CN116887250B - Network connection realization method and system of intelligent equipment - Google Patents

Network connection realization method and system of intelligent equipment Download PDF

Info

Publication number
CN116887250B
CN116887250B CN202311146026.2A CN202311146026A CN116887250B CN 116887250 B CN116887250 B CN 116887250B CN 202311146026 A CN202311146026 A CN 202311146026A CN 116887250 B CN116887250 B CN 116887250B
Authority
CN
China
Prior art keywords
equipment
ciphertext
certificate
wireless network
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311146026.2A
Other languages
Chinese (zh)
Other versions
CN116887250A (en
Inventor
许可
陆舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN202311146026.2A priority Critical patent/CN116887250B/en
Publication of CN116887250A publication Critical patent/CN116887250A/en
Application granted granted Critical
Publication of CN116887250B publication Critical patent/CN116887250B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a network connection realization method and system of intelligent equipment. The first equipment acquires wireless network information of each area from a background server, stores the wireless network information, starts hot spots and generates and broadcasts local area network broadcast data; after the second device is connected with the hot spot, connection is established with the first device after monitoring the broadcast data of the local area network, a communication key is generated and sent to the first device for storage, and the communication key is used for encrypting the device association information of the second device to obtain a second ciphertext and sent to the first device; the first device decrypts the second ciphertext by using the stored communication key to obtain device association information of the second device, determines corresponding wireless network information according to the device association information of the second device, encrypts the wireless network information by using the communication key to obtain a third ciphertext and sends the third ciphertext to the second device; and the second equipment decrypts the third ciphertext by using the communication key to obtain wireless network information, and performs network connection according to the wireless network information.

