CN117135631A - Equipment authentication method and terminal equipment - Google Patents
Equipment authentication method and terminal equipment Download PDFInfo
- Publication number
- CN117135631A CN117135631A CN202310206775.3A CN202310206775A CN117135631A CN 117135631 A CN117135631 A CN 117135631A CN 202310206775 A CN202310206775 A CN 202310206775A CN 117135631 A CN117135631 A CN 117135631A
- Authority
- CN
- China
- Prior art keywords
- bluetooth
- authentication
- identification information
- equipment
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 211
- 150000003839 salts Chemical class 0.000 claims description 37
- 238000012795 verification Methods 0.000 claims description 34
- 230000005540 biological transmission Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 8
- 230000006854 communication Effects 0.000 abstract description 131
- 238000004891 communication Methods 0.000 abstract description 129
- 230000008569 process Effects 0.000 abstract description 51
- 238000004422 calculation algorithm Methods 0.000 abstract description 38
- 238000005516 engineering process Methods 0.000 abstract description 27
- 238000004364 calculation method Methods 0.000 abstract description 8
- 230000006870 function Effects 0.000 description 55
- 238000013461 design Methods 0.000 description 41
- 239000010410 layer Substances 0.000 description 33
- 210000000577 adipose tissue Anatomy 0.000 description 25
- 238000007726 management method Methods 0.000 description 23
- 238000012545 processing Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 19
- 230000004044 response Effects 0.000 description 19
- 238000010295 mobile communication Methods 0.000 description 14
- 230000000694 effects Effects 0.000 description 5
- 230000009977 dual effect Effects 0.000 description 4
- 208000031648 Body Weight Changes Diseases 0.000 description 3
- 230000004579 body weight change Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000005236 sound signal Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000662429 Fenerbahce Species 0.000 description 1
- 241000190070 Sarracenia purpurea Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 210000000988 bone and bone Anatomy 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000037213 diet Effects 0.000 description 1
- 235000005911 diet Nutrition 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 239000002674 ointment Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/037—Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/30—Connection release
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application relates to the technical field of communication, in particular to a device authentication method and terminal device, which can effectively ensure the safety of communication between electronic equipment and Bluetooth equipment, improve the complex and tedious conditions caused by key negotiation in the related technology, and save resources such as calculation power, time and the like. In the method, the Bluetooth device can verify whether the electronic device is trusted or not through the first authentication parameter, and if the electronic device is not trusted, the Bluetooth device disconnects the Bluetooth connection with the electronic device. The Bluetooth device can be prevented from being randomly connected with the electronic device, and the safety of communication between the Bluetooth device and the electronic device can be ensured. Meanwhile, in the process of generating the first check information based on the authentication identification information, the Bluetooth equipment does not need to use a very complex algorithm, so that the computing power resources and time resources of the electronic equipment and the Bluetooth equipment can be effectively saved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a device authentication method and a terminal device.
Background
Along with the development of technology and the progress of science and technology, more and more bluetooth devices are available on the side of users, and users can hope that the bluetooth devices of the users and the electronic devices are connected through the bluetooth technology; communication is performed between the electronic device and the bluetooth device, so that the own electronic device can control the bluetooth device through bluetooth technology, receive data of the bluetooth device, upgrade the bluetooth device, and the like.
In the related art, in order to ensure the safety of communication between an electronic device and a bluetooth device, the electronic device of other users is prevented from being randomly connected with the bluetooth device of the users, and the communication between the electronic device and the bluetooth device is prevented from being monitored. A key negotiation process is typically performed between the electronic device and the bluetooth device, which generates a key through the negotiation. The key negotiation process of the electronic equipment and the Bluetooth equipment through the key needs to use a plurality of security-related libraries, which is complex; and, each time a communication is made, encryption and decryption using a key are required, which is very complex. Therefore, in the related art, in order to ensure the security of the communication between the electronic device and the bluetooth device, the key negotiation method is too complex and cumbersome, and the resource consumption such as calculation power and time is relatively high. Some lightweight bluetooth devices with lower capabilities cannot communicate in this manner, and bluetooth communication is less secure.
Disclosure of Invention
In view of the above, the present application provides an apparatus authentication method and a terminal apparatus. In the method, the electronic equipment and the Bluetooth equipment adopt a parameter verification mode to carry out safety authentication, and Bluetooth communication can be carried out after the safety authentication is successful, so that the safety of communication between the electronic equipment and the Bluetooth equipment can be effectively ensured, the complex and complicated conditions caused by key negotiation in the related technology are improved, and resources such as calculation power, time and the like are saved. Even lightweight bluetooth devices can guarantee the security of bluetooth communications.
In a first aspect, the present application provides a device authentication method, which may be applied to a bluetooth device; the bluetooth device may be a terminal device with bluetooth connection capability, such as a classical bluetooth device, a BLE bluetooth device, a dual mode bluetooth device, etc. In the method, after the Bluetooth device establishes a Bluetooth connection with the electronic device, the Bluetooth device generates a second random number and sends the second random number to the electronic device, wherein the second random number is used for generating the first authentication parameter on the electronic device. And then, the Bluetooth equipment receives the first authentication parameter and the first random number sent by the electronic equipment. Next, the Bluetooth equipment adopts a target encryption mode, and generates first check information based on the first random number, the second random number and authentication identification information of the Bluetooth equipment; and the Bluetooth device verifies the first authentication parameter based on the first verification information, and the Bluetooth device disconnects the Bluetooth connection with the electronic device under the condition that the verification of the first authentication parameter fails.
The bluetooth device may generate the second random number by using a preset random number generation method. For the Bluetooth device, the authentication identification information can be generated by a preset identification information generation algorithm, or can be obtained by searching from a memory of the Bluetooth device. The target encryption mode may be a preset encryption method identical to the electronic device or an encryption method identical to the negotiation with the electronic device. The authentication identification information may be a PIN code, for example; the target encryption mode may be an encryption hash function, such as MD5 information digest algorithm, hash-type algorithm, and the like.
In the device authentication method, the Bluetooth device can verify whether the electronic device is trusted or not through the first authentication parameter, and if the electronic device is not trusted, the Bluetooth device is disconnected with the electronic device. The Bluetooth device can be prevented from being randomly connected with the electronic device, and the safety of communication between the Bluetooth device and the electronic device can be ensured. Meanwhile, the Bluetooth equipment does not need to use a very complex algorithm in the process of generating the first check information based on the authentication identification information; for example, this can be achieved by merely encrypting the hash function. The computing power resource and time resource of the electronic equipment and the Bluetooth equipment can be effectively saved.
In one possible design of the first aspect, the method provided by the present application may further include: in the case that the first authentication parameter of the bluetooth device fails to verify, the bluetooth device may send disconnection indication information to the electronic device, where the disconnection indication information is used to indicate disconnection of the bluetooth connection.
In one possible design of the first aspect, the method provided by the present application may further include: and under the condition that the verification of the first authentication parameter is successful, the Bluetooth equipment adopts a target encryption mode and generates a second authentication parameter based on the first random number, the second random number and authentication identification information. And then, the Bluetooth device sends a second authentication parameter to the electronic device, wherein the second authentication parameter is used for triggering the disconnection of the Bluetooth connection between the electronic device and the Bluetooth device under the condition that the electronic device fails to verify the second authentication parameter. It will be appreciated that in such a design, the electronic device may verify through the second authentication parameter whether the bluetooth device is trusted or not, and if not, disconnect the bluetooth connection with the electronic device. The Bluetooth device can be prevented from being randomly connected with the electronic device, and the safety of communication between the Bluetooth device and the electronic device can be further improved.
In one possible design of the first aspect, the method provided by the present application may further include: if the Bluetooth device receives the disconnection indication information from the electronic device, the Bluetooth device disconnects the Bluetooth connection with the electronic device.
In one possible design of the first aspect, the method provided by the present application may further include: if the Bluetooth device receives notification information from the electronic device, the notification information is used for indicating that the electronic device successfully verifies the second authentication parameter, the Bluetooth device updates the authentication identification information, and the updated authentication identification information is uploaded to the server through the electronic device. The updated authentication identification information may be used in a subsequent authentication process for the bluetooth device. In this design, the bluetooth device updates the authentication identification information. The updating process of the authentication identification information is not perceived at the electronic equipment and the server; the problem that other users operate equipment by stealing the updating process of the authentication identification information and then obtaining the updated authentication identification information can be prevented, and the communication security between the Bluetooth equipment and the electronic equipment can be further improved.
In one possible design of the first aspect, the bluetooth device updates the authentication identification information, and uploads the updated authentication identification information to the server through the electronic device, which may include: after waiting for a preset time interval, the Bluetooth equipment updates the authentication identification information and uploads the updated authentication identification information to the server through the electronic equipment; alternatively, the Bluetooth device monitors the load of a processor in the Bluetooth device; if the load of the processor is smaller than the preset threshold value, updating the authentication identification information, and uploading the updated authentication identification information to the server through the electronic equipment. In this design, it is considered that the processor performance is not very powerful due to some bluetooth devices; updating the authentication identification information immediately after the second parameter authentication is successful may cause overload of the processor. Therefore, the process which can normally work on the Bluetooth device becomes stuck, and the user experience is affected. Therefore, the embodiment of the application can avoid the time for the Bluetooth device to execute the processes after the authentication of the electronic device and the Bluetooth device is passed. The processor of the Bluetooth device is only focused on executing the process, and new authentication identification information is generated through a preset authentication identification generation algorithm when the processor of the Bluetooth device is idle. The workload of the processor of the Bluetooth device can be relieved, and the overload problem of the processor of the Bluetooth device can be reduced.
In one possible design of the first aspect, the generating, by the bluetooth device, the first check information based on the first random number, the second random number, and the authentication identification information in a target encryption manner may include: the bluetooth device adds a salt value to the authentication identification information, which may be preset. Then, the Bluetooth device can generate first check information based on the first random number, the second random number and the authentication identification information with the salt added by adopting a target encryption mode.
In one possible design of the first aspect, the generating, by the bluetooth device, the second authentication parameter based on the first random number, the second random number, and the authentication identification information in a target encryption manner may include: the Bluetooth equipment increases a salt value for the authentication identification information; the salt value may be the same as the electronic device as preset or the salt value may be the same as the electronic device as negotiated. Then, the Bluetooth device can generate a second authentication parameter based on the first random number, the second random number and the authentication identification information with the salt added by adopting a target encryption mode. In such designs, it is contemplated that for stealing authentication identification information, a rainbow table attack may be initiated on the authentication parameters. Thus, the salt value may be added to the authentication identification information at the time of generating the second authentication parameter. Thus, even if the second authentication parameter is cracked through the rainbow table, the authentication identification information in the present application cannot be obtained. Only one authentication identification information with added salt value can be obtained, so that the safety and reliability of the equipment authentication method provided by the application embodiment can be further improved.
In one possible design of the first aspect, the method provided by the present application may further include: if the Bluetooth device receives the notification information from the electronic device, the Bluetooth device uses an encryption mode specified by the Bluetooth protocol to carry out encryption transmission with the electronic device.
In one possible design of the first aspect, the method provided by the present application may further include: and under the condition that the Bluetooth equipment successfully verifies the first authentication parameter, the Bluetooth equipment performs encryption transmission with the electronic equipment by using an encryption mode specified by the Bluetooth protocol. In this design, the bluetooth device and the electronic device may encrypt communications therebetween in an encryption manner specified in the bluetooth protocol, and may be monitored in an efficient manner. The safety of communication between the two can be effectively ensured. For lightweight BLE devices, users typically do not store data with high data security requirements, such as bank accounts, passwords, etc., on these lightweight BLE devices. Therefore, for these lightweight BLE devices, the security of data transmission can be effectively ensured by the encryption method in the bluetooth protocol.
In a second aspect, the present application provides a device authentication method, which may be applied to an electronic device, where the electronic device may be a terminal device having a bluetooth connection function, such as a mobile phone, a tablet computer, a personal computer, or the like. In the method, after the electronic device establishes Bluetooth connection with the Bluetooth device, the electronic device acquires authentication identification information of the Bluetooth device, wherein the authentication identification information can be generated by a preset identification information generation algorithm or acquired from a server for the electronic device. Then the electronic equipment generates a first random number and receives a second random number sent by the Bluetooth equipment; the electronic device may generate the first random number by using a preset random number generation method. Then, the electronic equipment adopts a target encryption mode to generate a first authentication parameter based on the first random number, the second random number and authentication identification information; the target encryption mode may be a preset encryption method same as that of the bluetooth device or a preset encryption method same as that of the bluetooth device. And then, the electronic equipment sends a first authentication parameter and a first random number to the Bluetooth equipment, wherein the first random number is used for verifying the first authentication parameter, and the first authentication parameter is used for triggering the disconnection of the Bluetooth connection between the Bluetooth equipment and the electronic equipment under the condition that the Bluetooth equipment fails to verify the first authentication parameter. The target encryption mode may be a preset encryption method identical to that of the bluetooth device or an encryption method identical to that of the bluetooth device. The authentication identification information may be a PIN code, for example; the target encryption mode may be MD5 information digest algorithm, hash algorithm, etc.
