WO2013134927A1 - Transport layer security-based key delivery method, smart meter reading terminal and server - Google Patents

Transport layer security-based key delivery method, smart meter reading terminal and server Download PDF

Info

Publication number
WO2013134927A1
WO2013134927A1 PCT/CN2012/072274 CN2012072274W WO2013134927A1 WO 2013134927 A1 WO2013134927 A1 WO 2013134927A1 CN 2012072274 W CN2012072274 W CN 2012072274W WO 2013134927 A1 WO2013134927 A1 WO 2013134927A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
server
random number
meter reading
seed key
Prior art date
Application number
PCT/CN2012/072274
Other languages
French (fr)
Chinese (zh)
Inventor
涂校明
Original Assignee
华为终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为终端有限公司 filed Critical 华为终端有限公司
Priority to CN201280000277.3A priority Critical patent/CN102742250B/en
Priority to PCT/CN2012/072274 priority patent/WO2013134927A1/en
Publication of WO2013134927A1 publication Critical patent/WO2013134927A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the invention relates to the field of intelligent meter reading, in particular to a key transfer method based on transport layer security, an intelligent meter reading terminal and a server.
  • Background of the invention :
  • the existing smart meter reading system mainly uses the mechanism defined by the SSWG (Smart Specification Working Group) to complete the interaction between the smart meter reading terminal and the energy provider's server.
  • the SSWG currently mainly adopts the Transport Layer Security (TLS) protocol as a specification for data link establishment.
  • TLS Transport Layer Security
  • One of the authentication methods in the TLS protocol uses a Pre-Shared Key as the basis for encryption.
  • the pre-shared key in the TLS protocol is preset, which is not conducive to updating and maintenance, and reduces security.
  • the embodiment of the invention discloses a key transfer method based on the transport layer security, an intelligent meter reading terminal and a server, so that the pre-shared key of the data encryption system based on the transport layer security protocol is dynamically allocated, thereby improving the overall system. Maintainability and safety.
  • the embodiment of the invention discloses a key delivery method based on the security of the transport layer, comprising: the smart meter reading terminal receiving the push message from the first server, the push message containing the first ciphertext, the first ciphertext Obtaining, after the second ciphertext and the second seed key are encrypted by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, The first key is generated by the first seed key and the first random number, The first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server;
  • the smart meter reading terminal decrypts the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypts the second secret by using the obtained second seed key Obtaining a second second seed key, where the first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset in the smart meter reading On the terminal;
  • the second seed key and the first random number are used to encrypt the response normally received by the second seed key, and the response is sent to the First server;
  • the smart meter reading terminal and the first server use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
  • the embodiment of the invention discloses a smart meter reading terminal, which comprises a processing unit, a storage unit and an uplink communication unit, wherein
  • the storage unit is configured to store a first seed key and a first random number
  • the uplink communication unit is configured to communicate with the first server
  • the processing unit is configured to receive, by the uplink communications unit, a push message from the first server, where the push message includes a first ciphertext, and the first ciphertext uses a first key pair second secret
  • the second ciphertext is obtained by encrypting the second seed key by using the second seed key, and the first key is obtained by the first Generating the seed key and the first random number, the first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server;
  • the processing unit is further configured to read the first seed key and the first random number from the storage unit, and generate the first secret by using the first seed key and the first random number Decrypting the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypting the second ciphertext using the obtained second seed key to obtain a secondary cipher Two seed key;
  • the processing unit is further configured to compare the obtained second seed key and the second second seed key, and if they are the same, use the second seed key and the first random number to encrypt the second seed key to receive the response normally.
  • the processing unit 501 is further configured to store the second seed key in the storage unit, and use the second seed
  • the key is used as a pre-shared key in the transport layer security protocol to establish a data link between the smart meter reading terminal and the first server.
  • the embodiment of the invention further discloses a key delivery method based on the security of the transport layer, comprising: sending, by the first server, a push message to the smart meter reading terminal, where the push message includes a first ciphertext, the first ciphertext Obtaining, after the second ciphertext and the second seed key are encrypted by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, The first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset on the first server, and the second seed key is Is generated by the first server;
  • the first server and the smart meter reading terminal use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
  • the embodiment of the invention further discloses a server, comprising a processing unit, a storage unit and a first communication unit, wherein
  • the first communication unit is configured to communicate with a smart meter reading terminal
  • the processing unit is configured to generate a second seed key, and send a push message to the smart meter reading terminal by using the first communication unit, where the push message includes a first ciphertext, and the first ciphertext is the
  • the processing unit obtains the second ciphertext and the second seed key by using the first key, and the second ciphertext is obtained by encrypting the second seed key by using the second seed key.
  • the first key is generated by the first seed key and the first random number;
  • the storage unit is configured to store the first seed key and the first random number;
  • the processing unit is further configured to receive, by using the first communication unit, a response that is received by the second seed key of the smart meter reading terminal, and the second seed key is normally received by using the second seed key.
  • the key and the first random number are encrypted.
  • the processing unit is further configured to establish, by using the first communication unit and the smart meter reading terminal, the second seed key as a pre-shared key in a transport layer security protocol, to establish the smart meter reading terminal and the A data link between the servers.
  • the pre-shared key in the TLS protocol can be dynamically allocated in the smart meter reading system, thereby improving the smart meter reading system. Security and maintainability.
  • FIG. 1 is a schematic diagram of a key transfer method based on transport layer security disclosed in an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a method for a server to wake up a smart meter reading terminal according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a method for a smart meter reading terminal to wake up a server according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a method for updating a seed key according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of a smart meter reading terminal according to an embodiment of the present invention
  • FIG. 6 is a server disclosed in an embodiment of the present invention
  • the smart meter reading terminal described in the embodiments of the present invention includes, but is not limited to, a smart meter reading gateway or a smart meter, such as an intelligent power gateway, a smart meter, a smart water meter or a smart gas meter, etc.; This includes, but is not limited to, the measurement of the measured substance, such as electricity consumption, water consumption, etc., or data including the unit price of the valuation.
  • an embodiment of the present invention provides a key transfer method based on transport layer security, including the following steps:
  • Step 101 The smart meter reading terminal receives the push message from the first server, where the push message includes a first ciphertext, and the first ciphertext uses the first key pair to the second ciphertext and the second seed key. Obtained after the encryption is performed, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, where the first key is a first seed key and a first random number The first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server.
  • the first server may be a server of an energy provider's Head End System (HES), which is mainly used to manage a smart meter reading terminal under its jurisdiction, for example, a power supplier's HES can be used to manage its jurisdiction. Smart power gateway for customers.
  • HES Head End System
  • the storage device can be used to store software or data of the first server at the same time, or can be a specific storage device dedicated to storing the first seed key, such as a special seed key storage chip.
  • the generating, by the first seed key and the first random number, the first key may be, for example, arranging characters of the first seed key and the first random number according to a certain regularity Generating the first key, or generating the first key according to an established algorithm by using the first seed key and the first random number, and the predetermined algorithm may be any existing algorithm. Or an algorithm suitable for these two types of parameters in an algorithm developed after the present invention. However, it is required to ensure that the first server and the smart meter reading terminal are simultaneously configured with the algorithm.
  • the first ciphertext is obtained, and specifically, the first key may be used, according to an established
  • the algorithm encrypts the second ciphertext and the second seed key.
  • the predetermined algorithm may be an algorithm suitable for both types of parameters in any existing algorithm or algorithm developed later in the present invention, but the key supported by the algorithm should include the first key.
  • the algorithm can be the AES256 algorithm in the TLS protocol.
  • the encrypting the second seed key by using the second seed key to obtain the second ciphertext may be performed by using the second seed key according to a predetermined algorithm.
  • the second seed key is encrypted.
  • the predetermined algorithm may be any existing algorithm or an algorithm suitable for this parameter in an algorithm developed after the present invention, but the key supported by the algorithm should include the second seed key.
  • the algorithm can be the AES256 algorithm in the TLS protocol.
  • the algorithm for generating the first ciphertext may be the same as or different from the algorithm for generating the second ciphertext, but should be configured on the first server and the smart meter reading terminal.
  • Step 102 The smart meter reading terminal decrypts the first ciphertext by using the first key to obtain the second ciphertext and the second seed key, and decrypts the second ciphertext by using the second seed key. Obtaining a second second seed key, where the first key is generated by the first seed key and the first random number, where the first seed key and the first random number are preset in the smart meter reading terminal on.
  • the storage device can be used to store software or data of the smart meter reading terminal at the same time, or can be a specific storage device dedicated to storing the first seed key, such as a special seed key storage chip.
  • the generating, by the first seed key and the first random number, the first key may be, for example, arranging the characters of the first seed key and the first random number according to a certain regularity Generating the first key, or generating the first key by using the first seed key and the first random number according to an established algorithm, and the predetermined algorithm may be any existing algorithm Or an algorithm suitable for these two types of parameters in an algorithm developed after the present invention.
  • the first server generates the first key, and the manner in which the smart meter reading terminal generates the first key should be the same.
  • Step 103 If the second seed key is the same as the second second seed key, encrypt the response normally received by the second seed key by using the second seed key and the first random number, and send the response To the first server.
  • Step 104 The smart meter reading terminal and the first server use the second seed key as a pre-shared key in the TLS protocol to establish data between the smart meter reading terminal and the first server. link.
  • the pre-shared key in the TLS protocol can be dynamically allocated by the first server, and the second seed key in the embodiment of the present invention is used as the pre-shared key, thereby improving the adoption pre-emption in the TLS protocol.
  • the method further includes: the smart meter reading terminal generates a second random number, and the second random number is carried in the device installation request message and sent to the first server, where The device installation request message is sent as a short message. Determining, by the first server, whether the sending number of the short message is legal, for example, is the number of the smart meter reading terminal under the jurisdiction of the first server, and if it is legal, generating a third random number, and the second random number The number and the third random number are sent to the smart meter reading terminal through a short message.
  • the smart meter reading terminal verifies the number of the short message sent by the first server and the legality of the second random number, and if it is legal, generates the second key by using the third random number and the first seed key. And encrypting the terminal identification information of the smart meter reading terminal with the second key, and sending the information to the first server.
  • the first server generates a second key by using the third random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the second key to obtain a terminal of the smart meter reading terminal. Identification information, and verifying the legitimacy of the terminal identification information, if If it is legal, the second seed key is generated.
  • the first server verifies that the number of the short message sent by the smart meter reading terminal is invalid, or the smart table lookup terminal verifies that the first server sends the number of the short message or returns a second random number. If any one is illegal, all information interactions can be terminated.
  • the method may further include: before the step 101, the smart meter reading terminal generates the first key by using the first random number and the first seed key, using the first key
  • the terminal identification information of the smart meter reading terminal is encrypted and carried in a device installation request message sent to the first server.
  • the first server generates the first key by using the first random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the first key to obtain the smart copy
  • the terminal identification information of the terminal is verified, and the validity of the terminal identification information is verified. If the terminal is legal, the second seed key is generated.
  • the terminal identification information may be IMEI (International Mobile Equipment Identity, International Mobile Equipment Identity) of the terminal, IMSI (International Mobile Subscriber Identification Number , only the second international mobile subscriber code 1 J) and MAC (Media At least one of the Access Control, Media Access Control) addresses.
  • IMEI International Mobile Equipment Identity, International Mobile Equipment Identity
  • IMSI International Mobile Subscriber Identification Number , only the second international mobile subscriber code 1 J
  • MAC Media At least one of the Access Control, Media Access Control
  • the first server verifies that the terminal identification information of the smart meter reading terminal is invalid, the first key may be used to encrypt the response of the authentication failure and sent to the smart meter reading terminal.
  • the first key may be used for encryption and decryption, and the The second seed key and the first random number generate a third key, and the third key is used for encryption and decryption.
  • the second random number and the third random number are exchanged between the smart meter reading terminal and the first server before the step 101, the second key may be used for encryption and decryption.
  • the smart meter reading terminal may send a second seed key request to the first server.
  • the second seed key request message may be encrypted or decrypted using the first key, or if the second is exchanged between the smart meter reading terminal and the first server before the step 101
  • the random number and the third random number may also be encrypted and decrypted using the second key or the sixth key.
  • the second sub-key request message may limit the maximum number of transmissions, for example, 2 times, to avoid meaningless repetition.
  • the first seed key and the first random number are preset in the smart meter reading terminal and the first server. This preset can be done during the production of the smart meter reading terminal.
  • the first seed key and the first random number may be obtained by the smart meter reading terminal from a second server and stored in a memory of the smart meter reading terminal.
  • the second server is a server of the manufacturer of the smart meter reading terminal.
  • the first seed key and the first random number may be generated by the second server, and the smart meter reading terminal acquires the first seed from the second server.
  • the key specificity may be: the smart meter reading terminal reports the terminal identification information to the second server; the smart meter reading terminal receives the first seed key and the first random number from the second server, The first seed key is generated by the terminal identification information.
  • the first seed key and the first random number may be generated by a first key server.
  • the smart meter reading terminal may obtain the first seed key and the first random number from the second server, where the smart meter reading terminal reports the terminal identity information to the second server.
  • the second server sends the terminal identification information reported by the smart meter reading terminal Forwarding to the first key server, and writing the first seed key and the first random number delivered by the first key server to the smart meter reading terminal, where the smart meter reading terminal
  • the second server receives the first seed key and the first random number.
  • the second random number is generated by the first key server.
  • the first key server may only generate the first seed key, and the second server generates the first random number.
  • the first key server may be a server controlled by an energy provider that subscribes to the batch of smart meter reading terminals.
  • the first seed key and the first random number need to be imported into the first server. If the first seed key and the first random number are directly generated by the second server, or generated by a first key server controlled by a manufacturer of the smart meter reading terminal, The controller of the second server, that is, the manufacturer of the smart meter reading terminal, needs to transmit the first seed key to the manager of the first server, optionally, may also constitute the first seed.
  • the terminal identification information of the smart meter reading terminal of the key is also transmitted to the manager of the first server, and the manager of the first server imports the first server. The transmission may be performed by any one of the data transmission methods, and the present invention is not limited thereto.
  • the first seed key is generated by a dedicated first key server, and the first key server is a server controlled by an energy provider who subscribes to the batch smart meter reading terminal, it can be understood
  • the first key server is the same entity as the administrator of the first server, that is, an energy provider. At this time, the energy provider needs to import the first key from the first key server to the first server.
  • the first key server and the first server may also be the same server, but this embodiment does not recommend this practice for security reasons.
  • the terminal identity identification information of the smart meter reading terminal constituting the first seed key may also be imported into the first server.
  • the process of acquiring the first seed key from the second server by the smart meter reading terminal is completed in the production process of the smart meter reading terminal.
  • the method further includes: sending, by the second server, the smart meter reading terminal to query the smart meter reading terminal Request for terminal identification information. If the first seed key is generated by the first key server, the method may further include: the second server requesting the first key server to deliver the first seed key, The first key server requests the second server to report the terminal identity identification information of the corresponding smart meter reading terminal.
  • the second server may further send the first random number to the first key server.
  • the method further includes: sending, by the smart meter reading terminal, the first seed key and the The response of the first random number successfully written.
  • the smart meter reading terminal interacts with the first server (ServerHdlo) message and the terminal call (ClientHdlo) message to negotiate an algorithm set.
  • the algorithm set may be AES256.
  • the smart meter reading terminal uses the second seed key as a preset key, sends a client key exchange (ClientKeyExchange) message to the first server, and uses the second seed key as a preset key
  • the key generates a session key (Session Key) and sends an ExchangClipherSpec message to the first server to notify the first server to start encrypting and decrypting using the session key.
  • the first server changes its own security state to perform symmetric encryption using the session key, and sends an ExchangClipherSpec message to the smart meter reading terminal. Thereafter, the exchanged data is encrypted and decrypted by the first server and the smart meter reading terminal using the session key until the data exchange is completed.
  • step 104 is only an example of a single ticket.
  • PSK Algorithm for TLS (“PSK Ciphersuites for TLS", December 2005) published in December 2005.
  • the representation of the PSK key exchange algorithm and related parts The application of the present invention is not described in detail herein.
  • the first server and the smart meter reading terminal do not always maintain data links.
  • one end is needed to wake up the other end.
  • the smart meter reading terminal is awakened by the first server, or by the smart The meter reading terminal wakes up the first server.
  • Two optional wake-up modes are described below. If the smart meter reading terminal is awakened by the first server, reference may be made to FIG. 2.
  • Step 202 The smart meter reading terminal verifies the validity of the sending number of the short message, and if it is legal, encrypts the smart by using one of the third key, the fourth key or the fifth key.
  • the terminal identification information of the meter reading terminal and the fourth random number are sent to the first server as a response to the wake-up message, so that the first server verifies the smart meter reading terminal.
  • the response can be sent as a push message.
  • the verifying, by the first server, the smart meter reading terminal may be: the first server uses one of the third key, the fourth key, or the fifth key (should be the smart The same one of the encryption keys of the meter reading terminal decrypts the terminal identification information and the fourth random number, and verifies the terminal identification information and the legality of the fourth random number.
  • the interaction may be terminated directly.
  • Step 301 The smart meter reading terminal uses one of the third key, the fourth key, or the fifth key to encrypt the service that needs to be reported, and sends the service to the first server.
  • the first server Decrypting using one of the third key, the fourth key, or the fifth key (which should be the same as the encryption key of the smart meter reading terminal) to obtain the reported service.
  • the reported service may be, for example, the power consumption of the month.
  • Step 302 The smart meter reading terminal receives a wake-up reason code sent by the first server, where the wake-up reason code is one of the third key, the fourth key, or the fifth key used by the first server. Encrypted.
  • Step 303 The smart meter reading terminal decrypts using one of the third key, the fourth key or the fifth key (should be the same one as the encryption key of the smart meter reading terminal)
  • the reason code is awakened to confirm that the reported service is correctly received by the first server.
  • the wake reason code is a reason code corresponding to the reported service.
  • the smart meter reading terminal may report the service data to the first server by using a wake-up manner.
  • the reporting may be performed immediately after the first server wakes up the smart meter reading terminal, or may be performed within a predetermined period of time.
  • a TLS link can also be established for delivery if needed.
  • the way to establish a TLS link can use the TLS standard protocol for TLS link recovery. The embodiments of the present invention are not described in detail herein.
  • the process of updating the seed key is described below. It can be understood that in the embodiment of the present invention, the seed key can be updated at any time.
  • the embodiment of the present invention recommends that in the step 103 of the method flow shown in FIG. 1, after the TLS link is established, the seed key is updated.
  • the specific update manner may be that the first server generates a third seed key, and delivers the third seed key to the smart meter reading terminal through a TLS link.
  • the smart meter reading terminal is to the first The server responded successfully that the seed key was received.
  • the TLS link between the first server and the smart meter reading terminal is disconnected, and the TLS link is established again using the third seed key.
  • the smart meter reading terminal and the first server may establish a TLS link by using the second seed key, where the smart meter reading terminal The first server requests the third seed key and then retry to establish a TLS link using the third seed key.
  • one of the third key, the fourth key, or the fifth key used in the above-described wakeup process should be replaced with the third seed key.
  • a method for updating a seed key disclosed in the embodiment of the present invention can refer to FIG. 4. It should be noted that, in this embodiment, the updated seed key is represented by the fourth seed key, and the current seed key of the smart meter reading terminal is represented by the third seed key, but the illustrated update process is not indicated. It must be the first key update of the smart meter reading terminal in use.
  • the seed key update procedure of the embodiment of the present invention can be applied to any update of the seed key.
  • the update of the seed key is initiated by the first server. When the first server detects the set conditional achievement of updating the seed key of the smart meter reading terminal, the seed key update process is initiated.
  • Step 401 The first server requests a second seed key from the second key server, where the request includes the identity identification information of the smart meter reading terminal that needs to use the fourth seed key.
  • the identity identification information may be at least one of an IMEI, an IMSI, and a MAC address of the terminal.
  • Step 402 The first server receives a fourth seed key delivered by the second key server.
  • the fourth seed key is generated by the terminal identification information.
  • Step 403 The first server wakes up the smart meter reading terminal.
  • the chronological order of the step 403 and the step 401 and the step 402 may not be limited.
  • the reason code may be to notify the smart meter reading terminal to perform seed key update.
  • Step 404 The first server establishes a communication connection with the smart meter reading terminal by using a third seed key.
  • Step 405 The first server sends the fourth seed key to the smart meter reading terminal. After the smart meter reading terminal acquires the fourth seed key, the fourth seed key is stored.
  • Step 406 The first server receives a response from the fourth meter key of the smart meter reading terminal.
  • the first server may establish a TLS link with the smart meter reading by using the third seed key, and send the TLS link to the smart meter reading terminal. Resending the fourth seed key and then retrying to establish a TLS link using the fourth seed key.
  • the third seed key may continue to be used until the next time the seed key is updated. Alternatively, you can repeat the update process periodically until the update is successful.
  • first server may be the same server as the second key server, or may be a different server. If it is the same server, the flow shown in Figure 4 is the internal communication flow of the server.
  • the embodiment of the present invention recommends that the two servers be separated, but all are under the management of an energy provider. It can be understood that the foregoing first key server and the second key server may be different key servers, or may be the same key server.
  • the seed key of the smart meter reading terminal can be remotely updated.
  • This convenient, energy-controlled seed key update method, and can dynamically update the seed key is conducive to improving the security of the system.
  • the first server sends a fifth random number to the smart meter reading terminal, and the smart meter reading terminal sends a sixth random number to the first server.
  • one of the third key, the fourth key, or the fifth key used should be replaced with one of the current seed key and the key generated by the fifth or sixth random number. .
  • the fifth or sixth random number may be the same random number. If the fifth or sixth random number is different, the message sent by the first server is encrypted by using the current seed key and the key generated by the sixth random number, and the message sent by the smart meter reading terminal is used. Encryption is performed using the current seed key and the key generated by the fifth random number. It can be understood that the first server and the smart meter reading terminal update the fifth and sixth random numbers before the TLS link is disconnected again.
  • the first, second, third, and fourth seed keys may be 64 bits, and the first, second, third, and fourth random numbers may be 16 bits, the fifth and sixth random numbers, may be 32 bits.
  • the encryption and decryption key of the wake-up process can be dynamically updated, further increasing the security of the system.
  • the embodiment of the invention also discloses a smart meter reading terminal.
  • the structure of the smart meter reading terminal is shown in Figure 5.
  • the smart meter reading terminal can be used in the foregoing method embodiments, and the functions not described in the device embodiment part can be referred to the method embodiment part.
  • the smart meter reading terminal includes a processing unit 501, a storage unit 502, and an upstream communication unit 503.
  • the storage unit 502 is configured to store the first seed key and the first random number.
  • the uplink communication unit 503 is configured to communicate with the first server.
  • the processing unit 501 is configured to receive, by using the uplink communications unit 503, a push message from the first server, where the push message includes a first ciphertext, and the first ciphertext is a first key pair.
  • generating, by the first random number, the first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server.
  • the processing unit 501 is further configured to read the first seed key and the first random number from the storage unit 502, and generate the first number by using the first seed key and the first random number. Decrypting the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypting the second ciphertext using the obtained second seed key Sub-second seed key.
  • the processing unit 501 is further configured to compare the obtained second seed key and the second second seed key, if the same, use the second seed key and the first random number to encrypt the second seed key to be normally received. In response, the response is sent to the first server through the upstream communication unit 503.
  • the processing unit 501 is further configured to store the second seed key in the storage unit 502, and use the second seed key as a pre-shared key in a transport layer security protocol to establish the smart A data link between the meter reading terminal and the first month server.
  • the smart meter reading terminal may verify the identity of the first server before updating the second seed key.
  • the processing unit 501 is further configured to generate a second random number, and the second random number is carried in the device installation request message by the uplink communication unit 503, and sent to the first server, where the device installation request is sent. The message is sent as a short message.
  • the processing unit 501 is further configured to receive, by using the uplink communication unit 503, a short message from the first server, where the short message carries the second random number and a third random number, where the third random number The number is generated by the first server.
  • the processing unit 501 is further configured to verify that the first server sends the number of the short message and the validity of the second random number, and if it is legal, generate the third random number and the first seed key. And a second key, the terminal identification information of the smart meter reading terminal is encrypted by the second key, and sent to the first server by the uplink communication unit 503.
  • processing unit 501 is further configured to use the first random number and the first seed key Generating the first key, encrypting the terminal identification information of the smart meter reading terminal with the first key, and carrying the information in the device installation request message to the first server by using the uplink communication unit 503 .
  • the smart meter reading terminal is further configured to update the second seed key during the installation process
  • the processing unit 501 is further configured to use the uplink communication unit 503 to establish a transmission with the first server.
  • the layer secure link receives a third seed key from the first server, the third seed key being generated by the first server.
  • the processing unit 501 is further configured to respond to the first server by using the uplink communication unit 503 to successfully receive the seed key.
  • the processing unit 501 is further configured to generate a fifth random number, and send the fifth random number to the first server by using the uplink communication unit 503.
  • the processing unit 501 is further configured to receive a sixth random number from the first server by using the uplink communication unit 503, and store the fifth random number and the sixth random number to the storage unit 502.
  • the processing unit 501 is further configured to establish, by using the third seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit 503, if successful, Before the transport layer secure link is opened, the fifth random number is updated, and the updated fifth random number is sent to the first server by using the uplink communication unit 503.
  • the processing unit 501 is further configured to receive, by the uplink communication unit 503, an updated sixth random number from the first server, and the third seed key and the updated fifth random number, the sixth random number. The number is stored in the storage unit 502.
  • the smart meter reading terminal is further configured to wake up the first server, and the processing unit 501 is further configured to use the third seed key and the key generated by the fifth random number to encrypt the report that needs to be reported.
  • the service is sent to the first server by the uplink communication unit 503.
  • the processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wake-up reason code sent by the first server, where the wake-up reason code is that the first server uses the third seed key and the first Six random numbers generated by the key are encrypted.
  • the processing unit 501 is further configured to obtain, by using the third seed key and the key generated by the sixth random number, the wake-up reason code, where the wake-up original is obtained.
  • the code is the reason code with the reported service response.
  • the smart meter reading terminal is further awake by the first server, and the processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wakeup message from the first server, where the wakeup The message carries a fourth random number, and the wake-up message is sent by means of a short message.
  • the processing unit 501 is further configured to verify validity of the sending number of the short message, and if valid, encrypt the smart meter reading terminal by using the third seed key and the key generated by the fifth random number.
  • the terminal identification information and the fourth random number are sent to the first server by the uplink communication unit 503 as a response to the wake-up message.
  • the processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wake-up reason code sent by the first server, where the wake-up reason code is that the first server uses the third seed key and the first Six random numbers generated by the key are encrypted.
  • the processing unit 501 is further configured to obtain the wake-up reason code by using the third seed key and the key generated by the sixth random number.
  • the smart meter reading terminal may further update the seed key during use.
  • the processing unit 501 is further configured to establish, by using the uplink communication unit 503, the transport layer security link with the first server by using the third seed key.
  • the processing unit 501 is further configured to receive a fourth seed key from the first server by using the uplink communication unit 503, and send a fourth seed key to the first server by using the uplink communication unit 503.
  • the fourth seed key is generated by the terminal identification information.
  • the processing unit 501 is further configured to establish, by using the fourth seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit 503, if successful, Before the transport layer secure link is disconnected, the fifth random number is updated, and the updated fifth random number is sent to the first server by the uplink communication unit 503.
  • the processing unit 501 is further configured to receive, by the uplink communication unit 503, an updated sixth random number from the first server, and send the fourth seed key and the updated fifth random number, the sixth random number.
  • the number is stored in the storage unit 502. It can be understood that the smart meter reading terminal can be a power gateway.
  • the embodiment of the invention also discloses a server.
  • the structure of the server is shown in Figure 6.
  • the server includes a processing unit 601, a storage unit 602, and a first communication unit 603.
  • the first communication unit 603 is for communicating with a smart meter reading terminal.
  • the processing unit 601 is configured to generate a second seed key, and send a push message to the smart meter reading terminal by using the first communication unit 603, where the push message includes a first ciphertext, and the first ciphertext is The processing unit 601 obtains the second ciphertext and the second seed key by using the first key, and the second ciphertext is to use the second seed key to the second seed key. Obtained, the first key is generated by the first seed key and the first random number.
  • the storage unit 602 is configured to store the first seed key and the first random number.
  • the processing unit 601 is further configured to receive, by using the first communication unit 603, a response that is received by the second seed key of the smart meter reading terminal, and the second seed key receives the response normally by using the second The seed key and the first random number are encrypted.
  • the processing unit 601 is further configured to establish, by using the first communication unit 603 and the smart meter reading terminal, the second seed key as a pre-shared key in a transport layer security protocol, to establish the smart meter reading terminal. A data link with the server.
  • the legality of the smart meter reading terminal may also be verified before the second seed key is allocated.
  • the processing unit 601 is further configured to receive, by using the first communication unit 603, a device installation request message from the smart meter reading terminal, where the device installation request message includes a second random number, and the device installation request message is As the short message is sent, the second random number is generated by the smart meter reading terminal.
  • the processing unit 601 verifies whether the sending number of the short message is legal. If it is legal, generates a third random number, and passes the second random number and the third random number to the first communication unit 603. The short message is sent to the smart meter reading terminal.
  • the processing unit 601 receives, by the first communication unit 603, the smart meter reading terminal End terminal identification information, the terminal identification information is encrypted by using the third random number and the second key generated by the first seed key.
  • the processing unit 601 generates a second key by using the third random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the second key to obtain the terminal of the smart meter reading terminal. And identifying the legality of the terminal identification information, and if so, generating the second seed key.
  • the processing unit 601 receives, by the first communication unit 603, a device installation request message from the smart meter reading terminal, where the device installation request message carries terminal identity identification information, and the terminal identity identification information Encrypted using the first key generated by the first random number and the first seed key.
  • the processing unit 601 generates the first key by using the first random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the first key to obtain the smart copy
  • the terminal identification information of the terminal is verified, and the validity of the terminal identification information is verified. If the terminal is legal, the second seed key is generated.
  • the server may deliver a new seed key during the installation of the smart meter reading terminal.
  • the processing unit 601 After the processing unit 601 establishes a secure link through the transport layer between the first communication unit 603 and the smart meter reading terminal, the processing unit 601 generates a third seed key, and passes the first communication. The unit 603 sends the third seed key to the smart meter reading terminal.
  • the processing unit 601 receives a seed key receiving success response from the smart meter reading terminal; before the transport layer secure link is disconnected, the processing unit 601 generates a fifth random number, and passes the first communication
  • the unit 603 sends the fifth random number to the smart meter reading terminal, and the processing unit 601 further passes the first communication unit 603 and receives a sixth random number from the smart meter reading terminal, where the processing unit
  • the 601 is further configured to store the fifth random number and the sixth random number into the storage unit 602.
  • the processing unit 601 is further configured to establish, by using the third seed key, a transport layer secure link with the server by using the first communication unit 603, and if successful, disconnecting the transport layer secure link
  • the processing unit 601 generates an updated fifth random number, and sends the updated fifth random number to the smart meter reading terminal by using the first communication unit 603, where the processing is performed.
  • the unit 601 also passes the first communication unit 603 and receives an updated sixth random number from the smart meter reading terminal, and the processing unit 601 is further configured to use the third seed key and the updated The five random numbers and the updated sixth random number are stored in the storage unit 602.
  • the server may further wake up the smart meter reading terminal, and the processing unit 601 is further configured to send, by using the first communication unit 603, a wakeup message to the smart meter reading terminal, where the wakeup message carries There is a fourth random number, the wake-up message is sent by means of a short message; the processing unit 601 is further configured to receive, by the first communication unit 603, a wake-up message response from the smart meter reading terminal, the wake-up message The response is that the smart meter reading terminal encrypts the terminal identification information of the smart meter reading terminal and the fourth random number by using the third seed key and the key generated by the fifth random number;
  • the processing unit 601 is further configured to decrypt the wake-up message response by using the third seed key and the key generated by the fifth random number, and perform the terminal identification information and the fourth random number. If the card passes, generating a wake-up reason code, and sending, by the first communication unit 603, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is that the processing unit 601 uses the third The seed key and the key generated by the sixth random number are encrypted.
  • the server may update the seed key of the smart meter reading terminal by using a wake-up manner, and the wake-up reason code is a seed key update notification.
  • the processing unit 601 establishes a transport layer secure link with the smart meter reading terminal by using the third seed key by the first communication unit 603; the processing unit 601 generates a fourth seed key, and passes the The first communication unit 603 sends the fourth seed key to the smart meter reading terminal, where the fourth seed key is generated by the terminal identity identification information; the processing unit 601 passes the first communication Unit 603 receives a response from the smart meter reading terminal that the fourth seed key was successfully received.
  • the processing unit 601 is further configured to establish, by using the fourth seed key, the transport layer secure link between the smart meter reading terminal and the smart meter reading terminal, and if successful, disconnect Before the transport layer secure link, the processing unit 601 generates an updated fifth random number, and sends the updated fifth random to the smart meter reading terminal by using the first communication unit 603.
  • the processing unit 601 further passes the first communication unit 603 and receives an updated sixth random number from the smart meter reading terminal, and the processing unit 601 is further configured to use the fourth seed key and The updated fifth random number and the updated sixth random number are stored in the storage unit 602.
  • the second communication unit 604 may be further included to communicate with the second key server.
  • the processing unit 601 is further configured to request, by the second communication unit 604, a fourth seed key to the second key server, where the request includes the identity of the smart meter reading terminal that needs to use the fourth seed key.
  • the processing unit 601 is further configured to receive, by using the second communication unit 604, a fourth seed key that is sent by the second key server.
  • the server is further awake by the smart meter reading terminal, and the processing unit 601 is further configured to receive the reported service from the smart meter reading terminal, where the reported service uses a third seed.
  • the key and the key generated by the fifth random number are encrypted; the processing unit 601 is further configured to decrypt the reported service by using a third seed key and a key generated by the fifth random number, and generate Wake up the reason code, send, by the first communication unit 603, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is that the first server uses the third seed key and the sixth random number
  • the generated key is encrypted.
  • the seed key and the random number can be dynamically allocated to the smart meter reading terminal, thereby effectively improving the security of the system.
  • the first communication unit 603 can be a wireless communication unit, such as a GPRS unit, or a 3G or 4G communication unit, and its communication mode should correspond to the uplink communication unit 303 of the smart meter reading terminal.
  • the second communication unit 604 can be a wired or wireless communication unit.
  • the server is the first server referred to in the above method and apparatus embodiment, which may be, for example, an energy provider's HES server.
  • the invention can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware, but in many cases the former is a better implementation.
  • the computer software product is stored in a readable storage medium, such as a floppy disk, a hard disk or an optical disk of a computer, and includes a plurality of instructions for causing a computer device (which may be a personal computer)
  • the server, or network device, etc. performs the methods described in various embodiments of the present invention.

Abstract

The embodiments of the present invention relate to the field of smart meter reading, and more particularly to a transport layer security-based key delivery method, a smart meter reading terminal and a server. The method comprises: a smart meter reading terminal receiving a push message from a first server, the push message containing a first ciphertext, the first ciphertext being obtained by encrypting a second ciphertext and a second subkey using a first key, and the second ciphertext being obtained by encrypting the second subkey using the second subkey; using the first key to decrypt the first ciphertext to obtain the second ciphertext and the second subkey, and using the obtained second subkey to decrypt the second ciphertext to obtain a subsidiary second subkey; if the second subkey is the same as the subsidiary second subkey, using the second subkey and a first random number to encrypt a response that the second subkey has been normally received, and sending the response to the first server; and using the second subkey as a pre-shared key in the transport layer security protocol, and establishing a data link between the smart meter reading terminal and the first server.

Description

基于传输层安全的密钥传递方法、 智能抄表终端及服务器 技术领域  Key transfer method based on transport layer security, smart meter reading terminal and server
本发明涉及智能抄表领域, 特别涉及一种基于传输层安全的密钥传递 方法、 智能抄表终端及服务器。 发明背景 :  The invention relates to the field of intelligent meter reading, in particular to a key transfer method based on transport layer security, an intelligent meter reading terminal and a server. Background of the invention:
随着通信技术和智能建筑理念的发展, 智能抄表的系统正在越来越广 泛的部署, 称为能源供应商的重要工具。 在智能抄表系统中, 为了保护用 户的信息和资金安全, 需要对系统中传输的数据进行加密。 现有的智能抄 表系统主要采用 SSWG ( Smart Specification Working Group, 智能规范工作 组) 定义的机制完成智能抄表终端和能源商的服务器之间的交互。 SSWG 当前主要采用传输层安全 ( Transport Layer Security, TLS )协议作为数据链 路建立的规范。 TLS协议中有一种认证方式采用预共享密钥 (Pre-Shared Key )作为加密的基础。 但是 TLS协议中的预共享密钥是预置的, 不利于更 新和维护, 降低了安全性。 发明内容  With the development of communication technology and intelligent building concepts, intelligent meter reading systems are being deployed more and more widely, and are called important tools for energy suppliers. In the smart meter reading system, in order to protect the user's information and financial security, it is necessary to encrypt the data transmitted in the system. The existing smart meter reading system mainly uses the mechanism defined by the SSWG (Smart Specification Working Group) to complete the interaction between the smart meter reading terminal and the energy provider's server. The SSWG currently mainly adopts the Transport Layer Security (TLS) protocol as a specification for data link establishment. One of the authentication methods in the TLS protocol uses a Pre-Shared Key as the basis for encryption. However, the pre-shared key in the TLS protocol is preset, which is not conducive to updating and maintenance, and reduces security. Summary of the invention
本发明实施例公开了一种基于传输层安全的密钥传递方法、 智能抄表 终端及服务器, 使得基于传输层安全协议的数据加密系统的预共享密钥实 现动态分配, 提高了整个系统的可维护性和安全性。  The embodiment of the invention discloses a key transfer method based on the transport layer security, an intelligent meter reading terminal and a server, so that the pre-shared key of the data encryption system based on the transport layer security protocol is dynamically allocated, thereby improving the overall system. Maintainability and safety.
本发明实施例公开了一种基于传输层安全的密钥传递方法, 包括: 智能抄表终端接收来自第一服务器的推送消息, 所述推送消息中含有 第一密文, 所述第一密文是使用第一密钥对第二密文和第二种子密钥进行 加密后获得的, 所述第二密文是使用所述第二种子密钥对所述第二种子密 钥加密获得的, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所 述第一种子密钥和第一随机数预置在所述第一服务器上, 所述第二种子密 钥是所述第一服务器生成的; The embodiment of the invention discloses a key delivery method based on the security of the transport layer, comprising: the smart meter reading terminal receiving the push message from the first server, the push message containing the first ciphertext, the first ciphertext Obtaining, after the second ciphertext and the second seed key are encrypted by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, The first key is generated by the first seed key and the first random number, The first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server;
所述智能抄表终端使用所述第一密钥解密所述第一密文获得所述第二 密文和第二种子密钥, 使用获得的所述第二种子密钥解密所述第二密文获 得副第二种子密钥, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所述第一种子密钥和第一随机数预置在所述智能抄表终端上;  The smart meter reading terminal decrypts the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypts the second secret by using the obtained second seed key Obtaining a second second seed key, where the first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset in the smart meter reading On the terminal;
若所述第二种子密钥与所述副第二种子密钥相同, 则使用第二种子密 钥和第一随机数加密第二种子密钥正常接收的响应, 并将该响应发送给所 述第一服务器;  If the second seed key is the same as the second second seed key, the second seed key and the first random number are used to encrypt the response normally received by the second seed key, and the response is sent to the First server;
所述智能抄表终端与所述第一服务器使用所述第二种子密钥作为传输 层安全协议中的预共享密钥, 建立所述智能抄表终端与所述第一服务器之 间的数据链接。  The smart meter reading terminal and the first server use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
本发明实施例公开了一种智能抄表终端, 包括处理单元, 存储单元和 上行通信单元, 其中,  The embodiment of the invention discloses a smart meter reading terminal, which comprises a processing unit, a storage unit and an uplink communication unit, wherein
所述存储单元用于储存第一种子密钥和第一随机数;  The storage unit is configured to store a first seed key and a first random number;
所述上行通信单元用于与第一服务器进行通信;  The uplink communication unit is configured to communicate with the first server;
所述处理单元用于通过所述上行通信单元接收来自所述第一服务器的 推送消息, 所述推送消息中含有第一密文, 所述第一密文是使用第一密钥 对第二密文和第二种子密钥进行加密后获得的, 所述第二密文是使用所述 第二种子密钥对所述第二种子密钥加密获得的, 所述第一密钥是由第一种 子密钥和第一随机数生成的, 所述第一种子密钥和第一随机数预置在所述 第一服务器上, 所述第二种子密钥是所述第一服务器生成的;  The processing unit is configured to receive, by the uplink communications unit, a push message from the first server, where the push message includes a first ciphertext, and the first ciphertext uses a first key pair second secret The second ciphertext is obtained by encrypting the second seed key by using the second seed key, and the first key is obtained by the first Generating the seed key and the first random number, the first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server;
所述处理单元还用于从所述存储单元读取所述第一种子密钥和所述第 一随机数, 使用所述第一种子密钥和所述第一随机数生成所述第一密钥, 使用所述第一密钥解密所述第一密文获得所述第二密文和第二种子密钥, 使用获得的所述第二种子密钥解密所述第二密文获得副第二种子密钥; 所述处理单元还用于比较所述获得的第二种子密钥和副第二种子密 钥, 若相同, 则使用第二种子密钥和第一随机数加密第二种子密钥正常接 收的响应, 并将该响应通过所述上行通信单元发送给所述第一服务器; 所述处理单元 501还用于将所述第二种子密钥存储在所述存储单元中, 并使用所述第二种子密钥作为传输层安全协议中的预共享密钥, 建立所述 智能抄表终端与所述第一服务器之间的数据链接。 The processing unit is further configured to read the first seed key and the first random number from the storage unit, and generate the first secret by using the first seed key and the first random number Decrypting the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypting the second ciphertext using the obtained second seed key to obtain a secondary cipher Two seed key; The processing unit is further configured to compare the obtained second seed key and the second second seed key, and if they are the same, use the second seed key and the first random number to encrypt the second seed key to receive the response normally. Transmitting the response to the first server by using the uplink communication unit; the processing unit 501 is further configured to store the second seed key in the storage unit, and use the second seed The key is used as a pre-shared key in the transport layer security protocol to establish a data link between the smart meter reading terminal and the first server.
本发明实施例还公开了一种基于传输层安全的密钥传递方法, 包括: 第一服务器向智能抄表终端发送推送消息, 所述推送消息中含有第一 密文, 所述第一密文是使用第一密钥对第二密文和第二种子密钥进行加密 后获得的, 所述第二密文是使用所述第二种子密钥对所述第二种子密钥加 密获得的, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所述第 一种子密钥和第一随机数预置在所述第一服务器上, 所述第二种子密钥是 所述第一服务器生成的;  The embodiment of the invention further discloses a key delivery method based on the security of the transport layer, comprising: sending, by the first server, a push message to the smart meter reading terminal, where the push message includes a first ciphertext, the first ciphertext Obtaining, after the second ciphertext and the second seed key are encrypted by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, The first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset on the first server, and the second seed key is Is generated by the first server;
所述第一服务器接收来自所述智能抄表终端的第二种子密钥正常接收 的响应, 所述第二种子密钥正常接收的响应是使用第二种子密钥和第一随 机数加密的;  Receiving, by the first server, a response that is received by the second seed key from the smart meter reading terminal, and the second seed key is normally received by using the second seed key and the first random number;
所述第一服务器与所述智能抄表终端使用所述第二种子密钥作为传输 层安全协议中的预共享密钥, 建立所述智能抄表终端与所述第一服务器之 间的数据链接。  The first server and the smart meter reading terminal use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
本发明实施例还公开了一种服务器, 包括处理单元, 存储单元和第一 通信单元, 其中,  The embodiment of the invention further discloses a server, comprising a processing unit, a storage unit and a first communication unit, wherein
所述第一通信单元用于与智能抄表终端通信;  The first communication unit is configured to communicate with a smart meter reading terminal;
所述处理单元用于生成第二种子密钥, 并通过所述第一通信单元向智 能抄表终端发送推送消息, 所述推送消息中含有第一密文, 所述第一密文 是所述处理单元使用第一密钥对第二密文和第二种子密钥进行加密后获得 的, 所述第二密文是使用所述第二种子密钥对所述第二种子密钥加密获得 的, 所述第一密钥是由第一种子密钥和第一随机数生成的; 所述存储单元用于存储所述第一种子密钥和第一随机数; The processing unit is configured to generate a second seed key, and send a push message to the smart meter reading terminal by using the first communication unit, where the push message includes a first ciphertext, and the first ciphertext is the The processing unit obtains the second ciphertext and the second seed key by using the first key, and the second ciphertext is obtained by encrypting the second seed key by using the second seed key. The first key is generated by the first seed key and the first random number; the storage unit is configured to store the first seed key and the first random number;
所述处理单元还用于通过所述第一通信单元接收来自所述智能抄表终 端的第二种子密钥正常接收的响应, 所述第二种子密钥正常接收的响应是 使用第二种子密钥和第一随机数加密的。 所述处理单元还用于通过所述第 一通信单元与所述智能抄表终端使用所述第二种子密钥作为传输层安全协 议中的预共享密钥, 建立所述智能抄表终端与所述服务器之间的数据链接。  The processing unit is further configured to receive, by using the first communication unit, a response that is received by the second seed key of the smart meter reading terminal, and the second seed key is normally received by using the second seed key. The key and the first random number are encrypted. The processing unit is further configured to establish, by using the first communication unit and the smart meter reading terminal, the second seed key as a pre-shared key in a transport layer security protocol, to establish the smart meter reading terminal and the A data link between the servers.
通过应用本发明实施例公开的基于传输层安全的密钥传递方法、 智能 抄表终端及服务器, 可以在智能抄表系统中动态分配 TLS协议中的预共享 密钥, 提高了智能抄表系统的安全性和可维护性。 附图简要说明  By applying the key layer transfer method based on the transport layer security, the smart meter reading terminal and the server disclosed in the embodiments of the present invention, the pre-shared key in the TLS protocol can be dynamically allocated in the smart meter reading system, thereby improving the smart meter reading system. Security and maintainability. BRIEF DESCRIPTION OF THE DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一 部分, 并不构成对本发明的限定。 在附图中:  The drawings described herein are provided to provide a further understanding of the invention, and are in no way of limitation. In the drawing:
图 1是本发明实施例公开的一种基于传输层安全的密钥传递方法的示 意图;  1 is a schematic diagram of a key transfer method based on transport layer security disclosed in an embodiment of the present invention;
图 2是本发明实施例公开的一种服务器唤醒智能抄表终端的方法的示 意图;  2 is a schematic diagram of a method for a server to wake up a smart meter reading terminal according to an embodiment of the present invention;
图 3是本发明实施例公开的一种智能抄表终端唤醒服务器的方法示意 图;  3 is a schematic diagram of a method for a smart meter reading terminal to wake up a server according to an embodiment of the present invention;
图 4是本发明实施例公开的一种种子密钥更新的方法示意图; 图 5是本发明实施例公开的一种智能抄表终端的结构示意图; 图 6是本发明实施例公开的一种服务器的结构示意图。 实施本发明的方式  4 is a schematic diagram of a method for updating a seed key according to an embodiment of the present invention; FIG. 5 is a schematic structural diagram of a smart meter reading terminal according to an embodiment of the present invention; FIG. 6 is a server disclosed in an embodiment of the present invention; Schematic diagram of the structure. Mode for carrying out the invention
为使本发明的目的、 技术方案和优点更加清楚明白, 下面结合实施方 式和附图, 对本发明做进一步详细说明。 在此, 本发明的示意性实施方式 及其说明用于解释本发明, 但并不作为对本发明的限定。 In order to make the objects, technical solutions and advantages of the present invention more clear, the following is combined with the implementation side. The invention will be further described in detail with reference to the drawings and drawings. The illustrative embodiments of the present invention and the description thereof are intended to explain the present invention, but are not intended to limit the invention.
首先需要说明的是, 本发明实施例中所述的智能抄表终端包括但不限 于智能抄表网关或智能表, 例如智能电力网关、 智能电表、 智能水表或智 能燃气表等; 所述的数据包括但不限于计量物质的计量数, 例如用电量、 用水量等, 或者还包括计价的单价等数据。  First, it should be noted that the smart meter reading terminal described in the embodiments of the present invention includes, but is not limited to, a smart meter reading gateway or a smart meter, such as an intelligent power gateway, a smart meter, a smart water meter or a smart gas meter, etc.; This includes, but is not limited to, the measurement of the measured substance, such as electricity consumption, water consumption, etc., or data including the unit price of the valuation.
方法实施例:  Method embodiment:
参考图 1 , 本发明实施例提供了一种基于传输层安全的密钥传递方法, 包括以下步骤:  Referring to FIG. 1, an embodiment of the present invention provides a key transfer method based on transport layer security, including the following steps:
步骤 101、 智能抄表终端接收来自第一服务器的推送消息, 所述推送消 息中含有第一密文, 所述第一密文是使用第一密钥对第二密文和第二种子 密钥进行加密后获得的, 所述第二密文是使用所述第二种子密钥对所述第 二种子密钥加密获得的, 所述第一密钥是由第一种子密钥和第一随机数生 成的, 所述第一种子密钥和第一随机数预置在所述第一服务器上, 所述第 二种子密钥是所述第一服务器生成的。  Step 101: The smart meter reading terminal receives the push message from the first server, where the push message includes a first ciphertext, and the first ciphertext uses the first key pair to the second ciphertext and the second seed key. Obtained after the encryption is performed, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, where the first key is a first seed key and a first random number The first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server.
所述第一服务器可以是能源商的头端系统( Head End System, HES ) 的服务器, 该服务器主要用来管理其下辖的智能抄表终端, 例如电力商的 HES可以用来管理其下辖的客户的智能电力网关。  The first server may be a server of an energy provider's Head End System (HES), which is mainly used to manage a smart meter reading terminal under its jurisdiction, for example, a power supplier's HES can be used to manage its jurisdiction. Smart power gateway for customers.
可以理解的是, 所述第一种子密钥应当被存储在所述第一服务器的存 储装置中。 该存储装置可以同时被用来存储该第一服务器的软件或者数据, 也可以是专门用于存储该第一种子密钥的特定的存储装置, 例如特制的种 子密钥存储芯片。  It will be appreciated that the first seed key should be stored in the storage device of the first server. The storage device can be used to store software or data of the first server at the same time, or can be a specific storage device dedicated to storing the first seed key, such as a special seed key storage chip.
具体地, 所述第一密钥由所述第一种子密钥和所述第一随机数生成可 以是例如将所述第一种子密钥和所述第一随机数的字符按照一定的规律排 列而生成所述第一密钥, 或者将所述第一种子密钥和所述第一随机数按照 一个既定的算法生成所述第一密钥, 所述既定算法可以是任何现有的算法 或本发明之后开发的算法中适合这两类参数的算法。 但需要保证所述第一 服务器和所述智能抄表终端同时配置有该算法。 Specifically, the generating, by the first seed key and the first random number, the first key may be, for example, arranging characters of the first seed key and the first random number according to a certain regularity Generating the first key, or generating the first key according to an established algorithm by using the first seed key and the first random number, and the predetermined algorithm may be any existing algorithm. Or an algorithm suitable for these two types of parameters in an algorithm developed after the present invention. However, it is required to ensure that the first server and the smart meter reading terminal are simultaneously configured with the algorithm.
可以理解的, 所述使用所述第一密钥对第二密文和第二种子密钥进行 加密后获得所述第一密文, 具体的可以是使用所述第一密钥, 按照一个既 定的算法, 对所述第二密文和第二种子密钥进行加密。 所述既定的算法可 以是任何现有的算法或本发明之后开发的算法中适合这两类参数的算法, 但该算法所支持的密钥应当包括所述第一密钥。 作为一个例子, 该算法可 以是 TLS协议中的 AES256算法。  It can be understood that, by using the first key to encrypt the second ciphertext and the second seed key, the first ciphertext is obtained, and specifically, the first key may be used, according to an established The algorithm encrypts the second ciphertext and the second seed key. The predetermined algorithm may be an algorithm suitable for both types of parameters in any existing algorithm or algorithm developed later in the present invention, but the key supported by the algorithm should include the first key. As an example, the algorithm can be the AES256 algorithm in the TLS protocol.
可以理解的, 所述使用所述第二种子密钥对所述第二种子密钥加密获 得所述第二密文具体的可以是使用所述第二种子密钥, 按照一个既定的算 法, 对所述第二种子密钥进行加密。 所述既定的算法可以是任何现有的算 法或本发明之后开发的算法中适合这一参数的算法, 但该算法所支持的密 钥应当包括所述第二种子密钥。 作为一个例子, 该算法可以是 TLS协议中 的 AES256算法。  It can be understood that the encrypting the second seed key by using the second seed key to obtain the second ciphertext may be performed by using the second seed key according to a predetermined algorithm. The second seed key is encrypted. The predetermined algorithm may be any existing algorithm or an algorithm suitable for this parameter in an algorithm developed after the present invention, but the key supported by the algorithm should include the second seed key. As an example, the algorithm can be the AES256 algorithm in the TLS protocol.
生成所述第一密文的算法与生成所述第二密文的算法可以相同, 也可 以不同, 但都应当配置在所述第一服务器和所述智能抄表终端上。  The algorithm for generating the first ciphertext may be the same as or different from the algorithm for generating the second ciphertext, but should be configured on the first server and the smart meter reading terminal.
步骤 102、智能抄表终端使用所述第一密钥解密所述第一密文获得所述 第二密文和第二种子密钥, 使用所述第二种子密钥解密所述第二密文获得 副第二种子密钥, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所述第一种子密钥和第一随机数预置在所述智能抄表终端上。  Step 102: The smart meter reading terminal decrypts the first ciphertext by using the first key to obtain the second ciphertext and the second seed key, and decrypts the second ciphertext by using the second seed key. Obtaining a second second seed key, where the first key is generated by the first seed key and the first random number, where the first seed key and the first random number are preset in the smart meter reading terminal on.
可以理解的是, 所述第一种子密钥应当被存储在所述智能抄表终端的 存储装置中。 该存储装置可以同时被用来存储该智能抄表终端的软件或者 数据, 也可以是专门用于存储该第一种子密钥的特定的存储装置, 例如特 制的种子密钥存储芯片。  It can be understood that the first seed key should be stored in the storage device of the smart meter reading terminal. The storage device can be used to store software or data of the smart meter reading terminal at the same time, or can be a specific storage device dedicated to storing the first seed key, such as a special seed key storage chip.
具体地, 所述第一密钥由所述第一种子密钥和所述第一随机数生成可 以是例如将所述第一种子密钥和所述第一随机数的字符按照一定的规律排 列而生成所述第一密钥, 或者将所述第一种子密钥和所述第一随机数按照 一个既定的算法生成所述第一密钥, 所述既定算法可以是任何现有的算法 或本发明之后开发的算法中适合这两类参数的算法。 所述第一服务器生成 所述第一密钥, 与所述智能抄表终端生成所述第一密钥的方式应当相同。 Specifically, the generating, by the first seed key and the first random number, the first key may be, for example, arranging the characters of the first seed key and the first random number according to a certain regularity Generating the first key, or generating the first key by using the first seed key and the first random number according to an established algorithm, and the predetermined algorithm may be any existing algorithm Or an algorithm suitable for these two types of parameters in an algorithm developed after the present invention. The first server generates the first key, and the manner in which the smart meter reading terminal generates the first key should be the same.
步骤 103、若所述第二种子密钥与所述副第二种子密钥相同, 则使用第 二种子密钥和第一随机数加密第二种子密钥正常接收的响应, 并将该响应 发送给所述第一服务器。  Step 103: If the second seed key is the same as the second second seed key, encrypt the response normally received by the second seed key by using the second seed key and the first random number, and send the response To the first server.
步骤 104、所述智能抄表终端与所述第一服务器使用所述第二种子密钥 作为 TLS协议中的预共享密钥, 建立所述智能抄表终端与所述第一服务器 之间的数据链接。  Step 104: The smart meter reading terminal and the first server use the second seed key as a pre-shared key in the TLS protocol to establish data between the smart meter reading terminal and the first server. link.
通过应用上述方法, 可以由第一服务器动态的分配 TLS协议中的预共 享密钥, 将本发明实施例中的第二种子密钥作为所述预共享密钥, 提高了 TLS协议中的采用预共享密钥的认证方案的安全性以及维护的灵活度。  By applying the foregoing method, the pre-shared key in the TLS protocol can be dynamically allocated by the first server, and the second seed key in the embodiment of the present invention is used as the pre-shared key, thereby improving the adoption pre-emption in the TLS protocol. The security of the shared key authentication scheme and the flexibility of maintenance.
可以理解的, 对于上述方法, 还可以进行一些可选的变形。  It can be understood that for the above method, some optional modifications can also be made.
可选的, 在上述步骤 101之前, 还可以包括: 所述智能抄表终端生成 第二随机数, 并将所述第二随机数携带在设备安装请求消息中发送给所述 第一服务器, 所述设备安装请求消息是作为短消息发送的。 所述第一服务 器验证所述短消息的发送号码是否合法, 例如是否是该第一服务器所管辖 的智能抄表终端的号码, 如果合法, 则生成第三随机数, 并将所述第二随 机数和所述第三随机数通过短消息发送给所述智能抄表终端。 所述智能抄 表终端验证所述第一服务器发送短消息的号码以及所述第二随机数的合法 性, 若合法, 则使用所述第三随机数与第一种子密钥生成第二密钥, 用所 述第二密钥加密所述智能抄表终端的终端身份识别信息, 并发送给所述第 一服务器。 所述第一服务器使用所述第三随机数与第一种子密钥生成第二 密钥, 用所述第二密钥解密所述智能抄表终端发送的数据得到所述智能抄 表终端的终端身份识别信息, 并验证所述终端身份识别信息的合法性, 若 合法, 则生成所述第二种子密钥。 可选的, 所述第一服务器验证所述智能 抄表终端发送短消息的号码不合法, 或者所述智能查表终端验证所述第一 服务器发送短消息的号码或者返回的第二随机数有任何一个不合法, 则可 以终止全部信息交互。 Optionally, before the step 101, the method further includes: the smart meter reading terminal generates a second random number, and the second random number is carried in the device installation request message and sent to the first server, where The device installation request message is sent as a short message. Determining, by the first server, whether the sending number of the short message is legal, for example, is the number of the smart meter reading terminal under the jurisdiction of the first server, and if it is legal, generating a third random number, and the second random number The number and the third random number are sent to the smart meter reading terminal through a short message. The smart meter reading terminal verifies the number of the short message sent by the first server and the legality of the second random number, and if it is legal, generates the second key by using the third random number and the first seed key. And encrypting the terminal identification information of the smart meter reading terminal with the second key, and sending the information to the first server. The first server generates a second key by using the third random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the second key to obtain a terminal of the smart meter reading terminal. Identification information, and verifying the legitimacy of the terminal identification information, if If it is legal, the second seed key is generated. Optionally, the first server verifies that the number of the short message sent by the smart meter reading terminal is invalid, or the smart table lookup terminal verifies that the first server sends the number of the short message or returns a second random number. If any one is illegal, all information interactions can be terminated.
或者, 可以替换的, 在上述步骤 101之前, 也可以包括: 所述智能抄 表终端使用所述第一随机数与第一种子密钥生成所述第一密钥, 用所述第 一密钥加密所述智能抄表终端的终端身份识别信息, 并携带在发送给所述 第一服务器的设备安装请求消息中。 所述第一服务器使用所述第一随机数 与所述第一种子密钥生成所述第一密钥, 用所述第一密钥解密所述智能抄 表终端发送的数据得到所述智能抄表终端的终端身份识别信息, 并验证所 述终端身份识别信息的合法性, 若合法, 则生成所述第二种子密钥。  Alternatively, the method may further include: before the step 101, the smart meter reading terminal generates the first key by using the first random number and the first seed key, using the first key The terminal identification information of the smart meter reading terminal is encrypted and carried in a device installation request message sent to the first server. The first server generates the first key by using the first random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the first key to obtain the smart copy The terminal identification information of the terminal is verified, and the validity of the terminal identification information is verified. If the terminal is legal, the second seed key is generated.
作为示例, 所述终端身份识别信息例如可以是该终端的 IMEI ( International Mobile Equipment Identity , 国际移动设备身份码)、 IMSI ( International Mobile Subscriber Identification Number, 国际移动用户只另1 J 码)和 MAC ( Media Access Control, 媒体接入控制)地址中的至少一个。 As an example, the terminal identification information may be IMEI (International Mobile Equipment Identity, International Mobile Equipment Identity) of the terminal, IMSI (International Mobile Subscriber Identification Number , only the second international mobile subscriber code 1 J) and MAC (Media At least one of the Access Control, Media Access Control) addresses.
进一步可选的, 若所述第一服务器验证所述智能抄表终端的终端身份 识别信息不合法, 可以使用所述第一密钥加密认证失败的响应, 并发送给 所述智能抄表终端。  Further, if the first server verifies that the terminal identification information of the smart meter reading terminal is invalid, the first key may be used to encrypt the response of the authentication failure and sent to the smart meter reading terminal.
进一步可选的, 在所述步骤 104之前, 若所述智能抄表终端与所述第 一服务器之间还需要进行信息交互, 可以使用所述第一密钥进行加解密, 也可以使用所述第二种子密钥与所述第一随机数生成第三密钥, 并使用所 述第三密钥进行加解密。 或者, 若在所述步骤 101之前在所述智能抄表终 端和所述第一服务器之间交互了所述第二随机数和第三随机数, 也可以使 用所述第二密钥进行加解密, 或者使用所述第二种子密钥和所述第二随机 数生成的第四密钥进行加解密, 也可以使用所述第二种子密钥和所述第三 随机数生成的第五密钥进行加解密, 也可以使用所述第一种子密钥与所述 第二随机数生成的第六密钥进行加解密。 Further, optionally, before the step 104, if the smart meter reading terminal needs to perform information interaction with the first server, the first key may be used for encryption and decryption, and the The second seed key and the first random number generate a third key, and the third key is used for encryption and decryption. Alternatively, if the second random number and the third random number are exchanged between the smart meter reading terminal and the first server before the step 101, the second key may be used for encryption and decryption. Or performing encryption and decryption using the second seed key and the fourth key generated by the second random number, and may also use the second seed key and the fifth key generated by the third random number Performing encryption and decryption, and using the first seed key and the The sixth key generated by the second random number is encrypted and decrypted.
进一步可选的, 在步骤 102 中, 若所述第二种子密钥与所述副第二种 子密钥不同, 则所述智能抄表终端可以向所述第一服务器发送第二种子密 钥请求消息, 以重复步骤 101和步骤 102。 所述第二种子密钥请求消息可以 使用所述第一密钥进行加解密, 或者如果在所述步骤 101之前在所述智能 抄表终端和所述第一服务器之间交互了所述第二随机数和第三随机数, 也 可以使用所述第二密钥或所述第六密钥进行加解密。 可选的, 所述第二种 子密钥请求消息可以限定最大发送次数, 例如 2次, 以避免无意义的重复。  Optionally, in step 102, if the second seed key is different from the secondary second seed key, the smart meter reading terminal may send a second seed key request to the first server. Message to repeat steps 101 and 102. The second seed key request message may be encrypted or decrypted using the first key, or if the second is exchanged between the smart meter reading terminal and the first server before the step 101 The random number and the third random number may also be encrypted and decrypted using the second key or the sixth key. Optionally, the second sub-key request message may limit the maximum number of transmissions, for example, 2 times, to avoid meaningless repetition.
上述针对图 1所示实施例的补充和变形, 实际是在执行图 1所示的方 法之前, 增加了对所述智能抄表终端和所述第一服务器的相互之间的身份 认证, 以进一步增强所述第二种子密钥传递的安全性。  The above-mentioned additions and modifications to the embodiment shown in FIG. 1 actually increase the identity authentication between the smart meter reading terminal and the first server before performing the method shown in FIG. 1 to further Enhancing the security of the second seed key delivery.
可以理解的, 在上述实施例中, 所述第一种子密钥和所述第一随机数 都是预置在所述智能抄表终端和所述第一服务器中的。 这一预置可以是在 所述智能抄表终端的生产过程中完成的。  It can be understood that, in the foregoing embodiment, the first seed key and the first random number are preset in the smart meter reading terminal and the first server. This preset can be done during the production of the smart meter reading terminal.
作为一个例子, 所述第一种子密钥和所述第一随机数可以是所述智能 抄表终端从第二服务器获取并保存在所述智能抄表终端的存储器中的。 所 述第二服务器是所述智能抄表终端的生产商的服务器。  As an example, the first seed key and the first random number may be obtained by the smart meter reading terminal from a second server and stored in a memory of the smart meter reading terminal. The second server is a server of the manufacturer of the smart meter reading terminal.
可以理解的是, 所述第一种子密钥和所述第一随机数可以是所述第二 服务器产生的, 此时, 所述智能抄表终端从所述第二服务器获取所述第一 种子密钥具体可以是: 智能抄表终端向所述第二服务器上报终端身份识别 信息; 所述智能抄表终端从所述第二服务器接收所述第一种子密钥和所述 第一随机数, 所述第一种子密钥是由所述终端身份识别信息生成的。 或者, 所述第一种子密钥和所述第一随机数可以是由第一密钥服务器产生的。 此 时, 所述智能抄表终端从所述第二服务器获取所述第一种子密钥和所述第 一随机数具体可以是: 智能抄表终端向所述第二服务器上报终端身份识别 信息, 所述第二服务器将所述智能抄表终端上报的所述终端身份识别信息 转发给第一密钥服务器, 并将所述第一密钥服务器下发的所述第一种子密 钥和所述第一随机数写入所述智能抄表终端, 所述智能抄表终端从所述第 二服务器接收所述第一种子密钥和所述第一随机数。 所述第二随机数是所 述第一密钥服务器产生的。 或者, 所述第一密钥服务器可以只产生所述第 一种子密钥, 而由所述第二服务器产生所述第一随机数。 优选的, 所述第 一密钥服务器可以是订购该批次智能抄表终端的能源商所控制的服务器。 It can be understood that the first seed key and the first random number may be generated by the second server, and the smart meter reading terminal acquires the first seed from the second server. The key specificity may be: the smart meter reading terminal reports the terminal identification information to the second server; the smart meter reading terminal receives the first seed key and the first random number from the second server, The first seed key is generated by the terminal identification information. Alternatively, the first seed key and the first random number may be generated by a first key server. In this case, the smart meter reading terminal may obtain the first seed key and the first random number from the second server, where the smart meter reading terminal reports the terminal identity information to the second server. The second server sends the terminal identification information reported by the smart meter reading terminal Forwarding to the first key server, and writing the first seed key and the first random number delivered by the first key server to the smart meter reading terminal, where the smart meter reading terminal The second server receives the first seed key and the first random number. The second random number is generated by the first key server. Alternatively, the first key server may only generate the first seed key, and the second server generates the first random number. Preferably, the first key server may be a server controlled by an energy provider that subscribes to the batch of smart meter reading terminals.
可以理解的是, 所述第一种子密钥和所述第一随机数需要被导入所述 第一服务器。 如果所述第一种子密钥和所述第一随机数是由所述第二服务 器直接生成, 或者是由所述智能抄表终端的生产商控制的第一密钥服务器 生成, 则所述第二服务器的控制者, 即所述智能抄表终端的生产商, 需要 将所述第一种子密钥传送给所述第一服务器的管理者, 可选的, 还可以将 组成所述第一种子密钥的所述智能抄表终端的终端身份识别信息也传送给 所述第一服务器的管理者, 由所述第一服务器的管理者导入所述第一服务 器。 所述的传送可以采用任何一种数据传递方式, 对此本发明不做限定。 或者, 若所述第一种子密钥是由专门的第一密钥服务器生成, 且所述第一 密钥服务器是是订购该批次智能抄表终端的能源商所控制的服务器, 则可 以理解的, 所述第一密钥服务器与所述第一服务器的管理者是同一主体, 即能源商。 此时, 所述能源商需要自行将所述第一密钥从所述第一密钥服 务器导入所述第一服务器。 可选的, 所述第一密钥服务器和所述第一服务 器也可以是同一服务器, 但为了安全起见, 本实施例不推荐这种做法。 可 选的, 还可以将组成所述第一种子密钥的所述智能抄表终端的终端身份识 别信息导入所述第一服务器。  It can be understood that the first seed key and the first random number need to be imported into the first server. If the first seed key and the first random number are directly generated by the second server, or generated by a first key server controlled by a manufacturer of the smart meter reading terminal, The controller of the second server, that is, the manufacturer of the smart meter reading terminal, needs to transmit the first seed key to the manager of the first server, optionally, may also constitute the first seed The terminal identification information of the smart meter reading terminal of the key is also transmitted to the manager of the first server, and the manager of the first server imports the first server. The transmission may be performed by any one of the data transmission methods, and the present invention is not limited thereto. Alternatively, if the first seed key is generated by a dedicated first key server, and the first key server is a server controlled by an energy provider who subscribes to the batch smart meter reading terminal, it can be understood The first key server is the same entity as the administrator of the first server, that is, an energy provider. At this time, the energy provider needs to import the first key from the first key server to the first server. Optionally, the first key server and the first server may also be the same server, but this embodiment does not recommend this practice for security reasons. Alternatively, the terminal identity identification information of the smart meter reading terminal constituting the first seed key may also be imported into the first server.
可以理解的, 所述智能抄表终端从所述第二服务器获取所述第一种子 密钥的过程, 是在所述智能抄表终端的生产过程中完成的。 可选的, 在所 述智能抄表终端向所述第二服务器上报所述终端身份识别信息之前, 还可 以包括: 所述第二服务器向所述智能抄表终端发出查询所述智能抄表终端 的终端身份识别信息的请求。 如果所述第一种子密钥是由所述第一密钥服 务器产生的, 则在此之前还可以包括: 所述第二服务器向所述第一密钥服 务器请求下发第一种子密钥, 所述第一密钥服务器则要求所述第二服务器 上报对应的智能抄表终端的终端身份识别信息。 可选的, 所述第二服务器 还可以向所述第一密钥服务器请求下发所述第一随机数。 It can be understood that the process of acquiring the first seed key from the second server by the smart meter reading terminal is completed in the production process of the smart meter reading terminal. Optionally, before the smart meter reading terminal reports the terminal identification information to the second server, the method further includes: sending, by the second server, the smart meter reading terminal to query the smart meter reading terminal Request for terminal identification information. If the first seed key is generated by the first key server, the method may further include: the second server requesting the first key server to deliver the first seed key, The first key server requests the second server to report the terminal identity identification information of the corresponding smart meter reading terminal. Optionally, the second server may further send the first random number to the first key server.
在所述智能抄表终端从所述第二服务器接收所述第一种子密钥之后, 还可以包括: 所述智能抄表终端向所述第二服务器发送所述第一种子密钥 和所述第一随机数成功写入的响应。  After the smart meter reading terminal receives the first seed key from the second server, the method further includes: sending, by the smart meter reading terminal, the first seed key and the The response of the first random number successfully written.
可以理解的, 上述步骤 104具体可以是: 所述智能抄表终端与所述第 一服务器交互服务器呼叫 ( ServerHdlo ) 消息, 和终端呼叫 ( ClientHdlo ) 消息, 以协商算法套。 在本实施例中, 作为一个例子, 所述算法套可以是 AES256。 所述智能抄表终端使用所述第二种子密钥作为预置密钥, 向所述 第一服务器发送客户端密钥交换(ClientKeyExchange ) 消息, 并使用所述 第二种子密钥作为预置密钥, 生成会话密钥 ( Session Key ), 并向所述第一 服务器发送交换算法描述( ExchangClipherSpec ) 消息, 以知会所述第一服 务器开始使用会话密钥进行加解密。 所述第一服务器更改自身的安全状态 为使用会话密钥进行对称加密, 并向所述智能抄表终端发送交换算法描述 ( ExchangClipherSpec ) 消息。 此后, 所述第一服务器与所述智能抄表终端 之间使用所述会话密钥对交换的数据进行加解密, 直至数据交换完毕。  It can be understood that the foregoing step 104 may specifically be: the smart meter reading terminal interacts with the first server (ServerHdlo) message and the terminal call (ClientHdlo) message to negotiate an algorithm set. In this embodiment, as an example, the algorithm set may be AES256. The smart meter reading terminal uses the second seed key as a preset key, sends a client key exchange (ClientKeyExchange) message to the first server, and uses the second seed key as a preset key The key generates a session key (Session Key) and sends an ExchangClipherSpec message to the first server to notify the first server to start encrypting and decrypting using the session key. The first server changes its own security state to perform symmetric encryption using the session key, and sends an ExchangClipherSpec message to the smart meter reading terminal. Thereafter, the exchanged data is encrypted and decrypted by the first server and the smart meter reading terminal using the session key until the data exchange is completed.
可以理解的, 这里对于步骤 104的描述仅是一个筒单的例子, 具体的 可以参考 2005年 12月发表的《用于 TLS的 PSK算法套》(《PSK Ciphersuites for TLS》, December 2005 ) 中关于 PSK密钥交换算法及相关部分的表述。 本发明申请不在此做详细描述。  It can be understood that the description of step 104 here is only an example of a single ticket. For details, refer to the "PSK Algorithm for TLS" ("PSK Ciphersuites for TLS", December 2005) published in December 2005. The representation of the PSK key exchange algorithm and related parts. The application of the present invention is not described in detail herein.
在智能抄表的应用场景中, 所述第一服务器与所述智能抄表终端之间 并不是一直保持数据链接的。 在需要通信的时候, 就需要一端来唤醒另一 端。 例如, 由所述第一服务器来唤醒所述智能抄表终端, 或者由所述智能 抄表终端来唤醒所述第一服务器。 下面分别介绍两种可选的唤醒模式。 如果是由所述第一服务器唤醒所述智能抄表终端, 可以参考图 2。 In the application scenario of the smart meter reading, the first server and the smart meter reading terminal do not always maintain data links. When communication is needed, one end is needed to wake up the other end. For example, the smart meter reading terminal is awakened by the first server, or by the smart The meter reading terminal wakes up the first server. Two optional wake-up modes are described below. If the smart meter reading terminal is awakened by the first server, reference may be made to FIG. 2.
步骤 201、所述智能抄表终端接收来自所述第一服务器的唤醒消息, 所 述唤醒消息携带有第四随机数。 所述唤醒消息可以通过短消息的方式发送。  Step 201: The smart meter reading terminal receives a wake-up message from the first server, where the wake-up message carries a fourth random number. The wake-up message can be sent by means of a short message.
步骤 202、所述智能抄表终端验证所述短消息的发送号码的合法性, 若 合法, 则使用所述第三密钥、 第四密钥或第五密钥中的一个, 加密所述智 能抄表终端的终端身份识别信息以及所述第四随机数, 发送给所述第一服 务器以作为对所述唤醒消息的响应, 以使所述第一服务器对所述智能抄表 终端进行验证。  Step 202: The smart meter reading terminal verifies the validity of the sending number of the short message, and if it is legal, encrypts the smart by using one of the third key, the fourth key or the fifth key. The terminal identification information of the meter reading terminal and the fourth random number are sent to the first server as a response to the wake-up message, so that the first server verifies the smart meter reading terminal.
该响应可以用推送消息的方式发送。 所述第一服务器对所述智能抄表 终端进行验证具体可以是: 所述第一服务器使用所述第三密钥、 第四密钥 或第五密钥中的一个(应当是与所述智能抄表终端的加密密钥相同的一个) 解密得到所述终端身份识别信息以及所述第四随机数, 验证所述终端身份 识别信息以及所述第四随机数的合法性。  The response can be sent as a push message. The verifying, by the first server, the smart meter reading terminal may be: the first server uses one of the third key, the fourth key, or the fifth key (should be the smart The same one of the encryption keys of the meter reading terminal decrypts the terminal identification information and the fourth random number, and verifies the terminal identification information and the legality of the fourth random number.
步骤 203、 所述智能抄表终端接收所述第一服务器发送的唤醒原因码, 所述唤醒原因码是所述第一服务器使用所述第三密钥、 第四密钥或第五密 钥中的一个加密的。  Step 203: The smart meter reading terminal receives the wake-up reason code sent by the first server, where the wake-up reason code is used by the first server by using the third key, the fourth key, or the fifth key. One of the encryption.
步骤 204、所述智能抄表终端使用所述第三密钥、 第四密钥或第五密钥 中的一个(应当是与所述智能抄表终端的加密密钥相同的一个)解密得到 所述唤醒原因码。 所述唤醒原因码用于告知所述智能抄表终端所述第一服 务器的需求。  Step 204: The smart meter reading terminal decrypts using one of the third key, the fourth key or the fifth key (should be the same one as the encryption key of the smart meter reading terminal) Describe the reason code. The wake-up reason code is used to inform the smart meter reading terminal of the demand of the first server.
可选的, 若上述过程中发现验证合法性失败, 或者解密失败, 可以直 接终止交互。  Optionally, if the verification validity fails in the above process, or the decryption fails, the interaction may be terminated directly.
如果是由所述智能抄表终端唤醒所述第一服务器, 可以参考图 3。  If the first server is awake by the smart meter reading terminal, reference may be made to FIG.
步骤 301、所述智能抄表终端使用所述第三密钥、 第四密钥或第五密钥 中的一个加密需要上报的业务, 发送给所述第一服务器。 所述第一服务器 使用所述第三密钥、 第四密钥或第五密钥中的一个(应当是与所述智能抄 表终端的加密密钥相同的一个)解密以获得所述上报的业务。 所述上报的 业务可以是例如本月的用电量等。 Step 301: The smart meter reading terminal uses one of the third key, the fourth key, or the fifth key to encrypt the service that needs to be reported, and sends the service to the first server. The first server Decrypting using one of the third key, the fourth key, or the fifth key (which should be the same as the encryption key of the smart meter reading terminal) to obtain the reported service. The reported service may be, for example, the power consumption of the month.
步骤 302、所述智能抄表终端接收第一服务器发送的唤醒原因码, 所述 唤醒原因码是所述第一服务器使用所述第三密钥、 第四密钥或第五密钥中 的一个加密的。  Step 302: The smart meter reading terminal receives a wake-up reason code sent by the first server, where the wake-up reason code is one of the third key, the fourth key, or the fifth key used by the first server. Encrypted.
步骤 303、所述智能抄表终端使用所述第三密钥、 第四密钥或第五密钥 中的一个(应当是与所述智能抄表终端的加密密钥相同的一个)解密得到 所述唤醒原因码, 以确认上报的业务被所述第一服务器正确接收。 所述唤 醒原因码是与上报的业务对应的原因码。  Step 303: The smart meter reading terminal decrypts using one of the third key, the fourth key or the fifth key (should be the same one as the encryption key of the smart meter reading terminal) The reason code is awakened to confirm that the reported service is correctly received by the first server. The wake reason code is a reason code corresponding to the reported service.
需要说明的是, 如果是所述第一服务器唤醒所述智能抄表终端, 则所 述智能抄表终端可以使用唤醒的方式向所述第一服务器上报业务数据。 该 上报可以是在所述第一服务器唤醒所述智能抄表终端后立即进行, 也可以 在一个预定时间段内进行。 可选的, 如果需要, 也可以建立 TLS链接进行 传递。建立 TLS链接的方式可以采用 TLS标准协议中关于 TLS链接恢复的 方案。 在此本发明实施例不再详述。  It should be noted that, if the first server wakes up the smart meter reading terminal, the smart meter reading terminal may report the service data to the first server by using a wake-up manner. The reporting may be performed immediately after the first server wakes up the smart meter reading terminal, or may be performed within a predetermined period of time. Optionally, a TLS link can also be established for delivery if needed. The way to establish a TLS link can use the TLS standard protocol for TLS link recovery. The embodiments of the present invention are not described in detail herein.
可以理解的是, 上述唤醒过程中, 始终在使用第三密钥、 第四密钥或 第五密钥中的一个作为加解密密钥。 为了进一步增加系统的安全性, 可以 对这里的密钥进行动态变换。 由于本发明实施例中的密钥是由种子密钥和 随机数生成的, 因此对二者中任何一个的改变, 都可以改变加解密的密钥。 当然, 也可以两者都改变。  It can be understood that, in the above wakeup process, one of the third key, the fourth key or the fifth key is always used as the encryption and decryption key. To further increase the security of the system, the keys here can be dynamically transformed. Since the key in the embodiment of the present invention is generated by the seed key and the random number, the encryption and decryption key can be changed for any of the changes. Of course, you can change both.
下面先介绍更新种子密钥的过程。 可以理解的是, 在本发明实施例中, 种子密钥可以随时更新。 本发明实施例推荐在图 1 所示的方法流程的 103 步骤中, 在所述 TLS链接建立之后, 进行一次种子密钥的更新。 具体的更 新方式可以是, 所述第一服务器产生第三种子密钥, 并通过 TLS链接将所 述第三种子密钥传递给所述智能抄表终端。 所述智能抄表终端向所述第一 服务器响应种子密钥接收成功。 所述第一服务器与所述智能抄表终端之间 的 TLS链接断开, 并使用所述第三种子密钥再次建立 TLS链接。 可选的, 若使用所述第三种子密钥建立 TLS连接失败, 所述智能抄表终端与所述第 一服务器可以使用所述第二种子密钥建立 TLS链接, 所述智能抄表终端向 所述第一服务器请求所述第三种子密钥, 然后重试使用所述第三种子密钥 建立 TLS链接。 可选的, 可以设定重试的次数, 例如 2次。 The process of updating the seed key is described below. It can be understood that in the embodiment of the present invention, the seed key can be updated at any time. The embodiment of the present invention recommends that in the step 103 of the method flow shown in FIG. 1, after the TLS link is established, the seed key is updated. The specific update manner may be that the first server generates a third seed key, and delivers the third seed key to the smart meter reading terminal through a TLS link. The smart meter reading terminal is to the first The server responded successfully that the seed key was received. The TLS link between the first server and the smart meter reading terminal is disconnected, and the TLS link is established again using the third seed key. Optionally, if the third seed key is used to establish a TLS connection, the smart meter reading terminal and the first server may establish a TLS link by using the second seed key, where the smart meter reading terminal The first server requests the third seed key and then retry to establish a TLS link using the third seed key. Optionally, you can set the number of retries, for example 2 times.
在第二种子密钥被更新为第三种子密钥的情况下, 上述唤醒过程中使 用的第三密钥、 第四密钥或第五密钥中的一个应当被替换为第三种子密钥 与第一、 第二或第三随机数生成的密钥中的一个。  In the case where the second seed key is updated to the third seed key, one of the third key, the fourth key, or the fifth key used in the above-described wakeup process should be replaced with the third seed key. One of the keys generated with the first, second or third random number.
可以理解的, 在所述智能抄表终端的使用过程中, 也有可能需要更新 种子密钥。 可能触发种子密钥更新的情况包括, 所述第二或第三种子密钥 的有效期到期, 或者智能抄表系统的密码系统升级等, 本发明实施例对此 不做限制。  It can be understood that during the use of the smart meter reading terminal, it is also possible to update the seed key. The case where the seed key update may be triggered includes the expiration of the validity period of the second or third seed key, or the cryptosystem upgrade of the smart meter reading system, etc., which is not limited by the embodiment of the present invention.
本发明实施例公开的一种种子密钥更新的方法可以参考图 4。需要说明 的是, 本实施例以第四种子密钥表示更新后的种子密钥, 以第三种子密钥 表示所述智能抄表终端当前的种子密钥, 但并不表示图示的更新过程必然 是所述智能抄表终端在使用中的第一次密钥更新。 本发明实施例的种子密 钥更新过程可以应用于任何一次种子密钥的更新。 在本发明实施例中, 种 子密钥的更新是由所述第一服务器发起的。 当所述第一服务器检测到设定 的更新所述智能抄表终端的种子密钥的条件成就时, 发起种子密钥更新过 程。  A method for updating a seed key disclosed in the embodiment of the present invention can refer to FIG. 4. It should be noted that, in this embodiment, the updated seed key is represented by the fourth seed key, and the current seed key of the smart meter reading terminal is represented by the third seed key, but the illustrated update process is not indicated. It must be the first key update of the smart meter reading terminal in use. The seed key update procedure of the embodiment of the present invention can be applied to any update of the seed key. In an embodiment of the invention, the update of the seed key is initiated by the first server. When the first server detects the set conditional achievement of updating the seed key of the smart meter reading terminal, the seed key update process is initiated.
步骤 401、 第一服务器向第二密钥服务器请求第四种子密钥, 该请求中 包含有需要使用该第四种子密钥的智能抄表终端的身份识别信息。 所述身 份识别信息可以是该终端的 IMEI、 IMSI和 MAC地址中的至少一个。  Step 401: The first server requests a second seed key from the second key server, where the request includes the identity identification information of the smart meter reading terminal that needs to use the fourth seed key. The identity identification information may be at least one of an IMEI, an IMSI, and a MAC address of the terminal.
步骤 402、所述第一服务器接收所述第二密钥服务器下发的第四种子密 钥。 所述第四种子密钥是由所述终端身份识别信息生成的。 步骤 403、 所述第一服务器唤醒所述智能抄表终端。 Step 402: The first server receives a fourth seed key delivered by the second key server. The fourth seed key is generated by the terminal identification information. Step 403: The first server wakes up the smart meter reading terminal.
所述步骤 403与步骤 401和步骤 402的时间顺序可以不做限定。 所述 唤醒所述智能抄表终端时, 原因码可以是通知所述智能抄表终端进行种子 密钥更新。  The chronological order of the step 403 and the step 401 and the step 402 may not be limited. When the smart meter reading terminal is woken up, the reason code may be to notify the smart meter reading terminal to perform seed key update.
步骤 404、所述第一服务器使用第三种子密钥建立与所述智能抄表终端 的通信连接。  Step 404: The first server establishes a communication connection with the smart meter reading terminal by using a third seed key.
步骤 405、所述第一服务器将所述第四种子密钥下发给所述智能抄表终 端。 所述智能抄表终端获取所述第四种子密钥后, 存储所述第四种子密钥。  Step 405: The first server sends the fourth seed key to the smart meter reading terminal. After the smart meter reading terminal acquires the fourth seed key, the fourth seed key is stored.
步骤 406、所述第一服务器接收来自所述智能抄表终端的第四种子密钥 接4史成功的响应。  Step 406: The first server receives a response from the fourth meter key of the smart meter reading terminal.
步骤 407、 所述第一服务器与所述智能抄表终端之间的 TLS链接断开, 并使用所述第四种子密钥再次建立 TLS链接。  Step 407: The TLS link between the first server and the smart meter reading terminal is disconnected, and the TLS link is established again by using the fourth seed key.
可选的, 若使用所述第三种子密钥建立 TLS连接失败, 所述第一服务 器可以使用所述第三种子密钥与所述智能抄表建立 TLS链接, 并向所述智 能抄表终端重发所述第四种子密钥, 然后重试使用所述第四种子密钥建立 TLS链接。 可选的, 可以设定重试的次数, 例如 2次。 可选的, 如果达到 重试次数上限后仍不成功, 可以继续使用所述第三种子密钥, 直到下次更 新种子密钥。 或者, 也可以定期重复更新过程, 直至更新成功。  Optionally, if the TLS connection fails to be established by using the third seed key, the first server may establish a TLS link with the smart meter reading by using the third seed key, and send the TLS link to the smart meter reading terminal. Resending the fourth seed key and then retrying to establish a TLS link using the fourth seed key. Optionally, you can set the number of retries, for example 2 times. Optionally, if the retries limit is reached, the third seed key may continue to be used until the next time the seed key is updated. Alternatively, you can repeat the update process periodically until the update is successful.
需要说明的是, 所述第一服务器可以与所述第二密钥服务器是同一服 务器, 也可以是不同的服务器。 如果是相同的服务器, 则图 4所示的流程 是该服务器的内部通信流程。 本发明实施例推荐这两个服务器分离, 但都 处于能源商的管理之下。 可以理解的, 前述的第一密钥服务器与所述第二 密钥服务器可以是不同的密钥服务器, 也可以是相同的密钥服务器。  It should be noted that the first server may be the same server as the second key server, or may be a different server. If it is the same server, the flow shown in Figure 4 is the internal communication flow of the server. The embodiment of the present invention recommends that the two servers be separated, but all are under the management of an energy provider. It can be understood that the foregoing first key server and the second key server may be different key servers, or may be the same key server.
通过应用图 4所示的方法, 所述智能抄表终端的种子密钥可以被远程 更新。 这种方便的, 有能源商控制的种子密钥更新方式, 且可以动态的更 新种子密钥, 有利于提高系统的安全性。 如前所述, 还可以动态的变更与种子密钥共同组成加解密密钥的随机 数, 来提供系统的安全性。 具体的, 可以在每一次 TLS链接断开之前, 所 述第一服务器向所述智能抄表终端发送第五随机数, 所述智能抄表终端向 所述第一服务器发送第六随机数。 在此后的唤醒过程中, 使用的第三密钥、 第四密钥或第五密钥中的一个应当被替换为当前的种子密钥与第五或第六 随机数生成的密钥中的一个。 当然, 可选的, 所述第五或第六随机数可以 是同一个随机数。 如果所述第五或第六随机数不同, 优选的, 所述第一服 务器发出的消息使用当前的种子密钥与第六随机数生成的密钥进行加密, 所述智能抄表终端发出的消息使用当前的种子密钥与第五随机数生成的密 钥进行加密。 可以理解的, 当 TLS链接再次断开前, 所述第一服务器与所 述智能抄表终端更新所述第五和第六随机数。 By applying the method shown in FIG. 4, the seed key of the smart meter reading terminal can be remotely updated. This convenient, energy-controlled seed key update method, and can dynamically update the seed key, is conducive to improving the security of the system. As mentioned above, it is also possible to dynamically change the random number of the encryption and decryption key together with the seed key to provide system security. Specifically, before the TLS link is disconnected, the first server sends a fifth random number to the smart meter reading terminal, and the smart meter reading terminal sends a sixth random number to the first server. In the subsequent wakeup process, one of the third key, the fourth key, or the fifth key used should be replaced with one of the current seed key and the key generated by the fifth or sixth random number. . Of course, optionally, the fifth or sixth random number may be the same random number. If the fifth or sixth random number is different, the message sent by the first server is encrypted by using the current seed key and the key generated by the sixth random number, and the message sent by the smart meter reading terminal is used. Encryption is performed using the current seed key and the key generated by the fifth random number. It can be understood that the first server and the smart meter reading terminal update the fifth and sixth random numbers before the TLS link is disconnected again.
可选的, 作为一个例子, 所述第一、 第二、 第三、 第四种子密钥, 都 可以是 64位, 所述第一、 第二、 第三、 第四随机数, 都可以是 16位, 所 述第五、 第六随机数, 可以是 32位。  Optionally, as an example, the first, second, third, and fourth seed keys may be 64 bits, and the first, second, third, and fourth random numbers may be 16 bits, the fifth and sixth random numbers, may be 32 bits.
通过应用上述更新随机数的方法, 唤醒过程的加解密密钥可以被动态 更新, 进一步增加了系统的安全性。 装置实施例  By applying the above method of updating random numbers, the encryption and decryption key of the wake-up process can be dynamically updated, further increasing the security of the system. Device embodiment
本发明实施例还公开了一种智能抄表终端。 该智能抄表终端的结构示 意图如图 5。 该智能抄表终端可以用在前述方法实施例中, 装置实施例部分 没有描述到的功能, 可以参考方法实施例部分。 该智能抄表终端包括处理 单元 501 , 存储单元 502和上行通信单元 503。  The embodiment of the invention also discloses a smart meter reading terminal. The structure of the smart meter reading terminal is shown in Figure 5. The smart meter reading terminal can be used in the foregoing method embodiments, and the functions not described in the device embodiment part can be referred to the method embodiment part. The smart meter reading terminal includes a processing unit 501, a storage unit 502, and an upstream communication unit 503.
所述存储单元 502用于储存第一种子密钥和第一随机数。  The storage unit 502 is configured to store the first seed key and the first random number.
所述上行通信单元 503用于与第一服务器进行通信。所述处理单元 501 用于通过所述上行通信单元 503接收来自所述第一服务器的推送消息, 所 述推送消息中含有第一密文, 所述第一密文是使用第一密钥对第二密文和 第二种子密钥进行加密后获得的, 所述第二密文是使用所述第二种子密钥 对所述第二种子密钥加密获得的, 所述第一密钥是由第一种子密钥和第一 随机数生成的, 所述第一种子密钥和第一随机数预置在所述第一服务器上, 所述第二种子密钥是所述第一服务器生成的。 所述处理单元 501还用于从 所述存储单元 502读取所述第一种子密钥和所述第一随机数, 使用所述第 一种子密钥和所述第一随机数生成所述第一密钥, 使用所述第一密钥解密 所述第一密文获得所述第二密文和第二种子密钥, 使用获得的所述第二种 子密钥解密所述第二密文获得副第二种子密钥。 所述处理单元 501还用于 比较所述获得的第二种子密钥和副第二种子密钥, 若相同, 则使用第二种 子密钥和第一随机数加密第二种子密钥正常接收的响应, 并将该响应通过 所述上行通信单元 503发送给所述第一服务器。 所述处理单元 501还用于 将所述第二种子密钥存储在所述存储单元 502 中, 并使用所述第二种子密 钥作为传输层安全协议中的预共享密钥, 建立所述智能抄表终端与所述第 一月良务器之间的数据链接。 The uplink communication unit 503 is configured to communicate with the first server. The processing unit 501 is configured to receive, by using the uplink communications unit 503, a push message from the first server, where the push message includes a first ciphertext, and the first ciphertext is a first key pair. Two ciphers and Obtained after the second seed key is encrypted, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, where the first key is secreted by the first seed And generating, by the first random number, the first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server. The processing unit 501 is further configured to read the first seed key and the first random number from the storage unit 502, and generate the first number by using the first seed key and the first random number. Decrypting the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypting the second ciphertext using the obtained second seed key Sub-second seed key. The processing unit 501 is further configured to compare the obtained second seed key and the second second seed key, if the same, use the second seed key and the first random number to encrypt the second seed key to be normally received. In response, the response is sent to the first server through the upstream communication unit 503. The processing unit 501 is further configured to store the second seed key in the storage unit 502, and use the second seed key as a pre-shared key in a transport layer security protocol to establish the smart A data link between the meter reading terminal and the first month server.
可选的, 所述智能抄表终端可以在更新第二种子密钥之前验证所述第 一服务器的身份。 则所述处理单元 501还用于生成第二随机数, 并通过所 述上行通信单元 503将所述第二随机数携带在设备安装请求消息中发送给 所述第一服务器, 所述设备安装请求消息是作为短消息发送的。 所述处理 单元 501还用于通过所述上行通信单元 503接收来自所述第一服务器的短 消息, 所述短消息中携带有所述第二随机数和第三随机数, 所述第三随机 数是所述第一服务器生成的。 所述处理单元 501还用于验证所述第一服务 器发送所述短消息的号码以及所述第二随机数的合法性, 若合法, 则使用 所述第三随机数与第一种子密钥生成第二密钥, 用所述第二密钥加密所述 智能抄表终端的终端身份识别信息, 通过所述上行通信单元 503发送给所 述第一服务器。  Optionally, the smart meter reading terminal may verify the identity of the first server before updating the second seed key. The processing unit 501 is further configured to generate a second random number, and the second random number is carried in the device installation request message by the uplink communication unit 503, and sent to the first server, where the device installation request is sent. The message is sent as a short message. The processing unit 501 is further configured to receive, by using the uplink communication unit 503, a short message from the first server, where the short message carries the second random number and a third random number, where the third random number The number is generated by the first server. The processing unit 501 is further configured to verify that the first server sends the number of the short message and the validity of the second random number, and if it is legal, generate the third random number and the first seed key. And a second key, the terminal identification information of the smart meter reading terminal is encrypted by the second key, and sent to the first server by the uplink communication unit 503.
或者, 所述处理单元 501还用于使用所述第一随机数与第一种子密钥 生成所述第一密钥, 用所述第一密钥加密所述智能抄表终端的终端身份识 别信息, 并携带在设备安装请求消息中通过所述上行通信单元 503发送给 所述第一服务器。 Or the processing unit 501 is further configured to use the first random number and the first seed key Generating the first key, encrypting the terminal identification information of the smart meter reading terminal with the first key, and carrying the information in the device installation request message to the first server by using the uplink communication unit 503 .
可选的, 所述智能抄表终端还能够在安装过程中更新所述第二种子密 钥, 则所述处理单元 501还用于通过所述上行通信单元 503与所述第一服 务器建立的传输层安全链接接收来自所述第一服务器的第三种子密钥, 所 述第三种子密钥是由所述第一服务器产生的。 所述处理单元 501还用于通 过所述上行通信单元 503 向所述第一服务器响应种子密钥接收成功。 所述 处理单元 501还用于产生第五随机数, 并通过所述上行通信单元 503向所 述第一服务器发送所述第五随机数。 所述处理单元 501还用于通过所述上 行通信单元 503从所述第一服务器接收第六随机数, 并把所述第五随机数 和第六随机数存储到存储单元 502。  Optionally, the smart meter reading terminal is further configured to update the second seed key during the installation process, and the processing unit 501 is further configured to use the uplink communication unit 503 to establish a transmission with the first server. The layer secure link receives a third seed key from the first server, the third seed key being generated by the first server. The processing unit 501 is further configured to respond to the first server by using the uplink communication unit 503 to successfully receive the seed key. The processing unit 501 is further configured to generate a fifth random number, and send the fifth random number to the first server by using the uplink communication unit 503. The processing unit 501 is further configured to receive a sixth random number from the first server by using the uplink communication unit 503, and store the fifth random number and the sixth random number to the storage unit 502.
所述处理单元 501还用于使用所述第三种子密钥通过所述上行通信单 元 503建立所述智能抄表终端与所述第一服务器之间的传输层安全链接, 若成功, 则在断开所述传输层安全链接前, 更新所述第五随机数, 并通过 所述上行通信单元 503 向所述第一服务器发送所述更新后的第五随机数。 所述处理单元 501还用于通过所述上行通信单元 503从所述第一服务器接 收更新的第六随机数, 并把所述第三种子密钥和更新后的第五随机数、 第 六随机数存储到存储单元 502中。  The processing unit 501 is further configured to establish, by using the third seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit 503, if successful, Before the transport layer secure link is opened, the fifth random number is updated, and the updated fifth random number is sent to the first server by using the uplink communication unit 503. The processing unit 501 is further configured to receive, by the uplink communication unit 503, an updated sixth random number from the first server, and the third seed key and the updated fifth random number, the sixth random number. The number is stored in the storage unit 502.
可选的, 所述智能抄表终端还用于唤醒所述第一服务器, 则所述处理 单元 501还用于使用第三种子密钥和所述第五随机数生成的密钥加密需要 上报的业务, 通过所述上行通信单元 503发送给所述第一服务器。 所述处理 单元 501还用于通过所述上行通信单元 503接收所述第一服务器发送的唤醒 原因码, 所述唤醒原因码是所述第一服务器使用所述第三种子密钥和所述 第六随机数生成的密钥加密的。 所述处理单元 501还用于使用所述第三种子 密钥和所述第六随机数生成的密钥解密获得所述唤醒原因码, 所述唤醒原 因码是与所述上报的业务响应的原因码。 Optionally, the smart meter reading terminal is further configured to wake up the first server, and the processing unit 501 is further configured to use the third seed key and the key generated by the fifth random number to encrypt the report that needs to be reported. The service is sent to the first server by the uplink communication unit 503. The processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wake-up reason code sent by the first server, where the wake-up reason code is that the first server uses the third seed key and the first Six random numbers generated by the key are encrypted. The processing unit 501 is further configured to obtain, by using the third seed key and the key generated by the sixth random number, the wake-up reason code, where the wake-up original is obtained. The code is the reason code with the reported service response.
可选的, 所述智能抄表终端还可以被所述第一服务器唤醒, 则所述处 理单元 501还用于通过所述上行通信单元 503接收来自所述第一服务器的唤 醒消息, 所述唤醒消息携带有第四随机数, 所述唤醒消息通过短消息的方 式发送。 所述处理单元 501还用于验证所述短消息的发送号码的合法性, 若 合法, 则使用所述第三种子密钥和所述第五随机数生成的密钥加密所述智 能抄表终端的终端身份识别信息以及所述第四随机数, 并通过所述上行通 信单元 503发送给所述第一服务器以作为对所述唤醒消息的响应。 所述处理 单元 501还用于通过所述上行通信单元 503接收所述第一服务器发送的唤醒 原因码, 所述唤醒原因码是所述第一服务器使用所述第三种子密钥和所述 第六随机数生成的密钥加密的。 所述处理单元 501还用于使用所述第三种子 密钥和所述第六随机数生成的密钥解密获得所述唤醒原因码。  Optionally, the smart meter reading terminal is further awake by the first server, and the processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wakeup message from the first server, where the wakeup The message carries a fourth random number, and the wake-up message is sent by means of a short message. The processing unit 501 is further configured to verify validity of the sending number of the short message, and if valid, encrypt the smart meter reading terminal by using the third seed key and the key generated by the fifth random number. The terminal identification information and the fourth random number are sent to the first server by the uplink communication unit 503 as a response to the wake-up message. The processing unit 501 is further configured to receive, by using the uplink communication unit 503, a wake-up reason code sent by the first server, where the wake-up reason code is that the first server uses the third seed key and the first Six random numbers generated by the key are encrypted. The processing unit 501 is further configured to obtain the wake-up reason code by using the third seed key and the key generated by the sixth random number.
可选的, 所述智能抄表终端还可在使用的过程中更新种子密钥。 则若 所述唤醒原因码为种子密钥更新通知, 则所述处理单元 501还用于通过所述 上行通信单元 503与所述第一服务器使用所述第三种子密钥建立传输层安 全链接。 所述处理单元 501还用于通过所述上行通信单元 503接收来自所述 第一服务器的第四种子密钥, 并向通过所述上行通信单元 503所述第一服务 器发送第四种子密钥接收成功的响应, 所述第四种子密钥是由所述终端身 份识别信息生成的。  Optionally, the smart meter reading terminal may further update the seed key during use. Then, if the wake-up reason code is a seed key update notification, the processing unit 501 is further configured to establish, by using the uplink communication unit 503, the transport layer security link with the first server by using the third seed key. The processing unit 501 is further configured to receive a fourth seed key from the first server by using the uplink communication unit 503, and send a fourth seed key to the first server by using the uplink communication unit 503. In response to the success, the fourth seed key is generated by the terminal identification information.
所述处理单元 501还用于使用所述第四种子密钥, 通过所述上行通信单 元 503建立所述智能抄表终端与所述第一服务器之间的传输层安全链接, 若 成功, 则在断开所述传输层安全链接前, 更新所述第五随机数, 并通过所 述上行通信单元 503向所述第一服务器发送所述更新后的第五随机数。 所述 处理单元 501还用于通过所述上行通信单元 503从所述第一服务器接收更新 的第六随机数, 并把所述第四种子密钥和更新后的第五随机数、 第六随机 数存储到存储单元 502中。 可以理解的是, 所述智能抄表终端可以是一个电力网关。 The processing unit 501 is further configured to establish, by using the fourth seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit 503, if successful, Before the transport layer secure link is disconnected, the fifth random number is updated, and the updated fifth random number is sent to the first server by the uplink communication unit 503. The processing unit 501 is further configured to receive, by the uplink communication unit 503, an updated sixth random number from the first server, and send the fourth seed key and the updated fifth random number, the sixth random number. The number is stored in the storage unit 502. It can be understood that the smart meter reading terminal can be a power gateway.
通过应用上述公开的智能抄表终端, 可以动态的分配种子密钥以及随 机数, 有效的提高了系统的安全性。 本发明实施例还公开了一种服务器。 该服务器的结构示意图如图 6。 所述服务器包括处理单元 601 , 存储单元 602和第一通信单元 603。 所 述第一通信单元 603用于与智能抄表终端通信。 所述处理单元 601用于生 成第二种子密钥, 并通过所述第一通信单元 603 向智能抄表终端发送推送 消息, 所述推送消息中含有第一密文, 所述第一密文是所述处理单元 601 使用第一密钥对第二密文和第二种子密钥进行加密后获得的, 所述第二密 文是使用所述第二种子密钥对所述第二种子密钥加密获得的, 所述第一密 钥是由第一种子密钥和第一随机数生成的。 所述存储单元 602用于存储所 述第一种子密钥和第一随机数。 所述处理单元 601还用于通过所述第一通 信单元 603接收来自所述智能抄表终端的第二种子密钥正常接收的响应, 所述第二种子密钥正常接收的响应是使用第二种子密钥和第一随机数加密 的。 所述处理单元 601还用于通过所述第一通信单元 603与所述智能抄表 终端使用所述第二种子密钥作为传输层安全协议中的预共享密钥, 建立所 述智能抄表终端与所述服务器之间的数据链接。  By applying the smart meter reading terminal disclosed above, the seed key and the random number can be dynamically allocated, thereby effectively improving the security of the system. The embodiment of the invention also discloses a server. The structure of the server is shown in Figure 6. The server includes a processing unit 601, a storage unit 602, and a first communication unit 603. The first communication unit 603 is for communicating with a smart meter reading terminal. The processing unit 601 is configured to generate a second seed key, and send a push message to the smart meter reading terminal by using the first communication unit 603, where the push message includes a first ciphertext, and the first ciphertext is The processing unit 601 obtains the second ciphertext and the second seed key by using the first key, and the second ciphertext is to use the second seed key to the second seed key. Obtained, the first key is generated by the first seed key and the first random number. The storage unit 602 is configured to store the first seed key and the first random number. The processing unit 601 is further configured to receive, by using the first communication unit 603, a response that is received by the second seed key of the smart meter reading terminal, and the second seed key receives the response normally by using the second The seed key and the first random number are encrypted. The processing unit 601 is further configured to establish, by using the first communication unit 603 and the smart meter reading terminal, the second seed key as a pre-shared key in a transport layer security protocol, to establish the smart meter reading terminal. A data link with the server.
可选的, 在分配第二种子密钥之前, 还可以对智能抄表终端的合法性 进行验证。 则所述处理单元 601还用于通过所述第一通信单元 603接收来自 所述智能抄表终端的设备安装请求消息, 所述设备安装请求消息包含第二 随机数, 所述设备安装请求消息是作为短消息发送的, 所述第二随机数是 所述智能抄表终端生成的。 所述处理单元 601验证所述短消息的发送号码是 否合法, 如果合法, 则生成第三随机数, 并将所述第二随机数和所述第三 随机数通过所述第一通信单元 603以短消息的方式发送给所述智能抄表终 端。 所述处理单元 601通过所述第一通信单元 603接收来自所述智能抄表终 端的终端身份识别信息, 所述终端身份识别信息是使用所述第三随机数与 第一种子密钥生成的第二密钥加密的。 所述处理单元 601使用所述第三随机 数与第一种子密钥生成第二密钥, 用所述第二密钥解密所述智能抄表终端 发送的数据得到所述智能抄表终端的终端身份识别信息, 并验证所述终端 身份识别信息的合法性, 若合法, 则生成所述第二种子密钥。 Optionally, the legality of the smart meter reading terminal may also be verified before the second seed key is allocated. The processing unit 601 is further configured to receive, by using the first communication unit 603, a device installation request message from the smart meter reading terminal, where the device installation request message includes a second random number, and the device installation request message is As the short message is sent, the second random number is generated by the smart meter reading terminal. The processing unit 601 verifies whether the sending number of the short message is legal. If it is legal, generates a third random number, and passes the second random number and the third random number to the first communication unit 603. The short message is sent to the smart meter reading terminal. The processing unit 601 receives, by the first communication unit 603, the smart meter reading terminal End terminal identification information, the terminal identification information is encrypted by using the third random number and the second key generated by the first seed key. The processing unit 601 generates a second key by using the third random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the second key to obtain the terminal of the smart meter reading terminal. And identifying the legality of the terminal identification information, and if so, generating the second seed key.
或者, 所述处理单元 601通过所述第一通信单元 603接收来自所述智能 抄表终端的设备安装请求消息, 所述的设备安装请求消息中携带有终端身 份识别信息, 所述终端身份识别信息是使用所述第一随机数与第一种子密 钥生成的所述第一密钥加密的。 所述处理单元 601使用所述第一随机数与所 述第一种子密钥生成所述第一密钥, 用所述第一密钥解密所述智能抄表终 端发送的数据得到所述智能抄表终端的终端身份识别信息, 并验证所述终 端身份识别信息的合法性, 若合法, 则生成所述第二种子密钥。  Alternatively, the processing unit 601 receives, by the first communication unit 603, a device installation request message from the smart meter reading terminal, where the device installation request message carries terminal identity identification information, and the terminal identity identification information Encrypted using the first key generated by the first random number and the first seed key. The processing unit 601 generates the first key by using the first random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the first key to obtain the smart copy The terminal identification information of the terminal is verified, and the validity of the terminal identification information is verified. If the terminal is legal, the second seed key is generated.
可选的, 在所述智能抄表终端的安装过程中, 所述服务器可以下发新 的种子密钥。 则所述处理单元 601通过所述第一通信单元 603与所述智能抄 表终端之间的传输层安全链接建立之后, 所述处理单元 601生成第三种子密 钥, 并通过所述第一通信单元 603向所述智能抄表终端发送所述第三种子密 钥。 所述处理单元 601接收来自所述智能抄表终端的种子密钥接收成功响 应; 在所述传输层安全链接断开前, 所述处理单元 601生成第五随机数, 并 通过所述第一通信单元 603向所述智能抄表终端发送所述第五随机数, 所述 处理单元 601还通过所述第一通信单元 603并接收来自所述智能抄表终端的 第六随机数, 所述处理单元 601还用于将所述第五随机数和所述第六随机数 存储到存储单元 602中。  Optionally, the server may deliver a new seed key during the installation of the smart meter reading terminal. After the processing unit 601 establishes a secure link through the transport layer between the first communication unit 603 and the smart meter reading terminal, the processing unit 601 generates a third seed key, and passes the first communication. The unit 603 sends the third seed key to the smart meter reading terminal. The processing unit 601 receives a seed key receiving success response from the smart meter reading terminal; before the transport layer secure link is disconnected, the processing unit 601 generates a fifth random number, and passes the first communication The unit 603 sends the fifth random number to the smart meter reading terminal, and the processing unit 601 further passes the first communication unit 603 and receives a sixth random number from the smart meter reading terminal, where the processing unit The 601 is further configured to store the fifth random number and the sixth random number into the storage unit 602.
所述处理单元 601还用于使用所述第三种子密钥通过所述第一通信单 元 603建立与所述服务器之间的传输层安全链接, 若成功, 则在断开所述传 输层安全链接前, 所述处理单元 601生成更新的第五随机数, 并通过所述第 一通信单元 603向所述智能抄表终端发送所述更新的第五随机数, 所述处理 单元 601还通过所述第一通信单元 603并接收来自所述智能抄表终端的更新 的第六随机数, 所述处理单元 601还用于将所述第三种子密钥和所述更新的 第五随机数和所述更新的第六随机数存储到存储单元 602中。 The processing unit 601 is further configured to establish, by using the third seed key, a transport layer secure link with the server by using the first communication unit 603, and if successful, disconnecting the transport layer secure link The processing unit 601 generates an updated fifth random number, and sends the updated fifth random number to the smart meter reading terminal by using the first communication unit 603, where the processing is performed. The unit 601 also passes the first communication unit 603 and receives an updated sixth random number from the smart meter reading terminal, and the processing unit 601 is further configured to use the third seed key and the updated The five random numbers and the updated sixth random number are stored in the storage unit 602.
可选的, 所述服务器还可以唤醒所述智能抄表终端, 则所述处理单元 601还用于通过所述第一通信单元 603向所述智能抄表终端发送唤醒消息, 所述唤醒消息携带有第四随机数, 所述唤醒消息通过短消息的方式发送; 所述处理单元 601还用于通过所述第一通信单元 603接收来自所述智能 抄表终端的唤醒消息响应, 所述唤醒消息响应是所述智能抄表终端使用所 述第三种子密钥和所述第五随机数生成的密钥加密所述智能抄表终端的终 端身份识别信息以及所述第四随机数生成的;  Optionally, the server may further wake up the smart meter reading terminal, and the processing unit 601 is further configured to send, by using the first communication unit 603, a wakeup message to the smart meter reading terminal, where the wakeup message carries There is a fourth random number, the wake-up message is sent by means of a short message; the processing unit 601 is further configured to receive, by the first communication unit 603, a wake-up message response from the smart meter reading terminal, the wake-up message The response is that the smart meter reading terminal encrypts the terminal identification information of the smart meter reading terminal and the fourth random number by using the third seed key and the key generated by the fifth random number;
所述处理单元 601还用于使用所述第三种子密钥和所述第五随机数生 成的密钥解密所述唤醒消息响应, 对所述终端身份识别信息以及所述第四 随机数进行 3 证; 若 3 证通过, 则生成唤醒原因码, 并通过所述第一通信 单元 603向所述智能抄表终端发送唤醒原因码, 所述唤醒原因码是所述处理 单元 601使用所述第三种子密钥和所述第六随机数生成的密钥加密的。  The processing unit 601 is further configured to decrypt the wake-up message response by using the third seed key and the key generated by the fifth random number, and perform the terminal identification information and the fourth random number. If the card passes, generating a wake-up reason code, and sending, by the first communication unit 603, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is that the processing unit 601 uses the third The seed key and the key generated by the sixth random number are encrypted.
可选的, 所述服务器可以使用唤醒的方式来更新所述智能抄表终端的 种子密钥, 则所述唤醒原因码为种子密钥更新通知。 所述处理单元 601通过 所述第一通信单元 603与所述智能抄表终端使用所述第三种子密钥建立传 输层安全链接; 所述处理单元 601生成第四种子密钥, 并通过所述第一通信 单元 603向所述智能抄表终端发送所述第四种子密钥, 所述第四种子密钥是 由所述终端身份识别信息生成的; 所述处理单元 601通过所述第一通信单元 603接收来自所述智能抄表终端的第四种子密钥接收成功的响应。  Optionally, the server may update the seed key of the smart meter reading terminal by using a wake-up manner, and the wake-up reason code is a seed key update notification. The processing unit 601 establishes a transport layer secure link with the smart meter reading terminal by using the third seed key by the first communication unit 603; the processing unit 601 generates a fourth seed key, and passes the The first communication unit 603 sends the fourth seed key to the smart meter reading terminal, where the fourth seed key is generated by the terminal identity identification information; the processing unit 601 passes the first communication Unit 603 receives a response from the smart meter reading terminal that the fourth seed key was successfully received.
所述处理单元 601还用于使用所述第四种子密钥通过所述第一通信单 元 603建立所述与所述智能抄表终端之间的传输层安全链接, 若成功, 则在 断开所述传输层安全链接前, 所述处理单元 601生成更新的第五随机数, 并 通过所述第一通信单元 603向所述智能抄表终端发送所述更新的第五随机 数, 所述处理单元 601还通过所述第一通信单元 603并接收来自所述智能抄 表终端的更新的第六随机数, 所述处理单元 601还用于将所述第四种子密钥 和所述更新的第五随机数和所述更新的第六随机数存储到存储单元 602中。 The processing unit 601 is further configured to establish, by using the fourth seed key, the transport layer secure link between the smart meter reading terminal and the smart meter reading terminal, and if successful, disconnect Before the transport layer secure link, the processing unit 601 generates an updated fifth random number, and sends the updated fifth random to the smart meter reading terminal by using the first communication unit 603. The processing unit 601 further passes the first communication unit 603 and receives an updated sixth random number from the smart meter reading terminal, and the processing unit 601 is further configured to use the fourth seed key and The updated fifth random number and the updated sixth random number are stored in the storage unit 602.
可选的, 若所述服务器不自己产生第四种子密钥, 则还可以包括第二 通信单元 604, 用于与第二密钥服务器通信。 所述处理单元 601还用于通过 所述第二通信单元 604向第二密钥服务器请求第四种子密钥, 该请求中包含 有需要使用该第四种子密钥的智能抄表终端的身份识别信息; 所述处理单 元 601还用于通过所述第二通信单元 604接收所述第二密钥服务器下发的第 四种子密钥。  Optionally, if the server does not generate the fourth seed key by itself, the second communication unit 604 may be further included to communicate with the second key server. The processing unit 601 is further configured to request, by the second communication unit 604, a fourth seed key to the second key server, where the request includes the identity of the smart meter reading terminal that needs to use the fourth seed key. The processing unit 601 is further configured to receive, by using the second communication unit 604, a fourth seed key that is sent by the second key server.
可选的, 所述服务器还可以被所述智能抄表终端唤醒, 则所述处理单 元 601还用于接收来自所述智能抄表终端的上报的业务, 所述上报的业务是 使用第三种子密钥和所述第五随机数生成的密钥加密的; 所述处理单元 601 还用于使用第三种子密钥和所述第五随机数生成的密钥解密所述上报的业 务, 并生成唤醒原因码, 通过所述第一通信单元 603向所述智能抄表终端发 送唤醒原因码, 所述唤醒原因码是所述第一服务器使用所述第三种子密钥 和所述第六随机数生成的密钥加密的。  Optionally, the server is further awake by the smart meter reading terminal, and the processing unit 601 is further configured to receive the reported service from the smart meter reading terminal, where the reported service uses a third seed. The key and the key generated by the fifth random number are encrypted; the processing unit 601 is further configured to decrypt the reported service by using a third seed key and a key generated by the fifth random number, and generate Wake up the reason code, send, by the first communication unit 603, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is that the first server uses the third seed key and the sixth random number The generated key is encrypted.
通过应用上述服务器, 可以动态的为智能抄表终端分配种子密钥和随 机数, 有效的提高了系统的安全性。 可以理解的, 所述第一通信单元 603可以是无线通信单元, 例如 GPRS 单元, 或者 3G或 4G通信单元, 其通信模式应当与所述智能抄表终端的上 行通信单元 303对应。 所述第二通信单元 604可以是有线或者无线通信单 元。 所述服务器是上述方法和装置实施例中所称的第一服务器, 其例如可 以是能源商的 HES服务器。 通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到 本发明可借助软件加必需的通用硬件平台的方式来实现, 当然也可以通过 硬件, 但很多情况下前者是更佳的实施方式。 基于这样的理解, 本发明的 体现出来, 该计算机软件产品存储在可读取的存储介质中, 如计算机的软 盘, 硬盘或光盘等, 包括若干指令用以使得一台计算机设备(可以是个人 计算机, 服务器, 或者网络设备等)执行本发明各个实施例所述的方法。 By applying the above server, the seed key and the random number can be dynamically allocated to the smart meter reading terminal, thereby effectively improving the security of the system. It can be understood that the first communication unit 603 can be a wireless communication unit, such as a GPRS unit, or a 3G or 4G communication unit, and its communication mode should correspond to the uplink communication unit 303 of the smart meter reading terminal. The second communication unit 604 can be a wired or wireless communication unit. The server is the first server referred to in the above method and apparatus embodiment, which may be, for example, an energy provider's HES server. Through the description of the above embodiments, those skilled in the art can clearly understand The invention can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware, but in many cases the former is a better implementation. Based on the understanding of the present invention, the computer software product is stored in a readable storage medium, such as a floppy disk, a hard disk or an optical disk of a computer, and includes a plurality of instructions for causing a computer device (which may be a personal computer) The server, or network device, etc.) performs the methods described in various embodiments of the present invention.
以上实施例仅用以说明本发明的技术方案, 而非对其限制; 尽管参照 前述实施例对本发明进行了详细的说明, 本领域的普通技术人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或者对其中部分 技术特征进行等同替换; 而这些修改或者替换, 并不使相应技术方案的本 质脱离本发明各实施例技术方案的范围。  The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that The technical solutions are modified, or some of the technical features are replaced by equivalents; and the modifications or substitutions do not deviate from the scope of the technical solutions of the embodiments of the present invention.

Claims

权利要求 Rights request
1、 一种基于传输层安全的密钥传递方法, 其特征在于, 包括: 智能抄表终端接收来自第一服务器的推送消息, 所述推送消息中含有 第一密文, 所述第一密文是使用第一密钥对第二密文和第二种子密钥进行 加密后获得的, 所述第二密文是使用所述第二种子密钥对所述第二种子密 钥加密获得的, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所 述第一种子密钥和第一随机数预置在所述第一服务器上, 所述第二种子密 钥是所述第一服务器生成的;  A method for transmitting a key based on a transport layer security, comprising: a smart meter reading terminal receiving a push message from a first server, wherein the push message includes a first ciphertext, the first ciphertext Obtaining, after the second ciphertext and the second seed key are encrypted by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key, The first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset on the first server, and the second seed key is Is generated by the first server;
所述智能抄表终端使用所述第一密钥解密所述第一密文获得所述第二 密文和第二种子密钥, 使用获得的所述第二种子密钥解密所述第二密文获 得副第二种子密钥, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所述第一种子密钥和第一随机数预置在所述智能抄表终端上;  The smart meter reading terminal decrypts the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypts the second secret by using the obtained second seed key Obtaining a second second seed key, where the first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset in the smart meter reading On the terminal;
若所述第二种子密钥与所述副第二种子密钥相同, 则使用第二种子密 钥和第一随机数加密第二种子密钥正常接收的响应, 并将该响应发送给所 述第一服务器;  If the second seed key is the same as the second second seed key, the second seed key and the first random number are used to encrypt the response normally received by the second seed key, and the response is sent to the First server;
所述智能抄表终端与所述第一服务器使用所述第二种子密钥作为传输 层安全协议中的预共享密钥, 建立所述智能抄表终端与所述第一服务器之 间的数据链接。  The smart meter reading terminal and the first server use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
2、 如权利要求 1所述的方法, 其特征在于, 所述第一密钥由所述第 一种子密钥和所述第一随机数生成具体为, 将所述第一种子密钥和所述第 一随机数的字符按照一定的规律排列而生成所述第一密钥, 或者将所述第 一种子密钥和所述第一随机数按照既定的算法生成所述第一密钥。  2. The method according to claim 1, wherein the first key is generated by the first seed key and the first random number, specifically, the first seed key and the The characters of the first random number are arranged according to a certain regularity to generate the first key, or the first seed key and the first random number are generated according to a predetermined algorithm.
3、 如权利要求 1或 2所述的方法,其特征在于,所述方法之前还包括, 所述智能抄表终端生成第二随机数, 并将所述第二随机数携带在设备 安装请求消息中发送给所述第一服务器, 所述设备安装请求消息是作为短 消息发送的; 所述智能抄表终端接收来自所述第一服务器的短消息, 所述短消息中 携带有所述第二随机数和第三随机数, 所述第三随机数是所述第一服务器 生成的; The method according to claim 1 or 2, wherein the method further comprises: the smart meter reading terminal generating a second random number, and carrying the second random number in a device installation request message Transmitting to the first server, the device installation request message is sent as a short message; The smart meter reading terminal receives a short message from the first server, where the short message carries the second random number and a third random number, where the third random number is generated by the first server ;
所述智能抄表终端验证所述第一服务器发送所述短消息的号码以及所 述第二随机数的合法性, 若合法, 则使用所述第三随机数与第一种子密钥 生成第二密钥, 用所述第二密钥加密所述智能抄表终端的终端身份识别信 息, 并发送给所述第一服务器, 以使所述第一服务器使用所述第三随机数 与第一种子密钥生成第二密钥, 用所述第二密钥解密所述智能抄表终端发 送的数据得到所述智能抄表终端的终端身份识别信息, 并验证所述终端身 份识别信息的合法性, 若合法, 则生成所述第二种子密钥。  The smart meter reading terminal verifies the first server to send the number of the short message and the legality of the second random number, and if it is legal, use the third random number and the first seed key to generate a second a key, the terminal identification information of the smart meter reading terminal is encrypted by the second key, and sent to the first server, so that the first server uses the third random number and the first seed Generating a second key, decrypting data sent by the smart meter reading terminal with the second key to obtain terminal identification information of the smart meter reading terminal, and verifying legality of the terminal identification information, If legal, the second seed key is generated.
4、 如权利要求 1或 2所述的方法,其特征在于,所述方法之前还包括, 所述智能抄表终端使用所述第一随机数与第一种子密钥生成所述第一 密钥, 用所述第一密钥加密所述智能抄表终端的终端身份识别信息, 并携 带在发送给所述第一服务器的设备安装请求消息中, 以使所述第一服务器 使用所述第一随机数与所述第一种子密钥生成所述第一密钥, 用所述第一 密钥解密所述智能抄表终端发送的数据得到所述智能抄表终端的终端身份 识别信息, 并验证所述终端身份识别信息的合法性, 若合法, 则生成所述 第二种子密钥。  The method according to claim 1 or 2, wherein the method further comprises: the smart meter reading terminal generating the first key by using the first random number and the first seed key Encrypting the terminal identification information of the smart meter reading terminal with the first key, and carrying the device in the device installation request message sent to the first server, so that the first server uses the first Generating the first key with the first seed key by the random number, decrypting the data sent by the smart meter reading terminal with the first key, obtaining the terminal identification information of the smart meter reading terminal, and verifying If the legality of the terminal identification information is legal, the second seed key is generated.
5、 如权利要求 3或 4所述的方法, 其特征在于, 所述终端身份识别信 息是该终端的国际移动设备身份码, 国际移动用户识别码和媒体接入控制 地址中的至少一个。  The method according to claim 3 or 4, wherein the terminal identity identification information is at least one of an international mobile device identity code, an international mobile subscriber identity, and a media access control address of the terminal.
6、 如权利要求 1至 5所述的任一方法, 其特征在于, 若所述第二种子 密钥与所述副第二种子密钥不同, 则所述智能抄表终端可以向所述第一服 务器发送第二种子密钥请求消息, 所述第二种子密钥请求消息使用所述第 一密钥进行加解密。  6. The method according to any one of claims 1 to 5, wherein, if the second seed key is different from the secondary second seed key, the smart meter reading terminal may A server sends a second seed key request message, and the second seed key request message is encrypted and decrypted using the first key.
7、 如权利要求 1至 3或 5所述的任一方法, 其特征在于, 若所述第二 种子密钥与所述副第二种子密钥不同, 则所述智能抄表终端可以向所述第 一服务器发送第二种子密钥请求消息, 所述第二种子密钥请求消息使用所 述第二密钥或所述第一种子密钥与所述第二随机数生成的第六密钥进行加 解密。 7. The method according to any one of claims 1 to 3 or 5, wherein if said second The smart card reading terminal may send a second seed key request message to the first server, where the second seed key request message is used. The second key or the first seed key is encrypted and decrypted with the sixth key generated by the second random number.
8、 如权利要求 1至 7所述的任一方法, 其特征在于, 所述第一种子密 钥是由所述终端身份识别信息生成的。  8. The method according to any one of claims 1 to 7, wherein the first seed key is generated by the terminal identification information.
9、 如权利要求 1至 8所述的任一方法,其特征在于,所述方法还包括: 在所述智能抄表终端与所述第一服务器之间的传输层安全链接建立之 后, 所述智能抄表终端接收来自所述第一服务器的第三种子密钥, 所述第 三种子密钥是由所述第一服务器产生的;  9. The method according to any one of claims 1 to 8, wherein the method further comprises: after the transport layer secure link between the smart meter reading terminal and the first server is established, The smart meter reading terminal receives a third seed key from the first server, and the third seed key is generated by the first server;
所述智能抄表终端向所述第一服务器响应种子密钥接收成功; 在所述传输层安全链接断开前, 所述智能抄表终端接收来自所述第一 服务器的第五随机数, 所述智能抄表终端向所述第一服务器发送第六随机 数。  Receiving, by the smart meter reading terminal, the seed key is successfully received in response to the first server; before the transport layer security link is disconnected, the smart meter reading terminal receives a fifth random number from the first server, where The smart meter reading terminal sends a sixth random number to the first server.
10、 如权利要求 9所述的方法, 其特征在于, 所述方法还包括: 使用所述第三种子密钥建立所述智能抄表终端与所述第一服务器之间 的传输层安全链接, 若成功, 则在断开所述传输层安全链接前更新所述第 五随机数和所述第六随机数, 将保存的所述第二种子密钥替换为所述第三 种子密钥。  The method according to claim 9, wherein the method further comprises: establishing, by using the third seed key, a transport layer secure link between the smart meter reading terminal and the first server, If successful, updating the fifth random number and the sixth random number before disconnecting the transport layer secure link, and replacing the saved second seed key with the third seed key.
11、 如权利要求 10所述的方法, 其特征在于, 所述方法还包括: 若使 用所述第三种子密钥建立所述智能抄表终端与所述第一服务器之间的传输 层安全链接失败, 则使用所述第二种子密钥建立所述智能抄表终端与所述 第一服务器之间的传输层安全链接, 重新下发所述第三种子密钥。  The method according to claim 10, wherein the method further comprises: if the third seed key is used to establish a transport layer secure link between the smart meter reading terminal and the first server If the failure occurs, the second seed key is used to establish a transport layer secure link between the smart meter reading terminal and the first server, and the third seed key is re-issued.
12、 如权利要求 1至 10所述的任一方法, 其特征在于, 所述方法还包 括:  12. The method of any one of claims 1 to 10, wherein the method further comprises:
所述智能抄表终端接收来自所述第一服务器的唤醒消息, 所述唤醒消 息携带有第四随机数, 所述唤醒消息通过短消息的方式发送; 所述智能抄表终端验证所述短消息的发送号码的合法性, 若合法, 则 使用所述第三种子密钥和所述第五随机数生成的密钥加密所述智能抄表终 端的终端身份识别信息以及所述第四随机数, 发送给所述第一服务器以作 为对所述唤醒消息的响应, 以使所述第一服务器对所述智能抄表终端进行 验证; The smart meter reading terminal receives a wakeup message from the first server, and the wakeup cancellation The information carries a fourth random number, and the wake-up message is sent by means of a short message; the smart meter reading terminal verifies the validity of the sending number of the short message, and if it is legal, the third seed key is used. The key generated by the fifth random number encrypts the terminal identification information of the smart meter reading terminal and the fourth random number, and sends the fourth random number to the first server as a response to the wakeup message, so that the Determining, by the first server, the smart meter reading terminal;
所述智能抄表终端接收来自所述第一服务器的唤醒原因码, 所述唤醒 原因码是所述第一服务器使用所述第三种子密钥和所述第六随机数生成的 密钥加密的;  The smart meter reading terminal receives a wake-up reason code from the first server, where the wake-up reason code is encrypted by the first server using the third seed key and the key generated by the sixth random number. ;
所述智能抄表终端使用所述第三种子密钥和所述第六随机数生成的密 钥解密获得所述唤醒原因码。  The smart meter reading terminal decrypts using the third seed key and the key generated by the sixth random number to obtain the wake-up reason code.
13、 如权利要求 1至 10或 12所述的任一方法, 其特征在于, 所述方法 还包括:  13. The method according to any one of claims 1 to 10 or 12, wherein the method further comprises:
所述智能抄表终端使用第三种子密钥和所述第五随机数生成的密钥加 密需要上报的业务, 发送给所述第一服务器;  The smart meter reading terminal encrypts the service to be reported using the third seed key and the key generated by the fifth random number, and sends the service to the first server;
所述智能抄表终端接收来自所述第一服务器的唤醒原因码, 所述唤醒 原因码是所述第一服务器使用所述第三种子密钥和所述第六随机数生成的 密钥加密的;  The smart meter reading terminal receives a wake-up reason code from the first server, where the wake-up reason code is encrypted by the first server using the third seed key and the key generated by the sixth random number. ;
所述智能抄表终端使用所述第三种子密钥和所述第六随机数生成的密 钥解密获得所述唤醒原因码, 所述唤醒原因码是与所述上 的业务响应的 原因码。  The smart meter reading terminal decrypts using the third seed key and the key generated by the sixth random number to obtain the wake-up reason code, and the wake-up reason code is a reason code corresponding to the upper service response.
14、 如权利要求 12所述的方法, 其特征在于, 所述方法还包括: 所述唤醒原因码为种子密钥更新通知;  The method according to claim 12, wherein the method further comprises: the wake-up reason code is a seed key update notification;
所述智能抄表终端与所述第一服务器使用所述第三种子密钥建立传输 层安全链接;  The smart meter reading terminal establishes a transport layer secure link with the first server by using the third seed key;
所述智能抄表终端接收来自所述第一服务器的第四种子密钥, 并向所 述第一服务器发送第四种子密钥接收成功的响应, 所述第四种子密钥是由 所述终端身份识别信息生成的。 The smart meter reading terminal receives a fourth seed key from the first server, and The first server sends a response that the fourth seed key is successfully received, and the fourth seed key is generated by the terminal identity information.
15、 如权利要求 14所述的方法, 其特征在于, 所述方法还包括: 使用所述第四种子密钥建立所述智能抄表终端与所述第一服务器之间 的传输层安全链接, 若成功, 则在断开所述传输层安全链接前更新所述第 五随机数和所述第六随机数, 将保存的所述第三种子密钥替换为所述第四 种子密钥。  The method according to claim 14, wherein the method further comprises: establishing, by using the fourth seed key, a transport layer secure link between the smart meter reading terminal and the first server, If successful, updating the fifth random number and the sixth random number before disconnecting the transport layer secure link, and replacing the saved third seed key with the fourth seed key.
16、 如权利要求 1至 15所述的任一方法, 其特征在于, 所述第一服务 器是能源商的头端系统服务器。  16. The method of any of claims 1 to 15, wherein the first server is a headend system server of an energy provider.
17、 一种智能抄表终端, 其特征在于, 包括处理单元, 存储单元和上 行通信单元, 其中,  17. A smart meter reading terminal, comprising: a processing unit, a storage unit, and a communication unit, wherein
所述存储单元用于储存第一种子密钥和第一随机数;  The storage unit is configured to store a first seed key and a first random number;
所述上行通信单元用于与第一服务器进行通信;  The uplink communication unit is configured to communicate with the first server;
所述处理单元用于通过所述上行通信单元接收来自所述第一服务器的 推送消息, 所述推送消息中含有第一密文, 所述第一密文是使用第一密钥 对第二密文和第二种子密钥进行加密后获得的, 所述第二密文是使用所述 第二种子密钥对所述第二种子密钥加密获得的, 所述第一密钥是由第一种 子密钥和第一随机数生成的, 所述第一种子密钥和第一随机数预置在所述 第一服务器上, 所述第二种子密钥是所述第一服务器生成的;  The processing unit is configured to receive, by the uplink communications unit, a push message from the first server, where the push message includes a first ciphertext, and the first ciphertext uses a first key pair second secret The second ciphertext is obtained by encrypting the second seed key by using the second seed key, and the first key is obtained by the first Generating the seed key and the first random number, the first seed key and the first random number are preset on the first server, and the second seed key is generated by the first server;
所述处理单元还用于从所述存储单元读取所述第一种子密钥和所述第 一随机数, 使用所述第一种子密钥和所述第一随机数生成所述第一密钥, 使用所述第一密钥解密所述第一密文获得所述第二密文和第二种子密钥, 使用获得的所述第二种子密钥解密所述第二密文获得副第二种子密钥; 所述处理单元还用于比较所述获得的第二种子密钥和副第二种子密 钥, 若相同, 则使用第二种子密钥和第一随机数加密第二种子密钥正常接 收的响应, 并将该响应通过所述上行通信单元发送给所述第一服务器; 所述处理单元 501还用于将所述第二种子密钥存储在所述存储单元中, 并使用所述第二种子密钥作为传输层安全协议中的预共享密钥, 建立所述 智能抄表终端与所述第一服务器之间的数据链接。 The processing unit is further configured to read the first seed key and the first random number from the storage unit, and generate the first secret by using the first seed key and the first random number Decrypting the first ciphertext using the first key to obtain the second ciphertext and the second seed key, and decrypting the second ciphertext using the obtained second seed key to obtain a secondary cipher a second seed key; the processing unit is further configured to compare the obtained second seed key and the second second seed key, if the same, encrypt the second seed key by using the second seed key and the first random number The response received by the key normally, and the response is sent to the first server by the uplink communication unit; The processing unit 501 is further configured to store the second seed key in the storage unit, and use the second seed key as a pre-shared key in a transport layer security protocol to establish the smart copy A data link between the table terminal and the first server.
18、 如权利要求 17所述的智能抄表终端, 其特征在于,  18. The smart meter reading terminal of claim 17, wherein:
所述处理单元还用于生成第二随机数, 并通过所述上行通信单元将所 述第二随机数携带在设备安装请求消息中发送给所述第一服务器, 所述设 备安装请求消息是作为短消息发送的;  The processing unit is further configured to generate a second random number, and send the second random number in the device installation request message to the first server by using the uplink communication unit, where the device installation request message is Short message sent;
所述处理单元还用于通过所述上行通信单元接收来自所述第一服务器 的短消息, 所述短消息中携带有所述第二随机数和第三随机数, 所述第三 随机数是所述第一服务器生成的;  The processing unit is further configured to receive, by the uplink communications unit, a short message from the first server, where the short message carries the second random number and a third random number, where the third random number is Generated by the first server;
所述处理单元还用于验证所述第一服务器发送所述短消息的号码以及 所述第二随机数的合法性, 若合法, 则使用所述第三随机数与第一种子密 钥生成第二密钥, 用所述第二密钥加密所述智能抄表终端的终端身份识别 信息, 通过所述上行通信单元发送给所述第一服务器。  The processing unit is further configured to verify that the first server sends the number of the short message and the validity of the second random number, and if the data is legal, use the third random number and the first seed key to generate the first The second key is used to encrypt the terminal identification information of the smart meter reading terminal by using the second key, and send the information to the first server by using the uplink communication unit.
19、 如权利要求 17所述的智能抄表终端, 其特征在于, 所述处理单元 还用于使用所述第一随机数与第一种子密钥生成所述第一密钥, 用所述第 一密钥加密所述智能抄表终端的终端身份识别信息, 并携带在设备安装请 求消息中通过所述上行通信单元发送给所述第一服务器。  The smart meter reading terminal according to claim 17, wherein the processing unit is further configured to generate the first key by using the first random number and the first seed key, A key is used to encrypt the terminal identification information of the smart meter reading terminal, and is carried in the device installation request message and sent to the first server by using the uplink communication unit.
20、 如权利要求 17-19所述的任一智能抄表终端, 其特征在于, 所述处理单元还用于通过所述上行通信单元与所述第一服务器建立的 传输层安全链接接收来自所述第一服务器的第三种子密钥, 所述第三种子 密钥是由所述第一服务器产生的;  The smart meter reading terminal according to any one of claims 17-19, wherein the processing unit is further configured to receive, by using the transport layer secure link established by the uplink communication unit and the first server, a third seed key of the first server, where the third seed key is generated by the first server;
所述处理单元还用于通过所述上行通信单元向所述第一服务器响应种 子密钥接收成功;  The processing unit is further configured to respond to the first server by the uplink communication unit to receive the seed key successfully;
所述处理单元还用于产生第五随机数, 并通过所述上行通信单元向所 述第一服务器发送所述第五随机数; 所述处理单元还用于通过所述上行通信单元从所述第一服务器接收第 六随机数, 并把所述第五随机数和第六随机数存储到存储单元。 The processing unit is further configured to generate a fifth random number, and send the fifth random number to the first server by using the uplink communication unit; The processing unit is further configured to receive, by the uplink communications unit, a sixth random number from the first server, and store the fifth random number and the sixth random number to a storage unit.
21、 如权利要求 20所述的智能抄表终端, 其特征在于,  21. The smart meter reading terminal of claim 20, wherein:
所述处理单元还用于使用所述第三种子密钥通过所述上行通信单元建 立所述智能抄表终端与所述第一服务器之间的传输层安全链接, 若成功, 则在断开所述传输层安全链接前, 更新所述第五随机数, 并通过所述上行 通信单元向所述第一服务器发送所述更新后的第五随机数;  The processing unit is further configured to establish, by using the third seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit, and if successful, disconnecting Before the transport layer secure link, update the fifth random number, and send the updated fifth random number to the first server by using the uplink communication unit;
所述处理单元还用于通过所述上行通信单元从所述第一服务器接收更 新的第六随机数, 并把所述第三种子密钥和更新后的第五随机数、 第六随 机数存储到存储单元中。  The processing unit is further configured to receive, by the uplink communications unit, an updated sixth random number from the first server, and store the third seed key and the updated fifth random number and the sixth random number. Go to the storage unit.
22、 如权利要求 21所述的智能抄表终端, 其特征在于,  22. The smart meter reading terminal of claim 21, wherein:
所述处理单元还用于使用第三种子密钥和所述第五随机数生成的密钥 加密需要上报的业务, 通过所述上行通信单元发送给所述第一服务器; 所述处理单元还用于通过所述上行通信单元接收所述第一服务器发送 的唤醒原因码, 所述唤醒原因码是所述第一服务器使用所述第三种子密钥 和所述第六随机数生成的密钥加密的;  The processing unit is further configured to use a third seed key and a key generated by the fifth random number to encrypt a service that needs to be reported, and send the service to the first server by using the uplink communication unit; Receiving, by the uplink communication unit, a wake-up reason code sent by the first server, where the wake-up reason code is a key encrypted by the first server by using the third seed key and the sixth random number of;
所述处理单元还用于使用所述第三种子密钥和所述第六随机数生成的 密钥解密获得所述唤醒原因码, 所述唤醒原因码是与所述上报的业务响应 的原因码。  The processing unit is further configured to obtain the wake-up reason code by using the third seed key and the key generated by the sixth random number, where the wake-up reason code is a reason code of the reported service response .
23、 如权利要求 20所述的智能抄表终端, 其特征在于,  23. The smart meter reading terminal of claim 20, wherein:
所述处理单元还用于通过所述上行通信单元接收来自所述第一服务器 的唤醒消息, 所述唤醒消息携带有第四随机数, 所述唤醒消息通过短消息 的方式发送;  The processing unit is further configured to receive, by using the uplink communication unit, a wakeup message from the first server, where the wakeup message carries a fourth random number, where the wakeup message is sent by using a short message;
所述处理单元还用于验证所述短消息的发送号码的合法性, 若合法, 则使用所述第三种子密钥和所述第五随机数生成的密钥加密所述智能抄表 终端的终端身份识别信息以及所述第四随机数, 并通过所述上行通信单元 发送给所述第一服务器以作为对所述唤醒消息的响应; The processing unit is further configured to verify validity of the sending number of the short message, and if it is legal, encrypt the smart meter reading terminal by using the third seed key and the key generated by the fifth random number Terminal identification information and the fourth random number, and through the uplink communication unit Sent to the first server as a response to the wake up message;
所述处理单元还用于通过所述上行通信单元接收所述第一服务器发送 的唤醒原因码, 所述唤醒原因码是所述第一服务器使用所述第三种子密钥 和所述第六随机数生成的密钥加密的;  The processing unit is further configured to receive, by using the uplink communications unit, a wake-up reason code sent by the first server, where the wake-up reason code is that the first server uses the third seed key and the sixth random The generated key is encrypted;
所述处理单元还用于使用所述第三种子密钥和所述第六随机数生成的 密钥解密获得所述唤醒原因码。  The processing unit is further configured to decrypt the obtained wake-up reason code by using the third seed key and the key generated by the sixth random number.
24、 如权利要求 23所述的智能抄表终端, 其特征在于,  24. The smart meter reading terminal of claim 23, wherein
若所述唤醒原因码为种子密钥更新通知, 则所述处理单元还用于通过 所述上行通信单元与所述第一服务器使用所述第三种子密钥建立传输层安 全链接;  If the wake-up reason code is a seed key update notification, the processing unit is further configured to establish, by using the third seed key, the transport layer security link by using the third communication key by the uplink communication unit;
所述处理单元还用于通过所述上行通信单元接收来自所述第一服务器 的第四种子密钥, 并向通过所述上行通信单元所述第一服务器发送第四种 子密钥接收成功的响应, 所述第四种子密钥是由所述终端身份识别信息生 成的。  The processing unit is further configured to receive, by the uplink communications unit, a fourth seed key from the first server, and send a fourth seed key to the first server by using the uplink communications unit to receive a successful response. The fourth seed key is generated by the terminal identity information.
25、 如权利要求 24所述的智能抄表终端, 其特征在于,  25. The smart meter reading terminal of claim 24, wherein
所述处理单元还用于使用所述第四种子密钥, 通过所述上行通信单元 建立所述智能抄表终端与所述第一服务器之间的传输层安全链接, 若成功, 则在断开所述传输层安全链接前, 更新所述第五随机数, 并通过所述上行 通信单元向所述第一服务器发送所述更新后的第五随机数;  The processing unit is further configured to establish, by using the fourth seed key, a transport layer secure link between the smart meter reading terminal and the first server by using the uplink communication unit, and if successful, disconnecting Before the transport layer securely links, updating the fifth random number, and sending, by the uplink communication unit, the updated fifth random number to the first server;
所述处理单元还用于通过所述上行通信单元从所述第一服务器接收更 新的第六随机数, 并把所述第四种子密钥和更新后的第五随机数、 第六随 机数存储到存储单元中。  The processing unit is further configured to receive, by the uplink communications unit, an updated sixth random number from the first server, and store the fourth seed key and the updated fifth random number and the sixth random number. Go to the storage unit.
26、 一种基于传输层安全的密钥传递方法, 其特征在于, 包括: 第一服务器向智能抄表终端发送推送消息, 所述推送消息中含有第一 密文, 所述第一密文是使用第一密钥对第二密文和第二种子密钥进行加密 后获得的, 所述第二密文是使用所述第二种子密钥对所述第二种子密钥加 密获得的, 所述第一密钥是由第一种子密钥和第一随机数生成的, 所述第 一种子密钥和第一随机数预置在所述第一服务器上, 所述第二种子密钥是 所述第一服务器生成的; A method for transmitting a key based on a transport layer security, comprising: sending, by a first server, a push message to a smart meter reading terminal, wherein the push message includes a first ciphertext, and the first ciphertext is Obtaining the second ciphertext and the second seed key by using the first key, the second ciphertext is to add the second seed key by using the second seed key Obtained, the first key is generated by the first seed key and the first random number, and the first seed key and the first random number are preset on the first server, where the The second seed key is generated by the first server;
所述第一服务器接收来自所述智能抄表终端的第二种子密钥正常接收 的响应, 所述第二种子密钥正常接收的响应是使用第二种子密钥和第一随 机数加密的;  Receiving, by the first server, a response that is received by the second seed key from the smart meter reading terminal, and the second seed key is normally received by using the second seed key and the first random number;
所述第一服务器与所述智能抄表终端使用所述第二种子密钥作为传输 层安全协议中的预共享密钥, 建立所述智能抄表终端与所述第一服务器之 间的数据链接。  The first server and the smart meter reading terminal use the second seed key as a pre-shared key in a transport layer security protocol, and establish a data link between the smart meter reading terminal and the first server. .
27、 如权利要求 26所述的方法, 其特征在于, 之前还包括, 所述第一服务器接收来自所述智能抄表终端的设备安装请求消息, 所 述设备安装请求消息包含第二随机数, 所述设备安装请求消息是作为短消 息发送的, 所述第二随机数是所述智能抄表终端生成的;  The method according to claim 26, further comprising: the first server receiving a device installation request message from the smart meter reading terminal, where the device installation request message includes a second random number, The device installation request message is sent as a short message, and the second random number is generated by the smart meter reading terminal;
所述第一服务器验证所述短消息的发送号码是否合法, 如果合法, 则 生成第三随机数, 并将所述第二随机数和所述第三随机数通过短消息发送 给所述智能抄表终端;  Determining, by the first server, whether the sending number of the short message is legal, if it is legal, generating a third random number, and sending the second random number and the third random number to the smart copy by using a short message Table terminal
所述第一服务器接收来自所述智能抄表终端的终端身份识别信息, 所 述终端身份识别信息是使用所述第三随机数与第一种子密钥生成的第二密 钥加密的;  The first server receives terminal identification information from the smart meter reading terminal, and the terminal identity identification information is encrypted by using the third random number and the second key generated by the first seed key;
所述第一服务器使用所述第三随机数与第一种子密钥生成第二密钥, 用所述第二密钥解密所述智能抄表终端发送的数据得到所述智能抄表终端 的终端身份识别信息, 并验证所述终端身份识别信息的合法性, 若合法, 则生成所述第二种子密钥。  The first server generates a second key by using the third random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the second key to obtain a terminal of the smart meter reading terminal. And identifying the legality of the terminal identification information, and if so, generating the second seed key.
28、 如权利要求 26所述的方法, 其特征在于, 之前还包括, 所述第一服务器接收来自所述智能抄表终端的设备安装请求消息, 所 述的设备安装请求消息中携带有终端身份识别信息, 所述终端身份识别信 息是使用所述第一随机数与第一种子密钥生成的所述第一密钥加密的; 所述第一服务器使用所述第一随机数与所述第一种子密钥生成所述第 一密钥, 用所述第一密钥解密所述智能抄表终端发送的数据得到所述智能 抄表终端的终端身份识别信息, 并验证所述终端身份识别信息的合法性, 若合法, 则生成所述第二种子密钥。 The method of claim 26, further comprising: the first server receiving a device installation request message from the smart meter reading terminal, wherein the device installation request message carries the terminal identity Identification information, the terminal identification letter The information is encrypted using the first key generated by the first random number and the first seed key; the first server generates the first number by using the first random number and the first seed key Decrypting the data sent by the smart meter reading terminal with the first key to obtain terminal identification information of the smart meter reading terminal, and verifying the legality of the terminal identity information, if legal, Generating the second seed key.
29、 如权利要求 26至 28所述的任一方法, 其特征在于, 还包括, 在所述第一服务器与所述智能抄表终端之间的传输层安全链接建立之 后, 所述第一服务器向所述智能抄表终端发送第三种子密钥, 所述第三种 子密钥是由所述第一服务器产生的;  The method of any one of claims 26 to 28, further comprising: after the transport layer secure link between the first server and the smart meter reading terminal is established, the first server Sending a third seed key to the smart meter reading terminal, where the third seed key is generated by the first server;
所述第一服务器接收来自所述智能抄表终端的种子密钥接收成功响 应;  Receiving, by the first server, a seed key receiving success response from the smart meter reading terminal;
在所述传输层安全链接断开前, 所述第一服务器向所述智能抄表终端 发送第五随机数, 并接收来自所述智能抄表终端的第六随机数。  Before the transport layer secure link is disconnected, the first server sends a fifth random number to the smart meter reading terminal, and receives a sixth random number from the smart meter reading terminal.
30、 如权利要求 29所述的方法, 其特征在于, 还包括,  30. The method of claim 29, further comprising
使用所述第三种子密钥建立所述智能抄表终端与所述第一服务器之间 的传输层安全链接, 若成功, 则在断开所述传输层安全链接前更新所述第 五随机数和所述第六随机数, 将保存的所述第二种子密钥替换为所述第三 种子密钥。  Establishing a transport layer secure link between the smart meter reading terminal and the first server by using the third seed key, and if successful, updating the fifth random number before disconnecting the transport layer secure link And the sixth random number, replacing the saved second seed key with the third seed key.
31、 如权利要求 30所述的方法, 其特征在于, 还包括,  31. The method of claim 30, further comprising
所述第一服务器向所述智能抄表终端发送唤醒消息, 所述唤醒消息携 带有第四随机数, 所述唤醒消息通过短消息的方式发送;  The first server sends a wake-up message to the smart meter reading terminal, where the wake-up message carries a fourth random number, and the wake-up message is sent by using a short message;
接收来自所述智能抄表终端的唤醒消息响应, 所述唤醒消息响应是所 述智能抄表终端使用所述第三种子密钥和所述第五随机数生成的密钥加密 所述智能抄表终端的终端身份识别信息以及所述第四随机数生成的;  Receiving a wakeup message response from the smart meter reading terminal, the wakeup message response is that the smart meter reading terminal encrypts the smart meter reading by using the third seed key and the key generated by the fifth random number Terminal identification information of the terminal and the fourth random number generated;
所述第一服务器使用所述第三种子密钥和所述第五随机数生成的密钥 解密所述唤醒消息响应, 对所述终端身份识别信息以及所述第四随机数进 行验证; 若验证通过, 则向所述智能抄表终端发送唤醒原因码, 所述唤醒 原因码是所述第一服务器使用所述第三种子密钥和所述第六随机数生成的 密钥加密的。 The first server decrypts the wake-up message response by using the third seed key and the key generated by the fifth random number, and the terminal identification information and the fourth random number are entered. If the verification is passed, sending a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is a key generated by the first server using the third seed key and the sixth random number Encrypted.
32、 如权利要求 30或 31所述的方法, 其特征在于, 还包括, 所述第一服务器接收来自所述智能抄表终端的上报的业务, 所述上报 的业务是使用第三种子密钥和所述第五随机数生成的密钥加密的;  The method according to claim 30 or 31, further comprising: the first server receiving the reported service from the smart meter reading terminal, wherein the reported service is using a third seed key And the key generated by the fifth random number is encrypted;
所述第一服务器使用第三种子密钥和所述第五随机数生成的密钥解密 所述上报的业务, 并向所述智能抄表终端发送唤醒原因码, 所述唤醒原因 码是所述第一服务器使用所述第三种子密钥和所述第六随机数生成的密钥 加密的。  The first server decrypts the reported service by using a third seed key and a key generated by the fifth random number, and sends a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is The first server encrypts using the third seed key and the key generated by the sixth random number.
33、 如权利要求 31所述的方法, 其特征在于, 所述方法还包括: 所述唤醒原因码为种子密钥更新通知;  The method according to claim 31, wherein the method further comprises: the wake-up reason code is a seed key update notification;
所述第一服务器与所述智能抄表终端使用所述第三种子密钥建立传输 层安全链接;  The first server and the smart meter reading terminal establish a transport layer secure link by using the third seed key;
所述第一服务器生成第四种子密钥, 并向所述智能抄表终端发送所述 第四种子密钥, 所述第四种子密钥是由所述终端身份识别信息生成的; 接收来自所述智能抄表终端的第四种子密钥接收成功的响应。  The first server generates a fourth seed key, and sends the fourth seed key to the smart meter reading terminal, where the fourth seed key is generated by the terminal identity identification information; The fourth seed key of the smart meter reading terminal receives a successful response.
34、 如权利要求 33所述的方法, 其特征在于, 所述方法还包括: 使用所述第四种子密钥建立所述第一服务器与所述智能抄表终端之间 的传输层安全链接, 若成功, 则在断开所述传输层安全链接前更新所述第 五随机数和所述第六随机数, 将保存的所述第三种子密钥替换为所述第四 种子密钥。  The method according to claim 33, wherein the method further comprises: establishing, by using the fourth seed key, a transport layer secure link between the first server and the smart meter reading terminal, If successful, updating the fifth random number and the sixth random number before disconnecting the transport layer secure link, and replacing the saved third seed key with the fourth seed key.
35、 如权利要求 33所述的方法, 其特征在于, 所述方法还包括: 所述第一服务器向第二密钥服务器请求第四种子密钥, 该请求中包含 有需要使用该第四种子密钥的智能抄表终端的身份识别信息;  The method of claim 33, wherein the method further comprises: the first server requesting a fourth seed key from the second key server, where the request includes using the fourth seed The identification information of the smart meter reading terminal of the key;
所述第一服务器接收所述第二密钥服务器下发的第四种子密钥。 The first server receives the fourth seed key delivered by the second key server.
36、 一种服务器, 其特征在于, 包括处理单元, 存储单元和第一通信 单元, 其中, 36. A server, comprising: a processing unit, a storage unit, and a first communication unit, wherein
所述第一通信单元用于与智能抄表终端通信;  The first communication unit is configured to communicate with a smart meter reading terminal;
所述处理单元用于生成第二种子密钥, 并通过所述第一通信单元向智 能抄表终端发送推送消息, 所述推送消息中含有第一密文, 所述第一密文 是所述处理单元使用第一密钥对第二密文和第二种子密钥进行加密后获得 的, 所述第二密文是使用所述第二种子密钥对所述第二种子密钥加密获得 的, 所述第一密钥是由第一种子密钥和第一随机数生成的;  The processing unit is configured to generate a second seed key, and send a push message to the smart meter reading terminal by using the first communication unit, where the push message includes a first ciphertext, and the first ciphertext is the Obtaining, after the processing unit encrypts the second ciphertext and the second seed key by using the first key, the second ciphertext is obtained by encrypting the second seed key by using the second seed key. The first key is generated by the first seed key and the first random number;
所述存储单元用于存储所述第一种子密钥和第一随机数;  The storage unit is configured to store the first seed key and a first random number;
所述处理单元还用于通过所述第一通信单元接收来自所述智能抄表终 端的第二种子密钥正常接收的响应, 所述第二种子密钥正常接收的响应是 使用第二种子密钥和第一随机数加密的。 所述处理单元还用于通过所述第 一通信单元与所述智能抄表终端使用所述第二种子密钥作为传输层安全协 议中的预共享密钥, 建立所述智能抄表终端与所述服务器之间的数据链接。  The processing unit is further configured to receive, by using the first communication unit, a response that is received by the second seed key of the smart meter reading terminal, and the second seed key is normally received by using the second seed key. The key and the first random number are encrypted. The processing unit is further configured to establish, by using the first communication unit and the smart meter reading terminal, the second seed key as a pre-shared key in a transport layer security protocol, to establish the smart meter reading terminal and the A data link between the servers.
37、 如权利要求 36所述的服务器, 其特征在于, 所述服务器还包括: 所述处理单元还用于通过所述第一通信单元接收来自所述智能抄表终 端的设备安装请求消息, 所述设备安装请求消息包含第二随机数, 所述设 备安装请求消息是作为短消息发送的, 所述第二随机数是所述智能抄表终 端生成的;  The server according to claim 36, wherein the server further comprises: the processing unit further configured to receive, by the first communication unit, a device installation request message from the smart meter reading terminal, where The device installation request message includes a second random number, the device installation request message is sent as a short message, and the second random number is generated by the smart meter reading terminal;
所述处理单元验证所述短消息的发送号码是否合法, 如果合法, 则生 成第三随机数, 并将所述第二随机数和所述第三随机数通过所述第一通信 单元以短消息的方式发送给所述智能抄表终端;  The processing unit verifies whether the sending number of the short message is legal, and if so, generates a third random number, and passes the second random number and the third random number to the short message by using the first communication unit. The method is sent to the smart meter reading terminal;
所述处理单元通过所述第一通信单元接收来自所述智能抄表终端的终 端身份识别信息, 所述终端身份识别信息是使用所述第三随机数与第一种 子密钥生成的第二密钥加密的;  The processing unit receives terminal identification information from the smart meter reading terminal by using the first communication unit, where the terminal identity identification information is a second secret generated by using the third random number and the first seed key. Key encryption
所述处理单元使用所述第三随机数与第一种子密钥生成第二密钥, 用 所述第二密钥解密所述智能抄表终端发送的数据得到所述智能抄表终端的 终端身份识别信息, 并验证所述终端身份识别信息的合法性, 若合法, 则 生成所述第二种子密钥。 The processing unit generates a second key by using the third random number and the first seed key, Decrypting the data sent by the smart meter reading terminal to obtain the terminal identification information of the smart meter reading terminal, and verifying the legality of the terminal identity information, and if so, generating the second Seed key.
38、 如权利要求 36所述的服务器, 其特征在于, 所述服务器还包括: 所述处理单元通过所述第一通信单元接收来自所述智能抄表终端的设 备安装请求消息, 所述的设备安装请求消息中携带有终端身份识别信息, 所述终端身份识别信息是使用所述第一随机数与第一种子密钥生成的所述 第一密钥加密的;  The server according to claim 36, wherein the server further comprises: the processing unit receiving, by the first communication unit, a device installation request message from the smart meter reading terminal, the device The installation request message carries the terminal identification information, where the terminal identification information is encrypted by using the first key generated by the first random number and the first seed key;
所述处理单元使用所述第一随机数与所述第一种子密钥生成所述第一 密钥, 用所述第一密钥解密所述智能抄表终端发送的数据得到所述智能抄 表终端的终端身份识别信息, 并验证所述终端身份识别信息的合法性, 若 合法, 则生成所述第二种子密钥。  The processing unit generates the first key by using the first random number and the first seed key, and decrypts the data sent by the smart meter reading terminal with the first key to obtain the smart meter reading The terminal identification information of the terminal is verified, and the validity of the terminal identification information is verified. If the terminal is legal, the second seed key is generated.
39、 如权利要求 36至 38所述的任一服务器, 其特征在于, 所述服务器 还包括:  39. The server according to any one of claims 36 to 38, wherein the server further comprises:
所述处理单元通过所述第一通信单元与所述智能抄表终端之间的传输 层安全链接建立之后, 所述处理单元生成第三种子密钥, 并通过所述第一 通信单元向所述智能抄表终端发送所述第三种子密钥;  After the processing unit establishes a transport layer secure link between the first communication unit and the smart meter reading terminal, the processing unit generates a third seed key, and sends the third seed unit to the The smart meter reading terminal sends the third seed key;
所述处理单元接收来自所述智能抄表终端的种子密钥接收成功响应; 在所述传输层安全链接断开前, 所述处理单元生成第五随机数, 并通 过所述第一通信单元向所述智能抄表终端发送所述第五随机数, 所述处理 单元还通过所述第一通信单元并接收来自所述智能抄表终端的第六随机 数, 所述处理单元还用于将所述第五随机数和所述第六随机数存储到存储 单元中。  Receiving, by the processing unit, a seed key receiving success response from the smart meter reading terminal; before the transport layer safety link is disconnected, the processing unit generates a fifth random number, and through the first communication unit The smart meter reading terminal sends the fifth random number, the processing unit further passes the first communication unit and receives a sixth random number from the smart meter reading terminal, and the processing unit is further configured to use the The fifth random number and the sixth random number are stored in the storage unit.
40、 如权利要求 39所述的服务器, 其特征在于, 所述服务器还包括: 所述处理单元还用于使用所述第三种子密钥通过所述第一通信单元建 立与所述服务器之间的传输层安全链接, 若成功, 则在断开所述传输层安 全链接前, 所述处理单元生成更新的第五随机数, 并通过所述第一通信单 元向所述智能抄表终端发送所述更新的第五随机数, 所述处理单元还通过 所述第一通信单元并接收来自所述智能抄表终端的更新的第六随机数, 所 述处理单元还用于将所述第三种子密钥和所述更新的第五随机数和所述更 新的第六随机数存储到存储单元中。 The server according to claim 39, wherein the server further comprises: the processing unit is further configured to establish, by the first communication unit, between the server and the server by using the third seed key Transport layer secure link, if successful, disconnect the transport layer Before the full link, the processing unit generates an updated fifth random number, and sends the updated fifth random number to the smart meter reading terminal by using the first communication unit, and the processing unit further passes the a communication unit and receiving an updated sixth random number from the smart meter reading terminal, the processing unit further configured to use the third seed key and the updated fifth random number and the updated number Six random numbers are stored in the storage unit.
41、 如权利要求 40所述的服务器, 其特征在于, 所述服务器还包括, 所述处理单元还用于通过所述第一通信单元接收来自所述智能抄表终 端的唤醒消息响应, 所述唤醒消息响应是所述智能抄表终端使用所述第三 种子密钥和所述第五随机数生成的密钥加密所述智能抄表终端的终端身份 识别信息以及所述第四随机数生成的;  The server according to claim 40, wherein the server further comprises: the processing unit further configured to receive, by the first communication unit, a wake-up message response from the smart meter reading terminal, The wakeup message response is that the smart meter reading terminal encrypts the terminal identification information of the smart meter reading terminal and the fourth random number generated by using the third seed key and the key generated by the fifth random number. ;
所述处理单元还用于使用所述第三种子密钥和所述第五随机数生成的 密钥解密所述唤醒消息响应, 对所述终端身份识别信息以及所述第四随机 数进行验证; 若验证通过, 则生成唤醒原因码, 并通过所述第一通信单元 向所述智能抄表终端发送唤醒原因码, 所述唤醒原因码是所述处理单元使 用所述第三种子密钥和所述第六随机数生成的密钥加密的。  The processing unit is further configured to decrypt the wake-up message response by using the third seed key and the key generated by the fifth random number, and verify the terminal identification information and the fourth random number; If the verification is passed, generating a wake-up reason code, and sending, by the first communication unit, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is that the processing unit uses the third seed key and the The key generated by the sixth random number is encrypted.
42、 如权利要求 41所述的服务器, 其特征在于, 所述服务器还包括, 所述唤醒原因码为种子密钥更新通知;  The server according to claim 41, wherein the server further comprises: the wake-up reason code is a seed key update notification;
所述处理单元通过所述第一通信单元与所述智能抄表终端使用所述第 三种子密钥建立传输层安全链接;  The processing unit establishes a transport layer secure link by using the third seed key by the first communication unit and the smart meter reading terminal;
所述处理单元生成第四种子密钥, 并通过所述第一通信单元向所述智 能抄表终端发送所述第四种子密钥, 所述第四种子密钥是由所述终端身份 识别信息生成的;  The processing unit generates a fourth seed key, and sends the fourth seed key to the smart meter reading terminal by using the first communication unit, where the fourth seed key is identified by the terminal identity information Generated;
所述处理单元通过所述第一通信单元接收来自所述智能抄表终端的第 四种子密钥接收成功的响应。  The processing unit receives, by the first communication unit, a response that the fourth seed key from the smart meter reading terminal receives a success.
43、 如权利要求 42所述的服务器, 其特征在于, 所述服务器还包括, 所述处理单元还用于使用所述第四种子密钥通过所述第一通信单元建 立所述与所述智能抄表终端之间的传输层安全链接, 若成功, 则在断开所 述传输层安全链接前, 所述处理单元生成更新的第五随机数, 并通过所述 第一通信单元向所述智能抄表终端发送所述更新的第五随机数, 所述处理 单元还通过所述第一通信单元并接收来自所述智能抄表终端的更新的第六 随机数, 所述处理单元还用于将所述第四种子密钥和所述更新的第五随机 数和所述更新的第六随机数存储到存储单元中。 The server according to claim 42, wherein the server further comprises: the processing unit is further configured to use the first communication key to build through the first communication unit Establishing a transport layer secure link between the smart meter reading terminal and the smart meter reading terminal. If successful, the processing unit generates an updated fifth random number before disconnecting the transport layer secure link, and passes the Transmitting, by the communication unit, the updated fifth random number to the smart meter reading terminal, the processing unit further receiving, by the first communication unit, an updated sixth random number from the smart meter reading terminal, The processing unit is further configured to store the fourth seed key and the updated fifth random number and the updated sixth random number into a storage unit.
44、 如权利要 42或 43所述的服务器,其特征在于,所述服务器还包括, 第二通信单元, 用于与第二密钥服务器通信;  44. The server of claim 42 or 43, wherein the server further comprises: a second communication unit, configured to communicate with the second key server;
所述处理单元还用于通过所述第二通信单元向第二密钥服务器请求第 四种子密钥, 该请求中包含有需要使用该第四种子密钥的智能抄表终端的 身份识别信息;  The processing unit is further configured to request, by the second communication unit, a fourth seed key to the second key server, where the request includes the identity identification information of the smart meter reading terminal that needs to use the fourth seed key;
所述处理单元还用于通过所述第二通信单元接收所述第二密钥服务器 下发的第四种子密钥。  The processing unit is further configured to receive, by using the second communications unit, a fourth seed key that is sent by the second key server.
45、 如权利要 40所述的服务器, 其特征在于, 所述服务器还包括, 所述处理单元还用于接收来自所述智能抄表终端的上报的业务, 所述 上报的业务是使用第三种子密钥和所述第五随机数生成的密钥加密的; 所 述处理单元还用于使用第三种子密钥和所述第五随机数生成的密钥解密所 述上报的业务, 并生成唤醒原因码, 通过所述第一通信单元向所述智能抄 表终端发送唤醒原因码, 所述唤醒原因码是所述第一服务器使用所述第三 种子密钥和所述第六随机数生成的密钥加密的。  The server according to claim 40, wherein the server further comprises: the processing unit is further configured to receive the reported service from the smart meter reading terminal, and the reported service is using the third The seed key and the key generated by the fifth random number are encrypted; the processing unit is further configured to decrypt the reported service by using a third seed key and a key generated by the fifth random number, and generate Awakening the reason code, sending, by the first communication unit, a wake-up reason code to the smart meter reading terminal, where the wake-up reason code is generated by the first server by using the third seed key and the sixth random number The key is encrypted.
PCT/CN2012/072274 2012-03-13 2012-03-13 Transport layer security-based key delivery method, smart meter reading terminal and server WO2013134927A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201280000277.3A CN102742250B (en) 2012-03-13 2012-03-13 Secret key transmitting method based on transport layer safety, intelligent meter reading terminal and server
PCT/CN2012/072274 WO2013134927A1 (en) 2012-03-13 2012-03-13 Transport layer security-based key delivery method, smart meter reading terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/072274 WO2013134927A1 (en) 2012-03-13 2012-03-13 Transport layer security-based key delivery method, smart meter reading terminal and server

Publications (1)

Publication Number Publication Date
WO2013134927A1 true WO2013134927A1 (en) 2013-09-19

Family

ID=46995197

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/072274 WO2013134927A1 (en) 2012-03-13 2012-03-13 Transport layer security-based key delivery method, smart meter reading terminal and server

Country Status (2)

Country Link
CN (1) CN102742250B (en)
WO (1) WO2013134927A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756526A (en) * 2017-11-01 2019-05-14 杭州沃朴物联科技有限公司 Chicken cultivation traceability system and method based on block chain technology
CN114286331A (en) * 2021-12-03 2022-04-05 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for 5G data terminal of power Internet of things

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104283675A (en) * 2013-07-10 2015-01-14 中兴通讯股份有限公司 Concentrator, electricity meter and message processing method of concentrator and electricity meter
CN104239783A (en) * 2014-09-19 2014-12-24 东软集团股份有限公司 System and method for safely inputting customizing messages
CN105704101B (en) * 2014-11-27 2019-10-18 华为技术有限公司 A kind of method and apparatus for PUSH message
CN108183553B (en) * 2015-09-15 2021-04-06 宁夏隆基宁光仪表股份有限公司 Data testing and collecting monitoring device, smart power grid and user side thereof
CN107767568A (en) * 2017-09-26 2018-03-06 新智数字科技有限公司 A kind of gas meter data interactive method and device
CN108183795A (en) * 2017-12-29 2018-06-19 新开普电子股份有限公司 All-purpose card key management method
CN109995739B (en) * 2018-01-02 2021-06-15 中国移动通信有限公司研究院 Information transmission method, client, server and storage medium
CN108712390B (en) * 2018-04-23 2021-08-31 深圳和而泰数据资源与云技术有限公司 Data processing method, server, intelligent device and storage medium
CN110401530A (en) * 2019-07-25 2019-11-01 金卡智能集团股份有限公司 A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
CN110430218B (en) * 2019-08-23 2021-08-13 深圳数联天下智能科技有限公司 Data transmission safety control method and device, computer equipment and Internet of things system
CN110636392B (en) * 2019-09-23 2021-12-10 宁波三星医疗电气股份有限公司 Meter reading method, electric power acquisition terminal and electric meter
CN114124160B (en) * 2021-10-29 2023-03-28 宁波三星智能电气有限公司 one-table-one-PSK (phase Shift keying) adaptation method suitable for PLC (programmable logic controller) carrier safety

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1620005A (en) * 2003-11-18 2005-05-25 华为技术有限公司 Method of safety transmitting key
CN101360101A (en) * 2008-09-09 2009-02-04 宁波三星电气股份有限公司 Data transmission method for remote meter reading system
CN101581591A (en) * 2008-12-30 2009-11-18 无锡虹叶腾文电子科技有限公司 Coal gas remote meter reading system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5638442A (en) * 1995-08-23 1997-06-10 Pitney Bowes Inc. Method for remotely inspecting a postage meter
US6192473B1 (en) * 1996-12-24 2001-02-20 Pitney Bowes Inc. System and method for mutual authentication and secure communications between a postage security device and a meter server
CN101677269B (en) * 2008-09-17 2012-01-25 比亚迪股份有限公司 Method and system for transmitting keys

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1620005A (en) * 2003-11-18 2005-05-25 华为技术有限公司 Method of safety transmitting key
CN101360101A (en) * 2008-09-09 2009-02-04 宁波三星电气股份有限公司 Data transmission method for remote meter reading system
CN101581591A (en) * 2008-12-30 2009-11-18 无锡虹叶腾文电子科技有限公司 Coal gas remote meter reading system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756526A (en) * 2017-11-01 2019-05-14 杭州沃朴物联科技有限公司 Chicken cultivation traceability system and method based on block chain technology
CN114286331A (en) * 2021-12-03 2022-04-05 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for 5G data terminal of power Internet of things
CN114286331B (en) * 2021-12-03 2023-09-12 国网浙江省电力有限公司宁波供电公司 Identity authentication method and system suitable for electric power Internet of things 5G data terminal

Also Published As

Publication number Publication date
CN102742250A (en) 2012-10-17
CN102742250B (en) 2015-01-28

Similar Documents

Publication Publication Date Title
WO2013134927A1 (en) Transport layer security-based key delivery method, smart meter reading terminal and server
US9015065B2 (en) Method, system, and device for implementing network banking service
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
JP5123209B2 (en) Method, system, and authentication center for authentication in end-to-end communication based on a mobile network
US8107630B2 (en) Apparatus and method for managing stations associated with WPA-PSK wireless network
CN101772024B (en) User identification method, device and system
WO2010064666A1 (en) Key distribution system
US20070089163A1 (en) System and method for controlling security of a remote network power device
US20230421394A1 (en) Secure authentication of remote equipment
JP2016082597A (en) Computer utilization system and computer utilization method for secure session establishment and encrypted data exchange
TWI581599B (en) Key generation system, data signature and encryption system and method
CN102685739B (en) Authentication method and system for Android enterprise applications
WO2012083828A1 (en) Method, base station and system for implementing local routing
KR20200044117A (en) Digital certificate management method and device
EP2843873B1 (en) Digital certificate automatic application method, device and system
CN108769986A (en) A kind of GPRS remote transmitting gas meters encryption communication method
WO2015003512A1 (en) Concentrator, ammeter, and message processing method therefor
WO2009074092A1 (en) A light access authentication method and system
KR20190040443A (en) Apparatus and method for creating secure session of smart meter
CN114422118A (en) Industrial controller multicast communication key distribution method and system
CN109962781B (en) Digital certificate distributing device
WO2010127545A1 (en) Method for managing and using user certificate and mobile terminal
KR20130051636A (en) Method for mutual authentication and security in m2m environment
CN101378551A (en) WAP business system and method
CN213938340U (en) 5G application access authentication network architecture

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201280000277.3

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12871592

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12871592

Country of ref document: EP

Kind code of ref document: A1