Description

Network connection realization method and system of intelligent equipment
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and a system for implementing network connection of an intelligent device.
Background
When the intelligent device (for example, a POS machine) is powered on and is in a screen-up state, man-machine interaction operation cannot be performed, the device cannot be automatically connected to a network, and in environments such as a mall or a factory, only an administrator knows wireless network information, the intelligent device cannot be automatically connected to the mall network or the factory network without knowing the wireless network information, networking of the intelligent device in the prior art can be performed only one by one, and efficiency is extremely low, so that a method capable of realizing batch and automatic networking of the intelligent device is needed.
Disclosure of Invention
The application aims to overcome the defects of the prior art and provides a network connection realization method and system of intelligent equipment.
In a first aspect, an embodiment of the present application provides a method for implementing network connection of an intelligent device, where the method includes:
step S0: the first equipment acquires wireless network information of each area from a background server, stores the wireless network information, starts a hot spot, generates local area network broadcast data and broadcasts the local area network broadcast data;
step S1: each second device is connected with a hotspot with a preset name, data monitoring is started after the connection is successful, a connection request is sent to the first device and connection is established with the first device after local area network broadcast data is monitored, the second device exchanges respective device certificates and issuer public keys with the first device and stores the device certificates and issuer public keys, and the second device is a plurality of second devices;
Step S2: the second device generates and stores a communication key according to a communication encryption mode, encrypts the communication key by using a first device public key in a stored first device certificate to obtain a first ciphertext, and sends the first ciphertext to the first device;
step S3: the first equipment decrypts the first ciphertext by using a first equipment private key stored in the first equipment to obtain the communication key, stores the communication key and returns a formal communication response to the second equipment;
step S4: the second device receives the formal communication response and then acquires device association information of the second device, encrypts the device association information of the second device by using the communication key to obtain a second ciphertext, and sends the second ciphertext to the first device, wherein the device association information comprises a device identifier and/or position information;
step S5: the first device decrypts the received second ciphertext by using the stored communication key to obtain device association information of the second device, judges the validity of the device association information of the second device, if so, determines a second device use area according to the device association information of the second device, obtains wireless network information of a corresponding area according to the second device use area, encrypts the wireless network information by using the communication key to obtain a third ciphertext, sends the third ciphertext to the second device, and executes step S6, if not, ends;
Step S6: and the second equipment decrypts the received third ciphertext by using the communication key to obtain wireless network information, and performs network connection according to the wireless network information.
In a second aspect, an embodiment of the present application provides a network connection implementation system of an intelligent device, including a first device and a second device;
the first equipment is used for acquiring and storing wireless network information of each area from a background server, starting a hot spot, generating local area network broadcast data and broadcasting;
the second device is used for connecting a hotspot with a preset name, starting to monitor data after the connection is successful, sending a connection request to the first device and establishing connection with the first device after monitoring local area network broadcast data, and exchanging respective device certificates and issuer public keys with the first device and storing the device certificates and issuer public keys;
the second device is further configured to generate and store a communication key according to a communication encryption manner, encrypt the communication key by using a first device public key in a stored first device certificate to obtain a first ciphertext, and send the first ciphertext to the first device;
the first device is further configured to decrypt the first ciphertext by using a first device private key stored in the first device, obtain the communication key, store the communication key, and return a formal communication response to the second device;
The second device is further configured to obtain device association information of the second device after receiving the formal communication response, encrypt the device association information of the second device using the communication key to obtain a second ciphertext, and send the second ciphertext to the first device, where the device association information includes a device identifier and/or location information;
the first device is further configured to decrypt the received second ciphertext using the stored communication key to obtain device association information of a second device, determine validity of the device association information of the second device, if the second device is valid, determine a second device usage area according to the device association information of the second device, obtain wireless network information of a corresponding area according to the second device usage area, encrypt the wireless network information using the communication key to obtain a third ciphertext, and send the third ciphertext to the second device;
and the second device is further configured to decrypt the received third ciphertext by using the communication key to obtain wireless network information, and perform network connection according to the wireless network information.
In a third aspect, an embodiment of the present application provides an electronic device including at least one processor, a memory, and instructions stored on the memory and executable by the at least one processor, where the at least one processor executes the instructions to implement a network connection implementation method of the foregoing smart device.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium, where the computer readable storage medium includes a computer program, where the computer program when executed on an electronic device causes the electronic device to execute the foregoing method for implementing network connection of an intelligent device.
In a fifth aspect, an embodiment of the present application provides a chip system, including a chip, where the chip is coupled to a memory, and is configured to execute a computer program stored in the memory, so as to execute the foregoing method for implementing network connection of an intelligent device.
The technical scheme provided by the embodiments of the application has the beneficial effects that at least:
according to the network connection implementation method of the intelligent equipment, provided by the application, the network can be automatically connected under the condition that the equipment does not know network information, a user does not need to manually input a network name and a password, and a plurality of equipment can be simultaneously connected, so that the network connection implementation method is suitable for environments such as a mall or a factory, can realize batch network distribution, is convenient to use, and can improve the network connection efficiency of the intelligent terminal equipment.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a network connection implementation method of an intelligent device according to a first embodiment of the present application;
fig. 2 is a flow chart of a network connection implementation method of an intelligent device according to a second embodiment of the present application;
fig. 3 is a flow chart of a network connection implementation method of an intelligent device according to a third embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the following detailed description of the embodiments of the present application will be given with reference to the accompanying drawings.
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of systems and methods that are consistent with aspects of the application as detailed in the accompanying claims.
In the description of the present application, it should be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art. Furthermore, in the description of the present application, unless otherwise indicated, "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The following describes in detail a network connection implementation method of an intelligent device according to an embodiment of the present application with reference to the accompanying drawings.
Example 1
The first embodiment of the application provides a method for implementing network connection of an intelligent device, as shown in fig. 1, the method includes:
step S0: the first equipment acquires wireless network information of each area from a background server, stores the wireless network information, starts a hot spot, generates local area network broadcast data and broadcasts the local area network broadcast data;
optionally, step S0 further includes: the first equipment acquires and stores wireless network information connected with the first equipment;
preferably, in this embodiment, the wireless network information of each area may be acquired from the server side of the terminal remote control system through an HTTPS request;
specifically, in this embodiment, the turning-on of the hot spot in step S0 generates and broadcasts the broadcast data of the local area network, which includes:
step A1: starting a hot spot by the first equipment and waiting for the connection of the second equipment;
step A2: when the first equipment detects that the second equipment is connected with the first equipment, judging whether the communication request service is started, if yes, executing a step A3, otherwise, starting the communication request service, and executing the step A3;
preferably, the communication request service is HTTPS request service;
Step A3: the first equipment generates local area network broadcast data and broadcasts the local area network broadcast data;
step S1: each second device is connected with a hotspot with a preset name, starts to monitor data after the connection is successful, sends a connection request to the first device and establishes connection with the first device after monitoring the broadcast data of the local area network, exchanges respective device certificates and issuer public keys with the first device, and stores the device certificates and issuer public keys;
optionally, in this embodiment, before step S1, the method further includes: judging whether each second device is in a screen-over state after being started, if so, starting a network distribution service, executing step S1, otherwise, prompting code scanning network distribution;
in the embodiment of the application, the first device and the second device are both intelligent devices (such as a POS machine), wherein the first device is a device capable of being connected with a mobile network, can comprise a WIFI module and is provided with a SIM card, and a plurality of second devices can be simultaneously connected with the first device.
Preferably, the second device sends an HTTPS connection request to the first device and establishes an HTTPS connection;
for example, the first device certificate is: gnX y/B792 VZHUHjQvA 3cAJgX2Lv8GnX8NIoShZtoCg3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVLOttXZtXNXvDZRijiEr LMMIGMIGfMA 0GCSqGSIb3 DQEBAUAA 4 GNADCBiQKBgQCCghPCWCog 8nTD24juwSVataW7 iVirxTkey/B792 ZZHUHjQvA 3cAJgX2Lv8GnX nioshzhtocg 3Cx6ecs +vepd2fBcg2L4JK7xldGpOJ3 oneayvslottxvydzricjierqalmtorcgi 79M5uVX9/jMv2Ggb XAeZhlLD28fhwidaq abajgx2Lv8GnX nioshhzhtocg 3cx6ecs +vepd2fBcg2L4JK7xldGpOJ3 oneayvslottxzntvydzricjierqalmtorcgi 79;
The issuer public key of the first device is: MIGfMA0GCSqGSIb3DQEBAQUAA4 GNADCBiQKBQCGHPCCWCobj G8nTD24juwSVataW7 iViRxcTkey/B7979VZehuHjQvA 3cAJgx2Lv8GnX NIoShZtoCg3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVsLOttXZNXyDZRijierLMTorcgi 79M5uVX9/jMv2Ggb2Xae ZhlLD28 fwIDAQAB;
the second device certificate is: bgQCGHPCWCob G8nTD24juwSVataW7iViRxcTkey/B792VZEhuHjQvA3cAJgX2Lv8GnX8 NIoShShZtoCg 3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVsLOtXtXvYDZRijiEr LMTocgi 79M5uVX9/jMv2Ggb2XAezhlLD28 HwIDAQJgX 2Lv8GnX NIoShShZtoCg 3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVLOttXZtNXvyDZRijiERQALMTorrcgi 79GnX y/B792VZEhuHjQvA3cAJgX2Lv8GnX8NIoShZtoCg3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVLOttXZNXvDZRijiErQALMMIGfMA 0 GCSqGSIbUAA 3 DQCBiQK;
the issuer public key of the second device is: gnX8 NIoShShZtoCg 3Cx6ecs +VEPD2fBcg2L4JK7xldGpOJ3 ONEAyVLOtXNXvyDZRijiErQALMTorrcgi 79M5 uVX/jMv 2Ggb2XAEZhlLD28 fwIDAQIMIGfMA 0GCSqGSIb3 DQEBAUAA 4 GNADCBiQKBgQCGQCGPCWCobaG 8nTD24juwSVataW7iViRxcTkey/B792VZEhuHjQvA3 cJgx 2Lv8;
further, the first device obtains the product type of the first device through the android system interface, encrypts the product type of the first device through a preset algorithm to obtain a product type ciphertext, and generates local area network broadcast data according to the product type ciphertext and broadcasts the local area network broadcast data.
Preferably, if the first device and the second device are the same type of product device, when the second device monitors the broadcast data of the local area network, the connection request is sent to the first device, which specifically includes:
step B1: the second equipment starts to monitor the local area network broadcast data sent by the first equipment, when the second equipment monitors the local area network broadcast data sent by the first equipment, the local area network broadcast data are analyzed, the product type of the second equipment is obtained through an android system interface, and the product type of the second equipment is encrypted by using a preset algorithm;
in this embodiment, there may be a plurality of second devices that monitor the lan broadcast data sent by the first device at the same time;
step B2: and the second equipment judges whether the analysis result is consistent with the encryption result, if so, the second equipment sends a connection request to the first equipment, and if not, the second equipment prompts that the equipment types are different and the network cannot be allocated.
Preferably, the second device sends an HTTPS connection request to the first device;
for example, the HTTPS connection request is: HTTPS:// device.feitian.com:8080/services/api/get-WIFI/F21D12207000042/;
specifically, in the step S1, each second device connects to a hotspot with a preset name, and starts to monitor data after connection is successful, and the method further includes:
Step C1: the second device searches the corresponding hot spot according to the preset hot spot name, if the corresponding hot spot is searched, the step C2 is executed, otherwise, the hot spot is continuously searched;
for example, the preset hotspot name is: feitian-hotspot;
step C2: and C1, connecting the searched hot spot by the second equipment, judging whether the connection is successful, if so, starting to monitor the broadcast data of the local area network by the second equipment, otherwise, returning to the step C1.
Optionally, in this embodiment, starting the hot spot includes:
the first equipment records and stores a service set identifier and a connection password of a connected wireless network;
the first device stores the hot spot and the hot spot name set by the user, and opens the hot spot when receiving triggering information of opening the hot spot by the user.
Specifically, in this embodiment, exchanging and saving the respective device certificate and issuer public key with the first device in step S1 includes:
step D1: after receiving a connection request sent by the second device, the first device generates SSL (secure protocol) bidirectional authentication notification according to the first device certificate and the issuer public key of the first device, and sends the SSL bidirectional authentication notification to the second device;
step D2: the second equipment analyzes the SSL mutual authentication notice to obtain a first equipment certificate and an issuer public key of the first equipment, the issuer public key of the first equipment is used for verifying the validity of the first equipment certificate, if the first equipment certificate is legal, the first equipment certificate is saved, a response message is generated according to the saved second equipment certificate and the issuer public key of the second equipment, the response message is returned to the first equipment, the step D3 is executed, and if the response message is illegal, the connection with the first equipment is disconnected;
Further, verifying the legitimacy of the first device certificate using the issuer public key of the first device comprises:
step D2-1: the second device judges whether the first device certificate is out of date, if yes, the first device certificate is verified to be illegal, the connection with the first device is disconnected, and if not, the step D2-2 is executed;
specifically, step D2-1 includes:
the second equipment acquires the current system time;
and D2, the second device judges whether the effective expiration time of the first device certificate is larger than the current system time, if so, the first device certificate is determined not to expire, the step D2-2 is executed, if not, the first device certificate is determined to expire, the verification is illegal, and the connection with the first device is disconnected.
For example, the current system time is: 2023.4.24;
the certificate validity time is: 2022.5.24-2023.5.24, effective cut-off time 2023.5.24;
step D2-2: the second device uses the public key of the issuer of the first device to check the signature in the first device certificate, if the check is successful, the step D2-3 is executed, if the check is failed, the first device certificate is verified to be illegal, and the connection with the first device is disconnected;
for example, the signature in the first device certificate is:
00:d0:80:ec:d2:63:bb:1b:6a:5a:8c:55:ec:11:0c:
27:f4:1a:66:54:a4:f0:f3:1c:2e:0b:cd:71:af:21:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
d2:34:d4:a1:22:58:a4:f0:f3:1c:2e:0b:cd:71:af:
a6:54:a4:f0:f3:1c:2e:2e:0b:cd:71:af:21:00:d0:
af:21:00:d0:2e:0b:cd:71:af:21:00:d0:80:33:80:
d2:34:d4:a1:22:58:f0:f3:1c:2e:0b:cd:71:af:21:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
43:b4:7a:a1:22:58:21:00:d0:80:33:2e:0b:cd:71:
21:00:d0:80:33:2e:0b:cd:71:2e:2e:0b:cd:91:d1:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
43:b4:7a:a1:22:58:21:00:d0:80:33:2e:0b:cd:71:
21:00:d0:80:33:2e:0b:cd:71:2e:2e:0b:cd:91:d1:
00:d0:80:ec:d2:63:bb:1b:6a:5a:8c:55:ec:11:0c:
27:f4:1a:66:54:a4:f0:f3:1c:2e:0b:cd:71:af:21:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
d2:34:d4:a1:22:58:a4:f0:f3:1c:2e:0b:cd:71:af:
00:d0:80:ec:d2:63:bb:1b:6a:5a:8c:55:ec:11:0c:
27:f4:1a:66:54:a4:f0:f3:1c:2e:0b:cd:71:af:21:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
d2:34:d4:a1:22:58:a4:f0:f3:1c:2e:0b:cd:71:af:
a6:54:a4:f0:f3:1c:2e:2e:0b:cd:71:af:21:00:d0:
af:21:00:d0:2e:0b:cd:71:af:21:00:d0:80:33:80:
d2:34:d4:a1:22:58:f0:f3:1c:2e:0b:cd:71:af:21:
54:a4:f0:f3:1c:2e:0b:cd:71:af:21:00:d0:80:33:
43:b4:7a:a1:22:58:21:00:d0:80:33:2e:0b:cd:71:
21:00:d0:80:33:2e:0b:cd:71:2e:2e:0b:cd:91:d1:
af:21:00:d0:2e:0b:cd:71:af:21:00:d0:80:33:80:
d2:34:d4:a1:22:58:f0:f3:1c:2e:0b:cd:71:af:21:
29:c5:d1:6e:68:95:ea:cd;
the label checking process is specifically as follows:
the second device extracts signature information from the first device certificate, and decrypts the signature information by using the issuer public key of the first device obtained through analysis to obtain a first hash value;
The second device extracts text information in the signature information from the first device certificate and carries out hash operation to obtain a second hash value;
d2-3, if the first hash value is the same as the second hash value, the signature verification is successful, and if the first hash value is not the same as the second hash value, the signature verification is failed, and the first equipment certificate is determined to be illegal, so that the connection with the first equipment is disconnected;
step D2-3: the second device judges whether the domain name in the first device certificate is matched with the domain name stored in the second device, if so, the first device certificate is verified to be legal, otherwise, the first device certificate is verified to be illegal, and the connection with the first device is disconnected;
for example, the domain name in the first device certificate is: * Feitian.com;
step D3: the first device analyzes the response message to obtain a second device certificate and an issuer public key of the second device, uses the issuer public key of the second device to verify the validity of the second device certificate, stores the second device certificate if the second device certificate is legal, returns a response of successful SSL bidirectional authentication to the second device, and executes step S2, if the second device certificate is illegal, the connection with the second device is disconnected.
Further, verifying the legitimacy of the second device certificate using the issuer public key of the second device comprises:
Step D3-1: the first equipment judges whether the second equipment certificate is out of date, if yes, the second equipment certificate is verified to be illegal, the connection with the second equipment is disconnected, and if not, the step D3-2 is executed;
step D3-2: the first equipment uses the public key of the issuer of the second equipment to check the signature in the second equipment certificate, if the check is successful, the step D3-3 is executed, if the check is failed, the second equipment certificate is verified to be illegal, and the connection with the second equipment is disconnected;
step D3-3: the first equipment judges whether the domain name in the second equipment certificate is matched with the domain name stored in the first equipment certificate, if so, the second equipment certificate is verified to be legal, otherwise, the second equipment certificate is verified to be illegal, and the connection with the second equipment is disconnected;
for example, the domain name in the second device certificate is: * Feitian.
Step S2: the second device generates and stores a communication key according to the communication encryption mode, encrypts the communication key by using a first device public key in the stored first device certificate to obtain a first ciphertext, and sends the first ciphertext to the first device;
optionally, in this embodiment, the communication encryption mode is preset in the second device, and one or more communication encryption modes, if multiple communication encryption modes exist, the step S2 further includes: the second device selects one communication encryption mode (for example, selects the communication encryption mode with the highest use frequency) according to a preset mode or a default mode, or the second device sends a communication encryption list formed by a plurality of communication encryption modes to the first device, and the first device selects one communication encryption mode from the communication encryption list;
Specifically, the second device in step S2 generates and stores a communication key according to the communication encryption mode, including:
step E1: the second device sends a communication encryption list supported by the second device to the first device;
step E2: when the first equipment receives the communication encryption list, acquiring a communication encryption mode from the communication encryption list according to a preset rule;
step E3: the first device encrypts the communication encryption mode by using a second device public key in the second device certificate to obtain a first encryption result, and sends the first encryption result to the second device;
step E4: and when the second equipment receives the first encryption result, the second equipment private key is used for decrypting the first encryption result to obtain a communication encryption mode, and a communication key is generated and stored according to the communication encryption mode.
For example, the preset communication encryption mode is RSA encryption.
Specifically, the second device generates a random number according to a preset communication encryption mode, and takes the random number as a communication key and stores the communication key.
For example, the random number generated by the second device according to the RSA encryption method is: a9EmsSOHT8Wwvx74ZEK5bGncSZUKRMqx8xdJFTNL0d2m9wcj J89W1+EBD2SDhLIH6FIqN3N56PrK35JRJb;
the first ciphertext is: emsSOHT8Wwvx74ZEK5 bGncSZUKRqx 8xdJFTNL0d2M9wcj7J89W1+ EBD2SDhLIH6FIqN3N56PrK35JRJbtrG5Wl05 WGGRLTUGpF/M9Z 2JQpzdg656XW688qZvz7v5R039wq9rK4x1M/R +0IDfTuUWd03W9DMEq9q6mCvb3 kifYVvpgyUyFP 0IP/3eclxRT3imHjv1inegSmTijZ + ddo2 ANQDQA2 zV/SLeCxsFJ3ezh kPRoHCppXBMb 1 ZEDHHZ 9 hopxLXwXGQgWCKQgQgQgQgKQQQgKQQQKhKK 0 TKQQQQKTh0 Th0 TKQQQQLKTh0 h0 hQQLKLKLKLvTh9 hQLvTh3 hLvTh0 hQLvTh0 hQhQhLhLhLhLhLhLhLhLhLh0 hLhLhLh0+hThThThThTh0;
Step S3: the first equipment decrypts the first ciphertext by using the internally stored first equipment private key, obtains and stores a communication key, and returns a formal communication response to the second equipment;
step S4: the second equipment receives the formal communication response, acquires equipment association information of the second equipment, encrypts the equipment association information of the second equipment by using a communication key to obtain a second ciphertext, and sends the second ciphertext to the first equipment;
optionally, the device association information includes a device identification and/or location information;
for example, the device identification of the second device is: f21D12207000042;
the second ciphertext is: p7fQWTTWjI9tiaKoiMqt4XaaT0KHM8QP6 iGCzkeTJMRqq 1h229ufyiSIKzljdjU6Nvx lgRciDX5653psn856 Ot4S1+R6N+wiQG 11UkF/yt/qVObOy1J3P94 STtJCNEEtJD/hcAl 5SiDL+KZK8SiYU3mJidBs0rxtiqajc5 U=;
step S5: the first device decrypts the received second ciphertext by using the stored communication key to obtain device association information of the second device, judges the validity of the device association information of the second device, if so, determines a second device use area according to the device association information of the second device, obtains wireless network information of a corresponding area according to the second device use area, encrypts the wireless network information by using the communication key to obtain a third ciphertext, sends the third ciphertext to the second device, and executes step S6, if not, ends;
Specifically, in this embodiment, determining the validity of the device association information of the second device includes: and comparing the decrypted equipment association information of the second equipment with the pre-stored equipment association information, and if the equipment association information is matched, the second equipment is valid, and if the equipment association information is not matched, the second equipment is invalid.
Further, comparing the decrypted device association information of the second device with the pre-stored device association information, specifically: comparing the decrypted equipment association information of the second equipment with the prestored equipment association information one by one, judging matching if the comparison is consistent, and judging unmatched if the comparison is inconsistent;
the wireless network information comprises a service set identifier and a connection password;
for example, the service set identification is: walmart-C1-5G;
the connection password is as follows: h3c4GT6;
the third ciphertext is: bpeKomq2kwgl1742Xs0eH7GL+clbXny19 j+MuYBR/SzoYPE 1nXFCfGKVM05 fjg 1789pBgSHVa3EIEYQdA2Wsgp8z0h0jytZFq9arixM0v0rhbA4c9l YvZP/8BUtdrBw3 WlRFOxxKkJserkZA 7EiXANR21/1VwJqHOj5rfMw =
Step S6: the second equipment decrypts the received third ciphertext by using the communication key to obtain wireless network information, and performs network connection according to the wireless network information;
Optionally, in this embodiment, there may be more than one wireless network information, the network information list formed by the plurality of wireless network information is obtained by decryption in step S6, and the second device selects the optimal wireless network information from the network information list according to a preset rule; the selection of the optimal wireless network information is specifically as follows: the wireless network information closest to the network information list is selected according to the distance between the second device and each wireless network information, or the wireless network information with the strongest signal is selected from the network information list according to the signal strength.
In an alternative embodiment, after step S6, the method further includes:
if the network connection fails, the second device judges whether the connection password is wrong, if not, the second device continues to search the corresponding hot spot according to the preset hot spot name, and if so, the second device reports the error.
Among other things, cases of non-connection password errors include, but are not limited to, WIFI shut down, device access quantity full, etc.
Alternatively, there may be other implementation manners of the method of this embodiment, for example, a place has different network settings in different areas, and step S0 in this embodiment includes:
step M1: the method comprises the steps that first equipment obtains coordinate information of each area and wireless network coordinate positions of each area from a terminal remote control system server;
Preferably, the first device acquires the coordinate information of each region and the wireless network coordinate position of each region from the terminal remote control system server through an HTTPS request;
step M2: starting a hot spot by the first equipment and waiting for the connection of the second equipment;
step M3: when the first equipment detects that the second equipment is connected with the first equipment, judging whether the communication request service is started, if yes, executing a step M4, otherwise, starting the communication request service, and executing the step M4;
step M4: and the first equipment generates local area network broadcast data according to the coordinate information of each area, the coordinate position of each area wireless network and the service set identification of each area wireless network and broadcasts the local area network broadcast data.
Correspondingly, after monitoring the broadcast data of the local area network, before sending the connection request to the first device, the method further comprises the following steps:
step N0: the second equipment analyzes the local area network broadcast data to obtain coordinate information of each area, the coordinate position of each area wireless network and service set identification of each area wireless network, and stores the coordinate information, the coordinate position and the service set identification as a network list;
step N1: the second device judges whether the stored network list has only one wireless network (WIFI), if yes, the step N2 is executed, otherwise, the step N3 is executed;
step N2: the second device acquires a service set identifier of the WIFI and sends a connection request to the first device;
Step N3: the second device acquires two WIFI with the strongest signals from the network list, and the distances between the second device and the two WIFI are obtained through rsti calculation;
step N4: the second device calculates the position coordinates of the second device according to the calculated distance between the second device and the two WIFI and the coordinates of the two WIFI;
step N5: the second equipment determines the area where the second equipment is located according to the position coordinates where the second equipment is located, the coordinate information of each area and the wireless network coordinate positions of each area, obtains the service set identification of the wireless network of the area where the second equipment is located, and sends a connection request to the first equipment.
Correspondingly, step S4 is replaced by: the second equipment receives the formal communication response, acquires the equipment identifier of the second equipment, encrypts the equipment identifier of the second equipment and the acquired service set identifier of the wireless network by using the communication key to obtain a second ciphertext, and sends the second ciphertext to the first equipment;
the service set identifier of the wireless network acquired in the step is acquired in the step N2 or the step N5;
step S5 is replaced with: the first device decrypts the received second ciphertext by using the stored communication key to obtain a device identifier and a service set identifier of the second device, judges the validity of the device identifier of the second device, obtains corresponding wireless network information according to the service set identifier if the device identifier is valid, encrypts the wireless network information by using the communication key to obtain a third ciphertext, and sends the third ciphertext to the second device, and if the third ciphertext is invalid, the first device ends.
The intelligent equipment network connection method provided by the application can automatically connect the network without knowing network information, does not need to manually input names and passwords, can realize simultaneous networking of a plurality of equipment, is suitable for environments such as a mall or a factory, can realize batch network distribution, is convenient to use, and can improve the networking efficiency of intelligent terminal equipment.
Example two
In the network connection implementation method of the intelligent device provided by the second embodiment of the present application, as shown in fig. 2, the method includes a processing procedure of a first device (step 101-step 114) and a processing procedure of a second device (step 201-step 213); the first device comprises a WIFI module and is provided with a SIM card;
step 101: the first equipment acquires wireless network information of all areas from a terminal remote control system server through an HTTPS request;
optionally, in this embodiment, step 101 further includes: the method comprises the steps that a first device obtains wireless network information connected with the first device;
in this embodiment, the wireless network information includes a service set identifier and a connection password;
step 102: starting a hot spot by the first equipment and waiting for the connection of the second equipment;
step 103: when the first device detects that the second device is connected with the first device, judging whether the HTTPS request service is started, if yes, executing step 104, otherwise, starting the HTTPS request service, and executing step 104;
Step 104: the first equipment acquires a product type which the first equipment belongs to through an android system interface, and encrypts the product type which the first equipment belongs to by using a preset algorithm to obtain a product type ciphertext;
optionally, the preset algorithm in this embodiment may be SHA-1 algorithm or md5 algorithm; the product type to which the first device belongs may specifically be a product model;
step 105: the first equipment generates local area network broadcast data according to the product type ciphertext and broadcasts the local area network broadcast data;
step 106: when the first equipment receives an HTTPS connection request of the second equipment, generating an SSL mutual authentication notice according to the first equipment certificate and an issuer public key of the first equipment, and sending the SSL mutual authentication notice to the second equipment;
step 107: when the first device receives the response message, analyzing the response message to obtain a second device certificate and an issuer public key of the second device, and using the issuer public key of the second device to verify the validity of the second device certificate, if the second device certificate is legal, executing step 108, and if the second device certificate is illegal, disconnecting the HTTPS connection with the second device;
step 108: the first equipment stores a second equipment certificate and returns a response of successful SSL mutual authentication to the second equipment;
Step 109: when the first equipment receives the communication encryption list, acquiring a communication encryption mode from the communication encryption list according to a preset rule;
step 110: the first device encrypts the communication encryption mode by using a second device public key in the second device certificate to obtain a first encryption result, and sends the first encryption result to the second device;
step 111: when the first equipment receives the first ciphertext, decrypting the first ciphertext by using a first equipment private key to obtain a communication key, storing the communication key, and returning a formal communication response to the second equipment;
step 112: when the first equipment receives the second ciphertext, decrypting the second ciphertext by using the communication key to obtain the equipment identifier of the second equipment;
step 113: the first device judges the validity of the device identifier of the second device, if yes, step 114 is executed, if not, an error is reported, and the process is ended;
specifically, in this embodiment, step 113 includes: the first device judges whether the device identifier of the second device is matched with the pre-stored device identifier, if yes, the second device serial number is valid, step 114 is executed, otherwise, the second device serial number is invalid, and the process is finished;
step 114: the first device determines a second device using area according to the second device identifier, acquires wireless network information of the area according to the second device using area, encrypts the acquired wireless network information by using a communication key to obtain a third ciphertext, and sends the third ciphertext to the second device in an SSL mode.
Step 201: judging whether the second equipment is in a screen-over state after being started, if yes, starting a network distribution service, executing step 202, otherwise prompting code scanning network distribution;
step 202: the second device searches the corresponding hot spot according to the preset hot spot name, if the corresponding hot spot is searched, the step 203 is executed, otherwise, the step 202 is returned;
step 203: the second device connects the searched hot spot, judges whether the connection is successful, if yes, executes step 204, otherwise returns to step 202;
step 204: the second equipment starts to monitor local area network broadcast sent by the first equipment, analyzes the local area network broadcast data when monitoring the local area network broadcast data sent by the first equipment, obtains the product type of the second equipment through an android system interface, and encrypts the product type of the second equipment by using a preset algorithm;
optionally, in this embodiment, there may be multiple second devices listening to the lan broadcast;
step 205: the second device judges whether the analysis result is consistent with the encryption result, if yes, the step 206 is executed, otherwise, the device type is prompted to be different, and the network cannot be allocated;
step 206: the second device sends an HTTPS connection request to the first device;
step 207: the second device analyzes the received SSL mutual authentication notice to obtain a first device certificate and an issuer public key of the first device, the issuer public key of the first device is used for verifying the validity of the first device certificate, if the first device certificate is legal, step 208 is executed, and if the first device certificate is illegal, the HTTPS connection with the first device is disconnected;
Step 208: the second device stores the first device certificate, generates a response message according to the second device certificate and the issuer public key of the second device, and returns the response message to the first device;
step 209: when the second equipment receives a response of successful SSL mutual authentication, the communication encryption list supported by the second equipment is sent to the first equipment;
step 210: when the second device receives the first encryption result, the second device uses the second device private key to decrypt the first encryption result to obtain a communication encryption mode, a communication key is generated according to the communication encryption mode, the communication key is encrypted by using the first device public key in the stored first device certificate to obtain a first ciphertext, and the first ciphertext is sent to the first device;
step 211: when the second equipment receives the formal communication response, encrypting the equipment identification of the second equipment by using the communication key to obtain a second ciphertext, and sending the second ciphertext to the first equipment;
step 212: when the second equipment receives the third ciphertext, the communication key is used for decrypting the third ciphertext to obtain wireless network information;
optionally, in this embodiment, if there are multiple wireless network information, the step 212 decrypts to obtain a wireless network list composed of the multiple wireless network information, and the second device selects the optimal wireless network information from the decrypted wireless network list according to a preset rule;
Step 213: the second equipment is connected with the corresponding network according to the wireless network information, judges whether the connection is successful, if so, closes the network distribution service, and ends, otherwise, reports errors;
optionally, in this embodiment, when the step 213 is determined as no, the method may further include: the second device judges whether the connection password is wrong, if yes, the error is reported, otherwise, the step 202 is returned, and networking is conducted again.
According to the method, when the equipment is in the screen-up state and the equipment does not know network information, the network can be automatically connected, a user does not need to manually input network names and passwords, networking of a plurality of pieces of equipment can be achieved at the same time, the method is suitable for environments such as a mall or a factory, batch network distribution can be achieved, the method is convenient to use, and networking efficiency of intelligent terminal equipment can be improved.
Example III
The third embodiment of the present invention provides a method for implementing network connection of an intelligent device, which is suitable for configuring different networks in different areas, as shown in fig. 3, and includes a processing procedure of a first device (step 301-step 313) and a processing procedure of a second device (step 401-step 417); the first device comprises a WIFI module and is provided with a SIM card;
step 301: the method comprises the steps that first equipment acquires coordinate information of each area and wireless network coordinate positions of each area from a terminal remote control system server through an HTTPS request;
Step 302: starting a hot spot by the first equipment and waiting for the connection of the second equipment;
step 303: when the first device detects that the second device is connected with the first device, judging whether the HTTPS request service is started, if yes, executing a step 304, otherwise, starting the HTTPS request service, and executing the step 304;
step 304: the first equipment generates local area network broadcast data according to the coordinate information of each area, the coordinate position of each area wireless network and the service set identification of each area wireless network and broadcasts the local area network broadcast data;
step 305: when the first equipment receives an HTTPS connection request of the second equipment, generating an SSL mutual authentication notice according to the first equipment certificate and an issuer public key of the first equipment, and sending the SSL mutual authentication notice to the second equipment;
step 306: when the first device receives the response message, analyzing the response message to obtain a second device certificate and an issuer public key of the second device, and using the issuer public key of the second device to verify the validity of the second device certificate, if the second device certificate is legal, executing step 307, and if the second device certificate is illegal, disconnecting the HTTPS connection with the second device;
step 307: the first equipment stores a second equipment certificate and returns a response of successful SSL mutual authentication to the second equipment;
Step 308: when the first equipment receives the communication encryption list, acquiring a communication encryption mode from the communication encryption list according to a preset rule;
step 309: the first device encrypts the communication encryption mode by using a second device public key in the second device certificate to obtain a first encryption result, and sends the first encryption result to the second device;
step 310: when the first equipment receives the first ciphertext, decrypting the first ciphertext by using a first equipment private key to obtain a communication key, storing the communication key, and returning a formal communication response to the second equipment;
step 311: when the first equipment receives the second ciphertext, decrypting the second ciphertext by using the communication key to obtain the equipment identifier and the service set identifier of the second equipment;
step 312: the first device judges the validity of the device identifier of the second device, if yes, step 313 is executed, if not, an error is reported, and the process is ended;
specifically, in this embodiment, step 312 includes: the first device judges whether the device identifier of the second device is matched with the pre-stored device identifier, if yes, the second device serial number is valid, step 313 is executed, otherwise, the device identifier of the second device is invalid, and the process is ended;
step 313: the first equipment acquires corresponding wireless network information according to the service set identifier, encrypts the acquired wireless network information by using a communication key to obtain a third ciphertext, and sends the third ciphertext to the second equipment in an SSL mode;
In this embodiment, the wireless network information includes a service set identifier and a password;
step 401: judging whether the second equipment is in a screen-over state after being started, if yes, starting a network distribution service, executing step 402, otherwise prompting code scanning network distribution;
step 402: the second device searches the corresponding hot spot according to the preset hot spot name, if the corresponding hot spot is searched, the step 403 is executed, otherwise, the step 402 is returned;
step 403: the second device connects the searched hot spot, judges whether the connection is successful, if yes, executes step 404, otherwise returns to step 402;
step 404: the second equipment starts to monitor local area network broadcast sent by the first equipment, and when monitoring local area network broadcast data sent by the first equipment, analyzes the local area network broadcast data to obtain coordinate information of each area, wireless network coordinate positions of each area and service set identifiers of wireless networks of each area, and stores the coordinate information, the wireless network coordinate positions and the service set identifiers of the wireless networks of each area as a network list;
optionally, in this embodiment, there may be multiple second devices listening to the lan broadcast;
step 405: the second device determines whether there is only one WIFI in the wireless network list, if yes, then step 406 is executed, otherwise step 407 is executed;
step 406: the second device obtains the service set identifier of the WIFI, and executes step 410;
Step 407: the second device acquires two WIFI with the strongest signal from the wireless network list, and calculates the distance between the second device and the two WIFI through rsi (received signal strength indication);
step 408: the second device calculates the position coordinates of the second device according to the calculated distance between the second device and the two WIFI and the coordinate positions of the two WIFI;
step 409: the second device determines the area where the second device is located according to the position coordinates where the second device is located, the coordinate information of each area and the wireless network coordinate positions of each area, obtains the service set identifier of the WIFI of the area where the second device is located, and executes step 410;
step 410: the second device sends an HTTPS connection request to the first device;
step 411: the second device analyzes the received SSL mutual authentication notice to obtain a first device certificate and an issuer public key of the first device, the issuer public key of the first device is used for verifying the validity of the first device certificate, if the first device certificate is legal, step 412 is executed, and if the first device certificate is illegal, the HTTPS connection with the first device is disconnected;
step 412: the second device stores the first device certificate, generates a response message according to the second device certificate and the issuer public key of the second device, and returns the response message to the first device;
Step 413: when the second equipment receives a response of successful SSL mutual authentication, the communication encryption list supported by the second equipment is sent to the first equipment;
step 414: when the second device receives the first encryption result, decrypting the first encryption result by using a second device private key to obtain a communication encryption mode, generating a communication key according to the communication encryption mode, encrypting the communication key by using a first device public key in the first device certificate to obtain a first ciphertext, and transmitting the first ciphertext to the first device;
step 415: when the second equipment receives the formal communication response, encrypting the equipment identification of the second equipment and the acquired service set identification of the WIFI by using the communication key to obtain a second ciphertext, and transmitting the second ciphertext to the first equipment;
in this embodiment, the service set identifier of WIFI involved in step 415 is obtained in step 406 or step 409;
step 416: when the second equipment receives the third ciphertext, the communication key is used for decrypting the third ciphertext to obtain wireless network information;
step 417: the second equipment is connected with the corresponding network according to the wireless network information, judges whether the connection is successful, if so, closes the network distribution service, and ends, otherwise, reports errors;
Optionally, in this embodiment, when the step 417 determines no, the method may further include: the second device determines whether the password is wrong, if so, the error is reported, otherwise, the process returns to step 402, and networking operation is performed again.
According to the method and the device, the wireless network of the area is connected with the second devices by determining the area where each second device is located, the network name and the password are not required to be manually input by a user, networking of a plurality of devices can be achieved at the same time, the method and the device are suitable for environments such as a mall or a factory, batch network distribution can be achieved, the use is convenient, and networking efficiency of intelligent terminal devices can be improved.
The embodiment of the invention also provides a network connection realization system of the intelligent equipment, which comprises a first equipment and a second equipment;
the first equipment is used for acquiring and storing wireless network information of each area from the background server, starting a hot spot, generating local area network broadcast data and broadcasting;
the second device is used for connecting a hotspot with a preset name, starting to monitor data after the connection is successful, sending a connection request to the first device and establishing connection with the first device after monitoring the broadcast data of the local area network, and exchanging respective device certificates and issuer public keys with the first device and storing the device certificates and issuer public keys;
The second device is further configured to generate and store a communication key according to the communication encryption mode, encrypt the communication key by using a first device public key in the stored first device certificate to obtain a first ciphertext, and send the first ciphertext to the first device;
the first device is also used for decrypting the first ciphertext by using the first device private key stored internally, obtaining and storing a communication key, and returning a formal communication response to the second device;
the second device is further configured to obtain device association information of the second device after receiving the formal communication response, encrypt the device association information of the second device using the communication key to obtain a second ciphertext, and send the second ciphertext to the first device, where the device association information includes a device identifier and/or location information;
the first device is further configured to decrypt the received second ciphertext using the stored communication key to obtain device association information of the second device, determine validity of the device association information of the second device, if the device association information of the second device is valid, determine a second device usage area according to the device association information of the second device, obtain wireless network information of a corresponding area according to the second device usage area, encrypt the wireless network information using the communication key to obtain a third ciphertext, and send the third ciphertext to the second device;
The second device is further configured to decrypt the received third ciphertext using the communication key to obtain wireless network information, and perform network connection according to the wireless network information;
for details of the implementation of the first device and the second device in the system, reference may be made to the above-described embodiment of the network connection implementation method of the intelligent device, which is not described herein.
Optionally, an embodiment of the present application further provides an electronic device, where the electronic device includes at least one processor, a memory, and instructions stored on the memory and executable by the at least one processor, and the at least one processor executes the instructions to implement a network connection implementation method of the smart device in the foregoing embodiment. When the electronic device is a chip system, the electronic device may be formed by a chip, or may include a chip and other discrete devices, which is not particularly limited in the embodiment of the present application; the chip is coupled to the memory for executing the computer program stored in the memory to perform the network connection implementation method of the smart device disclosed in the above embodiment.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs. The processes or functions described in accordance with the embodiments of the present application are all or partially generated when the computer program is loaded and executed on an electronic device. The computer program may be stored in or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one base station, electronic device, server, or data center via a wired (e.g., coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means to another base station, electronic device, server, or data center. The computer readable storage medium may be any available medium that can be accessed by an electronic device or a data storage device including one or more servers, data centers, etc. that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (18)

1. The network connection implementation method of the intelligent equipment is characterized by comprising the following steps of:
step S0: the first equipment acquires wireless network information of each area from a background server, stores the wireless network information, starts a hot spot, generates local area network broadcast data and broadcasts the local area network broadcast data;
step S1: each second device is connected with a hotspot with a preset name, data monitoring is started after the connection is successful, a connection request is sent to the first device and connection is established with the first device after local area network broadcast data is monitored, the second device exchanges respective device certificates and issuer public keys with the first device and stores the device certificates and issuer public keys, and the second device is a plurality of second devices;
step S2: the second device generates and stores a communication key according to a communication encryption mode, encrypts the communication key by using a first device public key in a stored first device certificate to obtain a first ciphertext, and sends the first ciphertext to the first device;
step S3: the first equipment decrypts the first ciphertext by using a first equipment private key stored in the first equipment to obtain the communication key, stores the communication key and returns a formal communication response to the second equipment;
step S4: the second device receives the formal communication response and then acquires device association information of the second device, encrypts the device association information of the second device by using the communication key to obtain a second ciphertext, and sends the second ciphertext to the first device, wherein the device association information comprises a device identifier and/or position information;
Step S5: the first device decrypts the received second ciphertext by using the stored communication key to obtain device association information of the second device, judges the validity of the device association information of the second device, if so, determines a second device use area according to the device association information of the second device, obtains wireless network information of a corresponding area according to the second device use area, encrypts the wireless network information by using the communication key to obtain a third ciphertext, sends the third ciphertext to the second device, and executes step S6, if not, ends;
step S6: and the second equipment decrypts the received third ciphertext by using the communication key to obtain wireless network information, and performs network connection according to the wireless network information.
2. The method according to claim 1, wherein the step S1 is preceded by the further steps of: and after each second device is started, judging whether the second device is in a screen-over state, if so, starting the network distribution service, executing the step S1, and otherwise, prompting the code scanning network distribution.
3. The method of claim 1, wherein the step S0 further comprises: and the first equipment acquires and stores the wireless network information connected with the first equipment.
4. The method of claim 1, wherein turning on the hotspot, generating and broadcasting local area network broadcast data, comprises:
step A1: the first device starts a hot spot and waits for the connection of the second device;
step A2: when the first equipment detects that the second equipment is connected with the first equipment, judging whether the communication request service is started, if yes, executing a step A3, otherwise, starting the communication request service, and executing the step A3;
step A3: the first device generates local area network broadcast data and broadcasts the local area network broadcast data.
5. The method of claim 1, wherein generating and broadcasting local area network broadcast data comprises: the first equipment acquires a product type to which the first equipment belongs through an android system interface, encrypts the product type to which the first equipment belongs by using a preset algorithm to obtain a product type ciphertext, and generates local area network broadcast data according to the product type ciphertext and broadcasts the local area network broadcast data;
when the second device monitors the broadcast data of the local area network, sending a connection request to the first device, wherein the connection request comprises the following steps:
step B1: when the second equipment monitors the local area network broadcast data sent by the first equipment, analyzing the local area network broadcast data, acquiring the product type of the second equipment through an android system interface, and encrypting the product type of the second equipment by using a preset algorithm;
Step B2: and the second equipment judges whether the analysis result is consistent with the encryption result, if so, a connection request is sent to the first equipment, and otherwise, the equipment type is prompted to be different and network distribution is impossible.
6. The method of claim 1, wherein each second device connects to a hotspot with a preset name, and starts to monitor data after connection is successful, including:
step C1: the second device searches the corresponding hot spot according to the preset hot spot name, if the corresponding hot spot is searched, the step C2 is executed, otherwise, the step C1 is returned;
step C2: and C1, connecting the searched hot spot by the second equipment, judging whether the connection is successful, if so, starting to monitor the broadcast data of the local area network by the second equipment, otherwise, returning to the step C1.
7. The method of claim 1, wherein the turning on the hotspot comprises:
the first equipment records a service set identifier and a connection password of a connected wireless network;
and the first equipment stores the hot spot and the hot spot name set by the user, and opens the hot spot when receiving the triggering information of opening the hot spot by the user.
8. The method of claim 1, wherein the exchanging and maintaining respective device certificates and issuer public keys with the first device comprises:
Step D1: after receiving a connection request sent by the second device, the first device generates SSL bidirectional authentication notification according to a first device certificate and an issuer public key of the first device and sends the SSL bidirectional authentication notification to the second device;
step D2: the second device analyzes the SSL mutual authentication notification to obtain a first device certificate and an issuer public key of the first device, the issuer public key of the first device is used for verifying the validity of the first device certificate, if the first device certificate is legal, the first device certificate is saved, a response message is generated according to the saved second device certificate and the issuer public key of the second device, the response message is returned to the first device, and the step D3 is executed, if the second device certificate is illegal, the connection with the first device is disconnected;
step D3: the first device analyzes the response message to obtain a second device certificate and an issuer public key of the second device, verifies the validity of the second device certificate by using the issuer public key of the second device, stores the second device certificate if the second device certificate is legal, returns a response of successful SSL bidirectional authentication to the second device, executes step S2, and disconnects the connection with the second device if the second device certificate is illegal.
9. The method of claim 8, wherein the verifying the legitimacy of the first device certificate using an issuer public key of the first device comprises:
step D2-1: the second device judges whether the first device certificate is out of date, if yes, the first device certificate is verified to be illegal, the connection with the first device is disconnected, and if not, the step D2-2 is executed;
step D2-2: the second device uses the public key of the issuer of the first device to check the signature in the first device certificate, if the check is successful, the step D2-3 is executed, if the check is failed, the first device certificate is verified to be illegal, and the connection with the first device is disconnected;
step D2-3: and the second equipment judges whether the domain name in the first equipment certificate is matched with the domain name stored in the second equipment certificate, if so, the first equipment certificate is verified to be legal, otherwise, the first equipment certificate is verified to be illegal, and the connection with the first equipment is disconnected.
10. The method of claim 8, wherein the verifying the legitimacy of the second device certificate using an issuer public key of the second device comprises:
step D3-1: the first device judges whether the second device certificate is out of date, if yes, the second device certificate is verified to be illegal, the connection with the second device is disconnected, and if not, the step D3-2 is executed;
Step D3-2: the first device uses the public key of the issuer of the second device to check the signature in the second device certificate, if the check is successful, the step D3-3 is executed, if the check is failed, the second device certificate is verified to be illegal, and the connection with the second device is disconnected;
step D3-3: and the first equipment judges whether the domain name in the second equipment certificate is matched with the domain name stored in the first equipment certificate, if so, the second equipment certificate is verified to be legal, otherwise, the second equipment certificate is verified to be illegal, and the connection with the second equipment is disconnected.
11. The method of claim 1, wherein the second device generates and stores a communication key according to a communication encryption manner, comprising:
step E1: the second device sends a communication encryption list supported by the second device to the first device;
step E2: when the first equipment receives the communication encryption list, acquiring a communication encryption mode from the communication encryption list according to a preset rule;
step E3: the first device encrypts the communication encryption mode by using a second device public key in the second device certificate to obtain a first encryption result, and sends the first encryption result to the second device;
Step E4: and when the second equipment receives the first encryption result, the second equipment uses a second equipment private key to decrypt the first encryption result to obtain a communication encryption mode, and a communication key is generated and stored according to the communication encryption mode.
12. The method according to claim 1, wherein the step S0 includes:
step M1: the method comprises the steps that first equipment obtains coordinate information of each area and wireless network coordinate positions of each area from a terminal remote control system server;
step M2: the first device starts a hot spot and waits for the connection of the second device;
step M3: when the first equipment detects that the second equipment is connected with the first equipment, judging whether the communication request service is started, if yes, executing a step M4, otherwise, starting the communication request service, and executing the step M4;
step M4: and the first equipment generates local area network broadcast data according to the coordinate information of each area, the coordinate position of each area wireless network and the service set identifier of each area wireless network and broadcasts the local area network broadcast data.
13. The method of claim 12, wherein prior to sending a connection request to the first device upon listening to local area network broadcast data, further comprising:
Step N0: the second equipment analyzes the local area network broadcast data to obtain coordinate information of each area, the coordinate position of each area wireless network and service set identification of each area wireless network, and stores the coordinate information, the coordinate position and the service set identification as a network list;
step N1: the second device judges whether the network list has only one wireless network, if yes, executing a step N2, otherwise, executing a step N3;
step N2: the second equipment acquires a service set identifier of the wireless network and sends a connection request to the first equipment;
step N3: the second equipment acquires two wireless networks with strongest signals from the network list, and calculates the distance between the second equipment and the two wireless networks through rsi respectively;
step N4: the second equipment calculates the position coordinates of the second equipment according to the calculated distance between the second equipment and the two wireless networks and the coordinates of the two wireless networks;
step N5: and the second equipment determines the area where the second equipment is located according to the position coordinates where the second equipment is located, the coordinate information of each area and the wireless network coordinate positions of each area, acquires the service set identifier of the wireless network of the area where the second equipment is located, and sends a connection request to the first equipment.
14. The method of claim 13, wherein,
the step S4 is replaced by: the second device acquires the device identifier of the second device after receiving the formal communication response, encrypts the device identifier of the second device and the acquired service set identifier of the wireless network by using the communication key to acquire a second ciphertext, and sends the second ciphertext to the first device;
the step S5 is replaced by: and the first equipment decrypts the received second ciphertext by using the stored communication key to obtain a device identifier and a service set identifier of the second equipment, judges the validity of the device identifier of the second equipment, acquires corresponding wireless network information according to the service set identifier if the device identifier is valid, encrypts the wireless network information by using the communication key to obtain a third ciphertext, and sends the third ciphertext to the second equipment, and if the device identifier is invalid, the third ciphertext is ended.
15. The network connection implementation system of the intelligent equipment is characterized by comprising a first equipment and a second equipment;
the first equipment is used for acquiring and storing wireless network information of each area from a background server, starting a hot spot, generating local area network broadcast data and broadcasting;
The second device is used for connecting a hotspot with a preset name, starting to monitor data after the connection is successful, sending a connection request to the first device and establishing connection with the first device after monitoring local area network broadcast data, and exchanging respective device certificates and issuer public keys with the first device and storing the device certificates and issuer public keys;
the second device is further configured to generate and store a communication key according to a communication encryption manner, encrypt the communication key by using a first device public key in a stored first device certificate to obtain a first ciphertext, and send the first ciphertext to the first device;
the first device is further configured to decrypt the first ciphertext by using a first device private key stored in the first device, obtain the communication key, store the communication key, and return a formal communication response to the second device;
the second device is further configured to obtain device association information of the second device after receiving the formal communication response, encrypt the device association information of the second device using the communication key to obtain a second ciphertext, and send the second ciphertext to the first device, where the device association information includes a device identifier and/or location information;
The first device is further configured to decrypt the received second ciphertext using the stored communication key to obtain device association information of a second device, determine validity of the device association information of the second device, if the second device is valid, determine a second device usage area according to the device association information of the second device, obtain wireless network information of a corresponding area according to the second device usage area, encrypt the wireless network information using the communication key to obtain a third ciphertext, and send the third ciphertext to the second device;
and the second device is further configured to decrypt the received third ciphertext by using the communication key to obtain wireless network information, and perform network connection according to the wireless network information.
16. An electronic device comprising at least one processor, a memory, and instructions stored on the memory and executable by the at least one processor, the at least one processor executing the instructions to implement the method of any one of claims 1 to 14.
17. A computer readable storage medium, characterized in that the computer readable storage medium comprises a computer program which, when run on an electronic device, causes the electronic device to perform the method of any one of claims 1 to 14.
18. A chip system comprising a chip coupled to a memory for executing a computer program stored in the memory for performing the method of any of claims 1-14.
CN202311146026.2A 2023-09-07 2023-09-07 Network connection realization method and system of intelligent equipment Active CN116887250B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311146026.2A CN116887250B (en) 2023-09-07 2023-09-07 Network connection realization method and system of intelligent equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311146026.2A CN116887250B (en) 2023-09-07 2023-09-07 Network connection realization method and system of intelligent equipment

Publications (2)

Publication Number Publication Date
CN116887250A CN116887250A (en) 2023-10-13
CN116887250B true CN116887250B (en) 2023-11-07

Family

ID=88272096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311146026.2A Active CN116887250B (en) 2023-09-07 2023-09-07 Network connection realization method and system of intelligent equipment

Country Status (1)

Country Link
CN (1) CN116887250B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083556A (en) * 2007-07-02 2007-12-05 蔡水平 Region based layered wireless information publishing, searching and communicating application system
CN109413627A (en) * 2018-10-18 2019-03-01 飞天诚信科技股份有限公司 A kind of smart home device matches network method and distribution network systems
CN110120220A (en) * 2019-05-29 2019-08-13 飞天诚信科技股份有限公司 A kind of working method and system of cloud speaker
CN110149631A (en) * 2019-05-29 2019-08-20 飞天诚信科技股份有限公司 A kind of method and system for establishing connection suitable for cloud speaker
CN110225492A (en) * 2019-05-29 2019-09-10 飞天诚信科技股份有限公司 A kind of implementation method and device for cloud speaker distribution
CN110224822A (en) * 2019-06-10 2019-09-10 飞天诚信科技股份有限公司 A kind of cryptographic key negotiation method and system
WO2023001082A1 (en) * 2021-07-19 2023-01-26 华为技术有限公司 Network configuration method and apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10158995B2 (en) * 2014-06-25 2018-12-18 Mitel Networks Corporation Personal area network system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083556A (en) * 2007-07-02 2007-12-05 蔡水平 Region based layered wireless information publishing, searching and communicating application system
CN109413627A (en) * 2018-10-18 2019-03-01 飞天诚信科技股份有限公司 A kind of smart home device matches network method and distribution network systems
CN110120220A (en) * 2019-05-29 2019-08-13 飞天诚信科技股份有限公司 A kind of working method and system of cloud speaker
CN110149631A (en) * 2019-05-29 2019-08-20 飞天诚信科技股份有限公司 A kind of method and system for establishing connection suitable for cloud speaker
CN110225492A (en) * 2019-05-29 2019-09-10 飞天诚信科技股份有限公司 A kind of implementation method and device for cloud speaker distribution
CN110224822A (en) * 2019-06-10 2019-09-10 飞天诚信科技股份有限公司 A kind of cryptographic key negotiation method and system
WO2023001082A1 (en) * 2021-07-19 2023-01-26 华为技术有限公司 Network configuration method and apparatus

Also Published As

Publication number Publication date
CN116887250A (en) 2023-10-13

Similar Documents

Publication Publication Date Title
US10667131B2 (en) Method for connecting network access device to wireless network access point, network access device, and application server
US11399027B2 (en) Network system for secure communication
CA2799288C (en) Method for authenticating and registering devices
CN105119939B (en) The cut-in method and device, providing method and device and system of wireless network
KR102062162B1 (en) Security authentication method, configuration method and related devices
US7734280B2 (en) Method and apparatus for authentication of mobile devices
EP2615568A2 (en) Device verification for dynamic re-certificating
WO2016115807A1 (en) Wireless router access processing method and device, and wireless router access method and device
US20100299730A1 (en) User authentication method, wireless communication apparatus, base station, and account management apparatus
KR20160124648A (en) Method and apparatus for downloading and installing a profile
CN109890029B (en) Automatic network distribution method of intelligent wireless equipment
CN102273239A (en) Solutions for identifying legal user equipments in a communication network
CN105635094A (en) Security authentication method, security authentication device and security verification system
CN111726801B (en) Network security control method
CN112512048B (en) Mobile network access system, method, storage medium and electronic device
KR101807523B1 (en) Apparatus and method for identifying wireless network provider in wireless communication system
CN116887250B (en) Network connection realization method and system of intelligent equipment
CN115868142A (en) Equipment verification method, equipment and cloud
WO2007100202A1 (en) Authentication system for online financial transactions and user terminal for authentication of online financial transactions
CN115242480A (en) Device access method, system and non-volatile computer storage medium
JP3851781B2 (en) Wireless communication apparatus, wireless communication system, and connection authentication method
CN114465835A (en) Household appliance equipment, application terminal, Bluetooth network distribution method and system
CN116566746B (en) Authentication implementation method and system based on Internet of things
CN115361116A (en) Method for distributing secret keys in public environment, verification method and related equipment
CN115694893A (en) Resource transmission method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant