the equipment to be networked. Optionally, the communication connection between the distribution network device and the device to be networked is a TCP connection or a UDP connection. After the communication connection is established, data can be transmitted between the distribution network device and the device to be networked. In the embodiment of the application, the distribution network equipment sends first information to the equipment to be networked, wherein the first information comprises a key calculation parameter. The device to be networked may determine the first information key by using the key calculation parameter, where the first information key may be used to decrypt the second information encrypted by using the second information key or the network configuration information encrypted by using the second information key, and may also be used to encrypt the first reference information. Under the condition that the first information key is consistent with the second information key, the equipment to be networked can successfully analyze the network configuration information or the second information encrypted by the second information key, and then the equipment to be networked passes identity authentication; or, under the condition that the first information key is consistent with the second information key and the first reference information is consistent with the second reference information, the first reference information encrypted by the first encryption key and the second reference information encrypted by the second encryption key can be consistent, and the device to be networked passes identity authentication.
The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value. Optionally, the key calculation parameter is generated by a device cloud platform (a cloud platform corresponding to the device to be networked). Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determination time of the key calculation parameters is not limited, and optionally, the device cloud platform generates the key calculation parameters after receiving a request for acquiring the second information key or for acquiring the fourth reference information; or the device cloud platform generates a key calculation parameter in advance, and after subsequently receiving a request for acquiring the second information key or the fourth reference information, the device cloud platform calculates the second information key directly according to the key calculation parameter and the device key of the device to be networked.
The embodiment of the application provides two modes for identity authentication under a soft AP distribution network, wherein one mode is that an identity authentication process is coupled with a distribution network process, and the other mode is that the identity authentication process is decoupled with the distribution network process. The following description will be made for each of these two modes.
First, a description is given of the manner in which the identity authentication process is coupled to the distribution network process.
In one example, the first information further includes network configuration information encrypted by using a second information key; the method further comprises the following steps: the distribution network cloud platform sends the key calculation parameters and the second information key to the distribution network equipment; and the distribution network equipment determines the first information based on the key calculation parameter, the second information key and the network configuration information.
The network configuration information is used for configuring the equipment to be networked to access the second access point, the network configuration information corresponding to the second access point needs to be sent to the equipment to be networked in the process of configuring the equipment to be networked to access the second access point, and the subsequent equipment to be networked can access the second access point according to the network configuration information. In the embodiment of the application, the network distribution equipment does not directly send the network configuration information to the equipment to be accessed, but uses the second information key to process the network configuration information and then sends the encrypted network configuration information to the equipment to be accessed, and if the subsequent equipment to be accessed can successfully decrypt the encrypted network configuration information, the subsequent equipment to be accessed can access the second access point by using the obtained network configuration information.
In order to ensure that the first information key calculated by the device to be networked is consistent with the second information key, the distribution network device also needs to send the key calculation parameter used in the calculation process of the second information key to the device to be networked, so that the subsequent device to be networked determines the first information key according to the key calculation parameter and the device key of the device to be networked. For the calculation process of the first information key and the second information key, please refer to the following method embodiments, which are not described herein again.
As can be seen from the above description, the distribution network device needs to send at least the following information to the device to be networked: and network configuration information and key calculation parameters encrypted by adopting a second information key. Therefore, the network distribution device needs to determine the network configuration information encrypted by the second information key according to the network configuration information and the second information key, and then send the network configuration information encrypted by the second information key and the key calculation parameter to the device to be networked. Based on this, optionally, the determining the first information based on the key calculation parameter, the second information key and the network configuration information includes: processing the network configuration information by adopting a fourth encryption algorithm and a second information key to obtain the network configuration information encrypted by adopting the second information key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.
Optionally, the fourth encryption algorithm is a symmetric encryption algorithm. Optionally, the fourth encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, AES256-GCM.
After the distribution network equipment sends the first information to the equipment to be networked, the equipment to be networked determines a first information key according to a key calculation parameter in the first information, and then decrypts the network configuration information encrypted by a second information key in the first information by using the first information key. In one example, the method further comprises: the device to be accessed to the network decrypts the network configuration information encrypted by the second information key by adopting the first information key; under the condition that the first information key and the second information key are consistent, the identity authentication of the equipment to be accessed to the network can be successful, and then the equipment to be accessed to the network can successfully acquire the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the identity authentication of the equipment to be accessed fails, and further the equipment to be accessed fails to acquire the network configuration information.
Next, a method for explaining decoupling of the identity authentication process and the distribution network process is introduced. The embodiment of the application also provides two modes aiming at the mode of decoupling the identity authentication process and the distribution network process, wherein one mode is that the distribution network equipment performs identity authentication according to data encrypted by respectively adopting a first information key and a second information key, and the other mode is that the distribution network equipment performs identity authentication according to data respectively from an equipment cloud platform and equipment to be networked. These two modes will be described separately below.
The first method is as follows:
in one example, the method further comprises: the device to be accessed to the network obtains first encryption information according to the first information key and the first reference information; and the equipment to be networked sends the first encryption information to the distribution network equipment.
The first reference information is used for the identity authentication process of the equipment to be networked. Optionally, a device manufacturer of the device to be networked uniquely allocates reference information to the device to be networked, and pre-configures the reference information into the device to be networked (the reference information pre-configured in the device to be networked is referred to as "first reference information"). Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the reference information. The device manufacturer of the device to be networked may upload the device identifier and the reference information of the device to be networked to a device cloud platform (that is, a cloud platform corresponding to the device to be networked) (the reference information stored in the device cloud platform is referred to as "second reference information"). Optionally, the reference information is a preconfigured numerical value, or the reference information is a preconfigured random number, and the content of the reference information is not limited in the embodiment of the present application.
In order to ensure the security of the first reference information and the second reference information, the first reference information and the second reference information are respectively held by the device to be networked and the device cloud platform (the cloud platform corresponding to the device to be networked), and then the distribution network device cannot directly acquire the second reference information, but acquires the first reference information (i.e., the second encrypted information) encrypted by using the second information key. That is, the above method further includes: and the distribution network cloud platform sends second encryption information to the distribution network equipment.
In the embodiment of the application, the device cloud platform may calculate a second information key based on the key calculation parameter, encrypt second reference information by using the second information key to obtain second encrypted information, send the second encrypted information and the key calculation parameter to the distribution network cloud platform, and further send the distribution network cloud platform to the distribution network device. After the distribution network device and the device to be networked establish communication connection, the key calculation parameter may be sent to the device to be networked, so that the subsequent device to be networked calculates a first information key by using the key calculation parameter, encrypts the first reference information by using the first information key to obtain first encrypted information, and further sends the first encrypted information to the distribution network device.
The distribution network equipment receives first encryption information from the equipment to be networked on one hand and receives second encryption information from the distribution network cloud platform on the other hand, the distribution network equipment can further compare the first encryption information with the second encryption information, if the two pieces of encryption information are the same, the identity authentication of the equipment to be networked is passed, and the distribution network equipment can further send network configuration information to the equipment to be networked. Based on this, the above method further comprises: and the network distribution equipment sends network configuration information to the equipment to be accessed under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to access the second access point.
It should be noted that, in this embodiment of the application, when the first reference information and the second reference information are not consistent, the identity authentication of the device to be networked fails, and in addition, when the first information key determined by the device to be networked is not consistent with the second information key determined by the device cloud platform, the identity authentication of the device to be networked also fails. That is, only when the first information key is consistent with the second information key and the first reference information is consistent with the second reference information, the identity authentication of the device to be networked can be successful, and then the device to be networked can acquire the network configuration information.
The second method comprises the following steps:
in one example, the first information further includes second information encrypted by using a second information key; the method further comprises the following steps: decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information; and sending the third reference information to the distribution network equipment.
The second information is used for the identity authentication process of the equipment to be accessed to the network. And the second information obtained by decrypting the network access equipment comprises third reference information. Optionally, the third reference information is a preconfigured numerical value, or the third reference information is a preconfigured random number, and the content of the third reference information is not limited in this embodiment of the application. In an example, in order to improve the validity of the identity authentication, the second information decrypted by the device to be networked may further include a predefined value, and the predefined value is held only by the device to be networked and the device cloud platform.
In this embodiment, the device cloud platform may calculate a second information key based on the key calculation parameter, and encrypt the second information using the second information key to obtain encrypted second information (when the device cloud platform encrypts the second information, reference information in the second information is referred to as "fourth reference information"), and then send the reference information, the encrypted second information, and the key calculation parameter to the distribution network cloud platform, which further sends the reference information, the encrypted second information, and the key calculation parameter to the distribution network device. After the distribution network device and the device to be networked establish communication connection, the key calculation parameter and the encrypted second information may be sent to the device to be networked, so that the subsequent device to be networked calculates a first information key by using the key calculation parameter, decrypts the encrypted second information by using the first information key, obtains reference information in the second information (the reference information in the second information obtained by decryption at the device side to be networked is referred to as "third reference information"), and further sends the reference information to the distribution network device.
The distribution network equipment receives third reference information from the equipment to be networked on one hand and receives fourth reference information from the distribution network cloud platform on the other hand, the distribution network equipment can further compare the third reference information with the fourth reference information, if the two pieces of reference information are the same, the identity authentication of the equipment to be networked is passed, and the distribution network equipment can further send network configuration information to the equipment to be networked. Based on this, the above method further comprises: the equipment to be connected to the network sends third reference information to the distribution network equipment; the distribution network cloud platform sends fourth reference information to the distribution network equipment; and the network distribution equipment sends network configuration information to the equipment to be accessed under the condition that the third reference information and the fourth reference information are consistent, wherein the network configuration information is used for configuring the equipment to be accessed to access the second access point.
It should be noted that, in this embodiment of the application, when the third reference information is inconsistent with the fourth reference information, the identity authentication of the device to be networked fails, and in addition, when the first information key determined by the device to be networked is inconsistent with the second information key determined by the device cloud platform, the identity authentication of the device to be networked also fails. That is, only when the first information key is consistent with the second information key and the third reference information is consistent with the fourth reference information, the identity authentication of the device to be networked can be successful, and then the device to be networked can acquire the network configuration information.
In summary, in the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the distribution network device, and the key calculation parameter is used to calculate the information key, where the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the device to be networked can also be decoupled from the distribution network process, that is, the distribution network device sends network configuration information to the device to be networked after the identity authentication of the device to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
The following describes a calculation process of a first information key at a network device side and a second information key at a network distribution device side.
First, a description will be given of a calculation process of the first information key on the side of the device to be networked.
In one example, as shown in fig. 9, the method further includes the following steps:
And 831, determining the first information key by the device to be networked based on the key calculation parameter and the first device key.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a device cloud platform (i.e., a cloud platform corresponding to the device to be networked). The first device key is the device key of the device to be accessed, which is preset in the device to be accessed. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the first information key based on the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may use a key generation algorithm to process the key calculation parameter and the first device key, and optionally, step 831 includes: and the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain a first information key. Optionally, the fourth key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a calculation process of the second information key on the distribution network device side is described. In the embodiment of the present application, the identity authentication process of the device to be networked and the network distribution process may be coupled or decoupled, and the following description is provided for the two cases.
The first condition is as follows: the identity authentication process of the equipment to be networked is coupled with the process of the distribution network:
in one example, as shown in fig. 9, the method further includes the following steps:
in step 841, the distribution network device receives a beacon of the first access point started by the device to be networked, where the beacon includes the device identifier of the device to be networked.
The first access point can be started when the device to be networked enters the distribution network mode, optionally, the device to be networked automatically enters the distribution network mode when the device to be networked is started for the first time, or the device to be networked is passively triggered to enter the distribution network mode by user operation. Optionally, the first access point is a soft AP started by the device to be networked. After entering the distribution network mode, the device to be networked may broadcast a beacon of the first access point, where the beacon includes a device identifier of the device to be networked. The device identifier of the device to be networked includes a device ID of the device to be networked, so as to uniquely identify the device to be networked. Optionally, the beacon of the first access point comprises at least one of the following fields: BSSID field, SSID field, custom field (e.g., vendor Specific field). Optionally, the device identifier of the device to be networked is set in the BSSID field.
The distribution network device may scan beacons broadcast by other devices on different channels, so that the distribution network device may scan the beacon of the first access point on the channel on which the device to be networked broadcasts the beacon of the first access point, that is, the distribution network device may receive the beacon of the first access point.
In step 842, the distribution network device sends a seventh obtaining request to the distribution network cloud platform, where the seventh obtaining request is used to request to obtain the second information key.
The seventh acquisition request is for requesting acquisition of the second information key. Since the second information key is obtained by the device cloud platform through calculation, the distribution network device may send a seventh obtaining request to the distribution network cloud platform when the second information key needs to be obtained, so as to further obtain the second information key through the distribution network cloud platform. In the embodiment of the present application, the content of the seventh obtaining request is not limited, and optionally, the seventh obtaining request includes an equipment identifier of the equipment to be networked; or, the seventh obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 9, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a seventh obtaining request to the distribution network cloud platform.
Step 843, the distribution network cloud platform determines an equipment cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the seventh obtaining request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 844, the distribution network cloud platform sends an eighth obtaining request to the device cloud platform, where the eighth obtaining request is used to request to obtain the second information key.
The eighth obtaining request is used for requesting to obtain the second information key, and based on this, after the distribution network cloud platform determines the device cloud platform corresponding to the device to be networked, the distribution network cloud platform may further send the eighth obtaining request to the device cloud platform so as to request the device cloud platform to calculate the second information key, and request the device cloud platform to send the second information key to the distribution network cloud platform. In the embodiment of the present application, the content of the eighth acquisition request is not limited, and optionally, the eighth acquisition request includes a device identifier of a device to be networked; or, the eighth acquisition request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 9, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends an eighth obtaining request to the device cloud platform.
Step 845, the device cloud platform calculates the second information key.
Since the eighth acquisition request carries the device identifier of the device to be networked, after receiving the eighth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked, which is stored in the device cloud platform, that is, the key K. In order to enable the first information key and the second information key to be consistent, the calculation mode of the first information key and the calculation mode of the second information key should also be consistent, and therefore, the device cloud platform should calculate the second information key in a mode of calculating the first information key with the device to be networked. Optionally, if the device to be networked calculates the first information key in step 831 described above, the process of calculating the second information key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a fourth key generation algorithm to obtain a second information key. For an introduction and description of the fourth key generation algorithm, please refer to the above method embodiment, which is not repeated herein.
Step 846, the device cloud platform sends the second information key and the key calculation parameter to the distribution network cloud platform.
After the device cloud platform calculates the second information key, the device cloud platform can send the second information key and the key calculation parameter to the distribution network cloud platform.
Step 847, the distribution network cloud platform sends the second information key to the distribution network device.
And after receiving the second information key, the distribution network cloud platform further sends the second information key and the key calculation parameter to the distribution network equipment so as to respond to a seventh acquisition request of the distribution network equipment.
Case two: decoupling the identity authentication process of the equipment to be networked from the distribution network process:
in one example, as shown in fig. 9, the method further includes the following steps:
step 851, the network distribution device receives a beacon of the first access point started by the device to be networked, where the beacon includes a device identifier of the device to be networked.
For an explanation on the introduction of step 851, please refer to the explanation on step 841 above, which is not described herein.
Step 852, the distribution network device sends a ninth acquisition request to the distribution network cloud platform.
The ninth acquisition request is for requesting acquisition of the second reference information or the second information. Since the reference information of the device to be networked is held by the device cloud platform and the device to be networked (the second information also includes the reference information of the device to be networked), the distribution network device may send a ninth acquisition request to the distribution network cloud platform when the second reference information or the second information needs to be acquired, so as to further acquire the second reference information or the second information through the distribution network cloud platform. In the embodiment of the present application, the content of the ninth obtaining request is not limited, and optionally, the ninth obtaining request includes a device identifier of a device to be networked; or, the ninth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 9, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a ninth obtaining request to the distribution network cloud platform.
Step 853, the distribution network cloud platform determines the equipment cloud platform.
For an introduction description of step 853, please refer to step 843 above, which is not described herein.
In step 854, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform.
The tenth acquisition request is used for requesting to acquire the second reference information or the second information, and based on this, the distribution network cloud platform may further send the tenth acquisition request to the device cloud platform after determining the device cloud platform corresponding to the device to be networked, so as to request the device cloud platform to send the second reference information or the second information to the distribution network cloud platform. In the embodiment of the present application, the content of the tenth acquisition request is not limited, and optionally, the tenth acquisition request includes a device identifier of a device to be networked; or, the tenth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 9, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
Step 855, the device cloud platform calculates the second information key.
Since the tenth acquisition request carries the device identifier of the device to be networked, after receiving the tenth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the first information key and the second information key to be consistent, the calculation mode of the first information key and the calculation mode of the second information key should also be consistent, and therefore, the device cloud platform should calculate the second information key in a mode of calculating the first information key with the device to be networked. Optionally, if the device to be networked calculates the first information key in step 831, the device cloud platform calculates the second information key as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a fourth key generation algorithm to obtain a second information key. For an explanation on the introduction of the fourth key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 856, the device cloud platform encrypts the second reference information or the second information by using the second information key.
In order to ensure the security of the reference information of the device to be networked, the reference information of the device to be networked is held by the device cloud platform and the device to be networked, so that the device cloud platform encrypts the second reference information or the second information by using the second information key after determining the second information key, so as to avoid the leakage of the reference information of the device to be networked.
Step 857, the device cloud platform sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network cloud platform.
In step 858, the distribution network cloud platform sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network device.
After receiving the key calculation parameter from the equipment cloud platform and the second reference information or the second information encrypted by the second information key, the distribution network cloud platform further sends the key calculation parameter and the second reference information or the second information encrypted by the second information key to the distribution network equipment so as to respond to a ninth acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, only the first information key and the second information key are calculated based on the key calculation parameter and the device key of the device to be networked, and after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the information key by using other calculation parameters, such as calculating the first information key and the second information key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, under the condition that the identity authentication process of the device to be networked is coupled with the network distribution process, the key calculation parameter is generated through the cloud platform corresponding to the device to be networked, and the information key is determined according to the key calculation parameter and the device key of the device to be networked, so that the information key and the key calculation parameter are further sent to the network distribution device, thereby avoiding revealing the device key of the device to be networked, and improving the validity of identity authentication. Under the condition that the identity authentication process of the equipment to be networked is decoupled from the distribution network process, a key calculation parameter is generated through a cloud platform corresponding to the equipment to be networked, an information key is determined according to the key calculation parameter and an equipment key of the equipment to be networked, then reference information is further encrypted by the information key, and the key calculation parameter and the encrypted reference information are sent to the distribution network equipment, so that the equipment key and the reference information of the equipment to be networked are prevented from being revealed, and the validity of identity authentication is improved.
In the following, an identity authentication process coupled with a distribution network process is described by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 10, the information processing method provided in the embodiment of the present application includes the following steps:
Step 1001, the device to be networked broadcasts a beacon of the soft AP. The beacon includes the device identifier of the device to be networked.
In step 1002, the distribution network device receives a beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identifier of the equipment to be networked.
Step 1003, the distribution network equipment sends a seventh acquisition request to the distribution network cloud platform, where the seventh acquisition request is used to request to acquire the second information key. The seventh obtaining request comprises the device identification of the device to be accessed to the network. Optionally, as shown in fig. 10, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a seventh obtaining request to the distribution network cloud platform.
Step 1004, the distribution network cloud platform determines a device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 1005, the distribution network cloud platform sends an eighth obtaining request to the device cloud platform. The eighth acquisition request is for requesting acquisition of the second information key. Optionally, as shown in fig. 10, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends an eighth acquisition request to the device cloud platform.
In step 1006, the device cloud platform calculates a second information key. After receiving the eighth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
Step 1007, the device cloud platform sends the second information key and the key calculation parameter to the distribution network cloud platform.
Step 1008, the distribution network cloud platform sends the second information key and the key calculation parameter to the distribution network device.
Step 1009, the distribution network device determines the first information based on the second information key, the key calculation parameter and the network configuration information. Optionally, the network configuration information is processed by the distribution network equipment by using a third encryption algorithm and an information encryption key to obtain the network configuration information encrypted by using the information encryption key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the information encryption key.
Step 1010, the distribution network device sends first information to the device to be networked.
Step 1011, the device to be networked determines a first information key based on the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
Step 1012, the device to be networked decrypts the network configuration information encrypted by the second information key by using the first information key.
Under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
An identity authentication process for decoupling from the distribution network process is described below by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 11, the information processing method provided in the embodiment of the present application includes the following steps:
step 1101, the device to be networked broadcasts a beacon of the soft AP. The beacon includes the device identifier of the device to be networked.
Step 1102, the distribution network device receives a beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identification of the equipment to be networked.
Step 1103, the distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth obtaining request is used for requesting to obtain the second reference information. The ninth obtaining request includes the device identifier of the device to be networked. Optionally, as shown in fig. 11, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then sends a ninth acquisition request to the distribution network cloud platform.
And step 1104, the distribution network cloud platform determines a device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 1105, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth obtaining request is for requesting to obtain the second reference information. Optionally, as shown in fig. 11, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
In step 1106, the device cloud platform calculates a second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
Step 1107, the device cloud platform encrypts the second reference information by using the second information key to obtain second encrypted information. Because the reference information of the device to be networked is held by the device cloud platform and the device to be networked, in order to avoid leakage of the reference information of the device to be networked, the device cloud platform needs to encrypt the second reference information.
Step 1108, the device cloud platform sends the key calculation parameter and the second encryption information to the distribution network cloud platform.
Step 1109, the distribution network cloud platform sends the key calculation parameters and the second encryption information to the distribution network equipment.
Step 1110, the distribution network device sends the key calculation parameter to the device to be networked.
Step 1111, the device to be networked determines a first information key based on the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
Step 1112, the device to be networked encrypts the first reference information by using the first information key to obtain first encrypted information. The reference information of the device to be networked is pre-configured in the device to be networked by a device manufacturer of the device to be networked, and then the device to be networked can encrypt the first reference information by using the first information key after calculating the first information key. Optionally, the device to be networked processes the first reference information by using the first reference information and a third encryption algorithm to obtain first encryption information.
And step 1113, the equipment to be networked sends the first encrypted information to the distribution network equipment.
Step 1114, the network distribution device sends the network configuration information to the device to be networked, when the first encryption information is consistent with the second encryption information. The distribution network equipment receives second encryption information from the distribution network cloud platform on one hand, receives first encryption information from the equipment to be networked on the other hand, and then compares the first encryption information with the second encryption information. And under the condition that the first encryption information is consistent with the second encryption information, confirming that the equipment to be accessed passes the identity authentication, and sending network configuration information to the equipment to be accessed, wherein the network configuration information is used for configuring the equipment to be accessed to be added into the family WiFi network. And after the network access equipment receives the network configuration information, the network access equipment can join the family WiFi network according to the network configuration information.
Another identity authentication process for decoupling with the distribution network process is described below by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in fig. 12, the information processing method provided in the embodiment of the present application includes the following steps:
step 1201, the device to be networked broadcasts a beacon of the soft AP. The beacon includes the device identifier of the device to be networked.
Step 1202, the distribution network equipment receives a beacon of the soft AP. After the distribution network equipment receives the beacon of the soft AP, the beacon of the soft AP can be further analyzed to obtain the equipment identifier of the equipment to be networked.
Step 1203, the distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth obtaining request is for requesting to obtain the second information. The ninth obtaining request includes the device identifier of the device to be networked. Optionally, as shown in fig. 12, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends a ninth obtaining request to the distribution network cloud platform.
Step 1204, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine a corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 1205, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth obtaining request is for requesting to obtain the second information. Optionally, as shown in fig. 12, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a tenth acquisition request to the device cloud platform.
In step 1206, the device cloud platform calculates a second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be networked. And then, the device cloud platform processes the key calculation parameter and the second device key by adopting a fourth key generation algorithm to obtain a second information key.
Step 1207, the device cloud platform encrypts the second information with the second information key. Because the reference information of the device to be networked is held by the device cloud platform and the device to be networked, in order to avoid leakage of the reference information of the device to be networked, the device cloud platform needs to encrypt the reference information, and then obtains second information encrypted by a second information encryption key, wherein the second information includes the reference information of the device to be networked.
In step 1208, the device cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network cloud platform.
Step 1209, the distribution network cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network device.
Step 1210, the distribution network device sends the key calculation parameter and the second information to the device to be networked.
In step 1211, the device to be networked determines a first information key based on the key calculation parameter and the first device key. And optionally, the device to be networked adopts a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.
In step 1212, the device to be networked decrypts the second information by using the first information key, so as to obtain third reference information. The device to be networked decrypts the second information, and may obtain the reference information of the device to be networked in the second information, that is, the third reference information.
Step 1213, the device to be networked sends the third reference information to the distribution network device.
Step 1214, the network distribution device sends the network configuration information to the device to be networked when the third reference information is consistent with the fourth reference information. And the distribution network equipment receives fourth reference information from the distribution network cloud platform on one hand and receives third reference information from the equipment to be networked on the other hand, and then the fourth reference information and the third reference information are compared. And under the condition that the fourth reference information is consistent with the third reference information, confirming that the equipment to be accessed passes the identity authentication, and sending network configuration information to the equipment to be accessed, wherein the network configuration information is used for configuring the equipment to be accessed to be added into the family WiFi network. And after the network access equipment receives the network configuration information, the network access equipment can join the family WiFi network according to the network configuration information.
Referring to fig. 13, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
Step 1310, the device to be networked displays a first graphic code, the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network device, and the network configuration information is used to configure the device to be networked to access the second access point.
For the equipment to be networked with the scanning function or the camera shooting function, the equipment can be accessed to the network in a network scanning and distribution mode. Aiming at the scanning distribution network, the embodiment of the application also provides an identity authentication mode.
The method comprises the steps that a device to be networked firstly displays a first graphic code, and optionally, the first graphic code is displayed in a screen of the device to be networked under the condition that the device to be networked has a screen display function; under the condition that the device to be networked does not have the screen display function, the first image code may be pasted on the surface of the device to be networked by a device manufacturer of the device to be networked, or pasted on a packaging box of the device to be networked, which is not limited in the embodiment of the present application. Alternatively, the first graphic code is represented as a two-dimensional code, a bar code, or the like. In this embodiment of the present application, the first graphic code includes a key calculation parameter and/or a device identifier of a device to be networked. Optionally, the first graphic code further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like.
The key calculation parameter is used to determine an information decryption key for decrypting the network configuration information. Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determining mode of the key calculation parameters is not limited, and optionally, the key calculation parameters are preconfigured by the device cloud platform; or the key calculation parameter is generated by the device to be networked. Under the condition that the equipment to be networked does not have a screen display function, key calculation parameters can be preconfigured by an equipment cloud platform corresponding to the equipment to be networked; under the condition that the equipment to be networked has a screen display function, the key calculation parameters can be generated by the equipment to be networked. The content of the key calculation parameter is not limited in the embodiment of the present application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value.
In this embodiment, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
Step 1320, the distribution network device scans a first graphic code of the device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access the second access point.
The distribution network equipment scans the first graphic code of the equipment to be networked, and then the key calculation parameters and/or the equipment identification of the equipment to be networked can be obtained. For the device to be accessed to the network, the key calculation parameter is used for determining an information decryption key for decrypting the network configuration information; for the distribution network equipment, the key calculation parameter is used for determining an information encryption key for encrypting the network configuration information.
The network distribution equipment is used for distributing the network for the equipment to be networked in a code scanning network distribution mode, so after the network distribution equipment obtains the information encryption key, the second graphic code needs to be further displayed so that the equipment to be networked can scan and obtain the network configuration information. Optionally, the method further includes: the distribution network equipment determines a second graphic code according to the network configuration information and the information encryption key; and displaying the second graphic code. The information encryption key is used for encrypting the network configuration information, that is, the network configuration equipment can process the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain the encrypted network configuration information, and then generates a second graphic code according to the encrypted network configuration information. Optionally, the first encryption algorithm is a symmetric encryption algorithm. Optionally, the first encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC (Cipher Block Chaining), AES128-GCM (Galois/Counter Mode), AES256-CMAC, AES256-CBC, AES256-GCM.
In one example, the method further comprises: and the equipment to be networked scans a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises network configuration information encrypted by using an information encryption key. The equipment to be networked scans the second image code to obtain the network configuration information encrypted by the information encryption key, and because the equipment to be networked determines the information decryption key based on the key calculation parameter, the equipment to be networked decrypts the network configuration information by using the information decryption key, and under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully obtains the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
To sum up, according to the technical solution provided in the embodiment of the present application, a key calculation parameter is added to a graphic code of a device to be networked, the device to be networked may determine an information decryption key using the key calculation parameter, a distribution network device may obtain an information encryption key through the key calculation parameter, and then the device to be networked may decrypt, using the information decryption key, network configuration information encrypted by the distribution network device using the information encryption key, only when the information encryption key is consistent with the information decryption key, the device to be networked may obtain the network configuration information, thereby implementing authentication of an identity of the device to be networked, and avoiding leakage of the network configuration information.
The following describes a calculation process of the information decryption key at the network device side and the information encryption key at the distribution network device side.
First, a description will be given of a calculation procedure of an information decryption key on the side of the device to be networked.
In one example, as shown in fig. 14, the method further includes the following steps:
step 1331, the device to be networked determines an information decryption key based on the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the information decryption key based on the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may process the key calculation parameter and the first device key by using a key generation algorithm, and optionally, the step 1331 includes: and the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain an information decryption key. Optionally, the second key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a calculation process of the information encryption key on the distribution network device side is described.
In one example, as shown in fig. 14, the method further includes the following steps:
step 1332, the distribution network device sends a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the information encryption key.
In order to enable the information encryption key generated by the distribution network equipment to be consistent with the information decryption key generated by the equipment to be networked, the calculation parameters of the information encryption key and the calculation parameters of the information decryption key need to be the same. The calculation parameters of the information decryption key include a key calculation parameter and a first device key, and therefore, the calculation parameters of the information encryption key should also include a key calculation parameter and a device key of the device to be networked. In general, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is held only by the device to be networked and a cloud platform of a device vendor of the device to be networked (i.e., a device cloud platform), and therefore, the information encryption key needs to be involved in computing by the device cloud platform.
The distribution network equipment scans the graphic code of the equipment to be networked, acquires the equipment identifier and/or the key calculation parameter of the equipment to be networked, and then sends a second acquisition request to the distribution network cloud platform to request for acquiring the information encryption key. The content of the second acquisition request is not limited in the embodiment of the application, and optionally, the second acquisition request includes a key calculation parameter and/or an equipment identifier of the equipment to be networked; or, the second obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 6, if the secure connection between the distribution network device and the distribution network cloud platform is not established, the distribution network device needs to establish the secure connection with the distribution network cloud platform first, and then sends the second acquisition request to the distribution network cloud platform.
In the embodiment of the application, in order to ensure the security of the device key of the device to be networked, the device key of the device to be networked is not held by the distribution network cloud platform, and therefore, after the distribution network cloud platform receives the second acquisition request, the information encryption key needs to be further acquired from the device cloud platform. That is, as shown in fig. 14, after the step 1332, the following steps are also included:
step 133A, the distribution network cloud platform determines the device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the second acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 133B, the distribution network cloud platform sends a fourth obtaining request to the device cloud platform, where the fourth obtaining request is used to request to obtain the information encryption key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a fourth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key to the distribution network cloud platform. The content of the fourth acquisition request is not limited in the embodiment of the present application, and optionally, the fourth acquisition request includes a key calculation parameter and/or an apparatus identifier of an apparatus to be networked; or, the fourth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 14, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends a fourth acquisition request to the device cloud platform.
Step 133C, the device cloud platform calculates the information encryption key.
Since the fourth acquisition request carries the key calculation parameter and/or the device identifier of the device to be networked, after receiving the fourth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is a device key of the device to be networked, which is stored by the device cloud platform, that is, the key K. In order to enable the information decryption key to be consistent with the information encryption key, the information decryption key should be calculated in a consistent manner with the information encryption key, and therefore, the device cloud platform should calculate the information encryption key in a manner similar to that of the device to be networked. Optionally, if the to-be-networked device calculates the information decryption key in step 1331, the process of calculating the information encryption key by the device cloud platform is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a second key generation algorithm to obtain an information encryption key. For an explanation on the introduction of the second key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 133D, the device cloud platform sends the information encryption key to the distribution network cloud platform.
After the device cloud platform calculates the information encryption key, the device cloud platform can send the information encryption key to the distribution network cloud platform.
Step 1334, the distribution network cloud platform sends the information encryption key to the distribution network device.
And after receiving the information encryption key, the distribution network cloud platform further sends the information encryption key to the distribution network equipment so as to respond to a second acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, the information encryption key and the information decryption key are only calculated based on the key calculation parameter and the device key of the device to be networked, and after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the information encryption key and the information decryption key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
To sum up, according to the technical scheme provided by the embodiment of the application, the to-be-networked device and the distribution network device respectively obtain the information decryption key and the information encryption key according to the key calculation parameter, the subsequent distribution network device uses the information encryption key to encrypt the network configuration information, the to-be-networked device uses the information decryption key to decrypt the network configuration information encrypted by the information encryption key, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked device can obtain the network configuration information, so that before the to-be-networked device obtains the network configuration information, the identity of the to-be-networked device is authenticated, the leakage of the network configuration information is avoided, and the security of the access point is improved. In addition, in the embodiment of the application, in order to fully ensure the security of the device key of the device to be networked, the information encryption key on the side of the distribution network device is calculated by the cloud platform corresponding to the device to be networked, so that the device key of the device to be networked is prevented from being revealed, and the validity of identity authentication is improved.
The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in fig. 15, the information processing method provided in the embodiment of the present application includes the following steps:
step 1500, the distribution network device scans a first graphic code of the device to be networked, the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the device to be networked to access the home WiFi network. The distribution network equipment scans the first graphic code of the equipment to be networked, and then the key calculation parameters and/or the equipment identification of the equipment to be networked can be obtained.
In step 1510, the distribution network device sends a second acquisition request to the distribution network cloud platform. The second acquisition request is for requesting acquisition of the information encryption key. The second acquisition request comprises a key calculation parameter and/or a device identifier of the device to be networked. Optionally, as shown in fig. 15, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then send a second acquisition request to the distribution network cloud platform.
Step 1520, the distribution network cloud platform determines a device cloud platform. The second acquisition request sent by the distribution network equipment to the distribution network cloud platform includes the equipment manufacturer name of the equipment to be networked, and then the distribution network cloud platform can determine the corresponding equipment cloud platform according to the equipment manufacturer name of the equipment to be networked.
Step 1530, the distribution network cloud platform sends a fourth obtaining request to the device cloud platform, where the fourth obtaining request is used to request to obtain the information encryption key. The fourth obtaining request comprises a key calculation parameter and/or a device identifier of the device to be networked. Optionally, as shown in fig. 15, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends a fourth acquisition request to the device cloud platform.
In step 1540, the device cloud platform computes the information encryption key. After receiving the fourth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked stored by the device cloud platform. And then, the device cloud platform processes the key calculation parameters and the second device key by adopting a second key generation algorithm to obtain an information encryption key.
Step 1550, the device cloud platform sends the information encryption key to the distribution network cloud platform.
Step 1560, the distribution network cloud platform sends the information encryption key to the distribution network device.
1570, the distribution network equipment processes the network configuration information by using a first encryption algorithm and an information encryption key to obtain encrypted network configuration information; and generating a second graphic code according to the encrypted network configuration information, and displaying the second graphic code.
And step 1580, the device to be networked calculates an information decryption key. And the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain an information decryption key.
1590, the device to be networked scans the second graphic code. The equipment to be networked scans the second image code to acquire the network configuration information encrypted by the information encryption key, and because the equipment to be networked determines the information decryption key based on the key calculation parameter, the equipment to be networked decrypts the network configuration information by using the information decryption key, and under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
It should be noted that, in the embodiment of the present application, the execution order of each step is not limited, and on the premise of meeting the logic requirement, each step may be combined in any execution order. For example, step 1580 may be executed before step 1500, or step 1580 may be executed after step 1540. All of which are intended to be within the scope of the present application.
Referring to fig. 16, a flowchart of an information processing method according to an embodiment of the present application is shown, where the method may be applied to the distribution network system shown in fig. 1. The method may include the steps of:
step 1610, the distribution network equipment displays a third graphic code, wherein the third graphic code comprises network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the network to access the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
The embodiment of the application also provides an information processing method for the scanning distribution network. The distribution network equipment firstly displays the third graphic code, and optionally, the third graphic code is represented as a two-dimensional code, a bar code and the like. In the embodiment of the present application, the third graphic code includes network configuration information encrypted by using an information encryption key, and a key calculation parameter. For the distribution network equipment side, the key calculation parameter is used for determining an information encryption key; for the device side to be networked, the key calculation parameter is used for determining the information decryption key. For the process of determining the information encryption key and the information decryption key, please refer to the following method embodiments, which are not described herein again.
The content of the key calculation parameter is not limited in the embodiment of the application, and optionally, the key calculation parameter includes a random number; alternatively, the key calculation parameter comprises a pre-configured value. Optionally, the key calculation parameter is generated by a device cloud platform (a cloud platform corresponding to the device to be networked). Optionally, the length of the key calculation parameter is greater than or equal to one byte. The determination time of the key calculation parameters is not limited, and optionally, the device cloud platform generates the key calculation parameters after receiving a request for obtaining the information encryption key; or, the device cloud platform generates a key calculation parameter in advance, and after subsequently receiving a request for obtaining the information encryption key, the device cloud platform calculates the information encryption key directly according to the key calculation parameter and the device key of the device to be networked.
In order to avoid leakage of the device key of the device to be networked, the information encryption key taking the device key of the device to be networked as a calculation parameter is calculated by the device cloud platform, and then the device cloud platform further sends the information encryption key and the key calculation parameter to the distribution network device through the distribution network cloud platform. After the distribution network device receives the information encryption key and the key calculation parameter, a third graphic code needs to be generated based on the information encryption key and the key calculation parameter, so that the device to be networked can scan the third graphic code. Thus, in one example, the method further comprises: the method comprises the steps that the distribution network equipment receives an information encryption key, a key calculation parameter and network configuration information from a distribution network cloud platform; and determining a third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
Optionally, the determining a third graphic code based on the information encryption key, the key calculation parameter, and the network configuration information includes: processing the network configuration information by adopting a second encryption algorithm and an information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating a third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter. Because the key calculation parameter is not encrypted by using the information encryption key, that is, the key calculation parameter is in a plaintext, the device to be networked can obtain the key calculation parameter by scanning the third graphic code. Optionally, the second encryption algorithm is a symmetric encryption algorithm. Optionally, the second encryption algorithm includes, but is not limited to, any of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, AES256-GCM.
Step 1620, the device to be networked scans the third graphic code displayed by the distribution network device.
And scanning the third graphic code displayed by the distribution network equipment by the equipment to be networked to obtain the key calculation parameter of the plaintext and the network configuration information encrypted by the information encryption key. Then, the device to be networked needs to further determine an information decryption key based on the key calculation parameter to decrypt the network configuration information encrypted by the information encryption key. For the process of determining the information decryption key by the device to be networked, please refer to the following method embodiments, which are not described herein again. In the embodiment of the application, the equipment to be networked successfully acquires the network configuration information under the condition that the information decryption key is consistent with the information encryption key; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter and the network configuration information encrypted by the information encryption key are added to the graphic code displayed by the distribution network equipment, and then the to-be-networked equipment scans the graphic code to obtain the key calculation parameter, so that the information decryption key is determined according to the key calculation parameter, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked equipment can obtain the network configuration information, so that the identity of the to-be-networked equipment is authenticated, and the network configuration information is prevented from being leaked. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
The following describes a calculation process of an information decryption key at a network device side and an information encryption key at a distribution network device side.
First, a description will be given of a calculation process of an information decryption key on the side of a device to be networked.
In one example, as shown in fig. 17, the method further includes the following steps:
step 1631, the device to be networked determines an information decryption key based on the key calculation parameter and the first device key.
The first device key is a device key of a device to be networked, which is preset in the device to be networked, that is, the key K. After the key calculation parameter and the first device key are made clear, the device to be networked can calculate the information decryption key based on the key calculation parameter and the first device key.
In this embodiment of the present application, the device to be networked may process the key calculation parameter and the first device key by using a key generation algorithm, and optionally, step 1631 includes: and the equipment to be accessed to the network processes the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain an information decryption key. Optionally, the third key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, 3DES algorithm.
Next, a description is given of a calculation process of the information encryption key on the distribution network device side.
In one example, as shown in fig. 17, the method further includes the following steps:
Step 1632, the distribution network device scans a fourth graphic code of the device to be networked, where the fourth graphic code includes a device identifier of the device to be networked.
The device to be networked can display the fourth graphic code, and optionally, the fourth graphic code is displayed in a screen of the device to be networked under the condition that the device to be networked has a screen display function; under the condition that the device to be networked does not have the screen display function, the fourth image code can be pasted on the surface of the device to be networked by a device manufacturer of the device to be networked or on a packaging box of the device to be networked, and the fourth image code is not limited by the embodiment of the application. Alternatively, the fourth graphic code is represented as a two-dimensional code, a barcode, or the like. In this embodiment of the application, the fourth graphic code includes an equipment identifier of the equipment to be networked. Optionally, the fourth graphic code further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. And the distribution network equipment can acquire the equipment identifier of the equipment to be networked by scanning the fourth graphic code.
Step 1633, the distribution network device sends a fifth obtaining request to the distribution network cloud platform, where the fifth obtaining request is used to request to obtain the information encryption key.
The information encryption key is obtained by the equipment cloud platform through calculation, so that the distribution network equipment can send a fifth obtaining request to the distribution network cloud platform under the condition that the information encryption key needs to be obtained, and the information encryption key can be further obtained through the distribution network cloud platform. The content of the fifth acquisition request is not limited in the embodiment of the application, and optionally, the fifth acquisition request includes a device identifier of a device to be networked; or, the fifth acquisition request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 17, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then sends a fifth acquisition request to the distribution network cloud platform.
Step 1634, the distribution network cloud platform determines the device cloud platform.
The distribution network cloud platform needs to determine an equipment cloud platform corresponding to equipment to be networked. Optionally, the second acquisition request sent by the distribution network device to the distribution network cloud platform includes a device vendor name of the device to be networked, and the distribution network cloud platform may determine the corresponding device cloud platform according to the device vendor name of the device to be networked.
Step 1635, the distribution network cloud platform sends a sixth acquisition request to the device cloud platform, where the sixth acquisition request is used to request to acquire the information encryption key.
After the device cloud platform corresponding to the device to be networked is determined, the distribution network cloud platform may further send a sixth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key to the distribution network cloud platform. In the embodiment of the present application, the content of the sixth acquisition request is not limited, and optionally, the sixth acquisition request includes a device identifier of a device to be networked; or, the sixth obtaining request further includes a device manufacturer name of the device to be networked, a device name of the device to be networked, a product serial number of the device to be networked, and the like. Optionally, as shown in fig. 17, if the secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish the secure connection with the device cloud platform first, and then sends a sixth acquisition request to the device cloud platform.
Step 1636, the device cloud platform calculates the information encryption key.
In this embodiment of the application, a device manufacturer of a device to be networked may uniquely assign a key K to the device to be networked, and pre-configure the key K to the device to be networked. Because the device identifier of the device to be networked is used for uniquely identifying the device to be networked, a one-to-one correspondence relationship exists between the device identifier of the device to be networked and the key K of the device to be networked. The device manufacturer of the device to be networked may upload the device identifier of the device to be networked and the key K of the device to be networked to a cloud platform of the device manufacturer (that is, a cloud platform corresponding to the device to be networked).
Since the sixth acquisition request carries the device identifier of the device to be networked, after receiving the sixth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked, that is, the key K, stored by the device cloud platform. In order to enable the information decryption key and the information encryption key to be consistent, the information decryption key and the information encryption key should be computed in a consistent manner, and therefore, the device cloud platform should compute the information encryption key in a manner of computing the information decryption key with the device to be networked. Optionally, if the to-be-networked device calculates the information decryption key in step 1631, the process of calculating the information encryption key by the cloud platform of the device is as follows: and the equipment cloud platform processes the key calculation parameters and the second equipment key by adopting a third key generation algorithm to obtain an information encryption key. For an explanation on the introduction of the third key generation algorithm, please refer to the above method embodiment, which is not described herein again.
Step 1637, the device cloud platform sends the information encryption key and the key calculation parameter to the distribution network cloud platform.
After the device cloud platform calculates the information encryption key, the device cloud platform can send the information encryption key and the key calculation parameter to the distribution network cloud platform.
Step 1638, the distribution network cloud platform sends the information encryption key to the distribution network device.
After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key and the key calculation parameter to the distribution network equipment so as to respond to a fifth acquisition request of the distribution network equipment.
It should be noted that, in the embodiment of the present application, the information encryption key and the information decryption key are only calculated based on the key calculation parameter and the device key of the device to be networked, and after understanding the technical solution of the present application, a person skilled in the art will easily think of calculating the access key by using other calculation parameters, such as calculating the information encryption key and the information decryption key by using the key calculation parameter, the device key of the device to be networked, and the device identifier of the device to be networked, which all fall within the protection scope of the present application.
In summary, according to the technical scheme provided by the embodiment of the application, the key calculation parameter is generated by the cloud platform corresponding to the device to be networked, and the information encryption key is determined according to the key calculation parameter and the device key of the device to be networked, so that the information encryption key and the key calculation parameter are further sent to the distribution network device, thereby avoiding disclosure of the device key of the device to be networked, and improving validity of identity authentication.
The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in fig. 18, the information processing method provided in the embodiment of the present application includes the following steps:
step 1801, the distribution network device scans the fourth graphic code of the device to be networked. The fourth graphic code comprises the device identification of the device to be networked. And the distribution network equipment scans the fourth graphic code of the equipment to be networked, so that the equipment identification of the equipment to be networked can be obtained.
Step 1802, the distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire an information encryption key. The fifth obtaining request comprises the device identification of the device to be accessed to the network. Optionally, as shown in fig. 18, if a secure connection is not established between the distribution network device and the distribution network cloud platform, the distribution network device needs to establish a secure connection with the distribution network cloud platform first, and then sends a fifth acquisition request to the distribution network cloud platform.
Step 1803, the distribution network cloud platform determines an equipment cloud platform. The fifth acquisition request sent by the distribution network device to the distribution network cloud platform includes the device manufacturer name of the device to be networked, and the distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be networked.
Step 1804, the distribution network cloud platform sends a sixth obtaining request to the device cloud platform, where the sixth obtaining request is used to request to obtain the information encryption key. The sixth obtaining request comprises the device identification of the device to be networked. Optionally, as shown in fig. 18, if a secure connection is not established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then sends a sixth acquisition request to the device cloud platform.
Step 1805, the device cloud platform calculates the information encryption key. After receiving the sixth acquisition request, the device cloud platform may determine a second device key according to the device identifier of the device to be networked, where the second device key is the device key of the device to be networked stored by the device cloud platform. And then, the device cloud platform processes the key calculation parameters and the second device key by adopting a third key generation algorithm to obtain an information encryption key.
Step 1806, the device cloud platform sends the information encryption key and the key calculation parameter to the distribution network cloud platform.
Step 1807, the distribution network cloud platform sends the information encryption key and the key calculation parameter to the distribution network device.
1808, the network configuration device processes the network configuration information by using a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by using the information encryption key; and generating a third graphic code according to the network configuration information encrypted by the information encryption key and the key calculation parameter, and displaying the third graphic code.
Step 1809, the device to be networked scans the third graphic code. And the equipment to be networked scans the third image code to obtain the network configuration information and the key calculation parameters encrypted by the information encryption key.
Step 1810, the device to be networked calculates an information decryption key. And the equipment to be networked determines an information decryption key based on the key calculation parameter and the first equipment key. Optionally, the device to be networked processes the key calculation parameter and the first device key by using a third key generation algorithm to obtain an information decryption key.
Step 1811, the device to be networked acquires the network configuration information. The device to be networked can adopt the network configuration information encrypted by the information encryption key and obtained before the calculated information decryption key is decrypted, and under the condition that the information decryption key is consistent with the information encryption key, the device to be networked successfully obtains the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
The information processing method provided by the embodiment of the application is introduced and explained from the perspective of interaction among the device to be networked, the network distribution device, the network distribution cloud platform and the device cloud platform. The steps executed by the equipment to be accessed can be independently realized as an information processing method on the side of the equipment to be accessed; the steps related to the distribution network equipment execution can be independently realized as an information processing method at the distribution network equipment side.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Referring to fig. 19, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 19, the apparatus 1900 may include: a beacon broadcast module 1910.
A beacon broadcasting module 1910 configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, as shown in fig. 20, the apparatus 1900 further comprises: a first key determination module 1920 configured to determine the first access key based on the key calculation parameter and the first device key.
In one example, as shown in fig. 20, the first key determination module 1920 is configured to: processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain the first access key.
In one example, as shown in fig. 20, the apparatus 1900 further comprises: an identity authentication module 1930, configured to perform the identity authentication with the distribution network device based on the first access key; the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and under the condition that the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, as shown in fig. 20, the apparatus 1900 further comprises: a configuration information receiving module 1940, configured to receive, when the identity authentication passes, network configuration information from the distribution network device, where the network configuration information is used to configure the device to be networked to access the second access point.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter is added to the beacon of the access point started by the device to be networked, and the key calculation parameter is used for determining the access key for performing the identity authentication between the device to be networked and the distribution network device, so that a basis is provided for performing the identity authentication between the device to be networked and the distribution network device, and the realization of the identity authentication between the subsequent device to be networked and the distribution network device is facilitated. In addition, in the embodiment of the application, the identity authentication between the equipment to be networked and the distribution network equipment is performed before the equipment to be networked acquires the network configuration information, that is, the equipment to be networked can acquire the network configuration information only under the condition that the identity authentication is passed, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
Referring to fig. 21, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 21, the apparatus 2100 may comprise: a beacon receiving module 2110.
The beacon receiving module 2110 is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, as shown in fig. 22, the apparatus 2100 further comprises: a first request sending module 2120, configured to send a first obtaining request to a distribution network cloud platform, where the first obtaining request is used to request to obtain a second access key; a key information receiving module 2130, configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
In one example, the access key information includes the second access key.
In one example, the access key information includes a second encryption key; as shown in fig. 22, the apparatus 2100 further comprises: the second key determining module 2140 is configured to process the second encryption key by using the first encoding manner, so as to obtain the second access key.
In an example, the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, as shown in fig. 22, the apparatus 2100 further comprises: the identity authentication module 2150 is configured to perform the identity authentication with the device to be networked based on the second access key; under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network, the identity authentication is passed; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, as shown in fig. 22, the apparatus 2100 further comprises: an accessing module 2160, configured to access the first access point if the identity authentication is passed.
In one example, as shown in fig. 22, the apparatus 2100 further comprises: a configuration information sending module 2170, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point.
To sum up, in the technical scheme provided in the embodiment of the present application, a key calculation parameter is added to a beacon of an access point started by a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and a distribution network device, so as to provide a basis for performing identity authentication between the device to be networked and the distribution network device, and facilitate the implementation of identity authentication between the subsequent device to be networked and the distribution network device. In addition, in the embodiment of the application, before the network configuration information is acquired by the equipment to be networked, the identity authentication between the equipment to be networked and the distribution network equipment, that is, the network configuration information can be acquired by the equipment to be networked only when the identity authentication passes, so that the risk of network configuration information leakage is reduced, and the security of the access point is improved. In addition, in the embodiment of the application, the identity authentication of the equipment to be networked and the distribution network equipment can be realized only by adding the key calculation parameter in the beacon of the access point started by the equipment to be networked, and compared with the prior art that the distribution network equipment needs to switch the access point back and forth to verify the identity of the equipment to be networked, the embodiment of the application simplifies the identity authentication process and improves the identity authentication efficiency.
Referring to fig. 23, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed to the network, and the function can be realized by hardware or by executing corresponding software by the hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 23, the apparatus 2300 may include: the first receiving module 2310.
A first receiving module 2310 is configured to receive first information from a distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In one example, as shown in fig. 24, the apparatus 2300 further comprises: a first key determining module 2320, configured to determine the first information key based on the key calculation parameter and the first device key.
In one example, as shown in fig. 24, the first key determining module 2320 is configured to: and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
In one example, the first information further includes network configuration information encrypted by using a second information key, where the network configuration information is used to configure the device to be networked to access a second access point; as shown in fig. 24, the apparatus 2300 further comprises: a first decrypting module 2330 configured to decrypt the network configuration information encrypted with the second information key using the first information key; under the condition that the first information key is consistent with the second information key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, as shown in fig. 24, the apparatus 2300 further comprises: a first encryption module 2340, configured to obtain first encryption information according to the first information key and the first reference information; the first information sending module 2350 is configured to send the first encrypted information to the distribution network device.
In one example, as shown in fig. 24, the first encryption module 2340 is configured to: and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
In one example, the first information further comprises second information encrypted with a second information key; as shown in fig. 24, the apparatus 2300 further comprises: a second decryption module 2360, configured to decrypt, with the first information key, the second information encrypted with the second information key to obtain third reference information; a third information sending module 2370, configured to send the third reference information to the distribution network device.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the network distribution device, where the key calculation parameter is used to calculate the information key, and the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the equipment to be networked can also be decoupled from the distribution network process, that is, the distribution network equipment sends the network configuration information to the equipment to be networked after the identity authentication of the equipment to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
Referring to fig. 25, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 25, the apparatus 2500 may include: a first transmit module 2510.
A first sending module 2510, configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
In one example, the first information further includes network configuration information encrypted by using a second information key, where the network configuration information is used to configure the device to be networked to access a second access point; as shown in fig. 26, the apparatus 2500 further includes: a first receiving module 2520, configured to receive the key calculation parameter and the second information key from the distribution network cloud platform; a second determining module 2530, configured to determine the first information based on the key calculation parameter, the second information key and the network configuration information.
In one example, as shown in fig. 26, the second determining module 2530 is configured to: processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key; and determining the first information based on the key calculation parameter and the network configuration information encrypted by adopting the second information key.
In one example, as shown in fig. 26, the apparatus 2500 further comprises: a first information receiving module 2540, configured to receive first encrypted information from the device to be networked, where the first encrypted information includes first reference information encrypted by using the first information key; a second information receiving module 2550, configured to receive second encrypted information from the distribution network cloud platform, where the second encrypted information includes second reference information encrypted by using a second information key; a configuration information sending module 2560, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point, when the first encryption information and the second encryption information are consistent.
In one example, as shown in fig. 26, the apparatus 2500 further comprises: a third information receiving module 2570, configured to receive the third reference information from the distribution network device; a fourth information receiving module 2580, configured to receive fourth reference information from the distribution network cloud platform; a configuration information sending module 2560, configured to send network configuration information to the device to be networked, where the network configuration information is used to configure the device to be networked to access the second access point, when the third reference information is consistent with the fourth reference information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In summary, in the technical solution provided in the embodiment of the present application, the key calculation parameter is sent to the device to be networked through the distribution network device, and the key calculation parameter is used to calculate the information key, where the information key may be used to decrypt data encrypted by the information key calculated by the device cloud platform or network configuration information encrypted by the information key calculated by the device cloud platform, and may also be used to encrypt the reference information. Under the condition that the information key calculated by the equipment to be networked is consistent with the information key calculated by the equipment cloud platform, the equipment to be networked can successfully analyze the network configuration information or data encrypted by the information key calculated by the equipment cloud platform, and then the equipment to be networked passes identity authentication and further acquires the network configuration information; or, under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the data respectively encrypted by the two information keys can be consistent, so that the device to be networked passes identity authentication, and further network configuration information is acquired. Therefore, the identity of the device to be accessed to the network is authenticated before the device to be accessed to the network accesses the wireless access point, so that the network configuration information corresponding to the wireless access point is prevented from being leaked, and the security of the wireless access point is improved.
In addition, in the embodiment of the application, the identity authentication process of the device to be networked can be coupled with the process of the distribution network, that is, the distribution network device directly encrypts the network configuration information by using the information key calculated by the device cloud platform, and under the condition that the information key calculated by the device to be networked is consistent with the information key calculated by the device cloud platform, the device to be networked can directly acquire the network configuration information, so that data traffic between the distribution network device and the device to be networked is reduced, and the processing overhead of the distribution network device and the device to be networked is reduced. In addition, in the embodiment of the application, the identity authentication process of the device to be networked can also be decoupled from the distribution network process, that is, the distribution network device sends network configuration information to the device to be networked after the identity authentication of the device to be networked passes, and the security of the network configuration information can be fully improved by decoupling the identity authentication process and the distribution network process.
Referring to fig. 27, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed, and the function can be realized by hardware or by executing corresponding software by hardware. The device may be the device to be networked introduced above, or may be disposed in the device to be networked. As shown in fig. 27, the apparatus 2700 may include: the first display module 2710.
The first display module 2710 is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an apparatus identifier of the apparatus to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network apparatus, and the network configuration information is used to configure the apparatus to be networked to access a second access point.
In one example, as shown in fig. 28, the apparatus 2700 further includes: a decryption key determining module 2720, configured to determine the information decryption key based on the key calculation parameter and the first device key.
In one example, as shown in fig. 28, the decryption key determining module 2720 is configured to: and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
In one example, as shown in fig. 28, the apparatus 2700 further includes: the first scanning module 2730 is configured to scan a second graphic code displayed by the distribution network device, where the second graphic code includes the network configuration information encrypted by using an information encryption key; under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the key calculation parameter has a length greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, by adding the key calculation parameter to the graphic code of the device to be networked, the device to be networked can determine the information decryption key by using the key calculation parameter, the distribution network device can obtain the information encryption key through the key calculation parameter, and then the device to be networked can decrypt the network configuration information encrypted by the distribution network device by using the information encryption key by using the information decryption key, only under the condition that the information encryption key is consistent with the information decryption key, the device to be networked can obtain the network configuration information, so that the identity of the device to be networked is authenticated, and the network configuration information is prevented from being leaked.
Referring to fig. 29, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 29, the apparatus 2900 may include: a second scan module 2910.
The second scanning module 2910 is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, as shown in fig. 30, the apparatus 2900 further comprises: a second request sending module 2920, configured to send a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the information encryption key; an encryption key receiving module 2930, configured to receive the information encryption key from the distribution network cloud platform.
In an example, the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, as shown in fig. 30, the apparatus 2900 further comprises: a graphic code determination module 2940, configured to determine a second graphic code based on the network configuration information and the information encryption key; and a second display module 2950, configured to display the second graphic code.
In one example, as shown in fig. 30, the graphic code determination module 2940 is configured to: processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information; and generating the second graphic code according to the encrypted network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the key calculation parameter has a length greater than or equal to one byte.
To sum up, according to the technical solution provided in the embodiment of the present application, a key calculation parameter is added to a graphic code of a device to be networked, the device to be networked may determine an information decryption key using the key calculation parameter, a distribution network device may obtain an information encryption key through the key calculation parameter, and then the device to be networked may decrypt, using the information decryption key, network configuration information encrypted by the distribution network device using the information encryption key, only when the information encryption key is consistent with the information decryption key, the device to be networked may obtain the network configuration information, thereby implementing authentication of an identity of the device to be networked, and avoiding leakage of the network configuration information.
Referring to fig. 31, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the device side to be accessed to the network, and the function can be realized by hardware or by executing corresponding software by the hardware. The device may be the above-described device to be networked, or may be provided in the device to be networked. As shown in fig. 31, the apparatus 3100 may include: a third scan module 3110.
A third scanning module 3110, configured to scan a third graphic code displayed by the distribution network device, where the third graphic code includes network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, as shown in fig. 32, the apparatus 3100 further comprises: a decryption key determining module 3120 configured to determine the information decryption key based on the key calculation parameter and the first device key.
In one example, as shown in fig. 32, the decryption key determination module 3120 is configured to: and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
In an example, when the information decryption key is consistent with the information encryption key, the device to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical scheme provided by the embodiment of the application, the key calculation parameter and the network configuration information encrypted by the information encryption key are added to the graphic code displayed by the distribution network equipment, and then the to-be-networked equipment scans the graphic code to obtain the key calculation parameter, so that the information decryption key is determined according to the key calculation parameter, and only under the condition that the information encryption key is consistent with the information decryption key, the to-be-networked equipment can obtain the network configuration information, so that the identity of the to-be-networked equipment is authenticated, and the network configuration information is prevented from being leaked. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
Referring to fig. 33, a block diagram of an information processing apparatus according to an embodiment of the present application is shown. The device has the function of realizing the method example of the distribution network equipment side, and the function can be realized by hardware or by executing corresponding software by the hardware. The device can be the distribution network equipment introduced above, and can also be arranged in the distribution network equipment. As shown in fig. 33, the apparatus 3300 may include: a third display module 3310.
A third display module 3310, configured to display a third graphical code, where the third graphical code includes network configuration information encrypted by using an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, as shown in fig. 34, the apparatus 3300 further comprises: the information receiving module 3320 is configured to receive the information encryption key, the key calculation parameter and the network configuration information from the distribution network cloud platform; a graphic code determining module 3330, configured to determine the third graphic code based on the information encryption key, the key calculation parameter, and the network configuration information.
In one example, as shown in fig. 34, the graphical code determination module 3330 is configured to: processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating the third graphic code based on the network configuration information encrypted by the information encryption key and the key calculation parameter.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
To sum up, according to the technical solution provided by the embodiment of the present application, a secret key calculation parameter and network configuration information encrypted by using an information encryption secret key are added to a graphic code displayed by a distribution network device, and then a device to be networked scans the graphic code to obtain the secret key calculation parameter, so that an information decryption secret key is determined according to the secret key calculation parameter, and only under the condition that the information encryption secret key and the information decryption secret key are consistent, the device to be networked can obtain the network configuration information, thereby realizing authentication of the identity of the device to be networked, and avoiding leakage of the network configuration information. In addition, in the embodiment of the application, especially for a code scanning distribution network mode, a key calculation parameter is generated by the device cloud platform, and the key calculation parameter is further added to the displayed graphic code through the distribution network device, so that the device to be networked can be conveniently scanned and obtained.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the above functional modules is illustrated, and in practical applications, the above functions may be distributed by different functional modules according to actual needs, that is, the content structure of the device is divided into different functional modules, so as to complete all or part of the functions described above.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
Referring to fig. 35, a schematic structural diagram of a device to be networked 350 according to an embodiment of the present application is shown, for example, the device to be networked may be used to execute the method for processing information on the device to be networked side. Specifically, the device to be networked 350 may include: a processor 351, and a transceiver 352 connected to the processor 351; wherein:
the processor 351 includes one or more processing cores, and the processor 351 executes various functional applications and information processing by running software programs and modules.
The transceiver 352 includes a receiver and a transmitter. Optionally, the transceiver 352 is a communication chip.
In one example, the device to be networked 350 further includes: a memory and a bus. The memory is connected with the processor through a bus. The memory may be configured to store a computer program, and the processor is configured to execute the computer program to implement the steps performed by the device to be networked in the foregoing method embodiment.
Further, the memory may be implemented by any type or combination of volatile or non-volatile storage devices, including, but not limited to: RAM (Random-Access Memory) and ROM (Read-Only Memory), EPROM (Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other solid state storage technology, CD-ROM (Compact Disc Read-Only Memory), DVD (Digital Video Disc) or other optical storage, magnetic tape cartridge, magnetic tape, magnetic disk storage or other magnetic storage devices. Wherein:
in a possible implementation manner, the transceiver 352 is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, the processor 351 is configured to: a first access key is determined based on the key calculation parameter and the first device key.
In one example, the processor 351 is configured to: processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key; and processing the first encryption key by adopting a first coding mode to obtain the first access key.
In one example, the processor 351 is configured to: performing the identity authentication with the distribution network equipment based on the first access key; the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and when the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameters and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the key calculation parameter has a length greater than or equal to one byte.
In one example, the transceiver 352 is configured to: and receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access a second access point.
In another possible embodiment, the processor 351 is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, the processor 351 is configured to: determining the information decryption key based on the key calculation parameter and the first device key.
In one example, the processor 351 is configured to: and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
In one example, the processor 351 is configured to: scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key; under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In yet another possible embodiment, the processor 351 is configured to scan a third graphic code displayed by the distribution network device, where the third graphic code includes the network configuration information and the key calculation parameter encrypted by the information encryption key; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, the processor 351 is further configured to: determining the information decryption key based on the key calculation parameter and the first device key.
In one example, the processor 351 is further configured to: and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
In an example, when the information decryption key is consistent with the information encryption key, the device to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key calculation parameter has a length greater than or equal to one byte. In a further possible embodiment, the transceiver 352 is configured to receive a first message from a distribution network device, where the first message includes a key calculation parameter and a second message encrypted by using a message encryption key, the key calculation parameter is used to determine a message decryption key, and the message decryption key is used to decrypt the second message encrypted by using the message encryption key.
In one example, the processor 351 is configured to: determining the information decryption key based on the key calculation parameter and the first device key.
In one example, the processor 351 is configured to: and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the information decryption key.
In one example, the second information includes first reference information; the processor 351 is configured to decrypt, by using the information decryption key, the second information encrypted by using the information encryption key, so as to obtain the first reference information; the transceiver 352 is configured to receive network configuration information from the distribution network device when the first reference information and the second reference information are consistent, where the network configuration information is used to configure the device to be networked to access the second access point.
In one example, the second information includes network configuration information, where the network configuration information is used to configure the device to be networked to access a second access point; under the condition that the information encryption key is consistent with the information decryption key, the equipment to be accessed to the network successfully acquires the network configuration information; and under the condition that the information encryption key is inconsistent with the information decryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
Referring to fig. 36, a schematic structural diagram of a distribution network device 360 provided in an embodiment of the present application is shown, for example, the distribution network device may be used to execute the distribution network device side information processing method. Specifically, the distribution network device 360 may include: a processor 361, and a transceiver 362 connected to the processor 361; wherein:
the processor 361 includes one or more processing cores, and the processor 361 executes various functional applications and information processing by running software programs and modules.
The transceiver 362 includes a receiver and a transmitter. Optionally, the transceiver 362 is a communication chip.
In one example, the distribution network device 360 further includes: a memory and a bus. The memory is connected with the processor through a bus. The memory may be used for storing a computer program, and the processor may be used for executing the computer program to implement the steps performed by the distribution network device in the above-described method embodiments.
Further, the memory may be implemented by any type or combination of volatile or non-volatile storage devices, including, but not limited to: RAM and ROM, EPROM, EEPROM, flash memory or other solid state storage technologies, CD-ROM, DVD or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Wherein:
In a possible implementation manner, the transceiver 362 is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
In one example, the transceiver 362 is configured to: sending a first acquisition request to a distribution network cloud platform, wherein the first acquisition request is used for requesting to acquire a second access key; and receiving access key information from the distribution network cloud platform, wherein the access key information is used for determining the second access key.
In one example, the access key information includes the second access key.
In one example, the processor 361 is configured to: and processing the second encryption key by adopting a first coding mode to obtain the second access key.
In an example, the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the processor 361 is configured to: based on the second access key, the identity authentication is executed between the device to be accessed to the network and the second access key; the identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be networked, the identity authentication is not passed.
In one example, the beacon includes at least one of the following fields: BSSID field, SSID field, custom field; the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked; or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked; or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In one example, the processor 361 is configured to: and accessing the first access point under the condition that the identity authentication is passed.
In one example, the transceiver 362 is configured to: and sending network configuration information to the equipment to be accessed to the network, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
In another possible implementation manner, the processor 361 is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
In one example, the transceiver 362 is configured to: sending a second acquisition request to a distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key; and receiving the information encryption key from the distribution network cloud platform.
In an example, the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
In one example, the processor 361 is configured to: determining a second graphic code based on the network configuration information and the information encryption key; and displaying the second graphic code.
In one example, the processor 361 is configured to: processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information; and generating the second graphic code according to the encrypted network configuration information.
In one example, the key calculation parameter comprises a random number.
In one example, the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
In one example, the key calculation parameter has a length greater than or equal to one byte.
In yet another possible implementation, the processor 361 is configured to display a third graphic code, where the third graphic code includes network configuration information encrypted by an information encryption key and a key calculation parameter; the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
In one example, the processor 361 is further configured to: receiving the information encryption key, the key calculation parameter and the network configuration information from a distribution network cloud platform; and determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
In one example, the processor 361 is further configured to: processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and generating the third graphic code based on the network configuration information encrypted by the information encryption key and the key calculation parameter.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
In a further possible implementation manner, the transceiver 362 is configured to send first information to a device to be networked, where the first information includes a key calculation parameter and second information encrypted with an information encryption key, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the second information encrypted with the information encryption key.
In one example, the second information includes first reference information; the method further comprises the following steps: the transceiver 362 is configured to receive the key calculation parameter and the second information encrypted by using the information encryption key from the distribution network cloud platform; the processor 361 is configured to determine the first information based on the key calculation parameter and the second information encrypted by using the information encryption key.
In one example, the second information includes network configuration information, where the network configuration information is used to configure the device to be networked to access a second access point; the transceiver 362 is configured to receive the key calculation parameter and the information encryption key from the distribution network cloud platform; the processor 361 is configured to determine the first information based on the key calculation parameter, the information encryption key, and the network configuration information.
In one example, the processor 361 is configured to: processing the network configuration information by adopting a third encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key; and determining the first information based on the key calculation parameter and the network configuration information encrypted by adopting the information encryption key.
In one example, the key calculation parameter comprises a random number.
In one example, the length of the key calculation parameter is greater than or equal to one byte.
The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used for being executed by a processor of a device to be networked to implement the method for processing information on the device side to be networked.
The embodiment of the application also provides a computer-readable storage medium, in which a computer program is stored, and the computer program is used for being executed by a processor of the distribution network equipment to implement the distribution network equipment side information processing method.
The embodiment of the application further provides a chip, which comprises a programmable logic circuit and/or a program instruction, and when the chip runs on the device to be networked, the chip is used for realizing the information processing method on the device to be networked.
The embodiment of the application also provides a chip, which comprises a programmable logic circuit and/or a program instruction, and when the chip runs on the distribution network equipment, the chip is used for realizing the distribution network equipment side information processing method.
The embodiment of the present application further provides a computer program product, which is used for implementing the information processing method at the side of the device to be networked as described above when the computer program product runs on the device to be networked.
The embodiment of the application also provides a computer program product, and when the computer program product runs on the distribution network equipment, the method is used for realizing the distribution network equipment side information processing method.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (132)

  1. An information processing method is applied to a device to be networked, and the method comprises the following steps:
    and broadcasting a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
  2. The method of claim 1, further comprising:
    a first access key is determined based on the key calculation parameter and the first device key.
  3. The method of claim 2, wherein determining the first access key based on the key calculation parameter and the first device key comprises:
    processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key;
    and processing the first encryption key by adopting a first coding mode to obtain the first access key.
  4. The method of claim 2 or 3, wherein after determining the first access key based on the key calculation parameter and the first device key, further comprising:
    performing the identity authentication with the distribution network equipment based on the first access key;
    the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and when the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
  5. The method according to any of claims 1 to 4, wherein the beacon comprises at least one of the following fields: basic service set identification BSSID field, service set identification SSID field and custom field;
    the BSSID field comprises the key calculation parameters and/or the equipment identification of the equipment to be networked;
    or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
    or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
  6. The method according to any of claims 1 to 5, wherein the key calculation parameter comprises a random number.
  7. The method according to any one of claims 1 to 6, wherein the length of the key calculation parameter is greater than or equal to one byte.
  8. The method according to any one of claims 1 to 7, further comprising:
    and receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access a second access point.
  9. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
    receiving a beacon of a first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
  10. The method of claim 9, further comprising:
    sending a first acquisition request to a distribution network cloud platform, wherein the first acquisition request is used for requesting to acquire a second access key;
    and receiving access key information from the distribution network cloud platform, wherein the access key information is used for determining the second access key.
  11. The method of claim 10, wherein the access key information comprises the second access key.
  12. The method of claim 10, wherein the access key information comprises a second encryption key; after receiving the access key information from the distribution network cloud platform, the method further includes:
    and processing the second encryption key by adopting a first coding mode to obtain the second access key.
  13. The method according to any one of claims 10 to 12, wherein the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be networked.
  14. The method according to any one of claims 10 to 13, wherein after receiving the access key information from the distribution network cloud platform, the method further comprises:
    based on the second access key, the identity authentication is executed between the second access key and the equipment to be networked;
    under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network, the identity authentication is passed; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be networked, the identity authentication is not passed.
  15. The method according to any of claims 9 to 14, wherein the beacon comprises at least one of the following fields: basic service set identification BSSID field, service set identification SSID field and custom field;
    the BSSID field comprises the key calculation parameters and/or the equipment identification of the equipment to be networked;
    or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
    or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
  16. The method according to any of claims 9 to 15, wherein the key calculation parameter comprises a random number.
  17. The method according to any one of claims 9 to 16, wherein the length of the key calculation parameter is greater than or equal to one byte.
  18. The method according to any one of claims 9 to 17, further comprising:
    and accessing the first access point under the condition that the identity authentication is passed.
  19. The method of claim 18, wherein after accessing the first access point, further comprising:
    and sending network configuration information to the equipment to be accessed to the network, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
  20. An information processing method is applied to a device to be networked, and the method comprises the following steps:
    displaying a first graphic code, wherein the first graphic code comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used for determining an information decryption key, the information decryption key is used for decrypting network configuration information from distribution network equipment, and the network configuration information is used for configuring the equipment to be networked to access a second access point.
  21. The method of claim 20, further comprising:
    determining the information decryption key based on the key calculation parameter and the first device key.
  22. The method of claim 21, wherein determining an information decryption key based on the key calculation parameter and the first device key comprises:
    and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
  23. The method of any one of claims 20 to 22, further comprising:
    scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key;
    Under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
  24. The method according to any one of claims 20 to 23, wherein the key calculation parameter comprises a random number.
  25. The method according to any of claims 20 to 24, wherein the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
  26. The method according to any one of claims 20 to 25, wherein the length of the key calculation parameter is greater than or equal to one byte.
  27. An information processing method is applied to distribution network equipment, and is characterized by comprising the following steps:
    scanning a first graphic code of a device to be networked, wherein the first graphic code comprises a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used for determining an information encryption key, the information encryption key is used for encrypting network configuration information, and the network configuration information is used for configuring the device to be networked to access a second access point.
  28. The method of claim 27, further comprising:
    sending a second acquisition request to a distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key;
    and receiving the information encryption key from the distribution network cloud platform.
  29. The method according to claim 28, wherein the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
  30. The method of any one of claims 27 to 29, further comprising:
    determining a second graphic code based on the network configuration information and the information encryption key;
    and displaying the second graphic code.
  31. The method of claim 30, wherein determining a second graphical code based on the network configuration information and the information encryption key comprises:
    processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information;
    and generating the second graphic code according to the encrypted network configuration information.
  32. The method according to any one of claims 27 to 31, wherein the key calculation parameter comprises a random number.
  33. The method according to any one of claims 27 to 32, wherein the key computation parameters are preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be networked.
  34. The method according to any one of claims 27 to 33, wherein the length of the key calculation parameter is greater than or equal to one byte.
  35. An information processing method is applied to a device to be networked, and the method comprises the following steps:
    scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  36. The method of claim 35, wherein after scanning the third graphic code displayed by the distribution network device, further comprising:
    determining the information decryption key based on the key calculation parameter and the first device key.
  37. The method of claim 36, wherein determining the information decryption key based on the key calculation parameter and the first device key comprises:
    and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
  38. The method of any one of claims 35 to 37,
    under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information;
    and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
  39. The method according to any one of claims 35 to 38, wherein the key calculation parameter comprises a random number.
  40. The method according to any one of claims 35 to 39, wherein the length of the key calculation parameter is greater than or equal to one byte.
  41. An information processing method is applied to distribution network equipment, and is characterized by comprising the following steps:
    displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    The network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  42. The method of claim 41, further comprising:
    receiving the information encryption key and the key calculation parameter from the distribution network cloud platform;
    and determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
  43. The method according to claim 42, wherein said determining the third graphical code based on the information encryption key, the key calculation parameter, and the network configuration information comprises:
    processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key;
    and generating the third graphic code based on the network configuration information encrypted by the information encryption key and the key calculation parameter.
  44. The method according to any one of claims 41 to 43, wherein the key calculation parameter comprises a random number.
  45. The method according to any one of claims 41 to 44, wherein the length of the key calculation parameter is greater than or equal to one byte.
  46. An information processing method is applied to a device to be networked, and the method comprises the following steps:
    first information from distribution network equipment is received, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
  47. The method of claim 46, wherein after receiving the first information from the distribution network device, further comprising:
    determining the first information key based on the key calculation parameter and the first device key.
  48. The method of claim 47, wherein determining the first information key based on the key computation parameter and the first device key comprises:
    and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
  49. The method according to any one of claims 46 to 48, wherein the first information further comprises network configuration information encrypted by using a second information key, the network configuration information being used for configuring the device to be networked to access a second access point; after receiving the first information from the distribution network device, the method further includes:
    Decrypting the network configuration information encrypted by the second information key by using the first information key;
    under the condition that the first information key is consistent with the second information key, the equipment to be networked successfully acquires the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
  50. The method of any of claims 46 to 48, wherein after receiving the first information from the distribution network device, further comprising:
    obtaining first encryption information based on the first information key and first reference information;
    and sending the first encryption information to the distribution network equipment.
  51. The method according to claim 50, wherein said deriving first encryption information based on the first information key and first reference information comprises:
    and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
  52. The method according to any one of claims 46 to 48, wherein the first information further comprises second information encrypted with a second information key; after receiving the first information from the distribution network device, the method further includes:
    Decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information;
    and sending the third reference information to the distribution network equipment.
  53. The method according to any one of claims 46 to 52, wherein the key calculation parameter comprises a random number.
  54. The method according to any one of claims 46 to 53, wherein the length of the key calculation parameter is greater than or equal to one byte.
  55. An information processing method is applied to distribution network equipment, and the method comprises the following steps:
    and sending first information to the equipment to be accessed to the network, wherein the first information comprises a key calculation parameter which is used for determining a first information key.
  56. The method according to claim 55, wherein the first information further includes network configuration information encrypted by using a second information key, the network configuration information being used to configure the device to be networked to access a second access point; the method further comprises the following steps:
    receiving the key calculation parameters and the second information key from the distribution network cloud platform;
    determining the first information based on the key calculation parameter, the second information key, and the network configuration information.
  57. The method of claim 56, wherein determining the first information based on the key calculation parameter, the second information key, and the network configuration information comprises:
    processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key;
    and determining the first information based on the key calculation parameter and the network configuration information encrypted by adopting the second information key.
  58. The method of any one of claims 55 to 57, further comprising:
    receiving first encryption information from the equipment to be networked, wherein the first encryption information comprises first reference information encrypted by the first information key;
    receiving second encrypted information from the distribution network cloud platform, wherein the second encrypted information comprises second reference information encrypted by a second information key;
    and sending network configuration information to the equipment to be accessed to the network under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to the second access point.
  59. The method of any one of claims 55 to 57, further comprising:
    receiving the third reference information from the device to be networked;
    receiving fourth reference information from a distribution network cloud platform;
    and sending network configuration information to the device to be accessed under the condition that the third reference information and the fourth reference information are consistent, wherein the network configuration information is used for configuring the device to be accessed to access a second access point.
  60. The method according to any one of claims 55 to 59, wherein said key calculation parameter comprises a random number.
  61. The method according to any of claims 55 to 60, wherein the length of the key calculation parameter is greater than or equal to one byte.
  62. An information processing apparatus provided in a device to be networked, the apparatus comprising:
    and the beacon broadcasting module is used for broadcasting a beacon of the first access point, the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
  63. The apparatus of claim 62, further comprising:
    a first key determination module to determine a first access key based on the key calculation parameter and a first device key.
  64. The apparatus of claim 63, wherein the first key determination module is configured to:
    processing the key calculation parameter and the first equipment key by adopting a first key generation algorithm to obtain a first encryption key;
    and processing the first encryption key by adopting a first coding mode to obtain the first access key.
  65. The apparatus of claim 63 or 64, further comprising:
    the identity authentication module is used for executing the identity authentication with the distribution network equipment based on the first access key;
    the identity authentication is passed under the condition that the first access key is consistent with a second access key determined by the distribution network equipment; and when the first access key is inconsistent with a second access key determined by the distribution network equipment, the identity authentication is not passed.
  66. The apparatus according to any one of claims 62 to 65, wherein the beacon comprises at least one of the following fields: basic service set identification BSSID field, service set identification SSID field and custom field;
    The BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
    or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
    or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
  67. The apparatus according to any one of claims 62 to 66, wherein the key calculation parameter comprises a random number.
  68. The apparatus according to any one of claims 62 to 67, wherein the length of the key calculation parameter is greater than or equal to one byte.
  69. The apparatus of any one of claims 62 to 68, further comprising:
    and the configuration information receiving module is used for receiving network configuration information from the distribution network equipment under the condition that the identity authentication is passed, wherein the network configuration information is used for configuring the equipment to be networked to access the second access point.
  70. An information processing apparatus provided in a distribution network device, the apparatus comprising:
    the beacon receiving module is used for receiving a beacon of the first access point, wherein the beacon comprises a key calculation parameter and/or an equipment identifier of the equipment to be networked, and the key calculation parameter is used for determining an access key for performing identity authentication between the equipment to be networked and the distribution network equipment.
  71. The apparatus of claim 70, further comprising:
    the first request sending module is used for sending a first obtaining request to the distribution network cloud platform, wherein the first obtaining request is used for requesting to obtain a second access key;
    and the key information receiving module is used for receiving access key information from the distribution network cloud platform, and the access key information is used for determining the second access key.
  72. The apparatus of claim 71, wherein the access key information comprises the second access key.
  73. The apparatus of claim 71, wherein the access key information comprises a second encryption key; the device further comprises:
    and the second key determining module is used for processing the second encryption key by adopting a first coding mode to obtain the second access key.
  74. The apparatus according to any one of claims 71 to 73, wherein the first obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
  75. The apparatus of any one of claims 71 to 74, further comprising:
    The identity authentication module is used for executing the identity authentication with the equipment to be accessed to the network based on the second access key;
    the identity authentication is passed under the condition that the second access key is consistent with the first access key determined by the equipment to be accessed to the network; and under the condition that the second access key is inconsistent with the first access key determined by the equipment to be accessed, the identity authentication is not passed.
  76. The apparatus according to any of claims 70-75, wherein the beacon comprises at least one of the following fields: basic service set identification BSSID field, service set identification SSID field and custom field;
    the BSSID field comprises the key calculation parameter and/or the equipment identification of the equipment to be networked;
    or the SSID field comprises the key calculation parameter and/or the equipment identifier of the equipment to be networked;
    or, the custom field includes the key calculation parameter and/or the device identifier of the device to be networked.
  77. The apparatus according to any one of claims 70 to 76, wherein the key calculation parameter comprises a random number.
  78. The apparatus according to any of claims 70 to 77, wherein the length of the key calculation parameter is greater than or equal to one byte.
  79. The apparatus of any one of claims 70 to 78, further comprising:
    and the access module is used for accessing the first access point under the condition that the identity authentication is passed.
  80. The apparatus of claim 79, further comprising:
    and the configuration information sending module is used for sending network configuration information to the equipment to be accessed to the network, and the network configuration information is used for configuring the equipment to be accessed to the second access point.
  81. An information processing apparatus provided in a device to be networked, the apparatus comprising:
    the first display module is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or an equipment identifier of the equipment to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from the distribution network equipment, and the network configuration information is used to configure the equipment to be networked to access the second access point.
  82. The apparatus as claimed in claim 81, further comprising:
    and the decryption key determining module is used for determining the information decryption key based on the key calculation parameter and the first equipment key.
  83. The apparatus according to claim 82, wherein said decryption key determining module is configured to:
    and processing the key calculation parameter and the first equipment key by adopting a second key generation algorithm to obtain the information decryption key.
  84. The apparatus of any one of claims 81 to 83, further comprising:
    the first scanning module is used for scanning a second graphic code displayed by the distribution network equipment, wherein the second graphic code comprises the network configuration information encrypted by an information encryption key;
    under the condition that the information decryption key is consistent with the information encryption key, the equipment to be networked successfully acquires the network configuration information; and under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
  85. The apparatus of any one of claims 81 to 84 wherein the key calculation parameter comprises a random number.
  86. The apparatus of any of claims 81 to 85, wherein the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
  87. The apparatus of any one of claims 81 to 86 wherein the key calculation parameter is greater than or equal to one byte in length.
  88. An information processing apparatus provided in a distribution network device, the apparatus comprising:
    the second scanning module is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
  89. The apparatus as claimed in claim 88 wherein the apparatus further comprises:
    the second request sending module is used for sending a second acquisition request to the distribution network cloud platform, wherein the second acquisition request is used for requesting to acquire the information encryption key;
    and the encryption key receiving module is used for receiving the information encryption key from the distribution network cloud platform.
  90. The apparatus according to claim 89, wherein the second obtaining request includes the key calculation parameter and/or the device identifier of the device to be networked.
  91. The apparatus of any one of claims 88 to 90, further comprising:
    the graphic code determining module is used for determining a second graphic code based on the network configuration information and the information encryption key;
    and the second display module is used for displaying the second graphic code.
  92. The apparatus as claimed in claim 91, wherein the graphic code determination module is configured to:
    processing the network configuration information by adopting a first encryption algorithm and the information encryption key to obtain encrypted network configuration information;
    and generating the second graphic code according to the encrypted network configuration information.
  93. The apparatus according to any one of claims 88 to 92, wherein said key calculation parameter comprises a random number.
  94. The apparatus of any one of claims 88 to 93, wherein the key computation parameters are preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be networked.
  95. The apparatus according to any one of claims 88 to 94, wherein the length of the key calculation parameter is greater than or equal to one byte.
  96. An information processing apparatus provided in a device to be networked, the apparatus comprising:
    The third scanning module is used for scanning a third graphic code displayed by the distribution network equipment, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  97. The apparatus of claim 96, further comprising:
    and the decryption key determining module is used for determining the information decryption key based on the key calculation parameter and the first equipment key.
  98. The apparatus according to claim 97, wherein said decryption key determining module is configured to:
    and processing the key calculation parameter and the first equipment key by adopting a third key generation algorithm to obtain the information decryption key.
  99. The device of any one of claims 96 to 98,
    under the condition that the information decryption key is consistent with the information encryption key, the equipment to be accessed to the network successfully acquires the network configuration information;
    And under the condition that the information decryption key is inconsistent with the information encryption key, the equipment to be accessed to the network fails to acquire the network configuration information.
  100. The apparatus according to any one of claims 96 to 99, wherein the key calculation parameter comprises a random number.
  101. The apparatus according to any one of claims 96 to 100, wherein the length of the key calculation parameter is greater than or equal to one byte.
  102. An information processing apparatus provided in a distribution network device, the apparatus comprising:
    the third display module is used for displaying a third graphic code, wherein the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  103. The apparatus of claim 102, further comprising:
    the information receiving module is used for receiving the information encryption key and the key calculation parameter from the distribution network cloud platform;
    And the graphic code determining module is used for determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
  104. The apparatus according to claim 103, wherein the graphic code determining module is configured to:
    processing the network configuration information by adopting a second encryption algorithm and the information encryption key to obtain the network configuration information encrypted by adopting the information encryption key;
    and generating the third graphic code based on the network configuration information encrypted by the information encryption key and the key calculation parameter.
  105. The apparatus according to any one of claims 102 to 104, wherein said key calculation parameter comprises a random number.
  106. The apparatus according to any one of claims 102 to 105, wherein the length of the key calculation parameter is greater than or equal to one byte.
  107. An information processing apparatus provided in a device to be networked, the apparatus comprising:
    the first receiving module is used for receiving first information from distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
  108. The apparatus as claimed in claim 107, further comprising:
    a first key determination module to determine the first information key based on the key calculation parameter and the first device key.
  109. The apparatus of claim 108, wherein the first key determination module is configured to:
    and processing the key calculation parameter and the first equipment key by adopting a fourth key generation algorithm to obtain the first information key.
  110. The apparatus according to any one of claims 107 to 109, wherein the first information further comprises network configuration information encrypted with a second information key, the network configuration information being used to configure the device to be networked to access a second access point; the device further comprises:
    the first decryption module is used for decrypting the network configuration information encrypted by the second information key by using the first information key;
    under the condition that the first information key is consistent with the second information key, the equipment to be networked successfully acquires the network configuration information; and under the condition that the first information key is inconsistent with the second information key, the equipment to be accessed to the network fails to acquire the network configuration information.
  111. The apparatus of any one of claims 107 to 109, further comprising:
    the first encryption module is used for obtaining first encryption information based on the first information key and the first reference information;
    and the first information sending module is used for sending the first encrypted information to the distribution network equipment.
  112. The apparatus according to claim 111, wherein the first encryption module is configured to:
    and processing the first reference information by adopting a third encryption algorithm and the first information key to obtain the first encryption information.
  113. The apparatus according to any one of claims 107 to 109, wherein the first information further comprises second information encrypted with a second information key; the device further comprises:
    the second decryption module is used for decrypting the second information encrypted by the second information key by using the first information key to obtain third reference information;
    and the third information sending module is used for sending the third reference information to the distribution network equipment.
  114. The apparatus according to any one of claims 107 to 113, wherein the key calculation parameter comprises a random number.
  115. The apparatus according to any one of claims 107 to 114, wherein the length of the key calculation parameter is greater than or equal to one byte.
  116. An information processing apparatus provided in a distribution network device, the apparatus comprising:
    the device comprises a first sending module and a second sending module, wherein the first sending module is used for sending first information to the device to be accessed to the network, the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
  117. The apparatus according to claim 116, wherein the first information further includes network configuration information encrypted by using a second information key, and the network configuration information is used to configure the device to be networked to access a second access point; the device further comprises:
    the first receiving module is used for receiving the key calculation parameters and the second information key from the distribution network cloud platform;
    a second determining module to determine the first information based on the key calculation parameter, the second information key, and the network configuration information.
  118. The apparatus according to claim 117, wherein the second determining means is configured to:
    processing the network configuration information by adopting a fourth encryption algorithm and the second information key to obtain the network configuration information encrypted by adopting the second information key;
    And determining the first information based on the key calculation parameter and the network configuration information encrypted by adopting the second information key.
  119. The apparatus of any one of claims 116 to 118, further comprising:
    a first information receiving module, configured to receive first encrypted information from the device to be networked, where the first encrypted information includes first reference information encrypted by using the first information key;
    the second information receiving module is used for receiving second encrypted information from the distribution network cloud platform, wherein the second encrypted information comprises second reference information encrypted by a second information key;
    and the configuration information sending module is used for sending network configuration information to the equipment to be accessed under the condition that the first encryption information is consistent with the second encryption information, wherein the network configuration information is used for configuring the equipment to be accessed to a second access point.
  120. The apparatus of any one of claims 116 to 118, further comprising:
    a third information receiving module, configured to receive the third reference information from the device to be networked;
    the fourth information receiving module is used for receiving fourth reference information from the distribution network cloud platform;
    And a configuration information sending module, configured to send network configuration information to the device to be networked under a condition that the third reference information is consistent with the fourth reference information, where the network configuration information is used to configure the device to be networked to access a second access point.
  121. The apparatus according to any one of claims 116 to 120, wherein the key calculation parameter comprises a random number.
  122. The apparatus according to any one of claims 116 to 121, wherein the length of the key calculation parameter is greater than or equal to one byte.
  123. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
    the transceiver is configured to broadcast a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
  124. A network distribution device, wherein the network distribution device comprises: a processor, and a transceiver coupled to the processor; wherein:
    the transceiver is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be networked, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be networked and the distribution network device.
  125. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
    the processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information decryption key, the information decryption key is used to decrypt network configuration information from a distribution network device, and the network configuration information is used to configure the device to be networked to access a second access point.
  126. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
    the processor is configured to scan a first graphic code of a device to be networked, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be networked, the key calculation parameter is used to determine an information encryption key, the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be networked to access a second access point.
  127. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
    The processor is used for scanning a third graphic code displayed by the distribution network equipment, and the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  128. A network distribution device, wherein the network distribution device comprises: a processor, and a transceiver coupled to the processor; wherein:
    the processor is used for displaying a third graphic code, and the third graphic code comprises network configuration information encrypted by an information encryption key and a key calculation parameter;
    the network configuration information is used for configuring the equipment to be accessed to the second access point, the key calculation parameter is used for determining an information decryption key, and the information decryption key is used for decrypting the network configuration information encrypted by the information encryption key.
  129. An apparatus to be networked, comprising: a processor, and a transceiver coupled to the processor; wherein:
    The transceiver is used for receiving first information from the distribution network equipment, wherein the first information comprises a key calculation parameter, and the key calculation parameter is used for determining a first information key.
  130. A network distribution device, the network distribution device comprising: a processor, and a transceiver coupled to the processor; wherein:
    the transceiver is configured to send first information to a device to be networked, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine a first information key.
  131. A computer-readable storage medium, in which a computer program is stored, the computer program being configured to be executed by a processor of a device to be networked to implement the information processing method according to any one of claims 1 to 8, or the information processing method according to any one of claims 20 to 26, or the information processing method according to any one of claims 35 to 40, or the information processing method according to any one of claims 46 to 54.
  132. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program for execution by a processor of a network distribution device to implement the information processing method of any one of claims 9 to 19, or to implement the information processing method of any one of claims 27 to 34, or to implement the information processing method of any one of claims 41 to 45, or to implement the information processing method of any one of claims 55 to 61.
CN202180042424.2A 2020-09-06 2021-03-05 Information processing method, device, equipment and storage medium Pending CN115769542A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN202010925363.1A CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium
CN2020109253631 2020-09-06
PCT/CN2021/079365 WO2022048125A1 (en) 2020-09-06 2021-03-05 Information processing method and apparatus, device and storage medium

Publications (1)

Publication Number Publication Date
CN115769542A true CN115769542A (en) 2023-03-07

Family

ID=80460645

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010925363.1A Pending CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium
CN202180042424.2A Pending CN115769542A (en) 2020-09-06 2021-03-05 Information processing method, device, equipment and storage medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202010925363.1A Pending CN114157413A (en) 2020-09-06 2020-09-06 Information processing method, device, equipment and storage medium

Country Status (2)

Country Link
CN (2) CN114157413A (en)
WO (1) WO2022048125A1 (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8254572B2 (en) * 2008-09-30 2012-08-28 Apple Inc. Secure provisioning of a portable device using a representation of a key
CN102395216A (en) * 2011-12-21 2012-03-28 上海云联计算机系统有限公司 Method for rapidly accessing to wireless local area network and mobile terminal thereof
CN102802155A (en) * 2012-08-17 2012-11-28 珠海金山办公软件有限公司 Method for rapidly establishing connection between mobile terminal and intelligent display equipment
CN105682088B (en) * 2014-11-18 2020-08-04 腾讯科技(武汉)有限公司 Wireless network sharing method and terminal
CN106851632B (en) * 2017-01-22 2019-11-08 海尔优家智能科技(北京)有限公司 A kind of method and device of smart machine access WLAN
CN106850209A (en) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 A kind of identity identifying method and device
CN108632056B (en) * 2017-03-17 2023-01-31 阿里云计算有限公司 Intelligent equipment network configuration method and system
CN111510919B (en) * 2019-01-31 2023-02-03 阿里巴巴集团控股有限公司 Network configuration method, device, equipment and system

Also Published As

Publication number Publication date
WO2022048125A1 (en) 2022-03-10
CN114157413A (en) 2022-03-08

Similar Documents

Publication Publication Date Title
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
CN108781366B (en) Authentication mechanism for 5G technology
US10638321B2 (en) Wireless network connection method and apparatus, and storage medium
US11075752B2 (en) Network authentication method, and related device and system
US10129031B2 (en) End-to-end service layer authentication
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
US20190199532A1 (en) Authentication method, authentication apparatus, and authentication system
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
US10652738B2 (en) Authentication module
CN110192381B (en) Key transmission method and device
EP3537652B1 (en) Method for securely controlling smart home appliance and terminal device
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
WO2022111187A1 (en) Terminal authentication method and apparatus, computer device, and storage medium
CN108353279B (en) Authentication method and authentication system
CN112449323B (en) Communication method, device and system
WO2015100675A1 (en) Network configuration method, and related device and system
CN113556227A (en) Network connection management method and device, computer readable medium and electronic equipment
JP2007506329A (en) Method for improving WLAN security
US11652625B2 (en) Touchless key provisioning operation for communication devices
WO2022041151A1 (en) Device verification method, device, and cloud
CN114390521A (en) Key updating method, device, equipment and storage medium
KR101172876B1 (en) System and method for performing mutual authentication between user terminal and server
WO2022048125A1 (en) Information processing method and apparatus, device and storage medium
WO2016176902A1 (en) Terminal authentication method, management terminal and application terminal
CN114390520A (en) Key updating method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination