CN117255340B

CN117255340B - Bluetooth communication method, device, system, storage medium and electronic equipment

Info

Publication number: CN117255340B
Application number: CN202311518933.5A
Authority: CN
Inventors: 姜帆; 郭飞; 杜君; 孟伟; 王青权; 邢晓奎; 陈建卫; 安然; 范乃冲; 李树昆
Original assignee: Beijing Smartchip Microelectronics Technology Co Ltd
Current assignee: Beijing Smartchip Microelectronics Technology Co Ltd
Priority date: 2023-11-15
Filing date: 2023-11-15
Publication date: 2024-02-27
Anticipated expiration: 2043-11-15
Also published as: CN117255340A

Abstract

The invention provides a Bluetooth communication method, a Bluetooth communication device, a Bluetooth communication system, a Bluetooth communication storage medium and electronic equipment, and belongs to the technical field of communication. The Bluetooth communication method is applied to a password resource management system and comprises the following steps: acquiring a password resource application sent by a source Bluetooth device; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers; based on the source Bluetooth device information and the destination Bluetooth device information, matching an application key of the source Bluetooth device and an application key of the destination Bluetooth device in a plurality of preset Bluetooth device application keys; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; the password resource is used for generating a private address; and respectively issuing the password resources to the source Bluetooth device and the destination Bluetooth device through encryption and signature so that the source Bluetooth device and the destination Bluetooth device can carry out Bluetooth communication based on the password resources. The risk of being attacked is reduced, and the safety of Bluetooth communication is guaranteed.

Description

Bluetooth communication method, device, system, storage medium and electronic equipment

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a bluetooth communication method, a bluetooth communication device, a bluetooth communication system, a machine-readable storage medium, and an electronic apparatus.

Background

Bluetooth is a typical communication technology of internet of things communication, and bluetooth communication as a local communication mode can be applied to various application scenarios, for example: smart home scenarios, power application scenarios, etc.

However, the physical address (Media Access Control Address, MAC) in conventional bluetooth communications is usually fixed, which may cause multiple bluetooth address masquerading attacks, i.e., malicious nodes utilize protocol design and implementation vulnerability to cause trusted devices, resulting in security threats such as network identity falsification, data redirection, etc., and an attacker may identify devices and attack by monitoring and analyzing bluetooth traffic. Secondly, the Bluetooth protocol is used as a standard communication protocol to have security holes, the Bluetooth equipment can perform identity verification and encryption operation in the pairing process, but if the Bluetooth equipment has security problems in the pairing process, a hacker can acquire an encryption key in the pairing process through means such as man-in-the-middle attack and the like, so that Bluetooth communication data are monitored and decrypted, and the risk of data leakage is caused.

Therefore, the existing bluetooth communication has a communication security problem.

Disclosure of Invention

The invention aims to provide a Bluetooth communication method, a Bluetooth communication device, a Bluetooth communication system, a machine-readable storage medium and electronic equipment, wherein the Bluetooth communication method can generate different private addresses during each communication, so that the risk of being attacked is reduced, and the safety of Bluetooth communication is ensured.

In order to achieve the above object, a first aspect of the present application provides a bluetooth communication method, applied to a cryptographic resource management system, the bluetooth communication method including:

acquiring a password resource application sent by a source Bluetooth device; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers;

based on the source Bluetooth device information and the destination Bluetooth device information, matching an application key of the source Bluetooth device and an application key of the destination Bluetooth device in a plurality of preset Bluetooth device application keys;

generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers;

encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext;

Respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature;

the first signature and the first password resource ciphertext are issued to the source Bluetooth device, and the second signature and the second password resource ciphertext are issued to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device carry out Bluetooth communication based on the password resources;

wherein the cryptographic resource is used to generate a private address.

In the embodiment of the application, the password resource management system is preset with security chip serial numbers of a plurality of Bluetooth devices, the plurality of random numbers comprise a first random number, a second random number and a third random number, and the password resource comprises a Z algorithm instance, a temporary key and a session key;

the generating a cryptographic resource based on the application key of the source bluetooth device, the application key of the destination bluetooth device, and the plurality of random numbers includes:

performing decentralized processing on the application key of the source Bluetooth device based on the first random number to obtain a temporary key K1;

performing decentralized processing on the application key of the target Bluetooth device based on the second random number to obtain a temporary key K2;

Generating a Z algorithm instance Z1 by adopting a Z cryptographic algorithm based on the temporary key K1, and generating a Z algorithm instance Z2 by adopting a Z cryptographic algorithm based on the temporary key K2;

performing decentralized processing on the application key of the source Bluetooth device based on the security chip serial number of the target Bluetooth device and the third random number to obtain a session key;

and obtaining the password resource according to the temporary key K1, the temporary key K2, the Z algorithm example Z1, the Z algorithm example Z2 and the session key.

In this embodiment of the present application, the process of obtaining the preset application keys of the plurality of bluetooth devices includes:

registering to obtain a plurality of Bluetooth devices, and respectively obtaining the security chip information of each Bluetooth device, wherein the security chip information at least comprises a security chip serial number;

and respectively carrying out decentralized processing on the serial numbers of the security chips of the Bluetooth devices based on the preset service root keys to obtain application keys of a plurality of Bluetooth devices.

A second aspect of the present application provides a bluetooth communication method, applied to a source bluetooth device, including:

acquiring a first password resource ciphertext and a first signature, wherein the first password resource ciphertext and the first signature are obtained through the Bluetooth communication method applied to the password resource management system;

A preset master station certificate is adopted to check the first signature, and under the condition that the first signature is checked successfully, a preset application key of a source Bluetooth device is adopted to decrypt the first password resource ciphertext, so that password resources are obtained;

and carrying out Bluetooth communication with the target Bluetooth equipment based on the password resource.

In the embodiment of the application, the password resource comprises a Z algorithm instance, a temporary key and a session key;

the Bluetooth communication with the target Bluetooth device based on the password resource comprises the following steps:

constructing a private address based on the Z algorithm instance and the temporary key in the password resource;

and based on the private address, carrying out Bluetooth communication with the target Bluetooth device by adopting a session key in the password resource.

In an embodiment of the present application, the temporary key includes: temporary key K1 and temporary key K2; examples of the Z algorithm include: z algorithm instance Z1 and Z algorithm instance Z2;

the constructing a private address based on the Z algorithm instance and the temporary key in the cryptographic resource includes:

acquiring current local time and region codes, and generating a time stamp based on the current local time;

Encrypting a random code formed by the timestamp and the region code based on the temporary key K1 and the Z algorithm example Z1 to obtain an address encryption ciphertext of the source Bluetooth device;

encrypting a random code formed by the timestamp and the region code based on the temporary key K2 and the Z algorithm example Z2 to obtain a destination Bluetooth device address encryption ciphertext;

constructing and obtaining a private address of the source Bluetooth device based on the encrypted ciphertext, the timestamp and the region code of the address of the source Bluetooth device;

and constructing and obtaining the private address of the target Bluetooth device based on the encrypted ciphertext, the timestamp and the region code of the address of the target Bluetooth device.

In this embodiment of the present application, the performing bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource based on the private address includes:

transmitting a connection establishment request to a destination Bluetooth device based on the source Bluetooth device private address and the destination Bluetooth device private address;

under the condition that the connection establishment request is successfully sent, acquiring a private address to be verified, which is sent by the target Bluetooth equipment;

and carrying out validity verification on the private address to be verified based on the password resource, and carrying out Bluetooth communication with the target Bluetooth device by adopting a session key in the password resource under the condition that verification is passed.

In this embodiment of the present application, the bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource includes:

carrying out dynamic session key negotiation by adopting the session key in the password resource and the target Bluetooth equipment to obtain a temporary session key;

and establishing a secure communication channel based on the temporary session key for Bluetooth communication.

In an embodiment of the present application, after establishing the secure communication channel, the method further includes:

acquiring a local channel state, and constructing a channel diagram and a channel priority table based on the local channel state;

and acquiring self service information, and establishing a service priority table according to the grade and priority of the self service.

In an embodiment of the present application, further includes:

and transmitting the channel map and the channel priority table to all Bluetooth devices in the network in a broadcasting mode.

In an embodiment of the present application, further includes:

switching the data channel according to the channel selection algorithm;

acquiring current channel state information and current service information by adopting the switched data channel;

comparing the current channel state information with a channel priority table to obtain the priority of the current channel;

And switching the service channel according to the priority of the current channel, the service priority table and the current service information to obtain the most suitable channel.

In this embodiment of the present application, the switching the service channel according to the priority of the current channel, the service priority table, and the current service information to obtain the most suitable channel includes:

inquiring to obtain the current service priority according to the service priority table and the current service information;

judging whether the current service priority is matched with the priority of the current channel or not;

determining that the priority of the current service is matched with the priority of the current channel, and adopting the current channel to communicate;

and determining that the current service priority is not matched with the priority of the current channel, selecting a channel matched with the current service priority from the channel priority table, and adopting the channel to communicate.

In an embodiment of the present application, further includes:

periodically acquiring a channel state, and updating the channel priority table based on the channel state to obtain a new channel priority table;

and broadcasting the new channel priority table so that the connected Bluetooth equipment dynamically adjusts the frequency hopping channel according to the new channel priority table.

In an embodiment of the present application, further includes:

in the communication process, judging whether to dynamically adjust the time slot of the current communication according to the size of the interactive data packet;

and under the condition of large interactive data packet, the duty ratio of the time slot used by the current communication is adjusted according to the current service priority so as to realize the dynamic adjustment of the time slot.

In this embodiment of the present application, the adjusting the duty ratio of the time slot used for the current communication according to the current service priority to implement dynamic adjustment of the time slot includes:

generating a plurality of service weights according to the current service priority and the service priority table;

based on the duty ratio of each service weight, the duty ratio of the time slot used by the current communication is adjusted to realize the dynamic adjustment of the time slot.

In this embodiment of the present application, the adjusting the duty ratio of the time slot used for the current communication based on the duty ratio of each service weight includes:

initializing the total time slot length;

calculating to obtain the adjusted length of each connecting time slot according to the duty ratio of each service weight and the total time slot length;

and based on the adjusted time slot length of each connection, updating the time slot of each connection in the current communication so as to adjust the duty ratio of the time slot used in the current communication.

A third aspect of the present application provides a bluetooth communication method, applied to a bluetooth device of interest, including:

acquiring a second password resource ciphertext and a second signature, wherein the second password resource ciphertext and the second signature are obtained through the Bluetooth communication method applied to the password resource management system;

a preset master station certificate is adopted to check the second signature, and under the condition that the second signature is checked successfully, a preset application key of a target Bluetooth device is adopted to decrypt the second password resource ciphertext, so that password resources are obtained;

and carrying out Bluetooth communication with the source Bluetooth device based on the password resource.

the Bluetooth communication with the source Bluetooth device based on the password resource comprises the following steps:

and based on the private address, carrying out Bluetooth communication with the source Bluetooth device by adopting a session key in the password resource.

In this embodiment of the present application, the performing bluetooth communication with the source bluetooth device using the session key in the cryptographic resource based on the private address includes:

responding to a connection establishment request sent by a source Bluetooth device, and acquiring a private address to be verified sent by the source Bluetooth device;

and carrying out validity verification on the private address to be verified based on the password resource, and carrying out Bluetooth communication with the source Bluetooth device by adopting a session key in the password resource under the condition that verification is passed.

In this embodiment of the present application, the bluetooth communication with the source bluetooth device using the session key in the cryptographic resource includes:

performing dynamic session key negotiation with the source Bluetooth device by adopting the session key in the password resource to obtain a temporary session key;

In an embodiment of the present application, further includes:

and transmitting the channel map information and the channel priority list to all Bluetooth devices in the network in a broadcasting mode.

In an embodiment of the present application, further includes:

A fourth aspect of the present application provides a bluetooth communication system, including a cryptographic resource management system, a source bluetooth device, and a destination bluetooth device;

the source Bluetooth device is used for applying for the password resources sent to the password resource management system; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers;

the password resource management system is used for matching an application key of the source Bluetooth device and an application key of the target Bluetooth device in preset application keys of a plurality of Bluetooth devices based on the source Bluetooth device information and the target Bluetooth device information; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature; the first signature and the first password resource ciphertext are issued to the source Bluetooth device, and the second signature and the second password resource ciphertext are issued to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device carry out Bluetooth communication based on the password resources; wherein the cryptographic resource is used to generate a private address.

A fifth aspect of the present application provides a bluetooth communication device, applied to a cryptographic resource management system, the bluetooth communication device comprising:

the acquisition module is used for acquiring a password resource application sent by the source Bluetooth equipment; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers;

the application key matching module is used for matching the application key of the source Bluetooth device and the application key of the target Bluetooth device in a plurality of preset Bluetooth device application keys based on the source Bluetooth device information and the target Bluetooth device information;

the password resource generation module is used for generating password resources based on the application key of the source Bluetooth device, the application key of the target Bluetooth device and a plurality of random numbers;

the first encryption module is used for encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; wherein the cryptographic resource is used to generate a private address;

the first signature module is used for respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature;

And the issuing module is used for issuing the first signature and the first password resource ciphertext to the source Bluetooth device and issuing the second signature and the second password resource ciphertext to the destination Bluetooth device so that the source Bluetooth device and the destination Bluetooth device can carry out Bluetooth communication based on the password resources.

the password resource generation module comprises:

the first decentralized processing unit is used for performing decentralized processing on the application key of the source Bluetooth device based on the first random number to obtain a temporary key K1;

the second dispersion processing unit is used for carrying out dispersion processing on the application key of the target Bluetooth device based on the second random number to obtain a temporary key K2;

an algorithm example unit, configured to generate a Z algorithm example Z1 by using a Z cryptographic algorithm based on the temporary key K1, and generate a Z algorithm example Z2 by using a Z cryptographic algorithm based on the temporary key K2;

The third decentralized processing unit is used for performing decentralized processing on the application key of the source Bluetooth device based on the security chip serial number of the target Bluetooth device and the third random number to obtain a session key;

the resource generating unit is used for obtaining the password resource according to the temporary secret key K1, the temporary secret key K2, the Z algorithm example Z1, the Z algorithm example Z2 and the session secret key.

A sixth aspect of the present application provides a bluetooth communication device, applied to a source bluetooth apparatus, comprising:

the first password resource acquisition module is used for acquiring a first password resource ciphertext and a first signature, wherein the first password resource ciphertext and the first signature are acquired through the Bluetooth communication device applied to the password resource management system;

the first signature verification module is used for verifying the first signature by adopting a preset master station certificate, and decrypting the first password resource ciphertext by adopting an application key of a preset source Bluetooth device under the condition that the first signature verification is successful, so as to obtain a password resource;

and the first Bluetooth communication module is used for carrying out Bluetooth communication with the target Bluetooth equipment based on the password resource.

A seventh aspect of the present application provides a bluetooth communication device, for use in a bluetooth apparatus of interest, comprising:

The second password resource acquisition module is used for acquiring a second password resource ciphertext and a second signature, wherein the second password resource ciphertext and the second signature are acquired through the Bluetooth communication device applied to the password resource management system;

the second signature verification module is used for verifying the second signature by adopting a preset master station certificate, and decrypting the second password resource ciphertext by adopting an application key of a preset target Bluetooth device under the condition that the second signature verification is successful, so as to obtain a password resource;

and the second Bluetooth communication module is used for carrying out Bluetooth communication with the source Bluetooth equipment based on the password resource.

An eighth aspect of the present application provides an electronic device, including:

at least one processor;

a memory coupled to the at least one processor;

the memory stores instructions executable by the at least one processor, and the at least one processor implements the bluetooth communication method by executing the instructions stored by the memory.

A ninth aspect of the present application provides a machine-readable storage medium having stored thereon instructions that when executed by a processor cause the processor to be configured to perform the bluetooth communication method described above.

According to the technical scheme, the password resource application sent by the source Bluetooth device is obtained in the password resource management system; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers; based on the source Bluetooth device information and the destination Bluetooth device information, matching an application key of the source Bluetooth device and an application key of the destination Bluetooth device in a plurality of preset Bluetooth device application keys; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; wherein the cryptographic resource is used to generate a private address; encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature; and transmitting the first signature and the first password resource ciphertext to the source Bluetooth device, and transmitting the second signature and the second password resource ciphertext to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device perform Bluetooth communication based on the password resources. Because the password resource is obtained based on the random number and the application password, the obtained password resource is different when the random number is different in each communication, so that different private addresses are generated when each communication is performed, the risk of being attacked is reduced, and the safety of Bluetooth communication is ensured. By encrypting and signing the password resources, confidentiality and integrity of password resource transmission are ensured. The MAC addresses of conventional bluetooth are typically assigned by the device manufacturer, and there may be collisions of MAC addresses of different devices, resulting in communication failures. The invention can avoid the conflict by uniformly generating the password resources through the password resource management system, and improve the compatibility between devices and the stability of communication. The MAC address of the conventional bluetooth is limited, and when the number of devices increases, an address shortage may occur. The generation of the password resources by the password resource management system is temporarily generated according to the service application, and is released immediately after service timeliness is exceeded, so that infinite equipment connection is theoretically supported.

Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.

Drawings

The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:

fig. 1 schematically illustrates a Z-algorithm bluetooth power operation and maintenance application scenario according to an embodiment of the present application;

fig. 2 schematically illustrates a flow chart of a bluetooth communication method applied to a cryptographic resource management system according to an embodiment of the present application;

FIG. 3 schematically illustrates a Z-algorithm cryptographic resource management system architecture schematic diagram according to an embodiment of the present application;

FIG. 4 schematically illustrates a Z-algorithm example, session key generation and distribution flow diagram according to an embodiment of the present application;

FIG. 5 schematically illustrates a private address generation process diagram according to an embodiment of the present application;

FIG. 6 schematically illustrates a private address verification process diagram according to an embodiment of the present application;

fig. 7 schematically illustrates a bluetooth private address generation framework diagram according to an embodiment of the present application;

FIG. 8 schematically illustrates an operational scenario diagram according to an embodiment of the present application;

fig. 9 schematically illustrates a bluetooth management application framework according to an embodiment of the application;

fig. 10 schematically illustrates a secure communication channel establishment procedure according to an embodiment of the present application;

FIG. 11 schematically illustrates an intelligent power distribution operation and maintenance application scenario schematic according to an embodiment of the present application;

fig. 12 schematically illustrates a family bluetooth application scenario according to an embodiment of the present application;

fig. 13 schematically illustrates a multi-master multi-slave bluetooth network application scenario according to an embodiment of the present application;

FIG. 14 schematically illustrates a control flow diagram according to an embodiment of the present application;

fig. 15 schematically illustrates a channel priority table generation flow chart according to an embodiment of the present application;

fig. 16 schematically illustrates a flowchart of a bluetooth communication method applied to a source bluetooth device according to an embodiment of the present application;

fig. 17 schematically illustrates a flowchart of a bluetooth communication method applied to a destination bluetooth device according to an embodiment of the present application;

fig. 18 schematically illustrates a block diagram of a bluetooth communication device applied to a cryptographic resource management system according to an embodiment of the present application;

Fig. 19 schematically illustrates a block diagram of a bluetooth communication device applied to a source bluetooth apparatus according to an embodiment of the present application;

fig. 20 schematically illustrates a block diagram of a bluetooth communication device applied to a destination bluetooth apparatus according to an embodiment of the present application;

fig. 21 schematically shows an internal structural view of a computer device according to an embodiment of the present application.

Description of the reference numerals

510-an acquisition module; 520-apply key matching module; 530-a cryptographic resource generation module; 540-a first encryption module; 550-a first signature module; 560-issuing module; 610-a first cryptographic resource acquisition module; 620-a first signature verification module; 630-a first bluetooth communication module; 710-a second cryptographic resource acquisition module; 720-a second signature verification module; 730-a second bluetooth communication module; a01-a processor; a02-a network interface; a03-an internal memory; a04-a display screen; a05-an input device; a06—a nonvolatile storage medium; b01-operating system; b02-computer program.

Detailed Description

The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.

It should be noted that, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is only for descriptive purposes, and is not to be construed as indicating or implying relative importance or implying that the number of technical features indicated is indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be regarded as not exist and not within the protection scope of the present application.

According to the embodiment, through fully adopting the design thought of deep fusion of the user key, algorithm and task application, the Bluetooth communication method is provided by combining the unified algorithm architecture and the algorithm derivative rule (unified algorithm architecture and algorithm derivative rule) and the application requirement, so that the security of the password resource, bluetooth address generation, access authentication and service data channels is ensured, and the transmission efficiency and reliability of the wireless communication system are improved.

It should be noted that, the bluetooth communication method in this embodiment may be applicable to various bluetooth communication scenarios, and in order to facilitate explanation of the scheme, the following mainly uses an electric power operation and maintenance application scenario as an example.

Referring to fig. 1, fig. 1 schematically shows a Z-algorithm bluetooth power operation and maintenance application scenario according to an embodiment of the application. For the power operation and maintenance application scene, the palm machine/mobile phone acquires password resources from the password resource management platform through the security access gateway, and Bluetooth communication is performed between the palm machine/mobile phone and the fusion terminal, the detection platform body, the electric energy meter, the intelligent switch or other terminal equipment through the Z algorithm Bluetooth module. The following functions can be realized by adopting the Bluetooth communication method in the invention: and (3) safety management: through bluetooth connection, carry out authentication and access control to equipment, prevent unauthorized personnel to operate. In addition, bluetooth encrypts and transmits data securely, protecting the security of the device data. Device configuration and debugging: bluetooth is used for configuration and debugging of equipment, and operation and maintenance personnel are connected to the equipment through Bluetooth and perform parameter setting, calibration and debugging of the equipment through matched mobile phone/palm phone application. Device monitoring and fault diagnosis: through the bluetooth module of installing on power equipment, the running state and the performance of real-time supervision equipment. Current, voltage collection, equipment operating state parameters, etc. are collected and data is transmitted to the monitoring system via bluetooth. And (3) reading and setting operation parameters: the remote operation and control of the power equipment are realized, through the Bluetooth module connected with the equipment, operation and maintenance personnel remotely control the on-off and parameter adjustment and the like of the equipment by using mobile equipment such as a mobile phone/palm phone, the operation and maintenance efficiency is improved, and the operation risk is reduced.

Referring to fig. 2 and 3, fig. 2 schematically illustrates a flowchart of a bluetooth communication method applied to a cryptographic resource management system according to an embodiment of the present application, fig. 3 schematically illustrates a Z-algorithm cryptographic resource management system architecture schematic according to an embodiment of the present application, and a cryptographic resource management system is disposed on a cryptographic resource platform in fig. 3. The embodiment provides a Bluetooth communication method, which is applied to a password resource management system, and comprises the following steps:

step 210: acquiring a password resource application sent by a source Bluetooth device; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers;

in this embodiment, before initiating a communication connection, the bluetooth device needs to apply for a session key and a Z algorithm instance to the cryptographic resource management platform, i.e. send a cryptographic resource application. The bluetooth devices are each provided with an internet protocol (Internet Protocol, IP) address and port of the cryptographic resource management system to facilitate connection with the cryptographic resource management system. The password resource management system manages the equipment and the Bluetooth module and comprises equipment area, time, unique identification, equipment machine code, security chip identity card identification number (Identity document, ID), bluetooth module and other information. The source bluetooth device information includes information such as a device ID and a device name, and the destination bluetooth device information includes information such as a device ID and a device name. The source bluetooth device refers to a device for applying for password resources, and the target bluetooth device is a bluetooth device to which the source bluetooth device is connected.

The random number may be generated by a hardware noise source generating device, or may be a random number composed of a time stamp or an operation and maintenance area credential, and the method of generating the random number is not limited in this embodiment.

Step 220: based on the source Bluetooth device information and the destination Bluetooth device information, matching an application key of the source Bluetooth device and an application key of the destination Bluetooth device in a plurality of preset Bluetooth device application keys;

in this embodiment, a plurality of bluetooth device application keys are stored in advance in the cryptographic resource management system, and after the cryptographic resource application is acquired, corresponding application keys can be respectively matched based on the source bluetooth device information and the destination bluetooth device information in the cryptographic resource application. Accordingly, the application key may also be written in each bluetooth device in advance.

In some embodiments, the acquiring the preset application keys of the plurality of bluetooth devices includes:

firstly, registering to obtain a plurality of Bluetooth devices, and respectively obtaining the security chip information of each Bluetooth device, wherein the security chip information at least comprises a security chip serial number;

and then, respectively carrying out decentralized processing on the security chip serial numbers of the Bluetooth devices based on the preset service root keys to obtain application keys of the plurality of Bluetooth devices.

In this embodiment, the security chip is a device capable of independently generating and encrypting and decrypting a key, and has an independent processor and a storage unit therein, so as to store the key and the feature data. The encryption is carried out by the security chip, the secret key is stored in hardware, and the stolen data cannot be decrypted, so that the business privacy and the data security are protected. Referring to fig. 4, fig. 4 schematically illustrates a Z algorithm example, session key generation and distribution flow chart according to an embodiment of the present application. Taking bluetooth equipment A and bluetooth equipment B as examples, a security chip A is arranged in the bluetooth equipment A, a security chip B is arranged in the bluetooth equipment B, a password resource management system issues the security chips A and B, and a service root key is used for generating an application key of the security chip A through the scattered serial numbers of the security chip AGenerating an application key of security chip B by serial number distribution of security chip B>Simultaneously issuing a master station certificate to a security chip; registering the Bluetooth device A and the Bluetooth device B into a password resource management system, binding the security chip A with the Bluetooth device A, and binding the security chip B with the Bluetooth device B.

It should be noted that, the dispersing process mentioned in this embodiment refers to a dispersing process performed by using a password dispersing algorithm, which belongs to the prior art, and will not be described herein.

Step 230: generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers;

in some embodiments, the cryptographic resource management system is preset with security chip serial numbers of a plurality of bluetooth devices, the plurality of random numbers comprise a first random number, a second random number and a third random number, and the cryptographic resource comprises a Z algorithm instance, a temporary key and a session key;

firstly, performing decentralized processing on an application key of the source Bluetooth device based on the first random number to obtain a temporary key K1;

then, performing decentralized processing on the application key of the target Bluetooth device based on the second random number to obtain a temporary key K2;

then, a Z algorithm instance Z1 is generated by adopting a Z cryptographic algorithm based on the temporary key K1, and a Z algorithm instance Z2 is generated by adopting a Z cryptographic algorithm based on the temporary key K2;

then, performing decentralized processing on the application key of the source Bluetooth device based on the security chip serial number of the target Bluetooth device and the third random number to obtain a session key;

Finally, according to the temporary secret key K1, the temporary secret key K2, the Z algorithm example Z1, the Z algorithm example Z2 and the session secret key, the password resource is obtained.

In the embodiment, the Z-password algorithm (Z-cipher) is a domestic symmetric encryption algorithm, and based on a block password structure, a nonlinear S-box, a confusion function and an iterative round function are used, so that the Z-password algorithm has the advantages of simple structure, high nonlinearity and high encryption speed. The Z-password algorithm adopts a design idea of deep fusion of a user key and an algorithm, and provides different grouping algorithms for different users under the driving of the user key by a unified algorithm architecture and algorithm derivative rules (unified algorithm architecture+algorithm derivative rules). Each instance of the algorithm is a customized, personalized, reversible cryptographic transformation.

For convenience of explanation, the above bluetooth device a and bluetooth device B are taken as examples, where bluetooth device a is a source bluetooth device and bluetooth device B is a destination bluetooth device. The random numbers R1, R2 and R3 can be generated by a hardware noise source generating device; the cryptographic resource management system retrieves information of bluetooth devices a and B and then disperses the application key by means of random number R1 Generating a temporary key K1, dispersing the application key by means of a random number R2>Generating a temporary key K2; generating a Z algorithm example Z1 and a Z algorithm example Z2 for generating a Bluetooth address according to the temporary key K1 and the temporary key K2 respectively, wherein the Z algorithm example Z1 and the temporary key K1 are used for generating a private address of the Bluetooth device A, and the Z algorithm example Z2 and the temporary key K2 are used for generating a private address of the Bluetooth device B; application key +.A secure chip serial number and random number R3 using Bluetooth device B>And dispersing to generate a session key K3.

Issuing the password resource to the source Bluetooth device and the destination Bluetooth device so that the source Bluetooth device and the destination Bluetooth device can carry out Bluetooth communication based on the password resource; wherein the cryptographic resource is used to generate a private address.

In this embodiment, after obtaining the password resource, the password resource management system issues the password resource to the source bluetooth device and the destination bluetooth device, and the source bluetooth device and the destination bluetooth device generate private addresses according to the password resource to implement bluetooth communication. The issuing process can be directly issued or issued after encryption processing.

In order to ensure confidentiality and integrity of the transmission of the password resources, the issuing process can adopt encryption processing for issuing. The issuing the password resource to the source Bluetooth device and the destination Bluetooth device so that the source Bluetooth device and the destination Bluetooth device perform Bluetooth communication based on the password resource comprises the following steps:

Step 240: encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; wherein the cryptographic resource is used to generate a private address;

step 250: respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature;

step 260: and transmitting the first signature and the first password resource ciphertext to the source Bluetooth device, and transmitting the second signature and the second password resource ciphertext to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device perform Bluetooth communication based on the password resources.

In this embodiment, the preset private key of the master station is a private key written in the password resource management system in advance. For convenience of explanation, the above bluetooth device a and bluetooth device B are taken as examples, and application keys are used respectivelyAnd application key->Encrypting the password resource (the key resource comprises a Z algorithm example Z1, a Z algorithm example Z2, a temporary key K1, a temporary key K2 and a session key K3), wherein the encryption process is as follows:

E1=Enc（，Z1+Z2+K1+K2+K3），

E2=Enc（，Z1+Z2+K1+K2+K3）；

Wherein, E1 is a first cipher resource ciphertext, E2 is a second cipher resource ciphertext, enc (Encryption) refers to an encryption technology, and is an algorithm for encrypting data. After encryption, the master station private key is used for signing the cipher resource ciphertext, and the signing process is as follows: s1=sign (E1), s2=sign (E2); wherein S1 is a first signature and S2 is a second signature. And finally, E1 and S1 are issued to the Bluetooth device A, and E2 and S2 are issued to the Bluetooth device B.

The session key is generated by dispersing the device key by using the random number, and the password resource is encrypted and signed according to the device information and the random number generation algorithm example, so that the confidentiality and the integrity of the password resource transmission are ensured.

In the implementation process, acquiring a password resource application sent by a source Bluetooth device in a password resource management system; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers; based on the source Bluetooth device information and the destination Bluetooth device information, matching an application key of the source Bluetooth device and an application key of the destination Bluetooth device in a plurality of preset Bluetooth device application keys; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; wherein the cryptographic resource is used to generate a private address; encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature; and transmitting the first signature and the first password resource ciphertext to the source Bluetooth device, and transmitting the second signature and the second password resource ciphertext to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device perform Bluetooth communication based on the password resources. Because the password resource is obtained based on the random number and the application password, the obtained password resource is different when the random number is different in each communication, so that different private addresses are generated when each communication is performed, the risk of being attacked is reduced, and the safety of Bluetooth communication is ensured. By encrypting and signing the password resources, confidentiality and integrity of password resource transmission are ensured. The MAC addresses of conventional bluetooth are typically assigned by the device manufacturer, and there may be collisions of MAC addresses of different devices, resulting in communication failures. In this embodiment, the password resource management system uniformly generates the password resource, so that the conflict can be avoided, and the compatibility between devices and the stability of communication are improved. The MAC address of the conventional bluetooth is limited, and when the number of devices increases, an address shortage may occur. The generation of the password resources by the password resource management system is temporarily generated according to the service application, and is released immediately after service timeliness is exceeded, so that infinite equipment connection is theoretically supported.

The cryptographic resources include Z algorithm instances, and security of bluetooth communication pairing negotiations can be increased based on the cryptographic resources of the multi-parameter Z algorithm instances (including information of device area, time, unique identification, device machine code, chip ID, bluetooth module, etc.). The MAC address of conventional bluetooth is typically fixed and an attacker can identify devices and make attacks by monitoring and analyzing bluetooth traffic. The Bluetooth MAC address generation key adopting the Z algorithm example can generate different private addresses during each communication, so that the risk of being attacked is reduced. The MAC address of conventional bluetooth is a unique identifier of a device, and an attacker can track the location and activity of the device by tracking the MAC address of the device. The Bluetooth MAC address of the Z algorithm example can prevent the equipment from being tracked, and the privacy protection of the user is improved.

It should be noted that the cryptographic resource management system is responsible for online distribution of cryptographic resources. For the power operation and maintenance application scene, when the palm machine, the terminal, the ammeter and other power equipment leave the factory, an initial Z-password algorithm instance is configured. The initial Z-cipher algorithm instance may be randomly assigned based on the region. The Z-password algorithm of the terminal equipment is updated every time the operation and maintenance communication is performed.

The present embodiment also provides a bluetooth communication method, please refer to fig. 16, fig. 16 schematically shows a flowchart of a bluetooth communication method applied to a source bluetooth device according to an embodiment of the present application. The Bluetooth communication method is applied to a source Bluetooth device and comprises the following steps:

obtaining a password resource, wherein the password resource is obtained by the Bluetooth communication method applied to the password resource management system; accordingly, in some embodiments, in the case that the cryptographic resource is encrypted and signed by the cryptographic resource management system and then issued to the bluetooth device, the obtaining the cryptographic resource includes the following steps:

step 310: acquiring a first password resource ciphertext and a first signature, wherein the first password resource ciphertext and the first signature are obtained through the Bluetooth communication method applied to the password resource management system;

step 320: a preset master station certificate is adopted to check the first signature, and under the condition that the first signature is checked successfully, a preset application key of a source Bluetooth device is adopted to decrypt the first password resource ciphertext, so that password resources are obtained;

the first password resource ciphertext is obtained by encrypting the password resource by using an application key of the source Bluetooth device through a password resource management system; the first signature is obtained by signing the first password resource ciphertext by the password resource management system based on a preset master station private key.

In this embodiment, the preset master station certificate is written in the bluetooth device in advance, and is used for verifying the signature. In order to facilitate explanation of the scheme, taking the above bluetooth device a and bluetooth device B as examples, the bluetooth devices a and B respectively use the master station certificate to check the cryptographic resources, that is, use the preset master station certificate to check the first signature, and after the check is successful, respectively use the application keysAnd application key->And decrypting to obtain a Z algorithm example Z1, a Z algorithm example Z2, a temporary key K1, a temporary key K2 and a session key K3.

Step 330: and carrying out Bluetooth communication with the target Bluetooth equipment based on the password resource.

The method comprises the following steps of:

firstly, constructing a private address based on a Z algorithm instance and a temporary key in the password resource;

and then, based on the private address, carrying out Bluetooth communication with the target Bluetooth device by adopting a session key in the password resource.

In this embodiment, after obtaining the cryptographic resource, bluetooth communication may be performed based on the cryptographic resource, and, taking the above example as an example, the bluetooth device a generates a bluetooth private address according to the temporary key K1 and the Z algorithm instance Z1 Bluetooth device B generates a Bluetooth private address ++A according to the temporary key K2, Z algorithm instance Z2>The method comprises the steps of carrying out a first treatment on the surface of the Bluetooth device a and bluetooth device B communicate using session key K3 as the session key.

In some embodiments, the temporary key comprises: temporary key K1 and temporary key K2; examples of the Z algorithm include: z algorithm instance Z1 and Z algorithm instance Z2; the construction of the private address based on the Z algorithm instance and the temporary key in the password resource comprises the following steps:

the method comprises the steps of firstly, obtaining current local time and region codes, and generating a time stamp based on the current local time;

secondly, encrypting a random code formed by the timestamp and the region code based on the temporary secret key K1 and the Z algorithm example Z1 to obtain an address encryption ciphertext of the source Bluetooth device;

thirdly, encrypting a random code formed by the timestamp and the region code based on the temporary secret key K2 and the Z algorithm example Z2 to obtain a target Bluetooth equipment address encryption ciphertext;

fourth, based on the source Bluetooth device address encryption ciphertext, the time stamp and the region code, constructing and obtaining a source Bluetooth device private address;

fifthly, constructing and obtaining the private address of the target Bluetooth device based on the encrypted ciphertext, the timestamp and the region code of the address of the target Bluetooth device.

In this embodiment, the bluetooth device address is a unique identifier of the device, and has a length of 48 bits, and the address type and meaning are shown in table 1.

Table 1 bluetooth address resolution table

/>

Wherein the private addresses include a non-resolvable private address (non-resolvable private address) and a resolvable private address (resolvable private address). If the Bluetooth device uses the unresolved private address, the address needs to be changed every time the Bluetooth device is connected, so that the randomness of the address is stronger, and the privacy of the Bluetooth device can be protected, so that the Bluetooth device is difficult to track. There must be a local identity resolving key or a peer identity resolving key in order for the resolvable private address device to be generated. The resolvable private address is generated by the temporary key and a randomly generated 24-bit random number. In view of address compatibility, data with the length of 24 bits is generated through a Z algorithm and is used as a custom part of the unresolved private address. By using a specific Z-password algorithm to generate the address of the Bluetooth device, a Bluetooth address generation scheme with high safety is provided, security threats such as network identity falsification, data redirection and the like are effectively prevented, and the true credibility of a Bluetooth communication entity is enhanced.

Referring to fig. 5, fig. 5 schematically illustrates a private address generation process diagram according to an embodiment of the present application. The IRK in the figure is an end secret key, which refers to temporary secret keys K1 and K2 in a password resource, the random number of 24 in the figure refers to time plus a region code used by equipment, the time stamp is 22 bits, the region code is 2 bits, the Z password operation encrypts the time stamp to form 24-bit ciphertext, and the whole of the ciphertext forms a private address of 48 bits of Bluetooth. The private addresses generated by the source Bluetooth device and the destination Bluetooth device are 24-bit ciphertext, a time stamp and a region code.

In some embodiments, please refer to fig. 6, fig. 6 schematically illustrates a private address verification process diagram according to an embodiment of the present application. The Bluetooth communication is carried out with the target Bluetooth device by adopting the session key in the password resource based on the private address, and the method comprises the following steps:

firstly, transmitting a connection establishment request to a destination Bluetooth device based on the private address of the source Bluetooth device and the private address of the destination Bluetooth device;

then, under the condition that the connection establishment request is successfully sent, obtaining a private address to be verified, which is sent by the target Bluetooth equipment;

and finally, verifying the validity of the private address to be verified based on the password resource, and carrying out Bluetooth communication with the target Bluetooth device by adopting a session key in the password resource under the condition that verification is passed.

In this embodiment, for a scenario of one master and multiple slaves, the service device needs to build an address resolution list, which mainly includes fields such as construction time, bluetooth device address resolution key (Identity Resolving Key, IRK), end device identity address, address type, etc. The bluetooth device maintains, manages and updates the list item according to the current session. After each time a data packet is received, firstly verifying the validity of the address based on the address resolution list, and directly discarding the illegal address. When two Bluetooth devices are connected, the addresses are mutually legally analyzed, and if the analyzed ciphertext is consistent with the plaintext timestamp plus the region code, the verification is qualified.

The bluetooth communication between the session key in the password resource and the target bluetooth device comprises the following steps: carrying out dynamic session key negotiation by adopting the session key in the password resource and the target Bluetooth equipment to obtain a temporary session key; and establishing a secure communication channel based on the temporary session key for Bluetooth communication. The method can realize the data air interface encryption transmission by using a proper encryption algorithm and a temporary session key, ensure that the data transmitted through Bluetooth communication is encrypted in the transmission process, and further protect the confidentiality of the data.

In the implementation process, the private address is obtained by constructing the encryption ciphertext, the timestamp and the region code based on the Bluetooth equipment address, so that the system maintenance cost is reduced, the system has high reliability and safety, and the framework is flexible and can adapt to different application scenes and requirements. The source address verification can be enhanced by verifying the private address, so that the Bluetooth address disguise attack is prevented, and the safety and reliability of Bluetooth communication are improved. By integrating the Z cryptographic algorithm into the Bluetooth address generation process, the security assurance of the secret key in the Bluetooth device is realized, and the secret key security of the Bluetooth device is improved. And adopting a private address generation and authentication mechanism of the Z password. By integrating the Z cryptographic algorithm into the Bluetooth address generation process, the security assurance of the secret key in the Bluetooth device is realized while address authentication is solved, address authentication and secret key exchange can be performed under the condition that the private key is not exposed, the security of the private key is effectively protected, and the usability and maintainability of the device are improved. Can adapt to different application scenes and requirements, and can better meet the requirements of different users.

The Z-password algorithm is integrated into the Bluetooth address generation process, so that the secret key can be effectively confused with the encryption and decryption algorithm, and the safety assurance of the secret key in the Bluetooth device is realized while address authentication is solved. The Z-password algorithm is a powerful encryption algorithm, has high security and attack resistance, and can effectively protect keys in Bluetooth equipment from being stolen or cracked. By adopting the private address generation and authentication mechanism of the Z password, address authentication and key exchange can be performed under the condition that the private key is not exposed, so that the security of the private key is effectively protected. Compared with other secure hardware supported solutions, the Bluetooth address generation method adopting the Z-password algorithm can reduce equipment and maintenance cost, does not need an additional hardware password module, and is easy to deploy and maintain. By adopting the private address generation and authentication mechanism of the Z password, the address generation and authentication process of the Bluetooth device can be simplified, and the usability and maintainability of the device are improved.

Referring to fig. 7, fig. 7 schematically illustrates a bluetooth private address generation framework according to an embodiment of the present application. The password resource management platform provides resource retrieval service for the Bluetooth equipment in the managed range on one hand, and is responsible for issuing private addresses to the Bluetooth equipment to generate needed password resources on the other hand.

The working principle of the framework is described below in connection with the scenario where bluetooth device a accesses bluetooth device B.

Initial conditions:

(1) The bluetooth device A, B has configured the IP address of the cryptographic resource management platform;

(2) Bluetooth device A, B is configured with an initial Z-password algorithm instance;

(3) The bluetooth device A, B is registered with the cryptographic resource management platform and contains device attribute information.

Unresolvable private address generation process:

(1) The equipment A sends attribute information such as geographic position and a communication request to a password resource management platform;

(2) The password resource management platform analyzes the service request information of the Bluetooth device A and retrieves the information of the Bluetooth device B according to the service;

(3) The password resource management platform generates Z password resources Z1 and Z2 for the Bluetooth device A and the Bluetooth device B according to the password policy, and then distributes the password resources to the Bluetooth device A and the Bluetooth device B;

(4) After the Bluetooth device A and the Bluetooth device B receive the Z password resource, the Bluetooth device A generates a Bluetooth private address according to the Z password algorithm:=enc (N, Z1), bluetooth device B generates a host private address: />Enc (N, Z2); wherein N is a random code composed of a time stamp and a region code.

(5) When bluetooth device a accesses bluetooth device B, first, the dynamic address of device B is calculated =enc (N, Z2), then, the destination address and the source address of the frame are assigned +.>And->. The composition data packet is sent to bluetooth device B. After receiving the data frame, the Bluetooth device B firstly verifies the validity of the address based on the Z algorithm and refuses the illegal address access.

The method is characterized in that a specific use scene is used for describing the establishment of a Bluetooth air interface safety communication channel, electric power operation and maintenance equipment (mobile phone/palm phone) is a carrier of electric business Application software (Application), bluetooth management Application is used as a basic Application, functions of configuration management, data acquisition, ammeter Bluetooth verification, communication interaction among equipment and the like are supported, and a callable safety air interface communication channel is provided for other advanced business applications. An operation and maintenance scheme of safe Bluetooth operation and maintenance based on Z algorithm: the master station operation and maintenance task is issued to maintenance equipment, and the maintenance equipment is connected with a terminal Bluetooth through a Bluetooth management application; and the operation and maintenance personnel perform operations such as state inquiry, parameter setting and control on the power terminal by using the maintenance equipment in a Bluetooth wireless communication mode according to the maintenance tasks, the maintenance regions and the maintenance equipment authorization codes. The operation and maintenance efficiency is improved by matching with the operation and maintenance tasks issued by the master station, and the security and the liability of operation and maintenance operations are ensured by maintaining the security authorization and the operation and maintenance records of the equipment. The overall architecture of the operation and maintenance scheme is shown in fig. 8.

The Bluetooth management application is responsible for managing the communication control of the Bluetooth channel of the operation and maintenance device. The Bluetooth channel supports multi-master multi-slave multi-channel multi-connection, and the same operation and maintenance device supports connection with a plurality of Bluetooth terminal devices. The Bluetooth management application provides a Bluetooth communication management interface with two coding formats, namely an A-XDR coding rule and JSON for related service applications. The functions of Bluetooth parameter setting, data sending and receiving and the like are realized through the message interface. The Bluetooth management application software architecture is modularly designed according to functions and is mainly divided into four parts: device management, port management, message management, and exception maintenance as shown in fig. 9, fig. 9 schematically shows a bluetooth management application framework diagram according to an embodiment of the present application.

The device management module consists of a device management task and a device operation interface, wherein the device management task periodically reads various state information of the Bluetooth device to update the port link state in real time by calling the standard driving interface, reads port data and distributes related data to the port queue; the device operation interface provides encapsulation of a Bluetooth device part operation interface, including Bluetooth device parameter setting, bluetooth module switch, configuration of port parameters, start of port scanning, bluetooth device node information reading and the like.

The port management module is mainly used for managing multi-path Bluetooth connection, the service application calls the Bluetooth port configuration interface to trigger creation, the state is updated in the port maintenance module of the equipment management task, and the equipment port mainly comprises a master-slave mode, a port number, a connection state, an opposite-end address, a receiving and transmitting data buffer and the like. The Bluetooth management application registers with the system management service and responds to the common messages such as heartbeat detection and the like by remotely transmitting (Message Queuing Telemetry Transport, MQTT) messages through a message queue according to the specification, so that the normal service state of the application is ensured. And realizing the message sequence control of different priorities through the priority control of the message queue according to the priority field of the MQTT receiving and transmitting interface message.

The abnormal maintenance is responsible for abnormal management of the Bluetooth module or the channel, and the equipment management module synchronizes the connection state to the abnormal maintenance task. And when communication abnormality occurs continuously, actively calling a power control interface to reset the module. Monitoring port connection state, actively disconnecting and scanning connection when long-term connection state abnormality or no data communication occurs. When the service application configures too many ports, the Bluetooth management application actively clears the information of the inactive ports, thereby improving the working efficiency. After authentication connection is established between devices, a safe Bluetooth air interface encryption communication channel is established, and confidentiality and integrity of data transmission are guaranteed. As shown in fig. 10, fig. 10 schematically illustrates a secure communication channel establishment procedure according to an embodiment of the present application.

The operation and maintenance equipment applies for the operation and maintenance area certificate and the Z algorithm instance to a safety resource management platform (a password resource management system is arranged in the safety resource management platform), and the request information carries Bluetooth private address and geographic position information; the security resource management platform verifies the validity of the operation and maintenance terminal address according to the strategy, and issues a Z algorithm example to the operation and maintenance equipment and the power terminal after the verification is passed; the operation and maintenance equipment and the power terminal start the processes of verification, negotiation and the like based on the private Z instance; after authentication is completed, establishing initial communication connection, and mutually transmitting an operation and maintenance area certificate and an operation and maintenance right by a Bluetooth module of the operation and maintenance equipment and a Bluetooth module of the power terminal to perform respective authentication; after the bidirectional authentication between the operation and maintenance equipment and the power terminal is successful, the data encryption and decryption are carried out on the temporary session key after the authentication of the Z algorithm example and the negotiation of the dynamic session key, a secure communication channel is finally established, and the advanced service can carry out data security transmission in modes of plaintext, ciphertext, plaintext+MAC, ciphertext+MAC and the like according to different data security levels.

The following describes the security authentication communication process in a specific application scenario:

referring to fig. 11, fig. 11 schematically illustrates an intelligent power distribution operation and maintenance application scenario according to an embodiment of the present application. Under the intelligent power distribution operation and maintenance scene, the operation and maintenance terminal accesses the safety access gateway in a 4G mode, the safety access gateway deploys a Z-password resource management service program, the operation and maintenance terminal deploys a safety Bluetooth component, and the intelligent fusion terminal, the electric energy meter and the intelligent switch can deploy the safety Bluetooth component. The specific security authentication communication process is as follows:

Step 1: the operation and maintenance terminal sends a fusion terminal access request to the security access gateway, wherein the request information carries a Bluetooth private address and geographic position information;

step 2: the security access gateway verifies the validity of the operation and maintenance terminal address according to the access strategy, and if the address is not legal, access is refused;

step 3: the security access gateway searches the intelligent fusion terminal of the area, generates Z algorithm examples for the intelligent fusion terminal and the operation and maintenance palm machine respectively, and distributes the Z algorithm examples to the operation and maintenance palm machine and the fusion terminal;

step 4: the operation and maintenance palm machine generates a self private MAC address and a fusion terminal private MAC address based on the received Z algorithm example, and initiates an access request to the intelligent fusion terminal based on the address;

step 5: after receiving the request packet, the fusion terminal verifies the validity of the address according to a private address verification mode, and refuses to access after verification failure;

step 6: after the address validity verification is passed, the dynamic session key negotiation is carried out, and the data encryption and decryption are carried out according to the temporary session key after the negotiation, so that the establishment of the security channel is completed.

Referring to fig. 12, fig. 12 schematically illustrates a family bluetooth application scenario according to an embodiment of the present application. All bluetooth communication nodes are provided with an address generation and verification mechanism. And deploying a safe Bluetooth service component in the home indoor gateway, wherein the safe Bluetooth service component is responsible for distributing Z-password algorithm examples required by all nodes in the intranet. Meanwhile, a safe Bluetooth module is deployed on all nodes to realize private address generation and verification functions, and the specific steps are as follows:

Step 1: registering basic information of the accessed Bluetooth equipment (such as a Bluetooth sound box) of the intranet in the safe Bluetooth service component through management software;

step 2: installing a safe Bluetooth component on each node, and deploying an initial Z-password algorithm example at the same timeConfiguring an indoor gateway address;

step 3: when the mobile phone is connected with the Bluetooth equipment through Bluetooth, the safe Bluetooth module initiates an access request Q1 to the indoor gateway, and the source address of the request packet is=Enc（/>，/>) Enc calculation result is +.>Is done by the secure bluetooth component. Meanwhile, the request packet can carry a timestamp and a request typeInformation such as the like;

step 4: after receiving the request Q1, the secure Bluetooth service component of the indoor gateway extracts a source MAC address from the data frame, verifies the validity of the address based on a Z-password algorithm, and if the address verification result is legal, goes to a step 5, otherwise, refuses further communication requests, and finishes access;

step 5: the secure bluetooth service component is based on the address of the bluetooth device being accessedCalculate mac=enc (++>，），/>An initial Z-password algorithm instance for the accessed bluetooth device;

step 6: after receiving the response information, the mobile phone can send a request to the Bluetooth equipment according to the distributed Z algorithm example, and the Bluetooth equipment verifies the legality of the address of the access equipment according to the distributed Z algorithm example, and if the connection is refused by non-rule.

Step 7: after the address validity verification is passed, the dynamic session key negotiation is carried out, the data encryption and decryption are carried out according to the temporary session key after the negotiation, and the establishment of the security channel is completed, so that the management control of the mobile phone equipment on the intelligent home equipment is realized.

For a multi-master multi-slave bluetooth network, which includes a plurality of master devices and a plurality of slave devices, please refer to fig. 13, fig. 13 schematically illustrates a multi-master multi-slave bluetooth network application scenario according to an embodiment of the present application. It should be noted that, for convenience of description of the scheme, the master device in the figure corresponds to the source bluetooth device, and the slave device corresponds to the destination bluetooth device. The embodiment also provides a channel and time slot control method based on channel state information and adjusted according to service priority, as shown in fig. 14, a master device and a slave device respectively acquire the local channel state, establish a channel priority table and a service priority table, then the master device and the slave device establish connection, the master device updates the service priority table according to the connection, and then performs dynamic channel switching, and correspondingly, the slave device follows the channel switching, and then the master device and the slave device perform data interaction based on a new channel.

For the master device, please refer to fig. 15, fig. 15 schematically shows a channel priority table generation flowchart according to an embodiment of the present application. In some embodiments, after establishing the secure communication channel, the bluetooth communication method further comprises the steps of:

Firstly, acquiring a local channel state, and constructing a channel diagram and a channel priority table based on the local channel state;

in this embodiment, each bluetooth device periodically analyzes each channel state, generates a channel map, and performs channel quality analysis on each signal, including signal quality, interference, noise level, and the like. According to the analysis result, the Bluetooth device establishes a respective channel priority table in which the priority order of each channel of the device is recorded. In the channel priority table, devices with higher channel quality have higher priority and can transmit data preferentially. Devices with lower channel quality may be arranged with lower priority and may be delayed or limited in transmission rate when transmitting data.

And then, acquiring self service information, and establishing a service priority table according to the grade and the priority of the self service.

In this embodiment, after connection is established, the bluetooth device establishes a service priority table according to its own service level and priority, and the service levels and priorities of all bluetooth devices establishing connection are uniformly agreed, that is, the service priorities corresponding to the same service in different bluetooth devices are the same.

When the service priority table is established, the main equipment considers the factors such as importance, urgency, timeliness and the like of different services, and establishes a corresponding priority order according to the factors. In the traffic priority table, higher priority traffic will get more resources and attention to ensure that it is handled timely and reliably. For lower priority traffic, the master device may limit its resource allocation or place it behind the queue to ensure normal execution of the high priority traffic. By establishing the service priority table, the equipment in the multi-master multi-slave Bluetooth network can be better managed, the timely processing and execution of important services are ensured, and meanwhile, the efficiency and reliability of the whole network are improved.

Wherein, still include: and transmitting the channel map and the channel priority table to all Bluetooth devices in the network in a broadcasting mode.

In this embodiment, in the multi-master multi-slave bluetooth network, each bluetooth device sends channel map information and a channel priority table to all bluetooth devices in the network in a broadcast manner, so that other devices can know available channels and corresponding frequency hopping sequences. The channel map information includes parameters such as frequency ranges, channel spacing, and hopping sequences of all available channels so that the device can select the best channel for communication. During the broadcast process, the device will continuously broadcast the channel map information and channel priority table to the surroundings, and after receiving this information, other devices can store it locally for use when needed. The channel map information and the channel priority table are sent in a broadcasting mode, so that communication and cooperation among devices in the multi-master multi-slave Bluetooth network can be promoted, the network is more open and transparent, and the efficiency and reliability of the whole network are improved. The slave device selects a proper channel and a frequency hopping sequence according to the received channel diagram information and communicates with the master device.

In some embodiments, the bluetooth communication method further comprises the steps of:

firstly, switching data channels according to a channel selection algorithm;

then, acquiring current channel state information and current service information by adopting the switched data channel;

then, comparing the current channel state information with a channel priority table to obtain the priority of the current channel;

and finally, switching the service channel according to the priority of the current channel, the service priority table and the current service information to obtain the most suitable channel.

And switching the service channel according to the priority of the current channel, the service priority table and the current service information to obtain the most suitable channel, wherein the method comprises the following steps:

the first step, according to the service priority list and the current service information, inquiring to obtain the current service priority;

step two, judging whether the current service priority is matched with the priority of the current channel;

thirdly, determining that the priority of the current service is matched with the priority of the current channel, and adopting the current channel to communicate;

and step four, determining that the current service priority is not matched with the priority of the current channel, selecting a channel matched with the current service priority from the channel priority table, and adopting the channel to communicate.

In this embodiment, after the master device and the slave device establish connection, the master device first performs channel switching according to a default csa#2 channel switching protocol, and then exchanges channel state information and current service information through a data channel, and the master device compares the current channel with a channel priority table, so as to know the priority of the current channel. And then switching the traffic channels according to the priority of the channels, wherein the master device can select the most suitable channel and the slave device to communicate. The channel switching process is to inquire the current service priority from the service priority table, and then select the channel matched with the priority from the channel priority table to communicate according to the service priority, so that the equipment in the multi-master multi-slave Bluetooth network can be better managed, the timely processing and execution of important services are ensured, and the efficiency and reliability of the whole network are improved.

firstly, periodically acquiring a channel state, and updating the channel priority table based on the channel state to obtain a new channel priority table;

and broadcasting the new channel priority table to enable the connected Bluetooth equipment to dynamically adjust the frequency hopping channel according to the new channel priority table.

In this embodiment, after the master device and the slave device establish connection, each device periodically analyzes its own channel state, updates the channel priority table, and broadcasts the channel priority table, and the master device connected with the master device dynamically adjusts the frequency hopping channel according to the updated channel priority table.

In some embodiments, the bluetooth communication method further comprises:

firstly, in the communication process, judging whether to dynamically adjust the time slot of the current communication according to the size of an interactive data packet;

and then, under the condition that the interactive data packet is large, the duty ratio of the time slot used by the current communication is adjusted according to the current service priority, so that the dynamic adjustment of the time slot is realized.

In this embodiment, after the master device and the slave device establish connection, the master device may determine whether to dynamically adjust a time slot according to the size of the interaction data packet, if the amount of interaction data is large, the communication efficiency needs to be further improved, the master device will adjust the time slot, adjust the duty ratio of the time slot used for current communication according to the current service priority, and perform dynamic allocation. If there are more devices currently connected, it can be considered that no time slot is allocated to the low priority connection in the current time slot, so as to ensure timely processing and execution of the high priority connection. Therefore, the efficiency and the reliability of the whole network can be improved, and the timely processing and execution of important services are ensured.

For the convenience of calculation, the adjusting the duty ratio of the time slot used for the current communication according to the current service priority specifically includes: generating a plurality of service weights according to the current service priority and the service priority table; and then, based on the duty ratio of each service weight, the duty ratio of the time slot used by the current communication is adjusted so as to realize the dynamic adjustment of the time slot.

In this embodiment, when the time slot duty ratio is adjusted according to the service priority, quantization is not easy according to the priority, so that the algorithm for generating the service weight according to the service priority and adjusting the time slot length according to the weight duty ratio can dynamically adjust the time slot length according to the priority and the weight ratio of the connection.

Specifically, the adjusting the duty ratio of the time slot used for the current communication based on the duty ratio of each service weight includes:

firstly, initializing the total time slot length;

then, calculating to obtain the adjusted length of each connecting time slot according to the duty ratio of each business weight and the total time slot length;

and finally, based on the adjusted time slot length of each connection, updating the time slot of each connection in the current communication so as to adjust the duty ratio of the time slot used in the current communication.

In this embodiment, the total slot length TotalSlotLength is initialized to the slot upper limit value, and the weight sum TotalWeighted default value is 100. And then updating the Priority level of each connection in real time according to the service Priority level table. Calculating the weight ratio of each connection: weight ratio_i=priority_i/totalweight, where priority_i is the weight of the ith connection and totalweight is the sum of the Priority weights of all connections. Calculating the length of each adjusted connection time slot: adjustedslotlength_i=totalslotlength. And according to the calculated time slot length of each connection, carrying out time slot updating on each connection, if the service changes, recalculating the time slot length required by each connection, and executing the adjustment process.

In the implementation process, a service priority table is generated according to the service priority, and different channel priorities can be set according to different service types and requirements for channel dynamic adjustment, so that channel resource allocation can be flexibly adjusted, and the method is suitable for various application scenes. And the channel is adjusted according to the service priority, so that the channel resource can be utilized more efficiently, and the communication efficiency and the data transmission rate are improved. By adjusting the channel priority, the important business can be ensured to be better ensured to be communicated, thereby improving the stability and reliability of the system. The channel priority is automatically adjusted according to the actual service demand and the change of the network environment, so that the system can be better adapted to the application scene of real-time change, and the self-adaption and the intelligence of the system are improved.

Wherein, compared with the conventional time slot adjustment, the time slot adjustment according to the weight has the following technical advantages:

1. flexibility: the time slot length can be flexibly adjusted according to the priority and the urgency of the task, so that the method is better suitable for various application scenes and the task requirements which change in real time.

2. Fairness: by adjusting the time slot according to the task weight, each task can be ensured to obtain a fair communication opportunity, and certain tasks are prevented from being influenced by communication conflicts.

3. Efficiency is that: the time slot is adjusted according to the task weight, so that the communication resource can be utilized more efficiently, the system efficiency and performance are improved, meanwhile, the occupation of low-priority service to network resources is avoided, and the efficiency and reliability of the whole network are improved.

4. Reliability: by adjusting the time slot according to the task weight, the important task can be ensured to be better ensured to be communicated, so that the stability and the reliability of the system are improved.

In correspondence to the source bluetooth device, the present embodiment further provides a bluetooth communication method, please refer to fig. 17, and fig. 17 schematically illustrates a flowchart of a bluetooth communication method applied to the destination bluetooth device according to an embodiment of the present application. The Bluetooth communication method is applied to the target Bluetooth equipment and comprises the following steps:

obtaining a password resource, wherein the password resource is obtained by the Bluetooth communication method applied to the password resource management system; under the condition that the password resource management system encrypts and signs the password resource and then sends the encrypted password resource to the Bluetooth device, the password resource obtaining comprises the following steps:

step 410: acquiring a second password resource ciphertext and a second signature, wherein the second password resource ciphertext and the second signature are obtained through the Bluetooth communication method applied to the password resource management system;

Step 420: a preset master station certificate is adopted to check the second signature, and under the condition that the second signature is checked successfully, a preset application key of a target Bluetooth device is adopted to decrypt the second password resource ciphertext, so that password resources are obtained;

the second password resource ciphertext is obtained by encrypting the password resource by using an application key of the source Bluetooth device through a password resource management system; the second signature is obtained by signing the second password resource ciphertext by the password resource management system based on a preset master station private key.

Step 430: and carrying out Bluetooth communication with the source Bluetooth device based on the password resource.

The method comprises the following steps of:

and then, based on the private address, carrying out Bluetooth communication with the source Bluetooth device by adopting a session key in the password resource.

In this embodiment, after obtaining the cryptographic resource, bluetooth communication may be performed based on the cryptographic resource, and, taking the above example as an example, the bluetooth device a generates a bluetooth private address according to the temporary key K1 and the Z algorithm instance Z1Bluetooth device B generates a Bluetooth private address ++A according to the temporary key K2, Z algorithm instance Z2>The method comprises the steps of carrying out a first treatment on the surface of the Bluetooth device a and bluetooth device B communicate using session key K3 as the session key.

In this embodiment, the process of generating the private address is the same as the process of generating the private address in the source bluetooth device, and will not be described herein.

In some embodiments, the performing bluetooth communication with the source bluetooth device using the session key in the cryptographic resource based on the private address includes:

firstly, responding to a connection establishment request sent by a source Bluetooth device, and acquiring a private address to be verified sent by the source Bluetooth device;

and then, carrying out validity verification on the private address to be verified based on the password resource, and carrying out Bluetooth communication with the source Bluetooth device by adopting a session key in the password resource under the condition that verification is passed.

The bluetooth communication between the session key in the password resource and the source bluetooth device comprises the following steps:

the first step, adopting the session key in the password resource to carry out dynamic session key negotiation with the source Bluetooth equipment to obtain a temporary session key;

and a second step of establishing a secure communication channel based on the temporary session key for Bluetooth communication.

In this embodiment, the process of verifying the validity of the address is the same as that of the source bluetooth device, and will not be described herein.

In some embodiments, after establishing the secure communication channel, further comprising:

Wherein, still include: and transmitting the channel map information and the channel priority list to all Bluetooth devices in the network in a broadcasting mode.

In this embodiment, the process of establishing the channel map, the channel priority table service, and the priority table is the same as the process of establishing the channel map, the channel priority table service, and the priority table in the source bluetooth device, and will not be described herein.

In some embodiments, the method further comprises the steps of:

In this embodiment, the process of updating the channel priority table is the same as the process of updating the channel priority table in the source bluetooth device, and will not be described herein.

The embodiment also provides a Bluetooth communication system, which comprises a password resource management system, a source Bluetooth device and a destination Bluetooth device;

the password resource management system is used for matching an application key of the source Bluetooth device and an application key of the target Bluetooth device in preset application keys of a plurality of Bluetooth devices based on the source Bluetooth device information and the target Bluetooth device information; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; wherein the cryptographic resource is used to generate a private address; encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature; and transmitting the first signature and the first password resource ciphertext to the source Bluetooth device, and transmitting the second signature and the second password resource ciphertext to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device perform Bluetooth communication based on the password resources.

The present embodiment also provides a bluetooth communication device, please refer to fig. 18, fig. 18 schematically shows a block diagram of a bluetooth communication device applied to a cryptographic resource management system according to an embodiment of the present application. The bluetooth communication device is applied to a cryptographic resource management system, and the bluetooth communication device comprises an acquisition module 510, an application key matching module 520, a cryptographic resource generating module 530, a first encryption module 540, a first signature module 550 and a issuing module 560, wherein:

the obtaining module 510 is configured to obtain a cryptographic resource application sent by a source bluetooth device; the password resource application comprises source Bluetooth equipment information, destination Bluetooth equipment information and a plurality of random numbers;

an application key matching module 520, configured to match an application key of the source bluetooth device and an application key of the destination bluetooth device among a preset plurality of bluetooth device application keys based on the source bluetooth device information and the destination bluetooth device information;

a cryptographic resource generating module 530, configured to generate a cryptographic resource based on the application key of the source bluetooth device, the application key of the destination bluetooth device, and a plurality of random numbers;

a first encryption module 540, configured to encrypt the cryptographic resources by using the application key of the source bluetooth device and the application key of the destination bluetooth device, respectively, to obtain a first cryptographic resource ciphertext and a second cryptographic resource ciphertext; wherein the cryptographic resource is used to generate a private address;

The first signature module 550 is configured to sign the first cryptographic resource ciphertext and the second cryptographic resource ciphertext based on a preset master station private key, and generate a first signature and a second signature;

and the issuing module 560 is configured to issue the first signature and the first cipher resource ciphertext to the source bluetooth device, and issue the second signature and the second cipher resource ciphertext to the destination bluetooth device, so that the source bluetooth device and the destination bluetooth device perform bluetooth communication based on the cipher resource.

The cryptographic resource generation module 530 includes:

The bluetooth communication device includes a processor and a memory, where the acquisition module 510, the application key matching module 520, the cryptographic resource generation module 530, the first encryption module 540, the first signature module 550, the issuing module 560, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.

The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one kernel, the risk of being attacked is reduced by adjusting kernel parameters, and the safety of Bluetooth communication is ensured.

The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.

The present embodiment provides a bluetooth communication device, please refer to fig. 19, fig. 19 schematically shows a block diagram of a bluetooth communication device applied to a source bluetooth apparatus according to an embodiment of the present application. The bluetooth communication device is applied to a source bluetooth device, and includes a first cryptographic resource acquisition module 610, a first signature verification module 620, and a first bluetooth communication module 630, where:

The first cryptographic resource obtaining module 610 is configured to obtain a first cryptographic resource ciphertext and a first signature, where the first cryptographic resource ciphertext and the first signature are obtained by the bluetooth communication device applied to the cryptographic resource management system;

the first signature verification module 620 is configured to verify the first signature by using a preset master station certificate, and decrypt the first cryptographic resource ciphertext by using an application key of a preset source bluetooth device to obtain a cryptographic resource if the first signature verification is successful;

the first bluetooth communication module 630 is configured to perform bluetooth communication with the destination bluetooth device based on the cryptographic resource.

The bluetooth communication device includes a processor and a memory, where the first cryptographic resource obtaining module 610, the first signature verification module 620, the first bluetooth communication module 630, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.

The present embodiment provides a bluetooth communication device, please refer to fig. 20, fig. 20 schematically shows a block diagram of a bluetooth communication device applied to a destination bluetooth apparatus according to an embodiment of the present application. The bluetooth communication device is applied to a destination bluetooth device, and includes a second cryptographic resource obtaining module 710, a second signature verification module 720 and a second bluetooth communication module 730, wherein:

the second cryptographic resource obtaining module 710 is configured to obtain a second cryptographic resource ciphertext and a second signature, where the second cryptographic resource ciphertext and the second signature are obtained by the bluetooth communication device applied to the cryptographic resource management system;

the second signature verification module 720 is configured to verify the second signature by using a preset master station certificate, and decrypt the second cryptographic resource ciphertext by using an application key of a preset destination bluetooth device to obtain a cryptographic resource if the second signature verification is successful;

And a second bluetooth communication module 730, configured to perform bluetooth communication with the source bluetooth device based on the cryptographic resource.

The bluetooth communication device includes a processor and a memory, where the second cryptographic resource obtaining module 710, the second signature verification module 720, the second bluetooth communication module 730, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.

Embodiments of the present invention provide a machine-readable storage medium having stored thereon a program which when executed by a processor implements the bluetooth communication method.

The embodiment of the invention provides a processor which is used for running a program, wherein the Bluetooth communication method is executed when the program runs.

In one embodiment, a computer device is provided, which may be a terminal, and an internal structure diagram thereof may be as shown in fig. 21. The computer apparatus includes a processor a01, a network interface a02, a display screen a04, an input device a05, and a memory (not shown in the figure) which are connected through a system bus. Wherein the processor a01 of the computer device is adapted to provide computing and control capabilities. The memory of the computer device includes an internal memory a03 and a nonvolatile storage medium a06. The nonvolatile storage medium a06 stores an operating system B01 and a computer program B02. The internal memory a03 provides an environment for the operation of the operating system B01 and the computer program B02 in the nonvolatile storage medium a06. The network interface a02 of the computer device is used for communication with an external terminal through a network connection. The computer program is executed by the processor a01 to implement a bluetooth communication method. The display screen a04 of the computer device may be a liquid crystal display screen or an electronic ink display screen, and the input device a05 of the computer device may be a touch layer covered on the display screen, or may be a key, a track ball or a touch pad arranged on a casing of the computer device, or may be an external keyboard, a touch pad or a mouse.

It will be appreciated by those skilled in the art that the structure shown in fig. 21 is merely a block diagram of a portion of the structure associated with the present application and is not limiting of the computer device to which the present application applies, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, the bluetooth communication method provided herein may be implemented in the form of a computer program that is executable on a computer device as shown in fig. 21. The memory of the computer device may store various program modules constituting the bluetooth communication device, such as the acquisition module 510, the application key matching module 520, the cryptographic resource generation module 530, the first encryption module 540, the first signature module 550, and the issuing module 560 shown in fig. 18. Or the first cryptographic resource acquisition module 610, the first verification module 620, and the first bluetooth communication module 630 shown in fig. 19. Or the second cryptographic resource acquisition module 710, the second verification module 720, and the second bluetooth communication module 730 shown in fig. 20, causes the processor to execute the steps in the bluetooth communication method of the various embodiments of the present application described in the present specification.

The computer apparatus shown in fig. 21 may perform step 210 through the acquisition module 510 in the bluetooth communication device as shown in fig. 18. The computer device may perform step 220 by applying the key matching module 520, the cryptographic resource generating module 530 may perform step 230, the computer device may perform step 240 by the first encryption module 540, the computer device may perform step 250 by the first signing module 550, and the computer device may perform step 260 by the issuing module 560.

The computer apparatus shown in fig. 21 may perform step 310 through the first cryptographic resource acquisition module 610 in the bluetooth communication device as shown in fig. 19. The computer device may perform step 320 via the first tag verification module 620 and the computer device may perform step 330 via the first bluetooth communication module 630.

The computer apparatus shown in fig. 21 may perform step 410 through the second cryptographic resource acquisition module 710 in the bluetooth communication device as shown in fig. 20. The computer device may perform step 420 via the second verification module 720. The computer device may perform step 430 through the second bluetooth communication module 730.

The embodiment of the application provides electronic equipment, which comprises: at least one processor; a memory coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the at least one processor implements the bluetooth communication method by executing the instructions stored by the memory. The processor when executing the instructions implements the steps of: the Bluetooth communication method is applied to a password resource management system and comprises the following steps:

Wherein the cryptographic resource is used to generate a private address.

In one embodiment, the password resource management system is preset with security chip serial numbers of a plurality of Bluetooth devices, the plurality of random numbers comprise a first random number, a second random number and a third random number, and the password resource comprises a Z algorithm instance, a temporary key and a session key;

In one embodiment, the process of acquiring the preset application keys of the plurality of bluetooth devices includes:

A Bluetooth communication method is applied to a source Bluetooth device and comprises the following steps:

In one embodiment, the performing bluetooth communication with the destination bluetooth device based on the cryptographic resource includes:

In one embodiment, the temporary key comprises: temporary key K1 and temporary key K2; examples of the Z algorithm include: z algorithm instance Z1 and Z algorithm instance Z2;

In one embodiment, the performing bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource based on the private address includes:

In one embodiment, the bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource includes:

In one embodiment, after establishing the secure communication channel, further comprising:

In one embodiment, further comprising:

switching the data channel according to the channel selection algorithm;

In one embodiment, the switching the traffic channel according to the priority of the current channel, the traffic priority table, and the current traffic information to obtain the most suitable channel includes:

In one embodiment, further comprising:

In one embodiment, the adjusting the duty ratio of the time slot used by the current communication according to the current service priority to realize the dynamic adjustment of the time slot includes:

In one embodiment, the adjusting the duty ratio of the time slot used by the current communication based on the duty ratio of each service weight includes:

initializing the total time slot length;

A Bluetooth communication method is applied to a target Bluetooth device and comprises the following steps:

In one embodiment, the performing bluetooth communication with the source bluetooth device based on the cryptographic resource includes:

In one embodiment, the performing bluetooth communication with the source bluetooth device using the session key in the cryptographic resource based on the private address includes:

In one embodiment, the bluetooth communication with the source bluetooth device using the session key in the cryptographic resource includes:

In one embodiment, further comprising:

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims

1. A bluetooth communication method, applied to a cryptographic resource management system, comprising:

the password resource management system is preset with security chip serial numbers of a plurality of Bluetooth devices, the plurality of random numbers comprise a first random number, a second random number and a third random number, and the password resource comprises a Z algorithm instance, a temporary key and a session key; the Z algorithm example and the temporary key are used for encrypting a random code formed by a time stamp and a region code to obtain an encrypted ciphertext, the encrypted ciphertext is used for constructing a private address with the time stamp and the region code, the session key is used for carrying out dynamic session key negotiation to obtain a temporary session key, and the temporary session key is used for establishing a secure communication channel for Bluetooth communication;

2. The bluetooth communication method according to claim 1, wherein the acquiring process of the preset plurality of bluetooth device application keys includes:

3. A bluetooth communication method, applied to a source bluetooth device, comprising:

acquiring a first password resource ciphertext and a first signature, wherein the first password resource ciphertext and the first signature are obtained by the Bluetooth communication method according to any one of claims 1-2;

4. A bluetooth communication method according to claim 3, wherein said bluetooth communication with a destination bluetooth device based on said cryptographic resource comprises:

5. The bluetooth communication method according to claim 4, wherein the constructing a private address based on the Z algorithm instance and the temporary key in the cryptographic resource comprises:

6. The bluetooth communication method according to claim 5, wherein the bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource based on the private address comprises:

7. The bluetooth communication method according to claim 6, wherein the bluetooth communication with the destination bluetooth device using the session key in the cryptographic resource comprises:

8. The bluetooth communication method according to claim 6, further comprising, after establishing the secure communication channel:

9. The bluetooth communication method according to claim 8, further comprising:

10. The bluetooth communication method according to claim 8, further comprising:

switching the data channel according to the channel selection algorithm;

11. The bluetooth communication method according to claim 10, wherein the switching the traffic channel according to the priority of the current channel, the traffic priority table, and the current traffic information to obtain the most suitable channel comprises:

12. The bluetooth communication method according to claim 8, further comprising:

13. The bluetooth communication method according to claim 8, further comprising:

14. The bluetooth communication method according to claim 13, wherein the adjusting the duty ratio of the time slot used for the current communication according to the current traffic priority to achieve the dynamic adjustment of the time slot comprises:

15. The bluetooth communication method according to claim 14, wherein the adjusting the duty ratio of the time slot used for the current communication based on the duty ratio of each traffic weight comprises:

initializing the total time slot length;

16. A bluetooth communication method, applied to a destination bluetooth device, comprising:

acquiring a second cipher resource ciphertext and a second signature, wherein the second cipher resource ciphertext and the second signature are obtained by the Bluetooth communication method according to any one of claims 1-2;

17. The bluetooth communication method according to claim 16, wherein the performing bluetooth communication with the source bluetooth device based on the cryptographic resource comprises:

18. The bluetooth communication method according to claim 17, wherein the constructing a private address based on the Z algorithm instance and the temporary key in the cryptographic resource comprises:

19. The bluetooth communication method according to claim 17, wherein the bluetooth communication with the source bluetooth device using the session key in the cryptographic resource based on the private address comprises:

20. The bluetooth communication method according to claim 19, wherein the using the session key in the cryptographic resource for bluetooth communication with the source bluetooth device comprises:

21. The bluetooth communication method according to claim 20, further comprising, after establishing the secure communication channel:

22. The bluetooth communication method according to claim 21, further comprising:

23. The bluetooth communication method according to claim 21, further comprising:

24. A Bluetooth communication system is characterized by comprising a password resource management system, a source Bluetooth device and a destination Bluetooth device;

the password resource management system is used for matching an application key of the source Bluetooth device and an application key of the target Bluetooth device in preset application keys of a plurality of Bluetooth devices based on the source Bluetooth device information and the target Bluetooth device information; generating a password resource based on the application key of the source Bluetooth device, the application key of the destination Bluetooth device and a plurality of random numbers; encrypting the password resources by using the application key of the source Bluetooth device and the application key of the destination Bluetooth device respectively to obtain a first password resource ciphertext and a second password resource ciphertext; respectively signing the first cipher resource ciphertext and the second cipher resource ciphertext based on a preset master station private key to generate a first signature and a second signature; the first signature and the first password resource ciphertext are issued to the source Bluetooth device, and the second signature and the second password resource ciphertext are issued to the destination Bluetooth device, so that the source Bluetooth device and the destination Bluetooth device carry out Bluetooth communication based on the password resources; the password resource management system is preset with security chip serial numbers of a plurality of Bluetooth devices, the plurality of random numbers comprise a first random number, a second random number and a third random number, and the password resource comprises a Z algorithm instance, a temporary key and a session key; the Z algorithm example and the temporary key are used for encrypting a random code formed by a time stamp and a region code to obtain an encrypted ciphertext, the encrypted ciphertext is used for constructing a private address with the time stamp and the region code, the session key is used for carrying out dynamic session key negotiation to obtain a temporary session key, and the temporary session key is used for establishing a secure communication channel for Bluetooth communication; the generating a cryptographic resource based on the application key of the source bluetooth device, the application key of the destination bluetooth device, and the plurality of random numbers includes: performing decentralized processing on the application key of the source Bluetooth device based on the first random number to obtain a temporary key K1; performing decentralized processing on the application key of the target Bluetooth device based on the second random number to obtain a temporary key K2; generating a Z algorithm instance Z1 by adopting a Z cryptographic algorithm based on the temporary key K1, and generating a Z algorithm instance Z2 by adopting a Z cryptographic algorithm based on the temporary key K2; performing decentralized processing on the application key of the source Bluetooth device based on the security chip serial number of the target Bluetooth device and the third random number to obtain a session key; and obtaining the password resource according to the temporary key K1, the temporary key K2, the Z algorithm example Z1, the Z algorithm example Z2 and the session key.

25. A bluetooth communication device for use in a cryptographic resource management system, the bluetooth communication device comprising:

The issuing module is used for issuing the first signature and the first password resource ciphertext to the source Bluetooth device and issuing the second signature and the second password resource ciphertext to the destination Bluetooth device so that the source Bluetooth device and the destination Bluetooth device can carry out Bluetooth communication based on the password resources;

the password resource generation module comprises:

26. A bluetooth communication device, for use with a source bluetooth device, comprising:

a first cryptographic resource obtaining module, configured to obtain a first cryptographic resource ciphertext and a first signature, where the first cryptographic resource ciphertext and the first signature are obtained by the bluetooth communication device according to claim 25;

27. A bluetooth communication device, for use in a bluetooth destination device, comprising:

a second cryptographic resource obtaining module, configured to obtain a second cryptographic resource ciphertext and a second signature, where the second cryptographic resource ciphertext and the second signature are obtained by the bluetooth communication device according to claim 25;

28. An electronic device, comprising:

at least one processor;

a memory coupled to the at least one processor;

wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the bluetooth communication method according to any one of claims 1-23 by executing the instructions stored by the memory.

29. A machine-readable storage medium having instructions stored thereon, which when executed by a processor cause the processor to be configured to perform the bluetooth communication method according to any of claims 1-23.