In the device authentication method, the Bluetooth device can verify whether the electronic device is trusted or not through the first authentication parameter, and if the electronic device is not trusted, the Bluetooth device is disconnected with the electronic device. The Bluetooth device can be prevented from being randomly connected with the electronic device, and the safety of communication between the Bluetooth device and the electronic device can be ensured. Meanwhile, the Bluetooth equipment does not need to use a very complex algorithm in the process of generating the first check information based on the authentication identification information; for example, this can be achieved by merely encrypting the hash function. The computing power resource and time resource of the electronic equipment and the Bluetooth equipment can be effectively saved.
In one possible design of the second aspect, the method provided by the present application further includes: if the electronic equipment receives disconnection indication information from the Bluetooth equipment, the electronic equipment disconnects Bluetooth connection with the Bluetooth equipment.
In one possible design of the second aspect, the method provided by the present application further includes: if the electronic equipment receives the second authentication parameter from the Bluetooth equipment, the electronic equipment adopts a target encryption mode and generates second check information based on the first random number, the second random number and the authentication identification information of the Bluetooth equipment. The electronic device verifies the second authentication parameter based on the second verification information, and disconnects the Bluetooth connection with the Bluetooth device under the condition that the verification of the second authentication parameter fails. It will be appreciated that in such a design, the electronic device may verify through the second authentication parameter whether the bluetooth device is trusted or not, and if not, disconnect the bluetooth connection with the electronic device. The Bluetooth device can be prevented from being randomly connected with the electronic device, and the safety of communication between the Bluetooth device and the electronic device can be further improved.
In one possible design of the second aspect, the method provided by the present application further includes: and under the condition that the verification of the second authentication parameter fails, the electronic equipment sends disconnection indication information to the Bluetooth equipment, wherein the disconnection indication information is used for indicating disconnection of the Bluetooth.
In one possible design of the second aspect, the method provided by the present application further includes: and under the condition that the second authentication parameter is successfully verified, the electronic equipment sends notification information to the Bluetooth equipment, wherein the notification information is used for indicating that the electronic equipment is successfully verified on the second authentication parameter. And the electronic equipment receives the updated authentication identification information sent by the Bluetooth equipment and uploads the updated authentication identification information to the server. In this design, the bluetooth device updates the authentication identification information. The updating process of the authentication identification information is not perceived at the electronic equipment and the server; the problem that other users operate equipment by stealing the updating process of the authentication identification information and then obtaining the updated authentication identification information can be prevented, and the communication security between the Bluetooth equipment and the electronic equipment can be further improved.
In one possible design of the second aspect, the electronic device obtaining authentication identification information of the bluetooth device includes: under the condition that the Bluetooth equipment is authenticated for the first time, the electronic equipment generates authentication identification information based on the equipment information of the Bluetooth equipment; the electronic device may generate the authentication identification information based on the device information of the bluetooth device using a preset identification information generation algorithm. Or under the condition that the Bluetooth equipment is not authenticated for the first time, the electronic equipment acquires the authentication identification information of the Bluetooth equipment corresponding to the target user account related to the electronic equipment from the server based on the equipment information of the Bluetooth equipment; the server stores the corresponding relation between the user account and the authentication identification information of at least one device. The target user account may be a user account logged in on the electronic device.
In one possible design of the second aspect, the electronic device uploads the updated authentication identification information to the server, including: under the condition that the Bluetooth equipment is authenticated for the first time, the electronic equipment uploads updated authentication identification information to a server; and establishing a corresponding relation between the authentication identification information of the Bluetooth equipment and the target user account corresponding to the target electronic equipment at the server. Or the electronic equipment uploads the updated authentication identification information to the server under the condition that the authentication scene is not the first authentication; and updating the corresponding relation between the authentication identification information of the Bluetooth equipment and the target user account number at the server.
In one possible design of the second aspect, the method provided by the present application may further include: the electronic device obtains device information of the Bluetooth device. And then, the electronic equipment determines an authentication scene of the Bluetooth equipment based on the equipment information, wherein the authentication scene comprises first authentication or non-first authentication. The device information of the bluetooth device may include: bluetooth MAC address, device ID, device name, bluetooth device type. The bluetooth MAC address may include: public device addresses and random device addresses.
In one possible design of the second aspect, the device information of the bluetooth device may further include: authentication indication information. The authentication indication information may be in the form of a configuration file, or may be in the form of a field, etc. And, the electronic device determining an authentication scenario of the bluetooth device based on the device information may include: the electronic device determines an authentication scene of the Bluetooth device based on the authentication indication information.
In one possible design of the second aspect, the generating, by the electronic device, the second verification information based on the first random number, the second random number, and the authentication identification information of the bluetooth device in a target encryption manner may include: the electronic equipment increases the salt value of the authentication identification information; the salt value may be the same as the electronic device as preset or the salt value may be the same as the electronic device as negotiated. The electronic equipment adopts a target encryption mode, and generates second check information based on the first random number, the second random number and the authentication identification information with the added salt value.
In one possible design of the second aspect, the generating, by the electronic device, the first authentication parameter based on the first random number, the second random number, and the authentication identification information in a target encryption manner may include: the electronic equipment increases the salt value of the authentication identification information; the salt value may be the same as the electronic device as preset or the salt value may be the same as the electronic device as negotiated. The electronic equipment adopts a target encryption mode, and generates a first authentication parameter based on the first random number, the second random number and the authentication identification information with the added salt value. In such designs, it is contemplated that for stealing authentication identification information, a rainbow table attack may be initiated on the authentication parameters. Thus, the salt value may be added to the authentication identification information at the time of generating the second authentication parameter. Thus, even if the second authentication parameter is cracked through the rainbow table, the authentication identification information in the present application cannot be obtained. Only one authentication identification information with added salt value can be obtained, so that the safety and reliability of the equipment authentication method provided by the application embodiment can be further improved.
In one possible design of the second aspect, the method provided by the present application further includes: and under the condition that the second authentication parameter is successfully verified, the electronic equipment uses an encryption mode included in the Bluetooth protocol to carry out encryption transmission with the Bluetooth equipment. In this design, the bluetooth device and the electronic device may encrypt communications therebetween in an encryption manner specified in the bluetooth protocol, and may be monitored in an efficient manner. The safety of communication between the two can be effectively ensured.
In one possible design of the second aspect, the method provided by the present application further includes: if the electronic equipment receives the notification information from the Bluetooth equipment, the electronic equipment uses an encryption mode included in the Bluetooth protocol to carry out encryption transmission with the Bluetooth equipment.
In a third aspect, the present application provides a device authentication method, which may be applied to an electronic device, where the electronic device may be a terminal device having a bluetooth connection function, such as a mobile phone, a tablet computer, a personal computer, or the like. In the method, after the Bluetooth connection is established between the electronic equipment and the Bluetooth equipment, the electronic equipment acquires authentication identification information of the Bluetooth equipment. Then, the electronic equipment generates a first random number and sends the first random number to the Bluetooth equipment; the first random number is used to generate a second authentication parameter. And then, the electronic device receives the second random number sent by the Bluetooth device and the second authentication parameter. And then, the electronic equipment adopts a target encryption mode to generate second check information based on the first random number, the second random number and the authentication identification information. And then, the electronic equipment verifies the second authentication parameter based on the second verification information, and the Bluetooth connection with the Bluetooth equipment is disconnected under the condition that the electronic equipment fails to verify the second authentication parameter.
In a fourth aspect, the present application provides a terminal device, where the terminal device may be a mobile phone, a tablet computer, a notebook computer, a vehicle computer, an intelligent toothbrush, a body fat scale, an intelligent water cup, or the like, having a bluetooth connection capability. The terminal device includes: a memory, one or more processors, a bluetooth module; the memory is coupled with the processor; wherein the memory stores computer program code comprising computer instructions; the computer instructions, when executed by a processor, cause the terminal device to perform the method provided by the first aspect and any one of the possible designs of the first aspect. Or, cause the terminal device to perform the method provided by the second aspect and any one of the possible designs of the second aspect. Still alternatively, the terminal device is caused to perform the method provided in the third aspect described above.
In a fifth aspect, the present application provides a computer readable storage medium having stored therein instructions which, when run on a terminal device, cause the terminal device to perform the method provided by the first aspect and any one of the possible designs of the first aspect. Or, cause the terminal device to perform the method provided by the second aspect and any one of the possible designs of the second aspect. Still alternatively, the terminal device is caused to perform the method provided in the third aspect described above.
In a sixth aspect, the present application provides a computer program product comprising instructions which, when run on a terminal device, enable the terminal device to perform the method provided by the first aspect and any one of the possible designs of the first aspect. Or, cause the terminal device to perform the method provided by the second aspect and any one of the possible designs of the second aspect. Still alternatively, the terminal device is caused to perform the method provided in the third aspect described above.
The technical effects of any one of the design manners of the fourth aspect to the sixth aspect may be referred to as technical effects of different design manners of the first aspect, the second aspect and the third aspect, and are not described herein.
Drawings
Fig. 1 is a schematic diagram of a usage scenario of a device authentication method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 3 is a schematic software structure of an electronic device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a bluetooth device according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a software architecture according to an embodiment of the present application;
fig. 6 is a schematic flow chart of a device authentication method according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a search device interface according to an embodiment of the present application;
fig. 8 is a schematic flow chart of a device authentication method according to an embodiment of the present application;
fig. 9 is a schematic flowchart of another device authentication method according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a device authentication interface provided by an example of the present application;
FIG. 11 is a schematic diagram of yet another device authentication interface provided by an embodiment of the present application;
FIG. 12 is a schematic diagram of a user login interface according to an embodiment of the present application;
fig. 13 is a schematic flow chart of a device authentication method according to an embodiment of the present application;
fig. 14 is a schematic flow chart of a device authentication method according to an embodiment of the present application;
fig. 15 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
In the following, before describing embodiments of the present application, a brief description of bluetooth technology and bluetooth devices will be provided.
Bluetooth (blue) technology, which is a global specification for wireless data and voice communication, is based on low-cost short-range wireless connection, and can establish a communication environment for fixed and mobile devices; is a near field wireless communication technology. The Bluetooth technology can utilize a wave band (about 2.4GHz-2.485 GHz) with specific frequency to transmit electromagnetic waves. Bluetooth technology may include different versions of bluetooth protocols, e.g., bluetooth 4.0, bluetooth 4.1, bluetooth 4.2, bluetooth 5.0, etc. Among bluetooth versions 4.0 (i.e., bluetooth 4.0) and above, bluetooth is classified into classical bluetooth (classic Bluetooth) and bluetooth with low energy (Bluetooth low energy, abbreviated as BLE or LE). Compared with classical Bluetooth, BLE has lower power consumption, and is more suitable for some scenes with lower power consumption.
The bluetooth device is a device having bluetooth function, and at least includes: classical bluetooth device, bluetooth Low Energy (BLE) bluetooth device, dual mode bluetooth device. The dual-mode Bluetooth device is a Bluetooth device with classical Bluetooth function and BLE function.
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. Wherein, in the description of the present application, "/" means that the related objects are in a "or" relationship, unless otherwise specified, for example, a/B may mean a or B; the "and/or" in the present application is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. Also, in the description of the present application, unless otherwise indicated, "a plurality" means two or more than two. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural. In addition, in order to facilitate the clear description of the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. Meanwhile, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion that may be readily understood.
Along with the development of technology and the progress of science and technology, bluetooth devices on the side of users are increasing, and users can hope that their own bluetooth devices and electronic devices are connected through bluetooth technology, so that the electronic devices can control the bluetooth devices, receive data of the bluetooth devices, upgrade the bluetooth devices, and the like.
For example, when a user uses a bluetooth device such as a body fat scale, the user wants to record information such as body fat changes and weight changes; and adjust own work and rest, diet, exercise, etc. according to own body fat change and body weight change. Because the processor of the Bluetooth device such as the body fat scale is simpler, the memory space is smaller, and the function is not very powerful. Body fat scales are not adequate for data processing and data storage work of body fat changes and body weight changes. The user will typically establish a bluetooth connection between the body fat scale and the cell phone. And periodically transmitting the data of the body fat scale to the mobile phone, monitoring the body fat change and the body weight change through a health application program (application) of the mobile phone, and analyzing the data. Thereby realizing the monitoring of the health of the user.
In the related art, in order to ensure the security of communication between an electronic device and a bluetooth device, a key negotiation process is generally performed between the electronic device and the bluetooth device, and a key is generated by the negotiation between the electronic device and the bluetooth device. The electronic device and the Bluetooth device carry out encryption transmission through the secret key. The key negotiation process needs to exchange information between the electronic equipment and the Bluetooth equipment for multiple rounds, and the process is very tedious. And requires the use of many security-related libraries (e.g., mbed-TLS libraries, polar SSL libraries, etc.); and the use of these libraries is quite space consuming. And, after the key agreement is passed, each communication between the two requires the use of some encryption/decryption algorithms, such as RSA algorithm, elliptic encryption (Elliptic curve cryptography, ECC) algorithm, elliptic curve diffie-hellman key exchange (Elliptic Curve Diffie-Hellman key Exchange, ECDH) algorithm, etc.; among them, the RSA algorithm is proposed by three people of Ronus Levelst (Ron Rivest), addi Samo (Adi Shamir) and Leonade Adaman (Leonad Adleman), and named after the initial letters of three people's surnames are spelled together. The encryption/decryption is carried out by using the algorithms, the calculation process is quite complex, and a lot of calculation resources and calculation time are consumed.
Therefore, in the related art, in order to ensure the security of the communication between the electronic device and the bluetooth device, the key negotiation method is too complex and cumbersome, and the resource consumption such as calculation power, storage space and time is relatively large. For some lightweight bluetooth devices, the memory space of the lightweight bluetooth devices is smaller, the performance of a processor of the bluetooth devices is not strong, communication cannot be performed in this way, and the security of bluetooth communication is poor.
Based on the above, the application provides a device authentication method and terminal device. In the method, the electronic equipment and the Bluetooth equipment adopt a parameter verification mode to carry out safety authentication, and Bluetooth communication can be carried out after the safety authentication is successful, so that the safety of communication between the electronic equipment and the Bluetooth equipment can be effectively ensured, the complex and complicated conditions caused by key negotiation in the related technology can be improved, and resources such as calculation power, time, storage space and the like can be saved. Even lightweight bluetooth devices can guarantee the security of bluetooth communications.
In some schemes, in order to ensure the safety of communication between the electronic device and the Bluetooth device, the electronic devices of other users are prevented from being randomly connected with the Bluetooth device of the users, and the communication between the electronic device and the Bluetooth device is prevented from being monitored. After the bluetooth connection is established, the electronic device and the bluetooth device perform a key negotiation procedure. A key is negotiated between the two. If the key negotiation between the electronic device and the bluetooth device is not passed and the key is not obtained through the negotiation, one of the electronic device or the bluetooth device is considered to be unreliable, and is not a trusted device, and is a randomly connected device. And after the key agreement is passed, the communication between the two devices is carried out based on the key, so that the communication between the electronic device and the Bluetooth device can be prevented from being monitored. In the above key agreement process, both perform multiple rounds of information exchange, and many security-related libraries are required to be used. It can be seen that in these schemes, in order to ensure the security of the communication between the electronic device and the bluetooth device, a key negotiation method is adopted, which is too complex and cumbersome. In view of the above, the application provides a device authentication method and a terminal device. In the method, the electronic equipment and the Bluetooth equipment do not carry out a key negotiation process, but adopt a parameter verification mode to authenticate the identities of the electronic equipment and the Bluetooth equipment, so that random connection among the equipment is prevented; and the electronic equipment and the Bluetooth equipment do not adopt a negotiation generating key to encrypt and transmit the communication between the electronic equipment and the Bluetooth equipment, but encrypt and transmit the communication in an encryption mode in a Bluetooth protocol, so that the communication between the equipment is prevented from being monitored. Thereby ensuring the safety of communication between the electronic equipment and the Bluetooth equipment. The method can improve the complex and tedious situation caused by adopting a key negotiation method to ensure the safety of communication between the electronic equipment and the Bluetooth equipment. For lightweight BLE devices, users typically do not store data with high data security requirements, such as bank accounts, passwords, etc., on these lightweight BLE devices. Therefore, for these lightweight BLE devices, the security of data transmission can be ensured by the encryption method in the bluetooth protocol.
The device authentication method provided by the application can be applied to a communication scene of near field communication, namely, the terminal device A and the terminal device B establish near field communication connection through a near field communication technology. Among these, the near field communication technology may be bluetooth technology, zigBee technology, 433 megahertz (MHz) communication technology, 2.4 gigahertz (GHz) communication technology, and so on.
The following will describe a scenario in which the present application may be applied, taking the example that the near field communication technology is bluetooth technology. Referring to fig. 1, fig. 1 is a schematic diagram of a usage scenario of a device authentication method according to an embodiment of the present application. After the bluetooth connection is established between the electronic device 100 and the bluetooth device 400, in order to ensure the security of the communication between the electronic device 100 and the bluetooth device 400, a device authentication process is performed between the bluetooth device 400 and the electronic device 100; this process may be accomplished by the electronic device 100 and the bluetooth device 400 with the aid of the server 500.
For example, the electronic device in the embodiment of the present application may be a portable computer (such as a mobile phone), a tablet computer, a notebook computer, a personal computer (personal computer, PC), a wearable electronic device (such as a smart watch), an augmented reality (augmented reality, AR)/Virtual Reality (VR) device, a vehicle-mounted computer, or the like, which can connect to the internet to have a bluetooth connection capability.
The bluetooth device in the embodiments of the present application may be a classical bluetooth (classic Bluetooth) device, a BLE device, a dual mode bluetooth device, etc. For example: intelligent household equipment, intelligent toothbrushes, body fat scales, intelligent water cups, intelligent sphygmomanometers, and the like, which are electronic equipment with Bluetooth connection capability. And, the server in the embodiment of the present application may be a cloud server, a heterogeneous server, a virtual server, or the like. The following embodiments do not limit the specific forms of the electronic device, the bluetooth device, and the server.
Taking the example that the electronic device is a mobile phone. Referring to fig. 2, a schematic structural diagram of an electronic device 100 according to an embodiment of the present application is shown. The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
It should be understood that the illustrated structure of the embodiment of the present application does not constitute a specific limitation on the electronic device 100. In other embodiments of the application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
The controller may be a neural hub and a command center of the electronic device 100, among others. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.
A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.
In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose input/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.
The I2S interface may be used for audio communication. In some embodiments, the processor 110 may contain multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 via an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through the I2S interface, to implement a function of answering a call through the bluetooth headset.
PCM interfaces may also be used for audio communication to sample, quantize and encode analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface. In some embodiments, the audio module 170 may also transmit audio signals to the wireless communication module 160 through the PCM interface to implement a function of answering a call through the bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.
The UART interface is a universal serial data bus for asynchronous communications. The bus may be a bi-directional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is typically used to connect the processor 110 with the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through a UART interface, to implement a function of playing music through a bluetooth headset.
The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
The mobile communication module 150 may provide a solution for wireless communication including 2G/3G/4G/5G, etc., applied to the electronic device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be provided in the same device as at least some of the modules of the processor 110.
The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied on the electronic device 100. The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.
The wireless communication module 160 may also include a classical bluetooth module and/or a Bluetooth Low Energy (BLE) module, among others.
The electronic device 100 may implement functions such as communication functions and data transmission through the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, and the like.
For example, in an embodiment of the present application, the electronic device 100 may establish a bluetooth connection with a bluetooth device through the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, and the like. Device information from bluetooth devices, random numbers, authentication parameters, etc. are received.
For example, in the embodiment of the present application, the electronic device 100 may also establish communication with the server through the antenna 1, the antenna 2, the mobile communication module 150, and the wireless communication module 160. Authentication identification information, an authentication history, and the like are received from the server.
The internal memory 121 may be used to store computer executable program code including instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data created during use of the electronic device 100 (e.g., audio data, phonebook, etc.), and so on. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like.
Illustratively, in an embodiment of the present application, after the electronic device 100 establishes a bluetooth connection with a bluetooth device. The electronic device may acquire device information of the bluetooth device through the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, and the like. The processor 110 may generate authentication identification information based on device information of the bluetooth device through computer executable program code stored in the internal memory 121. Alternatively, the authentication identification information is acquired from the server through the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the mobile communication module 150, and the like. The processor 100 of the electronic device 100 generates an authentication parameter based on the authentication identification information, and performs device authentication with the bluetooth device.
The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In the embodiment of the application, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated.
Fig. 3 is a schematic software structure of the electronic device 100 according to an embodiment of the present application.
The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into five layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun row (Android run) and system library, a kernel layer, and a bottom protocol layer, respectively.
The application layer may include a series of application packages. As shown in fig. 3, the application package may include applications such as a camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, APP (e.g., smart space APP) with bluetooth management functions, etc. The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.
Android runtimes include core libraries and virtual machines. Android run time is responsible for scheduling and management of the Android system.
The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), two-dimensional (2D) graphics engines (e.g., SGL), etc. The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio and video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc. The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like. The 2D graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.
The underlying protocol layer is used to provide the electronic device with the protocols required for operation, and may include: bluetooth protocol, wi-Fi protocol, message queue telemetry transport protocol (message queuing telemetry transport, MQTT), hypertext transfer security protocol (hyper text transport protocol over secure socket layer, HTTPS), etc. The bluetooth protocol may include a classical bluetooth protocol and/or a BLE bluetooth protocol, among others.
As shown in FIG. 3, the application framework layer may include a window manager, a content provider, a view system, a telephony manager, a resource manager, a notification manager, and the like. The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like. The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc. The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. The telephony manager is used to provide the communication functions of the electronic device 100. Such as the management of call status (including on, hung-up, etc.). The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The application framework layer may further include a device management layer and a device connection layer. The device management layer and the device connection layer are both used to provide services related to device connection and management for the electronic device 100. For example, data and functional support is provided for the bluetooth management class APP. For example, the device management layer may include: a device registration module, a device query module, a device control module, and the like. The device connection layer may include: a device discovery module, a device connection module, a device authentication module, and so on.
For example, referring to fig. 4, fig. 4 is a schematic structural diagram of a bluetooth device according to an embodiment of the present application. It should be understood that the bluetooth device 400 shown in fig. 4 is only one example, and in other embodiments, the bluetooth device 400 may have more or fewer components than shown in fig. 4, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, again including one or more signal processing and/or application specific integrated circuits.
As shown in fig. 4, the bluetooth device 400 may include a processor 401, a memory 402, a bluetooth communication module 403, an antenna 404, a power switch 405, a usb communication processing module 406, and an audio processing module 407. Wherein: processor 401 may be used to read and execute computer readable instructions. In a specific implementation, the processor 401 may mainly include a controller, an operator, and a register. The controller is mainly responsible for instruction decoding and sending out control signals for operations corresponding to the instructions. The arithmetic unit is mainly responsible for storing register operands, intermediate operation results and the like temporarily stored in the instruction execution process. In a specific implementation, the hardware architecture of the processor 401 may be an Application Specific Integrated Circuit (ASIC) architecture, a MIPS architecture, an ARM architecture, an NP architecture, or the like.
In some embodiments, the processor 401 may be configured to parse signals received by the bluetooth communication module 403, such as inquiry requests, paging requests, etc., sent by the electronic device. The processor 401 may be used to perform corresponding processing operations, such as bluetooth scanning or bluetooth pairing, according to the parsing result.
A memory 402, coupled to the processor 401, is used for storing various software programs and/or sets of instructions. In particular implementations, memory 402 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid-state storage devices. Memory 402 may store an operating system such as an embedded operating system such as uos, vxWorks, RTLink, etc. The memory 402 may also store a communication program that may be used to communicate with the electronic device 100.
Among other things, bluetooth communication module 403 may include a classical bluetooth module and/or a Bluetooth Low Energy (BLE) module.
The wireless communication function of the bluetooth device 400 may be implemented by an antenna 404, a bluetooth communication module 403, a modem processor, or the like.
The antenna 404 may be used to transmit and receive electromagnetic wave signals. Each antenna in bluetooth device 400 may be used to cover a single or multiple communication bands. In some embodiments, the antennas of bluetooth communication module 403 may be one or more. The power switch 405 may be used to control the power supply to provide power to the bluetooth device 400. The USB communication processing module 406 may be used to communicate with other devices via a USB interface (not shown in fig. 4). In some embodiments, bluetooth device 400 may also include a serial interface such as an RS-232 interface. The serial interface may be connected to other devices, such as audio playback devices, such as speakers, so that bluetooth device 400 and the audio playback devices cooperate to play audio and video.
Illustratively, the bluetooth device 400 may establish a bluetooth connection with the electronic device 100 through an antenna 404, a bluetooth communication module 403, a modem processor, or the like. After bluetooth device 400 establishes a bluetooth connection with electronic device 100, processor 401 may execute computer readable instructions stored on memory 402 to generate authentication identification information. And generating an authentication parameter by the authentication identification information in the authentication process with the electronic device 100, and performing device authentication with the electronic device.
It should be understood that the configuration shown in fig. 4 is merely an example and does not constitute a specific limitation on the bluetooth device 400. In the following embodiments of the application, bluetooth device 400 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of hardware and software.
Referring to fig. 5, fig. 5 is a schematic diagram of a software architecture according to an embodiment of the present application. The device management layer of the electronic device in the figure comprises: a device registration module 502, a device query module 503, a device control module 504, and an information forwarding module 514. The device connection layer may include: a device discovery module 505, a device connection module 506, and a device authentication module 507. The device registration module 502 is mainly configured to register the bluetooth device after the first authentication of the electronic device and the bluetooth device passes, and register device information of the bluetooth device to a server. The device query module 503 is configured to query the server 500 for device information of the bluetooth device 400. The device control module 504 is primarily responsible for device control based on various protocols. Such as sending control instructions to bluetooth devices via protocols provided by the underlying protocol layer, sending control instructions to services via protocols provided by the underlying protocol layer, and so forth. The protocols employed include, but are not limited to, bluetooth (Bluetooth) protocol, wi-Fi protocol, message queue telemetry transport (message queuing telemetry transport, MQTT) protocol, and HyperText transport Security (hyper text transport protocol over secure socket layer, HTTPS) protocol, among others. And controlling the Bluetooth device switch through the protocol, inquiring the Bluetooth device data, upgrading the Bluetooth device through Over-the-Air Technology (OTA), restoring the Bluetooth device from factory setting and the like. For example, the device control module 504 may obtain information of the bluetooth device from the bluetooth device 400 in a bluetooth protocol, and control switching, parameter adjustment, and the like of the bluetooth device. For another example, the device control module 504 may also obtain an OTA upgrade package from the server based on one or more of Wi-Fi protocol, MQTT, HTTPS protocol, and use the OTA upgrade package to perform OTA upgrade on the bluetooth device via the bluetooth protocol.
The device discovery module 505 primarily scans for bluetooth devices 400 and establishes a bluetooth connection with the bluetooth devices 400 by the device connection module 506 after the bluetooth devices 400 are discovered. The device authentication module 507 is primarily responsible for authenticating whether the bluetooth device 400 is trusted.
To cooperate with the electronic device 100, the server 500 and bluetooth device 400 should include the following architecture:
the server 500 may include: a device registration module 508, a device information storage module 509. Bluetooth device 400 may include: a device authentication module 510, a device registration module 512, and a processing module 513. The device registration module 508 of the server 500, the device registration module 512 of the bluetooth device 400, and the device registration module 502 of the electronic device 100 cooperate with each other, and the bluetooth device is registered after the bluetooth device passes the first authentication. And after the registration is successful, the device authentication module of the bluetooth device generates authentication identification information of the bluetooth device, and forwards the generated authentication identification information to the server 500 through the information forwarding module 514 of the electronic device 100. And is stored by the device information storage module 509 of the server 500.
In summary, under the software architecture diagram shown in fig. 5, the electronic device 100 may establish a bluetooth connection with the bluetooth device 400 through the device discovery module 505 and the device connection module 506. After the bluetooth connection is established, the electronic device 100 obtains authentication identification information of the bluetooth device 400; the device authentication module 507 of the electronic device 100 generates authentication parameters based on the authentication identification information. Similarly, the device authentication module 512 of the bluetooth device 400 also generates authentication parameters based on the authentication identification information. The bluetooth device 400 and the electronic device 100 respectively compare whether the authentication parameters generated by the counterpart are identical to the authentication parameters generated by themselves to verify the reliability and security of the counterpart.
The device authentication method provided by the embodiment of the application is specifically described below with reference to the accompanying drawings and application scenes. Since for bluetooth devices, the authentication scenario when they perform device authentication can be divided into a first authentication scenario and a non-first authentication scenario. In these two scenarios, the device authentication method provided by the present application may be slightly different. The first authentication may be understood as that no successful authentication is performed with the electronic device after the bluetooth device leaves the factory or resumes the factory setting. That is, there is no registration information of the bluetooth device on the server, and the bluetooth device is not successfully registered on the server.
First, taking a first authentication scenario as an example, an apparatus authentication method provided by the present application is described with reference to fig. 6; fig. 6 is a flowchart of a device authentication method according to an embodiment of the present application. The device authentication method may include steps S101-S104.
S101, the electronic equipment searches for Bluetooth equipment and establishes Bluetooth connection with the Bluetooth equipment.
The electronic device may search for bluetooth devices and establish bluetooth connections with the bluetooth devices using the means provided in the bluetooth protocol.
As a possible implementation, the procedure may be as follows:
When the electronic device is not connected to the bluetooth device, the electronic device may send a query request (inquiry request) to the surroundings after the electronic device turns on the bluetooth function. When the bluetooth device is in an inquiry bluetooth scan (inquiry scan) state, the bluetooth device may scan for an inquiry request sent by the electronic device. In response to the scanned inquiry request, the bluetooth device may send an inquiry response (inquiry response) to the electronic device, so that the electronic device acquires the bluetooth device as a mateable bluetooth device option. When the user selects the device option of the bluetooth device, the electronic device may send a page request (page request) to the bluetooth device. The bluetooth device may listen for paging requests from the electronic device at regular intervals and at a certain frequency modulation frequency within a regular time window, and upon listening for a paging request from the electronic device, the bluetooth device may send a slave paging response (salve page response) to the electronic device in the next time slot (time window). The electronic device, upon receiving the slave page response of the bluetooth device, may send a master page response to the bluetooth device in the next time slot (master page response). Based on this, a bluetooth connection is established between the electronic device and the bluetooth device.
Illustratively, the bluetooth device is a BLE device and the bluetooth protocol is a BLE protocol. The bluetooth connection procedure between the electronic device 100 and the bluetooth device 400 will be described with reference to the software architecture shown in fig. 5.
When the electronic device 100 is not connected to the bluetooth device 400, after the bluetooth function of the electronic device 100 is turned on, the device discovery module 505 of the electronic device performs broadcasting (broadcasting), and the broadcast event (advertising event) includes the inquiry request. Causing the electronic device to acquire the bluetooth device as a mateable bluetooth device option. Wherein the broadcast event (advertising event) is one or more broadcast packets (e.g., adv_ind broadcast packets) transmitted at a preset broadcast interval. Wherein the broadcast packets may be transmitted simultaneously on one or more radio frequency channels. In one possible implementation, a bluetooth management application is provided on the electronic device, and after the electronic device starts the bluetooth management application, a bluetooth connection is established with the bluetooth device in response to an operation of a user. By way of example, the bluetooth management application may be a smart space APP; referring to fig. 7, fig. 7 is a schematic diagram of a search device interface according to an embodiment of the present application. Part (a) in fig. 7 is a display interface of the intelligent space APP in the electronic device, and a control of "add device" is provided on the display interface, when the user clicks the control, the bluetooth function of the electronic device is opened for the user. The device discovery module of the electronic device may broadcast and transmit a broadcast event. The display interface may jump to the interface shown in part (b) of fig. 7, i.e. the electronic device starts scanning and discovers the bluetooth device.
In this manner, bluetooth device 400 may scan for its bluetooth function on one or more of the radio frequency channels described above. When bluetooth device 400 scans for broadcast packets transmitted by electronic device 100, bluetooth device 400 may transmit a query response to electronic device 100. In response to the device discovery module 505 of the electronic device 100 receiving the inquiry response, the electronic device 100 may obtain the bluetooth device as a mateable bluetooth device option. For example, referring again to fig. 7, in part (c) of fig. 7, the electronic device shows the scanned bluetooth device (shown as an electronic scale), but the electronic device is in an unconnected state with the bluetooth device. As shown in part (d) of fig. 7, if the user selects the bluetooth device, the electronic device transmits a paging request to the bluetooth device requesting to establish a bluetooth connection with the bluetooth device. Specifically, in the software architecture shown in fig. 5. In response to the user selecting the device option of the bluetooth device, the device connection module 506 of the electronic device 100 may send a paging request to the bluetooth device 400. Bluetooth device 400 may monitor the paging request of electronic device 100 at a fixed frequency modulation frequency for a fixed time window at fixed intervals, and upon monitoring the paging request of electronic device 100, bluetooth device 400 may send a slave paging response to the electronic device in the next time slot. The device connection module 506 of the electronic device 100 may send the master device page response to the bluetooth device in the next time slot after receiving the slave device page response of the bluetooth device 100. Based on this, a bluetooth connection is established between the electronic device and the bluetooth device.
As a possible implementation, when the bluetooth device is a BLE device, the electronic device may establish a bluetooth connection with the BLE device in just work mode. When the bluetooth device is a classical bluetooth (classic Bluetooth) device, the electronic device may establish a bluetooth connection with the classical bluetooth device in just work mode.
As a possible implementation manner, after the bluetooth connection is established between the electronic device and the bluetooth device, the communication between the electronic device and the bluetooth device can be protected by the encryption manner in the bluetooth protocol, so that the communication between the electronic device and the bluetooth device can be effectively prevented from being monitored. For lightweight BLE devices, users typically do not store data with high data security requirements, such as bank accounts, passwords, etc., on these lightweight BLE devices. Therefore, for these lightweight BLE devices, the security of data transmission can be ensured by the encryption method in the bluetooth protocol.
S102, the electronic equipment acquires equipment information of the Bluetooth equipment and determines a first authentication scene based on the equipment information.
The device information of the bluetooth device may include: bluetooth media access control bit (Media Access Control, MAC) address, device ID, device name, bluetooth device type. Wherein, bluetooth device can include: classical bluetooth devices or BLE devices, dual mode devices, etc. The authentication indication information may be used to indicate whether the bluetooth device is first authenticated. For BLE devices, the bluetooth MAC address may include: public device address (Public Device Address) and random device address (Random Device Address). The public device address is unique and not changed, and since BLE devices are mostly in broadcast communication when in communication, any device can theoretically perform broadcast communication with the bluetooth device after acquiring the bluetooth MAC address. Therefore, in order to improve the security of BLE device communication, the bluetooth MAC address of the BLE device may use the form of public device address+random device address to improve the security of BLE device communication.
In some embodiments, the device information of the bluetooth device may further include authentication indication information. The authentication indication information may be in the form of a configuration file, or may be in the form of a field, etc. For example, the authentication indication information may be in the form of a configuration file in which the number of times the bluetooth device has been successfully authenticated is recorded. When the number of times that the bluetooth device has successfully authenticated is 0, the bluetooth device is considered to be authenticated for the first time. Alternatively, the authentication indication information may be in the form of a field. For example, the first_authentication field may be used to record whether the bluetooth device is first authenticated, and when the value of the first_authentication field is 1, the bluetooth device is considered to be not first authenticated, and when the value of the first_authentication field is 0.
As a possible implementation, when the bluetooth device is a BLE device, the electronic device may use a manner of scanning bluetooth broadcast, bluetooth device. When the bluetooth device is a classical bluetooth device, the electronic device may acquire a device ID of the classical bluetooth device, a device name, a bluetooth device type, authentication indication information, and the like by using a scan bluetooth broadcast, a bluetooth device.
As a possible implementation manner, the electronic device may determine that the authentication scenario of the bluetooth device is a first authentication scenario based on the authentication indication information in the device information. For example, when the authentication indication information is in the form of a configuration file, the electronic device may determine that the bluetooth device is the first authentication scene according to the number of authentications recorded in the file being 0. Or when the authentication indication information is in the form of a field, the electronic device may determine that the bluetooth device is the first authentication scene according to the value of the field.
As a possible implementation manner, the electronic device may further determine that the bluetooth device is in the first authentication scenario based on the bluetooth MAC address in the device information. For example, the electronic device may record locally the MAC address of the bluetooth device that has authenticated with itself and form an authentication history. After the electronic device obtains the MAC address of the bluetooth device, the electronic device may query the authentication history for the MAC address of the bluetooth device. If the MAC address of the Bluetooth device does not exist in the authentication history record, the Bluetooth device can be considered as a first authentication scene.
It is contemplated that in some scenarios, a user may have multiple electronic devices and may connect with the electronic devices through the multiple electronic devices, respectively. For example, a user may use a cell phone to make a bluetooth connection with a body fat scale in the morning of a certain day and use a tablet to make a bluetooth connection with a body fat scale in the afternoon. In some embodiments, the electronic device will upload the authentication history to the server. And the server binds the authentication history record with the user account logged in on the electronic equipment. After the electronic equipment acquires the MAC address of the Bluetooth equipment, the electronic equipment can acquire the authentication histories of all the electronic equipment under the user account from the server through the user account logged in on the electronic equipment, and judge whether the Bluetooth equipment is in a first authentication scene or not through the authentication histories.
S103, the electronic equipment and the Bluetooth equipment are based on equipment information of the Bluetooth equipment, and authentication identification information of the Bluetooth equipment is generated respectively.
Wherein the authentication identification information may be a personal identification number (Personal identification number, PIN) code. The authentication identification information may be generated by a preset identification information generation algorithm. The preset identification information generation algorithm can generate authentication identification information of the Bluetooth device through device information of the Bluetooth device. In some embodiments, the identification information generation algorithm may generate the authentication identification information of the bluetooth device through the MAC address of the bluetooth device. In some embodiments, the identification information generation algorithm may also generate the authentication identification information of the bluetooth device by the device ID of the bluetooth device and the MAC address of the bluetooth device.
Illustratively, step S103 is described in detail by taking the example that the device information includes a bluetooth MAC address, the bluetooth MAC address includes a public device address and a random device address, and the authentication identification information is a PIN code. Step S103 may include steps S103a1-S103a4.
S103a1, the electronic equipment extracts a public equipment address in the Bluetooth MAC address.
Illustratively, there is a rule that the bluetooth MAC address may exist, for example, for a 48 bit (bits) bluetooth MAC address, the first 24bits are public device addresses and the last 24bits are random device addresses. Therefore, the embodiment can extract the first 24bits in the bluetooth MAC address to obtain the public device address.
S103a2, the electronic equipment generates a PIN code by adopting a preset identification information generation algorithm based on the public equipment address.
S103a3, the Bluetooth device extracts a public device address in the Bluetooth MAC address;
s103a4, generating a PIN code by the Bluetooth device based on the public device address by adopting a preset identification information generation algorithm, wherein the preset identification information generation algorithm is the same as the identification information generation algorithm in the electronic device.
When the bluetooth device is a BLE device, the bluetooth MAC address may appear as a combination of a public device address + a random device address. Since the random device address is generated by the BLE device at the time of bluetooth connection, it is changed at each connection. Therefore, the embodiment of the application ensures the uniqueness of the generated PIN code during the first authentication. The embodiment of the application can adopt the unique and unchanged public equipment address in the MAC address to generate the PIN code; the uniqueness of the generated PIN code in the first authentication scene can be ensured, so that the stability of the equipment authentication method provided by the embodiment of the application can be improved.
In some embodiments, the preset identification information generation algorithm may recombine public device addresses to generate a PIN code. For example, the first 12bits and the last 12bits in the public device address may be exchanged as PIN codes.
In some embodiments, the preset identification information generating algorithm may also generate a PIN code based on the random device address, for example, perform a hash operation on the random device address, and use the result of the hash operation as the PIN code.
It can be understood that in practical application, the PIN code can be generated by the electronic device first, the PIN code can be generated by the bluetooth device first, and the PIN code can be generated by the electronic device and the bluetooth device simultaneously; can be reasonably adjusted according to practical application conditions, and the application is not limited to the practical application conditions.
S104, the electronic equipment and the Bluetooth equipment respectively generate authentication parameters based on the authentication identification information, exchange the authentication parameters with each other and verify the authentication parameters of the other party.
In step S104, if the authentication parameter is verified successfully, it indicates that the electronic device and the bluetooth device can trust each other, and the electronic device and the bluetooth device will maintain bluetooth connection; and can perform operations such as data transmission, OTA upgrading and the like later.
In addition, in step S104, if the authentication parameter fails to verify, it indicates that one of the electronic device and the bluetooth device is an untrusted device, and the bluetooth device and the electronic device are disconnected from each other. The user data can be prevented from being revealed, and the user data can be prevented from being stolen.
As a possible implementation manner, the electronic device and the bluetooth device may directly perform the parameter verification process only once. For example, the bluetooth device may generate an authentication parameter for verification by the electronic device, and if the electronic device fails to verify the authentication parameter, the bluetooth device may be considered to be untrusted and the communication connection with the bluetooth device may be broken. For another example, the electronic device may also generate an authentication parameter for the bluetooth device to verify, and if the bluetooth device fails to verify the authentication parameter, the bluetooth device may be considered to be untrusted, and the communication connection with the bluetooth device may be disconnected.
As a possible implementation manner, the authentication parameters may include: a first authentication parameter and a second authentication parameter. The Bluetooth equipment can adopt a preset random number generation method to generate a random number R1; similarly, the electronic device may also generate the random number R2 by using a preset random number generation method. Both the electronic device and the bluetooth device exchange R1 and R2 with each other. Then, the electronic equipment can adopt a preset encryption method to generate a first authentication parameter based on R1, R2 and authentication identification information; the same Bluetooth device can also adopt a preset encryption method to generate a second authentication parameter based on R1, R2 and authentication identification information. Wherein the first authentication parameter is different from the second authentication parameter. In order to ensure that the first authentication parameter is different from the second authentication parameter, the electronic device can calculate the value of R1+R2, splice the value of R1+R2 with authentication identification information, and generate the first authentication parameter by adopting a preset encryption method after splicing; the bluetooth device may also calculate the value of R1 x R2, splice the value of R1 x R2 with the authentication identifier information, and generate a second authentication parameter by using a preset encryption method after splicing.
After the electronic device generates the first authentication parameter, the electronic device may send the first authentication parameter to the bluetooth device, and the bluetooth device may verify the first authentication parameter to verify whether the electronic device is trusted. The process of verifying the first authentication parameter by the bluetooth device may be as follows:
the Bluetooth device uses a preset encryption method identical to the electronic device or the same encryption method negotiated by both parties to generate a piece of check information based on R1, R2 and authentication identification information, and compares whether the check information is identical to the first authentication parameter. If the verification information is the same as the first authentication parameter, the first authentication parameter is successfully verified, and the electronic equipment can be considered to be trusted. If the first authentication parameters are different, the verification of the first authentication parameters fails, the electronic equipment can be considered as not being trusted electronic equipment, bluetooth connection with the electronic equipment can be disconnected, and data leakage of users on the Bluetooth equipment is avoided, so that information security of the users is threatened.
Similarly, after the bluetooth device verifies that the electronic device is authentic, the electronic device also needs to verify whether the bluetooth device is authentic. Based on this, the bluetooth device may generate a second authentication parameter based on R1, R2 and the authentication identifier information, and send the second authentication parameter to the electronic device, where the electronic device may verify whether the bluetooth device is trusted by verifying the second authentication parameter, which is similar to the process of verifying the first authentication parameter by the bluetooth device described above, and will not be described herein again.
As a possible implementation manner, in case of failure of parameter verification, disconnection indication information may be transferred between the electronic device and the bluetooth device, and the disconnection indication information may be used to indicate disconnection of the bluetooth connection between the two.
As one possible implementation, after both the electronic device and the bluetooth device are authenticated successfully. The electronic device (bluetooth device) may send a notification message to the other party, which may be used to instruct the electronic device (bluetooth device) to verify the authentication parameters successfully.
It should be noted that in the embodiment of the present application, whether the electronic device is trusted may be verified by the bluetooth device first, or whether the bluetooth device is trusted may be verified by the electronic device first.
The preset random number generation method can be realized in a table look-up mode. For example, one or more random number tables may be pre-configured to be built in. Whenever a random number needs to be generated, a random number may be selected from the order in the random number table or extracted in reverse order. And, the preset random number generation method can also be realized in a function form. For example, using a random function, a random number can be obtained by calling the random function whenever it is desired to generate a random number.
The predetermined encryption method may be a cryptographic hash function (Cryptographic hash function), which may also be referred to as a cryptographic hash function. Such as MD5 Message-Digest Algorithm (MD 5), hash-like Algorithm, e.g., SHA-1, SHA-256, etc.
Therefore, if the parameter verification is passed, the electronic device and the Bluetooth device are mutually trusted devices, and the Bluetooth device and the electronic device can communicate safely. In some embodiments, during communication between the electronic device and the bluetooth device, both are transmitted encrypted in an encrypted manner specified in the bluetooth protocol. For example, after the bluetooth device verifies that the first authentication parameter is successful, both the electronic device and the bluetooth device may perform encrypted transmissions in an encrypted manner specified in the bluetooth protocol. For another example, after the electronic device verifies the second authentication parameter, both the electronic device and the bluetooth device may perform encrypted transmission in an encrypted manner specified in the bluetooth protocol.
Therefore, the scheme provided by the embodiment of the application mainly uses the authentication parameters generated by the authentication identification information and adopts a parameter verification mode between the electronic equipment and the Bluetooth equipment to authenticate each other so as to verify whether the other party is credible, thereby preventing random connection between the equipment. Since there is no trust between the parties (bluetooth device or electronic device) performing the authentication before the authentication passes. The authentication identification information is not transferred between the bluetooth device and the electronic device, but only the random numbers R1 and R2 for assisting in generating the authentication parameters. Thus, even if one of the two parties performing authentication is not secure, the non-secure device can only acquire the random number and the authentication parameter, and cannot directly acquire the authentication identification information. The device authentication process between the electronic device and the Bluetooth device cannot be broken through the random number and the authentication parameter, so that random connection between the devices is prevented, and the safety of communication between the devices is ensured.
Meanwhile, in the application, in the process of generating the authentication parameters based on the authentication identification information, a very complex algorithm is not required to be used, and the method can be realized by only encrypting a hash function. The computing power resource and time resource of the electronic equipment and the Bluetooth equipment can be effectively saved.
Step S104 will be described in detail below by taking a preset encryption method as a hash algorithm and authentication identification information as a PIN code as an example. Referring to fig. 8, fig. 8 is a schematic flow chart of a device authentication method according to an embodiment of the present application. Step S104 may include: s104a1-S104a10.
S104a1, the electronic equipment generates a random number R2.
For example, the electronic device may generate the random number R2 using a random function.
S104a2, the electronic device sends a random number request to the Bluetooth device.
S104a3. the bluetooth device generates a random number R1 in response to the random number request.
For example, the bluetooth device may generate the random number R1 using a preset random number table.
S104a4. the bluetooth device sends the random number R1 to the electronic device.
S104a5, the electronic equipment generates a first authentication parameter based on R1, R2 and PIN codes.
As a possible implementation manner, the electronic device may first calculate the value of r1+r2, splice the value of r1+r2 with the PIN code, and generate the first authentication parameter by using the SHA256 method after the splicing. The value of r1+r2 and the PIN code may be spliced in the order of the value of r1+r2 and the PIN code. The value of r1+r2 may also be inserted into the PIN code to achieve concatenation, which is not limited in this regard by the present application.
As a possible implementation, the electronic device may also generate the first authentication parameter based on R1, R2 and the PIN code using a key-dependent Hash message authentication code (Hash-based Message Authentication Code, HMAC) function. Wherein the HMAC function is a method of constructing a message authentication code using a single hash function, which takes a key and a message as inputs and generates a message digest as output. For example, r1+r2 may be used as the message input, and PIN code as the key input; the first authentication parameter C1, c1=hmacsha256 (r1+r2, PIN), is obtained as the message digest output. Where HmacSHA256 represents that the single hash function used by the HMAC function is a hash 256 function.
S104a6, the electronic equipment sends the first authentication parameter and R1 to the Bluetooth equipment.
S104a7, the Bluetooth equipment responds to the received first authentication parameter and R1 sent by the electronic equipment; verifying whether the first authentication parameters are identical based on the R1, R2 and PIN codes.
It can be understood that after the bluetooth device receives the first authentication parameters sent by the electronic device, a hash algorithm is also used to verify whether the first authentication parameters are the same through R1, R2 and the first authentication representation information. For example, it is possible to:
C1 ' =hmacsha256 (r1+r2, PIN) to obtain c1 ' and compare whether C1 ' is consistent with C1 sent by the electronic device. If the information is consistent, the electronic equipment can be trusted, the communication with the electronic equipment is safe, the information security problem is avoided, and the Bluetooth communication can be continued. If the information is inconsistent, the electronic device is not trusted for the Bluetooth device, the Bluetooth communication is dangerous to continue, the information security problem can be caused, and the Bluetooth communication cannot be continued. Thus, if the Bluetooth device verifies that C1' is inconsistent with C1, the Bluetooth device will actively disconnect the Bluetooth connection with the electronic device.
S104a8, the Bluetooth device generates a second authentication parameter based on the R1, the R2 and the PIN code.
As a possible implementation, the bluetooth device may generate the second authentication parameter C2 based on R1, R2 and PIN code using an HMAC function, i.e. c2=hmacsha256 (R1 x R2, PIN).
S104a9. the bluetooth device sends the second authentication parameter to the electronic device.
S104a10, the electronic equipment responds to the received second authentication parameter sent by the Bluetooth equipment; verifying whether the second authentication parameters are identical based on the R1, R2 and PIN codes.
Likewise, the electronic device may also: c2 ' =hmacsha256 (R1 x R2, PIN) is calculated to obtain c2 ' and comparing whether C2 ' and C2 agree.
Based on the above, the device authentication method provided by the embodiment of the application can complete parameter verification only by exchanging information for several times between the electronic device and the Bluetooth device, and can complete authentication of mutual identity. The flow is simpler. Meanwhile, no special complex algorithm is needed in the verification process of the authentication parameters, and the verification can be completed only through the encryption hash function. The method does not occupy excessive resources of the memory and the processor of the Bluetooth device, and can reduce the pressure on hardware of the Bluetooth device. The device authentication method provided by the application can be used for effectively improving the complex and tedious situations caused by ensuring the safety of the communication between devices by adopting key negotiation.
As one possible implementation, in some scenarios, consider that to steal authentication identification information, a rainbow-table (rainbow-tables) attack may be initiated on authentication parameters. If the first authentication parameter and/or the second authentication parameter are/is used, the rainbow table is used for back-pushing to obtain the PIN code. Therefore, when the first authentication parameter and the second authentication parameter are generated, a salt value can be added to the PIN code to prevent the rainbow table attack.
For example, a salt factor may be added to the PIN code when the electronic device generates the first authentication parameter based on R1, R2 and the PIN code. After the salt value FactorA is added, even if the first authentication parameter is obtained, the first authentication parameter is cracked by using the rainbow table, the PIN code cannot be obtained, and a cracked value of the PIN code added with the salt value is obtained. Since the attacker cannot know the location of the salt value on the PIN code and the magnitude of the salt value. Therefore, an attacker cannot obtain the PIN code, the security and the reliability of the equipment authentication method provided by the embodiment of the application can be improved, and the capability of defending the rainbow table attack is provided for the method.
For example, for step S104a5, after increasing the salt value factor, C1 may be calculated by:
C1=HmacSHA256(R1+R2,PIN+FactorA)。
correspondingly, for step S104a7, after increasing the salt value factor, C1' can be calculated by:
C1`=HmacSHA256(R1+R2,PIN+FactorA)。
it can be appreciated that the salt value factor may be the same as preset, or may be the same as the negotiation between the electronic device and the bluetooth device.
In order to further improve the security of this embodiment and improve the capability of defending the attack of the rainbow table, a salt value factor b different from the salt value factor may be used to generate the second authentication parameter. Likewise, the factor b may be the same as preset, or may be the same as the negotiation between the electronic device and the bluetooth device.
For example, for step S104a8, after increasing the salt value factor b, C2 can be calculated by:
C2=HmacSHA256(R1+R2,PIN+FactorB)。
correspondingly, for step S104a10, after increasing the salt value factor b, C2' can be calculated by:
C2`=HmacSHA256(R1+R2,PIN+FactorB)。
it will be appreciated that the rainbow table is an aid to the cracking of hash-like algorithms. Rainbow tables are based on space-time trade-offs, but are not simply "time-shifted in space", but rather are a "two-way trade" in which a balance is achieved. The rainbow table is a pre-calculated table for the inverse operation of the cryptographic hash function, prepared for breaking the hash value (or hash value, thumbnail, digest, fingerprint, hash ciphertext) of the password. Such tables are often used to recover fixed-length plain text passwords consisting of a limited set of characters.
In combination with the software architecture shown in fig. 5, the above step S104 may also be implemented according to the following procedure. Referring to fig. 9, fig. 9 is a schematic flow chart of a device authentication method according to an embodiment of the present application. Step S104 may include steps S104b1-S104b10.
S104b1. the device registration module 502 of the electronic device 100 generates a random number R2.
S104b2. the device control module 504 of the electronic device 100 sends a random number request to the device registration module 512 of the bluetooth device 400.
For example, the device control module 504 may send a random number request to the device registration module 512 of the bluetooth device 400 using control instructions in the bluetooth protocol of the electronic device 100.
S104b3. the device registration module 512 of the bluetooth device 400 generates a random number R1 in response to the random number request.
S104b4. the bluetooth device 400 sends the random number R1 to the device control module 504 of the electronic device 100.
S104b5. the device registration module 504 of the electronic device 100 generates a first authentication parameter based on R1, R2 and the authentication identification information.
S104b6. the device registration module 502 of the electronic device 100 sends the first authentication parameter and R1 to the device registration module 512 of the bluetooth device 400.
S104b7. the device registration module 512 of the bluetooth device 400 is responsive to receiving the first authentication parameter and R1 sent by the electronic device; verifying whether the first authentication parameters are identical based on R1, R2 and the authentication identification information.
Alternatively, after step S104b7, S104b71 may be optionally performed.
S104b71. the smart space APP501 of the electronic device 100 responds to the device registration module 512 of the bluetooth device 400 to verify that the first authentication parameters are different, and prompts the user to fail authentication.
S104b8. the device registration module 512 of the bluetooth device 400 generates a second authentication parameter based on R1, R2 and the authentication identification information.
S104b9. the device registration module 512 of the bluetooth device 400 sends the second authentication parameter to the device registration module 502 of the electronic device 100.
S104b10. the device registration module 502 of the electronic device 100 responds to receiving the second authentication parameter sent by the bluetooth device 400; verifying whether the second authentication parameters are identical based on R1, R2 and the authentication identification information.
Alternatively, after step S104b10, S104b101 may be optionally performed.
S104b101. the smart space APP501 of the electronic device 100 responds to the device registration module 502 of the electronic device 100 to verify that the second authentication parameters are different, and prompts the user to pass the authentication.
As a possible implementation, when prompting the user that the authentication is not passed, the electronic device may briefly display the reason why the user authentication is not passed and display the fail code. After the user acquires the failed code, the user can inquire the detailed reasons for the failed authentication based on the failed code, and the use experience of the user can be improved. Referring to fig. 10 for an exemplary illustration, fig. 10 is a schematic diagram of a device authentication interface provided by an example of the present application. For step S104b71, the smart space APP501 of the electronic device 100 may prompt the user that authentication is failed through the interface shown in part (a) of fig. 10. For step S104b101, the smart space APP of the electronic device 100 may prompt the user that authentication is failed through the interface shown in part (b) of fig. 10.
Because the electronic device and the bluetooth device communicate based on the bluetooth protocol, encryption is performed in the communication process of the electronic device and the bluetooth device (for example, the steps S104a2, S104a4, S104a6 and S104a9 and other subsequent steps) by adopting an encryption mode in the bluetooth protocol, so that the communication security between the electronic device and the bluetooth device can be ensured. Meanwhile, the encryption mode in the Bluetooth protocol is mostly solidified inside the Bluetooth chip, and the communication between the electronic equipment and the Bluetooth equipment is encrypted by using the encryption mode in the Bluetooth protocol, so that the resources of a processor of the Bluetooth equipment can be saved. This approach can save bluetooth device processor resources and bluetooth device ROM resources as compared to using additional encryption algorithms to additionally encrypt communications between both the electronic device and the bluetooth device.
As a possible implementation manner, after step S104b10, the electronic device may further prompt the user electronic device to authenticate with the bluetooth device. For example, a preset prompting sound effect can be sent out through a loudspeaker of the electronic equipment to prompt a user; for another example, the electronic device may also make a preset vibration prompt through a motor of the electronic device to prompt the user.
As a possible implementation manner, after step S104b10, step S104 may further include:
s104b11. the smart space APP501 of the electronic device 100 responds to the device registration module 502 of the electronic device 100 to verify that the second parameters are the same, and prompts the user to pass the authentication.
Referring to fig. 11, fig. 11 is a schematic diagram of yet another device authentication interface according to an embodiment of the present application. The smart space APP of the electronic device may display an interface as shown in part (a) of fig. 11 to prompt the user to pass the authentication, and may display an interface as shown in part (b) of fig. 11 to prompt the user that the body fat scale is connected. When the user clicks the body fat scale control, the smart space APP of the electronic device 100 displays a control list as shown in part (b) of fig. 11. The user may click on a control in the control group to set the body fat scale. For example, referring again to FIG. 11, the user may click on the "rename" control to rename the body fat scale; the "equipment set" control can also be clicked to set the standby time of the body fat scale, the measurement units, such as kg, lbs, etc.; the 'equipment upgrading' control can be clicked to upgrade the body fat scale by OTA; and the Bluetooth connection with the body fat scale can be actively disconnected by clicking to disconnect.
In some embodiments, if the authentication parameter is verified successfully, the bluetooth device updates the authentication identification information, and uploads the updated authentication identification information to the server through the electronic device, and binds the updated authentication identification information with the user account, so that the bluetooth device registers on the server through the electronic device. That is, after step S104, in order to facilitate the next device authentication procedure between the electronic device and the bluetooth device and to facilitate the user to use a different electronic device, bluetooth connection is performed to the same bluetooth device. That is, after step S104, the device authentication method provided by the present application may further include a step of registering and binding the bluetooth device.
Because the user account needs to be logged in on the electronic equipment before the Bluetooth equipment is registered and bound, communication connection is established with the server. The process of the electronic device logging into the user account will be briefly described.
The electronic device may verify the identity of the user by prompting the user to log in to the account. The user account may be unique character information such as a user mobile phone number, a user mailbox, a user name, and the like.
As one possible implementation, the user may enter authentication information of the user in the electronic device. The authentication information is a password corresponding to the user account. The electronic device may submit the authentication information to a server for authentication of the user. After the authentication information is verified by the server, the server sends the authentication information to the electronic device a piece of user identification information, and the electronic device stores the user identification information in a Read-Only Memory (ROM) of the electronic device. And if the electronic equipment receives the user identification information, the user account number which the user successfully logs in can be considered. In some possible implementations, the user identification information received by the electronic device may be time-efficient. I.e. the user identification information is valid for a certain period; if the identity authentication information is out of date, the identity authentication information needs to be input into the electronic equipment again to carry out account login.
In some scenarios, because the user does not log in the account, or the user identification information with timeliness generated last time has expired, at this time, the electronic device displays a user account login interface, prompts the user to input the user account and a password corresponding to the user account in the user account login interface, and logs in the user account. In one possible implementation manner, a bluetooth management application is set in the electronic device, and after the electronic device starts the bluetooth management application, the user account corresponding to the bluetooth management application is logged in. Then, the electronic device executes a subsequent device authentication method based on the Bluetooth management application. Illustratively, the bluetooth management application may be a smart space APP through which the user may log into the user account. The login interface of the smart space APP can be shown in fig. 12, and fig. 12 is a schematic diagram of a user login interface provided in an embodiment of the present application. The user may log in by using a login mode of a user account number (which may be a user mobile phone number, a mailbox or other account names) and a password, as shown in part (a) of fig. 12, or may log in by using a login mode of a user mobile phone number and a verification code, as shown in part (b) of fig. 12. That is, after registering an account, the user can log in with various information under the account.
Assuming that the mobile phone number of the user is a unique identification, the mobile phone number is a credential which is subsequently registered with the cloud server. When a user logs in a login mode of a user mobile phone number and a verification code, the electronic equipment can directly send the mobile phone number to a server for login or registration; when a user logs in a login mode of an account name and a password, the electronic equipment can find a mobile phone number corresponding to the user account through the user account, and send the mobile phone number to the cloud server for login or registration.
In some scenarios, a user may experience a bluetooth device with various functions of the bluetooth device. For example, a user may experience body fat scale weight detection, body fat detection functionality, and view body fat weight on his own, provided exercise program, etc. on a cell phone before purchasing the body fat scale. The electronic equipment does not carry out account login, and experiences the Bluetooth equipment and experiences the intelligent space APP through the account-free mode. For example, referring again to fig. 12, the user may also select an option corresponding to the no-account login in the smart space APP, and perform the no-account login mode, where the user may experience the body fat scale device without performing the account login, and experience the related functions of the smart space APP.
It can be understood that the device authentication method provided by the present application may be used for performing account login before performing device authentication (e.g., before step S101), or may be used for performing account login after the bluetooth device and the electronic device pass authentication (e.g., after step S104) and before performing registration and binding.
Next, after the Bluetooth device and the electronic device are successfully authenticated (namely, authentication parameters are successfully verified), the electronic device logs in a user account; and then, the Bluetooth equipment is registered and bound as an example, and the equipment authentication method provided by the application is introduced in a supplementary way. As a possible implementation, see again fig. 6. In the device authentication method provided by the application, after the parameter authentication is passed in step S104, the method can further comprise steps S105-S107.
S105, the electronic equipment logs in the user account and establishes communication connection with the server.
The above description of the process of logging in the user account by the electronic device may be referred to in this process, and will not be repeated here.
S106, the Bluetooth device registers on the server through the electronic device.
The electronic device may be in an already registered state prior to registration of the bluetooth device, so that the registration process of the electronic device is first introduced prior to introducing the registration process of the bluetooth device. Referring to the software architecture diagram shown in fig. 5, for an electronic device 100 with the ability to log in to a user account (which may also be understood as having the ability to directly network communicate with the server 500), the electronic device may register with the server 500 with its own login capabilities. The process may be: when the electronic device 100 logs in to the user account for the first time, the device registration module 401 may send the user account to the server 500, and the device registration module of the server 500 assigns a device registration information, such as a device registration ID, to the electronic device 100. And returns the device registration information to the electronic device 100, the electronic device 100 applies for registration to the server 500 according to the device registration information, and after the registration is successful, the server 500 can identify the electronic device 100 by using the user account number and/or the registration ID.
Illustratively, for bluetooth devices, especially lightweight BLE devices; may not have the ability to log in to a user account (and may also be understood as not having the ability to directly networking with a server), it may be necessary to effect registration with the electronic device after a bluetooth connection is established with the electronic device and mutual authentication is passed. For example, under the software architecture shown in fig. 5, after the electronic device 100 and the bluetooth device 400 pass authentication. The device registration module 512 of the bluetooth device 400 may send the device information (such as bluetooth MAC address, device name, device ID, bluetooth device type, etc.) of the bluetooth device 400 and the user account logged in by the electronic device 100 to the server 500 through the information forwarding module 514 of the electronic device 100. The device registration module 508 of the server 500 generates a device registration message, such as a device registration ID, for the bluetooth device 400. And returns the device registration information to the bluetooth device 400, according to which the bluetooth device 400 applies for registration to the server 500 with the aid of the information forwarding module 514, and after successful registration, the server 500 can identify the bluetooth device 400 using the user account and/or the device information. And after the registration is successful, the server 500 binds the bluetooth device 400 with the user account.
S107, the Bluetooth device updates the authentication identification information and uploads the updated authentication identification information to the server through the electronic device.
After receiving the updated authentication identification information, the server can store the authentication identification information under the device information storage module of the server and bind the authentication identification information with the user account logged in on the electronic device. It will be appreciated that the updated authentication identification information may be used in a subsequent authentication process for the bluetooth device; that is, the last updated authentication identification information may be used for authentication in a subsequent authentication process for the bluetooth device. Based on the authentication identification information of the Bluetooth device can be obtained from the server by different terminal devices under the user account, and the authentication identification information of the Bluetooth device cannot be obtained by the terminal devices different from the user account of the Bluetooth device. Subsequently, when the user uses other terminal devices under the user account to connect with the Bluetooth device, the authentication process of the Bluetooth device can be completed without perception, and the method is very convenient. And meanwhile, the safety of Bluetooth communication with the Bluetooth device can be ensured.
After passing the authentication with the electronic equipment, the Bluetooth equipment can generate new authentication identification information by adopting a preset authentication identification generation algorithm. And stores the authentication identification information in its own memory for use in the next authentication process with the electronic device. And because the Bluetooth equipment does not directly communicate with the server, the Bluetooth equipment can take the electronic equipment as an intermediary. And uploading the new authentication identification information to the server through an information forwarding module of the electronic equipment. Thus, the electronic equipment can acquire new authentication identification information from the server in the next authentication, and can authenticate with the Bluetooth equipment based on the new authentication identification information in the next authentication.
It can be understood that the authentication identification information in the application is updated by the bluetooth device, and the process of updating the authentication identification information is not performed in the server and the electronic device. Therefore, the problem that other users can obtain updated authentication identification information to operate equipment through the process of stealing the authentication identification information can be effectively prevented, and the safety of communication between the Bluetooth equipment and the electronic equipment can be further improved.
As a possible implementation manner, after updating the authentication identification information, the bluetooth device may also modify the authentication indication information, so that the electronic device may know, based on the authentication indication information, that the authentication scenario is not the first authentication, when authenticating next time. For example, the bluetooth device may increment the number of authentications in the authentication indication information in the form of a profile by one. For another example, the bluetooth device may modify the value of the field from 0 to 1.
Next, an apparatus authentication method provided by the present application is described in a non-first authentication scenario, referring to fig. 13, and fig. 13 is a schematic flow chart of an apparatus authentication method provided by an embodiment of the present application. The device authentication method may include steps S201 to S206. The non-first authentication is understood to be that the device authentication has been performed before the present authentication of the bluetooth device. That is, there is registration information of the bluetooth device and authentication identification information updated by the bluetooth device in the last authentication process on the server. For example, after the first authentication between the electronic device a and the bluetooth device, the bluetooth connection between the electronic device a and the bluetooth device is disconnected for some reasons (e.g., the distance between the electronic device a and the bluetooth device exceeds the effective distance of bluetooth communication, or the user actively disconnects the bluetooth connection, etc.). And then, when the electronic equipment A performs equipment authentication with the Bluetooth equipment again, performing steps S201-S206 to perform the authentication with the Bluetooth equipment by using the updated authentication identification information. And after the authentication is successful, the Bluetooth equipment updates new authentication identification information again for the next equipment authentication. For another example, the user authenticates with the bluetooth device using the electronic device a, and after the authentication is passed, the user wants to connect with the bluetooth device using the electronic device B. At this time, the electronic device a and the electronic device B belong to the same user, and the user logs in the same account on the electronic device a and the electronic device B, that is, the user accounts of the electronic device a and the electronic device B are the same. Therefore, the electronic device B can acquire the identification information of the Bluetooth device from the server and authenticate the Bluetooth device based on the identification information.
S201, the electronic equipment logs in a user account and establishes communication connection with a server. The process is similar to the process of logging in the user account by the electronic device, and will not be described herein.
S202, the electronic equipment searches for Bluetooth equipment and establishes Bluetooth connection with the Bluetooth equipment.
S203, the electronic equipment acquires equipment information of the Bluetooth equipment and determines a non-first authentication scene based on the equipment information.
For steps S202-S203, the procedure is similar to steps S101-S102, and reference is made to the detailed description of the above embodiments, which will not be repeated.
S204, the electronic equipment acquires authentication identification information of the Bluetooth equipment from the server based on the user account.
It can be understood that the authentication identification information can be obtained by inquiring the server by the electronic device based on the device information of the bluetooth device and the user account logged on the electronic device. If the authentication identification information is not acquired, the Bluetooth equipment does not belong to the user, and the electronic equipment is disconnected with the Bluetooth equipment at the moment; the electronic device may then prompt the user for a failure to authenticate with the bluetooth device.
In other embodiments, the electronic device may log in the user account after step 202, after step S203 or at other occasions, so that the specific occasion of logging in the user account is not limited according to the embodiment of the present application when the user account obtains the authentication identification information of the bluetooth device from the server.
In some embodiments, the electronic device may obtain the authentication identification information of the bluetooth device from the server through the registration ID of the bluetooth device and the user account logged on the electronic device. In some embodiments, the electronic device may also query the server through the MAC address of the bluetooth device and the user account. Illustratively, step S204 is described in detail taking device information as a device ID and authentication identification information as a PIN code as an example. Referring to fig. 14, step S204 may include in this scenario: s204a1-S204a7.
S204a1, the electronic equipment generates a query request based on the equipment ID of the Bluetooth equipment and the user account. The user account is a user account logged in on the electronic device.
It can be understood that the inquiry request may be in the form of a message, and is mainly used for requesting the server to inquire authentication identification information corresponding to the device information of the bluetooth device bound under the user account, such as a PIN code corresponding to the device ID of the bluetooth device. The PIN code is generated by the Bluetooth device and the electronic device after the last authentication pass and is uploaded to the server by the electronic device.
And S204a2, the electronic equipment sends the query request to the server.
S204a3, the server responds to the query request to query the PIN code of the equipment ID under the user identification information.
And S204a4, responding to the inquiry of the PIN code of the Bluetooth device by the server, and sending the PIN code to the electronic device by the server.
And S204a5, the electronic equipment receives the PIN code.
And S204a6, in response to the server not inquiring the PIN code of the Bluetooth device, the server sends an inquiring indication message to the electronic device.
And S204a7, responding to the inquiry indication message by the electronic equipment, and prompting that the user authentication fails by the electronic equipment.
S205, the electronic equipment and the Bluetooth equipment respectively generate authentication parameters based on the authentication identification information, exchange the authentication parameters with each other, and respectively verify the authentication parameters of the other party.
The electronic device may obtain the authentication identification information from the server. The bluetooth device may search its own memory for the authentication identification information.
For step S205, the process is similar to step S104, and reference is made to the detailed description of the above embodiment, which is not repeated here.
S206, the Bluetooth device updates the authentication identification information and uploads the updated authentication identification information to the server through the electronic device.
For step S206, the process is similar to step S107, and reference is made to the detailed description of the above embodiment, which is not repeated here.
It will be appreciated that in some scenarios, the electronic device may be authenticated with the Bluetooth device. The bluetooth device may perform some process, (e.g., transfer data to the bluetooth device, OTA upgrades, etc.). After the bluetooth device passes the authentication (e.g., after step S106 described above and step S205 described above), since the processor performance of some bluetooth devices is not very powerful, the authentication identification information is updated immediately, which may cause overload of the processor. Thereby causing a process that would otherwise be able to work properly on the bluetooth device to become stuck. Therefore, the embodiment of the application can avoid the time for the Bluetooth device to execute the processes after the authentication of the electronic device and the Bluetooth device is passed. The processor of the Bluetooth device is only focused on executing the process, and new authentication identification information is generated through a preset authentication identification generation algorithm when the processor of the Bluetooth device is idle. The workload of the processor of the Bluetooth device can be relieved, and the overload problem of the processor of the Bluetooth device can be reduced.
As a possible implementation, after the electronic device passes the authentication (for example, after step S106, after step S205), the bluetooth device does not immediately update the authentication identification information. For example, the bluetooth device may update the authentication identification information after a preset time interval (e.g., 60 s) therebetween. For another example, the bluetooth device may monitor its own processor load, and update the authentication identification information when the processor load is less than a preset threshold (e.g., 70%).
It will be appreciated that in order to achieve the above-described functionality, the electronic device comprises corresponding hardware and/or software modules that perform the respective functionality. The present application can be implemented in hardware or a combination of hardware and computer software, in conjunction with the example algorithm steps described in connection with the embodiments disclosed herein. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application in conjunction with the embodiments, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The present embodiment may divide the functional modules of the electronic device according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules described above may be implemented in hardware. It should be noted that, in this embodiment, the division of the modules is schematic, only one logic function is divided, and another division manner may be implemented in actual implementation.
The embodiment of the present application further provides a terminal device, which may be the electronic device or the bluetooth device, as shown in fig. 15, and the terminal device may include one or more processors 1001, a memory 1002, and a communication interface 1003.
Wherein a memory 1002, a communication interface 1003, and a processor 1001 are coupled. For example, the memory 1002, the communication interface 1003, and the processor 1001 may be coupled together by a bus 1004.
Wherein the communication interface 1003 is used for data transmission with other devices. The memory 1002 has stored therein computer program code. The computer program code comprises computer instructions which, when executed by the processor 1001, cause the electronic device to perform device authentication in embodiments of the application.
The processor 1001 may be a processor or a controller, for example, a central processing unit (Central Processing Unit, CPU), a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an Application-specific integrated circuit (ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, and the like.
The bus 1004 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus, an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, or the like. The bus 1004 may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 15, but not only one bus or one type of bus.
The embodiment of the application also provides a computer readable storage medium, in which a computer program code is stored, which when executed by the above-mentioned processor, causes the electronic device to perform the relevant method steps in the above-mentioned method embodiments.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the relevant method steps of the method embodiments described above.
The electronic device, the computer readable storage medium or the computer program product provided by the present application are used to execute the corresponding method provided above, and therefore, the advantages achieved by the present application may refer to the advantages in the corresponding method provided above, and will not be described herein.
It will be apparent to those skilled in the art from this description that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application, or a contributing part or all or part of the technical solution, may be embodied in the form of a software product, where the software product is stored in a storage medium, and includes several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (20)
1. A device authentication method, applied to a bluetooth device, the method comprising:
generating a second random number after Bluetooth connection is established with the electronic equipment, and sending the second random number to the electronic equipment; the second random number is used for generating a first authentication parameter;
receiving the first authentication parameter and a first random number sent by the electronic equipment;
generating first check information based on the first random number, the second random number and authentication identification information of the Bluetooth equipment by adopting a target encryption mode;
and verifying the first authentication parameter based on the first verification information, and disconnecting the Bluetooth connection with the electronic equipment under the condition that the verification of the first authentication parameter fails.
2. The method according to claim 1, wherein the method further comprises:
and under the condition that the verification of the first authentication parameter fails, sending disconnection indicating information to the electronic equipment, wherein the disconnection indicating information is used for indicating disconnection of Bluetooth.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
under the condition that the first authentication parameter is successfully verified, a target encryption mode is adopted, and a second authentication parameter is generated based on the first random number, the second random number and the authentication identification information;
And sending the second authentication parameter to the electronic equipment, wherein the second authentication parameter is used for triggering to disconnect the Bluetooth connection between the electronic equipment and the Bluetooth equipment under the condition of verification failure.
4. A method according to claim 3, characterized in that the method further comprises:
and if the disconnection indication information from the electronic equipment is received, disconnecting the Bluetooth connection with the electronic equipment.
5. The method according to claim 3 or 4, characterized in that the method further comprises:
if the notification information from the electronic equipment is received, the notification information is used for indicating that the second authentication parameter is successfully verified, the authentication identification information is updated, and the updated authentication identification information is uploaded to a server through the electronic equipment.
6. The method according to any one of claims 1-5, wherein generating, by using the target encryption method, first check information based on the first random number, the second random number, and authentication identification information of the bluetooth device includes:
adding a salt value to the authentication identification information, wherein the salt value is preset; and generating first check information based on the first random number, the second random number and the authentication identification information of the Bluetooth equipment with the salt added by adopting a target encryption mode.
7. The method according to claim 1 or 2, characterized in that the method further comprises:
and under the condition that the first authentication parameter is successfully verified, carrying out encryption transmission with the electronic equipment by using an encryption mode specified by a Bluetooth protocol.
8. A device authentication method, applied to an electronic device, the method comprising:
after establishing Bluetooth connection with Bluetooth equipment, acquiring authentication identification information of the Bluetooth equipment;
generating a first random number and receiving a second random number sent by the Bluetooth equipment;
generating a first authentication parameter based on the first random number, the second random number and the authentication identification information by adopting a target encryption mode;
and sending the first authentication parameter and a first random number to the Bluetooth device, wherein the first random number is used for verifying the first authentication parameter, and the first authentication parameter is used for triggering disconnection of Bluetooth connection between the Bluetooth device and the electronic device under the condition of verification failure.
9. The method of claim 8, wherein the method further comprises:
and if the disconnection indication information from the Bluetooth equipment is received, disconnecting the Bluetooth connection with the Bluetooth equipment.
10. The method according to claim 8 or 9, characterized in that the method further comprises:
if a second authentication parameter from the Bluetooth equipment is received, generating second check information based on the first random number, the second random number and authentication identification information of the Bluetooth equipment by adopting a target encryption mode;
and verifying the second authentication parameter based on the second verification information, and disconnecting the Bluetooth connection with the Bluetooth device under the condition that the verification of the second authentication parameter fails.
11. The method according to claim 10, wherein the method further comprises:
and under the condition that the verification of the second authentication parameter fails, sending disconnection indicating information to the Bluetooth equipment, wherein the disconnection indicating information is used for indicating disconnection of Bluetooth.
12. The method according to claim 10 or 11, characterized in that the method further comprises:
under the condition that the second authentication parameter is successfully verified, sending notification information to the Bluetooth equipment, wherein the notification information is used for indicating that the second authentication parameter is successfully verified;
and receiving updated authentication identification information sent by the Bluetooth equipment, and uploading the updated authentication identification information to a server.
13. The method according to any one of claims 9-12, wherein the obtaining authentication identification information of the bluetooth device includes:
generating the authentication identification information based on the equipment information of the Bluetooth equipment under the condition that the Bluetooth equipment is authenticated for the first time; or,
acquiring authentication identification information of the Bluetooth device corresponding to a target user account associated with the electronic device from a server based on device information of the Bluetooth device under the condition that the Bluetooth device is not authenticated for the first time; and the server stores the corresponding relation between the user account and the authentication identification information of at least one device.
14. The method of claim 12, wherein uploading the updated authentication identification information to a server comprises:
uploading the updated authentication identification information to a server under the condition that the Bluetooth equipment is authenticated for the first time; the corresponding relation between the authentication identification information of the Bluetooth equipment and the target user account corresponding to the target electronic equipment is established at the server; or,
uploading the updated authentication identification information to a server under the condition that the Bluetooth equipment is not authenticated for the first time; and updating the corresponding relation between the authentication identification information of the Bluetooth equipment and the target user account number at the server.
15. The method according to claim 13 or 14, characterized in that the method further comprises:
acquiring equipment information of the Bluetooth equipment;
and determining an authentication scene of the Bluetooth device based on the device information, wherein the authentication scene comprises first authentication or non-first authentication.
16. The method according to any one of claims 8-15, wherein generating a first authentication parameter based on the first random number, the second random number, and the authentication identification information using a target encryption method includes:
adding a salt value to the authentication identification information, wherein the salt value is preset; and generating a first authentication parameter based on the first random number, the second random number and the authentication identification information with the salt value added by adopting a target encryption mode.
17. The method according to claim 10, wherein the method further comprises:
and under the condition that the second authentication parameter is successfully verified, carrying out encryption transmission with the Bluetooth equipment by using an encryption mode specified by a Bluetooth protocol.
18. A device authentication method, applied to an electronic device, the method comprising:
after establishing Bluetooth connection with Bluetooth equipment, acquiring authentication identification information of the Bluetooth equipment;
Generating a first random number and sending the first random number to the Bluetooth equipment; the first random number is used for generating a second authentication parameter;
receiving a second random number sent by the Bluetooth device and the second authentication parameter;
generating second verification information based on the first random number, the second random number and the authentication identification information by adopting the target encryption mode;
and verifying the second authentication parameter based on the second verification information, and disconnecting the Bluetooth connection with the Bluetooth device under the condition that the verification of the second authentication parameter fails.
19. A terminal device, comprising: a memory, one or more processors, a bluetooth module; the memory is coupled with the processor; wherein the memory has stored therein computer program code comprising computer instructions; the computer instructions, when executed by the processor, cause a terminal device to perform the method of any of claims 1-7; or,
causing the terminal device to perform the method of any one of claims 8-17; still alternatively, or in addition to the above,
causing the terminal device to perform the method of claim 18.
20. A computer readable storage medium comprising computer instructions which, when run on a terminal device, cause the terminal device to perform the method of any of claims 1-7; or,
causing the terminal device to perform the method of any one of claims 8-17; still alternatively, or in addition to the above,
causing the terminal device to perform the method of claim 18.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310206775.3A CN117135631A (en) | 2023-02-24 | 2023-02-24 | Equipment authentication method and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310206775.3A CN117135631A (en) | 2023-02-24 | 2023-02-24 | Equipment authentication method and terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117135631A true CN117135631A (en) | 2023-11-28 |
Family
ID=88855288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310206775.3A Pending CN117135631A (en) | 2023-02-24 | 2023-02-24 | Equipment authentication method and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117135631A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430605A (en) * | 2015-12-10 | 2016-03-23 | 飞天诚信科技股份有限公司 | Bluetooth master and slave devices and method for establishing safety channel between same |
| CN105933039A (en) * | 2016-06-24 | 2016-09-07 | 飞天诚信科技股份有限公司 | Bluetooth device and working method of the Bluetooth device |
| US20170339128A1 (en) * | 2016-05-23 | 2017-11-23 | Lg Electronics Inc. | Method and apparatus for authenticating a device using bluetooth technology |
| CN113453209A (en) * | 2021-07-27 | 2021-09-28 | 上海瓶钵信息科技有限公司 | Method and system for realizing Bluetooth communication protocol authentication part and communication terminal |
| CN113840266A (en) * | 2020-06-24 | 2021-12-24 | 华为技术有限公司 | Bluetooth pairing method, device, system, electronic equipment and storage medium |
-
2023
- 2023-02-24 CN CN202310206775.3A patent/CN117135631A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430605A (en) * | 2015-12-10 | 2016-03-23 | 飞天诚信科技股份有限公司 | Bluetooth master and slave devices and method for establishing safety channel between same |
| US20170339128A1 (en) * | 2016-05-23 | 2017-11-23 | Lg Electronics Inc. | Method and apparatus for authenticating a device using bluetooth technology |
| CN105933039A (en) * | 2016-06-24 | 2016-09-07 | 飞天诚信科技股份有限公司 | Bluetooth device and working method of the Bluetooth device |
| CN113840266A (en) * | 2020-06-24 | 2021-12-24 | 华为技术有限公司 | Bluetooth pairing method, device, system, electronic equipment and storage medium |
| CN113453209A (en) * | 2021-07-27 | 2021-09-28 | 上海瓶钵信息科技有限公司 | Method and system for realizing Bluetooth communication protocol authentication part and communication terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101491392B1 (en) | Indirect device communication | |
| CN113259301B (en) | Account data sharing method and electronic equipment | |
| CN110059499A (en) | A kind of file access purview certification method and electronic equipment | |
| KR20110008272A (en) | Methods, apparatuses, and computer program products for providing a single service sign-on | |
| CN113132091B (en) | Method for sharing equipment and electronic equipment | |
| CN111918274B (en) | Code number configuration and management method and device, electronic equipment and readable storage medium | |
| CN112073421B (en) | Communication processing method, communication processing device, terminal and storage medium | |
| CN112291364A (en) | Message pushing processing method and device | |
| KR20210145558A (en) | Electronic device for performing edge computing service and a method for the same | |
| CN112771815B (en) | Key processing method and device | |
| CN112966297A (en) | Data protection method, system, medium and electronic device | |
| CN117135631A (en) | Equipment authentication method and terminal equipment | |
| CN107846390B (en) | Authentication method and device for application program | |
| CN113645024B (en) | Key distribution method, system, device and readable storage medium and chip | |
| CN115065703A (en) | Internet of things system, authentication and communication method thereof and related equipment | |
| CN115146253A (en) | Mobile App login method, mobile device and system | |
| CN115442061A (en) | Security authentication method, readable medium, and electronic device | |
| CN116846681B (en) | Device connection method, electronic device, and computer-readable storage medium | |
| CN115174043B (en) | Method for sharing equipment and electronic equipment | |
| WO2023169545A1 (en) | Offline device control method and related apparatus | |
| CN117992414A (en) | Resource sharing method and electronic equipment | |
| CN117176362B (en) | Authentication method and device | |
| CN115550415B (en) | Device connection method and electronic device | |
| CN117278323B (en) | Third party information acquisition method, electronic equipment and readable storage medium | |
| CN115001667B (en) | Key agreement method, system, electronic device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |