WO2016112860A1 - Procédé de communication pour dispositif sans fil, dispositif sans fil et serveur - Google Patents

Procédé de communication pour dispositif sans fil, dispositif sans fil et serveur Download PDF

Info

Publication number
WO2016112860A1
WO2016112860A1 PCT/CN2016/070892 CN2016070892W WO2016112860A1 WO 2016112860 A1 WO2016112860 A1 WO 2016112860A1 CN 2016070892 W CN2016070892 W CN 2016070892W WO 2016112860 A1 WO2016112860 A1 WO 2016112860A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless device
information
authentication
transmission key
key
Prior art date
Application number
PCT/CN2016/070892
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201510020739.3A external-priority patent/CN104540132B/zh
Priority claimed from CN201510020798.0A external-priority patent/CN104661219B/zh
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2016112860A1 publication Critical patent/WO2016112860A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of data processing technologies, and in particular, to a communication method, a wireless device, and a server of a wireless device.
  • link-level security mode There are three security modes for wireless communication, and the highest level is link-level security mode.
  • link-level security mode two wireless devices first perform access authentication. In the access authentication process, two wireless devices negotiate a transmission key and store the transmission key in its non-volatile memory. In this way, subsequent communications do not need to create a transport key. After the two wireless devices acquire the transmission key, the two wireless devices can use the same transmission key for data encryption transmission at the application level of the link.
  • two wireless devices need to exchange some parameters on the link established by the two wireless devices to generate a transmission key according to the parameter. Since some parameters need to be transmitted on the link, it may be hijacked, and it is difficult to ensure the security of the generated transmission key.
  • the present invention aims to solve at least one of the technical problems in the related art to some extent.
  • Another object of the present invention is to provide a wireless device.
  • Another object of the present invention is to propose a server.
  • a first aspect of the present invention provides a communication method of a wireless device, which is applied to a second wireless device, and includes: sending an authentication request to a background, where the authentication request carries information to be authenticated, and the to-be-authenticated
  • the information includes at least: the account information of the user; after receiving the authentication response returned by the background, receiving the parameter information of the first wireless device that is returned by the background and associated with the account information, where the parameter information includes at least Decoding the identification information of the first wireless device; acquiring a transmission key according to the parameter information; performing access authentication and communication with the first wireless device by using the identity identification information of the first wireless device and the transmission key .
  • the communication method of the wireless device obtains the identity identification information of the first wireless device from the background by associating the account information with the parameter information in the background, so that the user does not need to select from the prompt list.
  • the first wireless device is automatically connected to the first wireless device, which improves the efficiency of the connection between the wireless devices; obtains parameter information from the background and generates a transmission key according to the parameter information, and can obtain a generation factor of the transmission key from the background or Obtaining the transmission key directly, instead of transmitting the generation factor on the link between the wireless devices, thus ensuring the security of the generation factor, thereby improving the security of the transmission key; and improving the transmission by using the transmission key encryption and decryption
  • the security of the data achieves the effect of quickly and securely establishing a wireless connection between wireless devices.
  • the method for obtaining the information to be authenticated includes at least one of: receiving information to be authenticated input by the user; and scanning an identifier generated according to the information to be authenticated set on the second wireless device, Obtaining the to-be-authenticated information; acquiring the to-be-authenticated information from the first wireless device.
  • the method further includes: sending the completed authentication instruction to the background After receiving the rebinding instruction sent by the background, sending the rebinding instruction to the first wireless device; acquiring parameter information regenerated by the first wireless device, and the regenerated Parameter information is sent to the background.
  • the utilizing the identity identification information of the first wireless device and the transmission key to complete the access authentication and communication with the first wireless device including one of the following manners: according to the first After the identification information of the wireless device finds the first wireless device, requesting to establish a wireless connection with the first wireless device, and after receiving the information that the first wireless device passes the authentication, using the transmission key pair Transmitting and decrypting data between the first wireless device; transmitting the identity information of the first wireless device and the transmission key, requesting to establish a wireless connection with the first wireless device, and receiving the After the first wireless device authenticates the passed information, the transmission data is used to encrypt and decrypt the transmission data with the first wireless device.
  • the utilizing the identity identification information of the first wireless device and the transmission key to complete the access authentication and communication with the first wireless device including one of the following manners: according to the first After the identity information of the wireless device finds the first wireless device, requesting to establish a wireless connection with the first wireless device, and sending the transmission key to the first wireless device for authentication, after receiving the After the first wireless device authenticates the transmission key, the transmission data is used to encrypt and decrypt the transmission data with the first wireless device; and the identity identification information of the first wireless device is sent out. Transmitting a key, requesting to establish a wireless connection with the first wireless device, and after receiving the information that the first wireless device authenticates the transmission key, using the transmission key pair and the The transmission data between the first wireless devices is encrypted and decrypted.
  • the parameter information further includes: a transmission key acquisition factor, where the transmission key acquisition factor includes at least one of: a random number generated by the first wireless device; the first wireless device generates Random number and device information; a transmission key generated by the first wireless device.
  • a second aspect of the present invention provides a communication method of a wireless device, which is applied to a first wireless device, and includes: sending an authentication request to a background, where the authentication request carries information to be authenticated, and the to-be-authenticated
  • the information includes at least: user account information; after receiving the authentication response returned by the background, sending the parameter information of the first wireless device to the background;
  • the parameter information of the first wireless device includes: Determining the identity information of the first wireless device and the transmission key acquisition factor; acquiring the transmission key according to the parameter information; and after receiving the request for the second wireless device to establish a wireless connection, the request carries the a transmission key associated with the account information obtained by the wireless device from the background, using a transmission key associated with the account information and a transmission key acquired by the first wireless device and the second wireless device Complete access authentication and communication.
  • the communication method of the wireless device when the parameter information includes at least the identity identification information of the first wireless device, when the second wireless device obtains the parameter information, the user does not need to select the first a wireless device, but automatically connected to the first wireless device, improving the efficiency of the connection between the wireless devices; and, the parameter information can be transmitted to another wireless device through the background to implement a transmission key generation factor or a transmission key
  • the transmission factor is transmitted through the background transmission instead of the link between the wireless devices, so that the security of the generation factor can be ensured, thereby improving the security of the transmission key.
  • the information to be authenticated further includes: a root certificate of the first wireless device.
  • the sending the authentication request to the background includes: establishing a secure channel with the login device, and establishing a secure channel with the background by the login device, and sending the authentication request to the login device through the login device Said the background.
  • the obtaining the transmission key according to the parameter information after the parameter information of the first wireless device is sent to the background, directly acquiring the transmission key according to the parameter information Or, after receiving the request that the second wireless device requests to establish a wireless connection, acquiring the transmission key according to the parameter information; or receiving a trigger input by the user on the first wireless device And an instruction generated by the key, and after receiving the instruction, acquiring the transmission key according to the parameter information.
  • the transport key acquisition factor includes at least one of: a random number generated by the first wireless device; a random number generated by the first wireless device and device information; generated by the first wireless device Transfer key.
  • the request after receiving the request for the second wireless device to establish a wireless connection, the request carries the transmission secret associated with the account information acquired by the second wireless device from the background.
  • Key using the transmission key associated with the account information and the transmission key acquired by the first wireless device to complete access authentication and communication with the second wireless device, including: determining transmission of the second wireless device Whether the key matches the transmission key acquired by the first wireless device, and if yes, the authentication passes, after the authentication is passed, using the transmission key pair acquired by the first wireless device and the second wireless device
  • the transmitted data is encrypted and decrypted.
  • a third aspect of the present invention provides a communication method for a wireless device, which is applied to a background, and includes: receiving an authentication request sent by a first wireless device and a second wireless device, respectively, to the first wireless device Performing authentication with the authentication request of the second wireless device, where the authentication request carries information to be authenticated, and the to-be-recognized
  • the license information includes at least: the account information of the user; after the first wireless device is authenticated, the parameter information of the first wireless device is obtained, and the parameter information is stored in association with the account information, where the first
  • the parameter information of the wireless device includes: identity identification information of the first wireless device and a transmission key acquisition factor; after the second wireless device is authenticated, searching for the first wireless device associated with the account information Parameter information of the first wireless device that is found to be sent to the second wireless device.
  • the communication method of the wireless device by storing the account information and the parameter information, the parameter information of the first wireless device can be transmitted to the second wireless device through the background, so that the second wireless device Obtaining the identity information of the first wireless device in the background, so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, thereby improving the efficiency of the connection between the wireless devices; and implementing the transmission key
  • the generation factor or transmission key is transmitted through the background instead of transmitting the generation factor on the link between the wireless devices, so the security of the generation factor can be ensured, thereby improving the security of the transmission key; Quickly and securely establish the effect of a wireless connection.
  • the account information and the parameter information of the first wireless device are in a many-to-one relationship.
  • the authentication request sent by the first wireless device further carries a root certificate sent by the first wireless device, and the authenticating the first wireless device includes: the root certificate Check it out.
  • the transport key acquisition factor includes at least one of: a random number generated by the first wireless device; a random number generated by the first wireless device and device information; the first wireless device The generated transport key.
  • the method further includes: receiving the completed authentication command sent by the second wireless device And after receiving the completed authentication command, sending, by the second wireless device, a rebinding instruction to the first wireless device; receiving a resend sent by the first wireless device by using the second wireless device Generating parameter information; updating parameter information of the first wireless device associated with the account information to the regenerated parameter information.
  • a wireless device includes: an authentication module, configured to send an authentication request to a background, where the authentication request carries at least user account information; and an obtaining module is configured to receive Receiving, by the background, the authentication, the response, the parameter information of the first wireless device that is returned by the background and associated with the account information, where the parameter information includes at least the identity identification information of the first wireless device; And a module, configured to acquire a transmission key according to the parameter information, and a communication module, configured to perform access authentication and communication with the first wireless device by using the identity identification information of the first wireless device and the transmission key.
  • the wireless device acquires the identity identification information of the first wireless device from the background by associating the account information with the parameter information in the background, so that the user does not need to select the first wireless device from the prompt list.
  • Automatically connected to the first wireless device improving the efficiency of the connection between the wireless devices; obtaining parameter information from the background and The transmission key is generated according to the parameter information, and the generation factor of the transmission key can be obtained from the background or the transmission key can be directly obtained, instead of transmitting the generation factor on the link between the wireless devices, so that the security of the generation factor can be ensured, thereby Improve the security of the transmission key; and use the transmission key encryption and decryption to improve the security of the transmitted data, and achieve the effect of establishing a wireless connection quickly and securely between the wireless devices.
  • the wireless device further includes: an update module, configured to perform access authentication with the first wireless device by using the identity identification information of the first wireless device and the transmission key by the communication module Afterwards, the completed authentication command is sent to the background; after receiving the rebinding command sent by the background, the rebinding instruction is sent to the first wireless device; and the first wireless device is regenerated. Parameter information, and the regenerated parameter information is sent to the background.
  • the communication module includes: a searching unit, configured to find the first wireless device according to the identity identification information of the first wireless device, and the connection unit is configured to request to establish with the first wireless device a wireless connection, an encryption and decryption unit, configured to encrypt and decrypt the transmission data with the first wireless device by using the transmission key after receiving the information that the first wireless device passes the authentication; or the communication
  • the module includes: an outgoing unit, configured to send the identity information of the first wireless device and the transmission key, and a connection unit, configured to request to establish a wireless connection with the first wireless device, and use an encryption and decryption unit After receiving the information that the first wireless device authenticates, the transmission data is encrypted and decrypted with the first wireless device.
  • the communication module includes: a searching unit, configured to find the first wireless device according to the identity identification information of the first wireless device, and the connection unit is configured to request to establish with the first wireless device a wireless connection, a key sending unit, configured to send the transmission key to the first wireless device for authentication, and an encryption and decryption unit, configured to: after receiving the first wireless device, authenticate the transmission key After the information is used, the transmission data is used to encrypt and decrypt the transmission data with the first wireless device; or the communication module includes: an outgoing unit, configured to externally identify the identity of the first wireless device Information and the transmission key, the connection unit, configured to request to establish a wireless connection with the first wireless device, and the encryption and decryption unit is configured to receive the information that the first wireless device authenticates the transmission key Then, the transmission data between the first wireless device and the first wireless device are encrypted and decrypted using the transmission key.
  • a searching unit configured to find the first wireless device according to the identity identification information of the first wireless device
  • the connection unit is configured to
  • the transport key further includes: a transport key acquisition factor, the transport key acquisition factor including at least one of: a random number generated by the first wireless device; the first wireless A random number and device information generated by the device; a transmission key generated by the first wireless device.
  • a wireless device includes: an authentication module, configured to send an authentication request to a background, where the authentication request carries at least a user account information, and returns in the background. After the response is passed, the sending module is triggered to work; the sending module is configured to send the parameter information of the first wireless device to the background after receiving the trigger of the authentication module, where the first wireless
  • the parameter information of the device includes: identity identification information of the first wireless device and a transmission key acquisition factor; and a generating module, configured to use the parameter according to the parameter
  • a communication module configured to: after receiving the request for the second wireless device to establish a wireless connection, the request carries the information that is acquired by the second wireless device from the background and is associated with the account information And a transmission key, which uses the transmission key associated with the account information and the transmission key acquired by the first wireless device to complete access authentication and communication with the second wireless device.
  • the wireless device when the parameter information includes at least the identity identification information of the first wireless device, when the second wireless device obtains the parameter information, the user does not need to select the first wireless device from the prompt list. Rather, it automatically connects with the first wireless device, which improves the efficiency of the connection between the wireless devices; and, the parameter information can be transmitted to another wireless device through the background, and the transmission key generation factor or transmission key is transmitted through the background. Instead of transmitting the generation factor on the link between the wireless devices, the security of the generation factor can be guaranteed, thereby improving the security of the transmission key.
  • the root certificate of the first wireless device is also carried in the authentication request.
  • the authentication module includes: an establishing unit, configured to establish a secure channel with the login device, and establish a secure channel with the background by using the login device; and a sending unit, configured to pass the authentication request The login device is sent to the background.
  • the generating module is configured to: after sending the parameter information of the first wireless device to the background, directly acquire the transmission key according to the parameter information; or, after receiving the After the second wireless device requests the establishment of the wireless connection, the transmission key is acquired according to the parameter information; or the instruction input by the user on the first wireless device for triggering the transmission key generation is received, and After receiving the instruction, the transmission key is obtained according to the parameter information.
  • the transport key acquisition factor includes at least one of: a random number generated by the first wireless device; a random number generated by the first wireless device and device information; the first wireless device The generated transport key.
  • the communication module includes: an authentication unit, configured to determine whether a transmission key of the second wireless device matches a transmission key acquired by the first wireless device, and if yes, the authentication passes, Otherwise, the authentication fails; the encryption and decryption unit is configured to encrypt and decrypt the transmission data between the second wireless device and the second wireless device by using the transmission key acquired by the first wireless device after the authentication unit passes the authentication.
  • the server of the sixth aspect of the present invention includes: an authentication module, configured to receive an authentication request sent by the first wireless device and the second wireless device, respectively, to the first wireless device and the first The authentication request of the second wireless device is separately authenticated, and the authentication request carries the information to be authenticated, and the information to be authenticated includes at least: the account information of the user; and the associated storage module is configured to: after the authentication of the first wireless device Obtaining the parameter information of the first wireless device, and storing the parameter information in association with the account information, where the parameter information of the first wireless device includes: identity identification information of the first wireless device and a transmission key Acquisition factor; lookup module, And configured to search for parameter information of the first wireless device that is associated with the account information after the second wireless device is authenticated; the sending module is configured to: find the parameter information of the first wireless device that is found Sended to the second wireless device.
  • the server of the sixth aspect of the present invention by associating the account information with the parameter information, can transmit the parameter information of the first wireless device to the second wireless device through the background, so that the second wireless device obtains the first one from the background.
  • the identification information of the wireless device so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, thereby improving the efficiency of the connection between the wireless devices; and, implementing the transmission key generation factor or The transmission key is transmitted through the background instead of transmitting the generation factor on the link between the wireless devices, so the security of the generation factor can be ensured, thereby improving the security of the transmission key; and achieving fast and secure communication between the wireless devices. Establish the effect of a wireless connection.
  • the account information and the parameter information of the first wireless device are in a many-to-one relationship.
  • the information to be authenticated further includes: a root certificate sent by the first wireless device; the authentication module, configured to authenticate the first wireless device, including: the root certificate Check it out.
  • the transport key acquisition factor includes at least one of: a random number generated by the first wireless device; a random number generated by the first wireless device and device information; the first wireless device The generated transport key.
  • the authentication module is further configured to receive the completed authentication command sent by the second wireless device
  • the sending module is further configured to: after the authentication module receives the completed authentication command, Transmitting, by the second wireless device, a rebinding instruction to the first wireless device, where the associated storage module is further configured to receive the regenerated parameter sent by the first wireless device by using the second wireless device And updating parameter information of the first wireless device associated with the account information to the regenerated parameter information.
  • FIG. 1 is a schematic flowchart of a method for communication of a wireless device according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic flowchart of a method for communication of another wireless device according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic flowchart of a method for communication of another wireless device according to Embodiment 1 of the present invention.
  • FIG. 4 is a schematic flowchart of a method for communicating another wireless device according to Embodiment 1 of the present invention.
  • FIG. 5 is a schematic flowchart of a method for communicating another wireless device according to Embodiment 1 of the present invention.
  • FIG. 6 is a schematic flowchart of a method for communicating another wireless device according to Embodiment 1 of the present invention.
  • FIG. 7 is a schematic flowchart diagram of a method for communicating another wireless device according to Embodiment 1 of the present invention.
  • FIG. 8 is a schematic structural diagram of a wireless device according to Embodiment 2 of the present invention.
  • FIG. 9 is a schematic structural diagram of another wireless device according to Embodiment 2 of the present invention.
  • FIG. 10 is a schematic structural diagram of another wireless device according to Embodiment 2 of the present invention.
  • FIG. 11 is a schematic structural diagram of another wireless device according to Embodiment 2 of the present invention.
  • FIG. 12 is a schematic structural diagram of a server according to Embodiment 2 of the present invention.
  • FIG. 13 is a flowchart of a communication method of a Bluetooth-enabled mobile device according to Embodiment 3 of the present invention.
  • FIG. 14 is a flowchart of another communication method of a Bluetooth-enabled mobile device according to Embodiment 3 of the present invention.
  • FIG. 16 is a flowchart of a communication method of an electronic signature device with Bluetooth function according to Embodiment 3 of the present invention.
  • FIG. 17 is a flowchart of a communication method of an electronic signature device with Bluetooth function according to Embodiment 3 of the present invention.
  • FIG. 18 is a schematic structural diagram of a mobile device with Bluetooth function according to Embodiment 4 of the present invention.
  • FIG. 19 is a schematic structural diagram of another electronic signature device with Bluetooth function according to Embodiment 4 of the present invention.
  • FIG. 1 is a schematic flowchart of a method for communication of a wireless device according to Embodiment 1 of the present invention. The method is applied to a second wireless device, including steps S11-S14:
  • the second wireless device sends an authentication request to the background, where the authentication request carries information to be authenticated, and the information to be authenticated at least includes: account information of the user;
  • the second wireless device establishes a secure channel with the background, and sends an authentication request to the background through the secure channel.
  • the authentication request carries information to be authenticated, and the to-be-authenticated information includes at least: account information of the user.
  • the second wireless device establishes a secure channel with the background, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the security of data transmission before the second wireless device and the background.
  • the backend is a trusted third party server, for example, the backend of the bank that issued the first wireless device.
  • the to-be-authenticated information may include the user account information and the login password, and the background authenticates the user's account information and the login password. After the authentication is passed, the background may consider the second wireless. The device is safe. Certainly, the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the manner of obtaining the information to be authenticated includes at least one of the following:
  • Method 1 receiving the information to be authenticated input by the user
  • Manner 2 scanning an identifier generated according to the account information set on the second wireless device, and acquiring the to-be-authenticated information;
  • the identifier set on the second wireless device may be scanned to obtain information to be authenticated.
  • the identification code is, for example, a two-dimensional code.
  • the identification code may be attached to the second wireless device in the form of a sticker, or the display module may be disposed on the second wireless device, and the identification code is displayed by the display module.
  • the information to be authenticated can be obtained by scanning the identification code on the second wireless device, instead of transmitting the device information on the link between the wireless devices, so that the security of the information to be authenticated can be ensured, thereby Improve the security of obtaining transport keys.
  • Manner 3 Acquire the information to be authenticated of the second wireless device from the first wireless device.
  • the first wireless device may also locally save the information to be authenticated of the second wireless device, and may also display the information to be authenticated of the second wireless device in an identifier manner for the second wireless device to acquire.
  • the second wireless device After receiving the authentication response returned by the background, the second wireless device receives the parameter information of the first wireless device that is returned by the background and is associated with the account information.
  • the parameter information is saved in the background in association with the account information.
  • the parameter information of the first wireless device includes at least one of the following: identity identification information of the first wireless device, a random number generated by the first wireless device, the first wireless device Device information, a transmission key generated by the first wireless device.
  • the identification information is used to identify the first wireless device, for example, the MAC address, the ID, the device serial number, and the like of the first wireless device.
  • the second wireless device obtains the first After the identity information of the wireless device, the user can automatically connect to the first wireless device without user selection, providing the speed of wireless device access, which is fast and efficient.
  • the random number, the device information of the first wireless device, or a combination thereof to generate a transmission key by the present embodiment a replay attack can be avoided.
  • the second wireless device may send a request message to the background, where the request message includes account information, and receives a response message sent in the background, where the response message includes the account information included in the request message.
  • Parameter information of the associated first wireless device may be used to send a request message to the background, where the request message includes account information, and receives a response message sent in the background, where the response message includes the account information included in the request message. Parameter information of the associated first wireless device.
  • the second wireless device receives the authentication pass response sent by the background, where the authentication includes the parameter information of the first wireless device associated with the account information included in the authentication request.
  • the second wireless device may request to obtain the parameter information of the first wireless device in the background, or may send the first wireless directly to the second wireless device after the background is authenticated by the second wireless device. Parameter information of the device.
  • the second wireless device acquires a transmission key according to the parameter information.
  • the transport key After the transport key is obtained, the transport key can be saved.
  • the parameter information may be obtained from the authentication response message, where the parameter information may include: identity identification information of the first wireless device, and a transmission key acquisition factor, the transmission key acquisition factor
  • the method includes one or more of a random number of the first wireless device, device information of the first wireless device, and a transmission key generated by the first wireless device.
  • the obtaining the transmission key according to the parameter information includes:
  • the parameter information includes: a random number generated by the first wireless device, and/or device information of the first wireless device, generating a transmission key according to the parameter information; or
  • the transmission key is directly obtained from the parameter information.
  • the parameter information in this embodiment may include the generation factor (random number, device information) of the transmission key or the transmission key itself.
  • This embodiment can cope with different situations and improve the acquisition of the transmission key in different scenarios.
  • the solution, and using the random number, the device information of the first wireless device, or a combination thereof to generate a transport key, can avoid replay attacks.
  • the parameter information includes the random number generated by the first wireless device, and/or the device information of the first wireless device is as follows:
  • the second wireless device may generate a transmission key according to the random number in the obtained parameter information and a preset algorithm.
  • the first wireless device may also use the random number generated by itself and the same as the second wireless device.
  • the preset algorithm generates a transmission key, implements acquisition of the transmission key, and completes access authentication of the second wireless device and the first wireless device. Thereafter, the second wireless device and the first wireless device can use the transmission key for data transmission.
  • the second wireless device may generate a transmission key according to the random number in the acquired parameter information and the device information of the first wireless device and a preset algorithm, and correspondingly, the first wireless device may also generate the transmission key according to the self-generated The random number, its own device information, and the same preset algorithm as the second wireless device generate a transmission key, implement acquisition of the transmission key, and complete access authentication of the second wireless device and the first wireless device. Thereafter, the second wireless device and the first wireless device can use the transmission key for data transmission.
  • the second wireless device may generate a transmission key according to the random number in the acquired parameter information and the device information of the first wireless device, and the device information of the second wireless device itself, and a preset algorithm.
  • the first wireless device may acquire device information of the second wireless device, and according to the random number generated by the first wireless device itself,
  • the device information of the body, and the acquired device information of the second wireless device, and the same preset algorithm as the second wireless device generate a transmission key to implement acquisition of the transmission key, and complete the second wireless device and the first wireless device.
  • the first wireless device may acquire the device information of the second wireless device by using the information exchanged after establishing the connection with the second wireless device.
  • the first wireless device and the second wireless device may generate a preliminary transmission according to the information after the connection.
  • the first wireless device acquires the device information of the second wireless device by using the initial transmission key.
  • This embodiment provides multiple ways to generate a transmission key, which increases the possibility and complexity of generating a transmission key, so that the person who maliciously steals the transmission key does not know which way, and increases the security of the transmission key.
  • S14 The second wireless device completes access authentication and communication with the first wireless device by using the identity identification information of the first wireless device and the transmission key.
  • step S14 specifically includes one of the following manners:
  • Manner 1 After the first wireless device is found according to the identity information of the first wireless device, requesting to establish a wireless connection with the first wireless device, after receiving the information that the first wireless device passes the authentication, Encrypting and decrypting transmission data with the first wireless device using the transmission key;
  • the second wireless device uses the identity identification information of the first wireless device to find the first wireless device, so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device.
  • the efficiency of the connection between the wireless devices is improved, and the transmission key is used for encryption and decryption, thereby improving the security of transmitting data, and achieving the effect of establishing a wireless establishment quickly and safely.
  • Manner 2 outgoing the identity information of the first wireless device and the transmission key, requesting to establish a wireless connection with the first wireless device, and after receiving the information that the first wireless device passes the authentication, The transmission data between the first wireless device is encrypted and decrypted using the transmission key.
  • the second wireless device does not need to find the first wireless device, but broadcasts the identity identification information of the first wireless device, and the first wireless device that has the side identification information receives the access of the second wireless device.
  • the request after the authentication is passed, automatically establishes a connection with the second wireless device, so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, thereby improving the efficiency of the connection between the wireless devices, and
  • the use of transmission key encryption and decryption improves the security of the transmitted data, and achieves the effect of establishing a wireless connection quickly and securely between wireless devices.
  • step S14 specifically includes one of the following manners:
  • Manner 1 After the first wireless device is found according to the identity identification information of the first wireless device, request to establish a wireless connection with the first wireless device, and send the transmission key to the first wireless device Performing authentication, after receiving the information that the first wireless device authenticates the transmission key, using the transmission key to encrypt and decrypt the transmission data with the first wireless device;
  • Manner 2 outgoing identification information of the first wireless device and the transmission key, requesting the first The line device establishes a wireless connection, and after receiving the information that the first wireless device authenticates the transmission key, encrypts and decrypts the transmission data between the line and the first wireless device by using the transmission key .
  • the optional embodiment is different from the previous optional embodiment in that the first wireless device authenticates the transmission key sent by the second wireless device, and establishes a wireless connection after the authentication is passed, thereby further ensuring the security of establishing the connection.
  • the first wireless device and the second wireless device are two wireless devices that are mutually authenticated. After the authentication is passed, the two can use the respective transmission keys to encrypt and decrypt the transmission data.
  • the wireless device in this embodiment has wireless functions, such as Bluetooth, wifi, NFC, radio frequency, and the like.
  • the first wireless device and the second wireless device refer to a Bluetooth-enabled electronic device
  • the second wireless device is a Bluetooth-enabled mobile device (eg, a smartphone, a tablet, etc.)
  • a wireless device is a smart key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) with Bluetooth function as an example.
  • the background refers to the server, and the background can be used to save account information, passwords, and so on.
  • the background information is also saved in the background.
  • the account information is, for example, a bank card number, and/or a user name.
  • the mobile device can establish a connection with the key and determine whether the key is in the paired list. If not, after the user enters the account login background on the mobile device, the mobile device sends a request message to the background. When the key is in the paired list, it indicates that the mobile device has established a connection with the key, and the mobile device stores the transmission key. At this time, the transmission key can be obtained directly from the saved information of the mobile device.
  • the account information and the parameter information may be saved in the background.
  • the parameter information includes, for example, a random number generated by a key, device information of a key, and one or more transmission keys generated by a key.
  • the device information includes, for example, a unique serial number of the device. , digital certificate, can also include: device address and so on.
  • the background information of the account information can be found according to the pre-saved correspondence, and then the background information can be sent to the mobile device.
  • the mobile device and the key can be established by searching and initiating a Bluetooth connection
  • the mobile device and the key can establish a connection, and the data can be transmitted through the connection, but the data before the pairing is not encrypted, and some can be transmitted for connection and pairing.
  • Device pairing feature values for example, IO Capability, OOB data flag, AuthReq, Max Enc Key Size, Init Key Distribution, Resp Key Distribution, and the like.
  • the transmission key is saved, and data encryption transmission can be performed, which can be used for transmission of important data of the application layer.
  • the first wireless device and the second wireless device may also refer to an electronic device having an NFC function
  • the second wireless device is an NFC-enabled mobile device (eg, a smart phone, a tablet, etc.)
  • the first wireless device is an intelligent key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) having an NFC function as an example.
  • the account information is saved in association with the parameter information in the background, and the identity information of the first wireless device is obtained from the background, so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device.
  • the efficiency of the connection between the wireless devices is improved; the parameter information is obtained from the background and the transmission key is generated according to the parameter information, and the generation factor of the transmission key can be obtained from the background or the transmission key can be directly obtained, instead of being between the wireless devices.
  • the transmission generation factor is transmitted on the link, so that the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the transmission key encryption and decryption is used to improve the security of the transmission data, and the speed is fast between the wireless devices. Securely establish the effect of a wireless connection.
  • FIG. 2 is a schematic flowchart of a method for communication of another wireless device according to an embodiment of the present invention. The method is applied to a first wireless device, including steps S21-S24:
  • the first wireless device sends an authentication request to the background, where the authentication request carries information to be authenticated, and the information to be authenticated at least includes: account information of the user;
  • the first wireless device establishes a secure channel with the background, and sends an authentication request to the background through the secure channel, where the authentication request carries information to be authenticated, and the information to be authenticated at least includes: account information of the user;
  • the first wireless device establishes a secure channel with the background, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the security of data transmission before the first wireless device and the background.
  • the backend is a trusted third party server, for example, the backend of the bank that issued the first wireless device.
  • the to-be-authenticated information may include the user account information and the login password, and the background authenticates the user's account information and the login key, and the background may be considered as the first Wireless devices are secure.
  • the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the first wireless device After receiving the authentication and returning response returned by the background, the first wireless device sends the parameter information of the first wireless device to the background;
  • the parameter information of the first wireless device includes: the first Identification information of the wireless device and a transmission key acquisition factor;
  • the parameter information of the wireless device is stored in association with the account information
  • the parameter information of the first wireless device includes: identity identification information of the first wireless device and a transmission key acquisition factor; optionally, the transmission key acquisition factor includes at least one of the following: a random number generated by the first wireless device, device information of the first wireless device (device unique serial number, digital certificate, device address, etc.), a transmission key generated by the first wireless device.
  • the identification information is used to identify the first wireless device, for example, the MAC address of the first wireless device, the ID, the unique serial number of the device, and the like.
  • the second wireless device obtains the After the identity information of the first wireless device, the user can automatically connect to the first wireless device without the user's selection, and the speed of accessing the wireless device is fast and efficient. By using the random number and the first no by the embodiment
  • the device information of the line device or a combination thereof generates a transmission key, which can avoid replay attacks.
  • the PC may send a binding request to the first wireless device.
  • the first wireless device After receiving the binding request, the first wireless device generates parameter information and sends the parameter information.
  • the login device establishes a secure channel with the background, and the first wireless device establishes a secure channel with the PC, and the first wireless device sends the authentication request to the background through the login device.
  • the channel between the first wireless device and the backend is secure, thus ensuring the security of the transmitted data.
  • the connection between the first wireless device and the PC can be a wired connection for increased security. It can be understood that the login device can also adopt a wireless device, and the first wireless device can be wirelessly connected with the wireless device.
  • the manner of obtaining the information to be authenticated includes at least one of the following:
  • Method 1 The user inputs information to be authenticated on the PC;
  • Manner 2 scanning an identifier generated by the first wireless device according to the account information, and acquiring the to-be-authenticated information;
  • the identifier set on the first wireless device may be scanned to obtain information to be authenticated.
  • the identification code is, for example, a two-dimensional code.
  • the identification code may be attached to the first wireless device in the form of a sticker, or the display module may be disposed on the first wireless device, and the identification code is displayed by the display module.
  • the information to be authenticated can be obtained by scanning the identification code on the first wireless device, instead of transmitting the device information on the link between the wireless devices, so that the security of the information to be authenticated can be ensured, thereby Improve the security of obtaining transport keys.
  • Manner 3 Acquire the information to be authenticated of the first wireless device from the second wireless device.
  • the second wireless device may also locally save the information to be authenticated of the first wireless device, and display the information to be authenticated of the first wireless device in an identifier manner, so as to obtain the to-be-authenticated information from the second wireless device. information.
  • the information to be authenticated further includes: a root certificate of the first wireless device.
  • the root certificate may also be authenticated in the background to ensure the legitimacy of the first wireless device, thereby ensuring the security of the parameter information held by the first wireless device and the security of the wireless device requesting the wireless connection with the first wireless device. .
  • the verification information may also be sent at the same time, and the verification information may be generated according to the parameter information, where the verification information includes: authentication information, and/or a cyclic redundancy check code (Cyclic) Redundancy Check (CRC), the authentication information is, for example, signature information, and the signature information may be information obtained by signing device information of the first wireless device (such as a unique serial number of the device).
  • the second wireless device may further perform authentication verification information according to the received authentication information and/or CRC check information.
  • the identity of the first wireless device can be authenticated by the verification information to ensure the validity of the first wireless device, thereby ensuring the security of the parameter information acquired by the second wireless device, thereby further ensuring the obtained transmission key. safety.
  • the first wireless device sends, by using the secure channel, the ciphertext encrypted by the parameter information of the first wireless device to the background, where the encryption key is used. It can be a symmetric key or an asymmetric key used in the background. Taking an asymmetric key as an example, the first wireless device encrypts the parameter information by using its own private key to generate a ciphertext and sends it to the background. The text decryption obtains the plaintext of the parameter information of the first wireless device. In this embodiment, the first wireless device further ensures the security of the sent parameters by encrypting the parameter information.
  • the first wireless device acquires a transmission key according to the parameter information.
  • the transport key After the transport key is obtained, the transport key can be saved.
  • the obtaining the transmission key according to the parameter information includes:
  • the transmission key is directly obtained according to the parameter information.
  • the parameter information in this embodiment may include the generation factor (random number, device information) of the transmission key or the transmission key itself.
  • This embodiment can cope with different situations and improve the acquisition of the transmission key in different scenarios.
  • the solution, and using the random number, the device information of the first wireless device, or a combination thereof to generate a transport key, can avoid replay attacks.
  • the first wireless device may obtain the transmission key according to the parameter information automatically or according to an instruction generated by the user or according to an instruction generated by the second wireless device.
  • the generating the transmission key according to the parameter information may include:
  • the device information of the first wireless device, the acquired device information of the second wireless device, and a preset algorithm generate a transmission key.
  • the first wireless device and the second wireless device refer to a Bluetooth-enabled electronic device.
  • the second wireless device is a Bluetooth-enabled mobile device (eg, a smart phone, a tablet, etc.)
  • the first wireless device is a smart key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) with Bluetooth function as an example.
  • the mobile device can establish a connection with the key. It should be noted that after the mobile device can be established by searching and initiating a connection, the mobile device can be associated with the key. To establish a connection through which data can be transmitted, but the data before pairing is not encrypted, and some device pairing feature values for connection and pairing can be transmitted, for example, IO Capability, OOB data flag, AuthReq, Max Enc Key Size, Init Key Distribution, Resp Key Distribution, etc. After the pairing is completed, the transmission key is saved, and data encryption transmission can be performed, which can be used for transmission of important data of the application layer.
  • the request After receiving the request for the second wireless device to establish a wireless connection, the request carries a transmission key that is acquired by the second wireless device from the background and is associated with the account information, and the first wireless device And completing the access authentication and communication with the second wireless device by using a transmission key associated with the account information and a transmission key acquired by the first wireless device.
  • step S24 specifically includes:
  • the first wireless device determines whether the transmission key of the second wireless device matches the transmission key acquired by the first wireless device, and if yes, the authentication passes, and after the authentication is passed, the first wireless is used.
  • the transmission key acquired by the device encrypts and decrypts the transmission data between the second wireless device.
  • the first wireless device and the second wireless device refer to an electronic device having a Bluetooth function or a wireless function such as NFC or WIFI.
  • the transmission key is the Bluetooth pairing information; when the NFC function is used,
  • the transport key is the authentication information carried in the NFC tag.
  • the transport key is the key for accessing the WIFI.
  • the second wireless device is a mobile device (such as a smart phone, a tablet computer, etc.) having the wireless function described above
  • the first wireless device is a smart key device (key, such as IC of the ICBC) having the wireless function described above. Shield, KB of ABC, etc.).
  • the parameter information includes at least the identity information of the first wireless device
  • the second wireless device obtains the parameter information
  • the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device.
  • the connection improves the efficiency of the connection between the wireless devices; and the parameter information can be transmitted to another wireless device through the background, so that the transmission key generation factor or the transmission key is transmitted through the background instead of between the wireless devices.
  • the generation factor is transmitted on the link, so the security of the generation factor can be guaranteed, thereby improving the security of the transmission key.
  • FIG. 3 is a schematic flowchart of a method for communication of another wireless device according to an embodiment of the present invention. The method is applied to the background, and includes steps S31-S34:
  • the authentication request sent by the first wireless device and the second wireless device is received in the background, and the authentication request of the first wireless device and the second wireless device is respectively authenticated, and the authentication request carries the information to be authenticated.
  • the information to be authenticated includes at least: account information of the user;
  • the background establishes a secure channel with the first wireless device and the second wireless device respectively, and receives an authentication request of the first wireless device and the second wireless device by using the secure channel, for the first wireless device and the
  • the second wireless device performs authentication, and the authentication request carries information to be authenticated, and the to-be-authenticated information includes at least: account information of the user;
  • the first wireless device and the second wireless device and the second wireless device respectively establish a secure channel, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the first wireless device and the second wireless device and the background.
  • SSL Secure Sockets Layer
  • the backend is a trusted third-party server, for example, the backend that issues the first wireless device, such as a bank that issues keys.
  • the information to be authenticated may include account information of the user and a login password
  • the background is authenticated by the user account information and the login key
  • the first wireless device and the second After the authentication of the to-be-authenticated information sent by the wireless device passes, the background may consider that the first wireless device or the second wireless device is secure.
  • the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the authentication request sent by the first wireless device further includes a root certificate sent by the first wireless device
  • the authenticating the first wireless device includes: verifying the root certificate.
  • the root certificate may be authenticated in the background to ensure the legality of the first wireless device, thereby ensuring the security of the parameter information saved by the first wireless device and requesting wireless establishment of a wireless connection with the first wireless device.
  • Equipment security may be used to ensure the legality of the first wireless device, thereby ensuring the security of the parameter information saved by the first wireless device and requesting wireless establishment of a wireless connection with the first wireless device.
  • the parameter information of the first wireless device is obtained in the background, and the parameter information is stored in association with the account information, where the parameter information of the first wireless device includes: The identity identification information of the first wireless device and the transmission key acquisition factor;
  • the encrypted ciphertext of the parameter information of the first wireless device is obtained, and the encrypted ciphertext of the parameter information of the first wireless device is decrypted, and then the decrypted
  • the parameter information is stored in association with the account information
  • the parameter information of the first wireless device includes identity identification information of the first wireless device and a transmission key acquisition factor, where the transmission key acquisition factor includes at least one of the following items: generated by the first wireless device a random number, device information of the first wireless device (device unique serial number, digital certificate, device address, etc.), a transmission key generated by the first wireless device.
  • the identification information is used to identify the first wireless device, for example, the MAC address of the first wireless device, the ID, the unique serial number of the device, and the like.
  • the second wireless device obtains the After the identity information of the first wireless device, the user can automatically connect to the first wireless device without the user's selection, and the speed of accessing the wireless device is fast and efficient.
  • the random number the device information of the first wireless device, or a combination thereof to generate a transmission key by the present embodiment, a replay attack can be avoided.
  • the parameter information may be obtained by the background from the first wireless device, or may be directly configured locally, and specifically includes:
  • the account information and/or parameter information may also be directly configured in the background.
  • the login device can send a binding request to the first wireless device.
  • the first wireless device After receiving the binding request, the first wireless device generates parameter information and sends the parameter information to the background through the login device.
  • the login device establishes a secure channel with the background.
  • a secure channel is established between the first wireless device and the login device.
  • the wireless device can be connected in a wireless or wired manner. To improve security, the first wireless device and the login device use a wired connection.
  • the account information and the parameter information of the first wireless device are in a many-to-one relationship. That is, one account information may correspond to a plurality of first wireless devices.
  • the first wireless device may also send the verification information while transmitting the parameter information, and after verifying the verification information in the background and verifying the verification, the parameter information is associated with the account information. storage.
  • the identity authentication of the first wireless device can be implemented by verifying the verification information in the background, and the storage parameter information and the account information are associated after the authentication is passed to ensure the security of the stored information.
  • S34 The background information of the first wireless device that is found is sent to the second wireless device by the background.
  • the parameter information of the first wireless device is an encrypted ciphertext
  • the encrypted ciphertext is decrypted and sent to the second wireless device.
  • the method further includes:
  • the parameter information associated with the account information may be updated in the background to ensure the real-time performance of the parameter information, thereby providing the second wireless device with the latest parameter information.
  • the parameter information of the first wireless device can be transmitted to the second wireless device in the background, so that the second wireless device acquires the identity identification information of the first wireless device from the background, thereby
  • the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, which improves the efficiency of the connection between the wireless devices; and, the transmission key generation factor or the transmission key is transmitted through the background.
  • the generation factor is not transmitted on the link between the wireless devices, so the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the effect of establishing a wireless connection quickly and securely between the wireless devices is achieved.
  • the two wireless devices of the two are respectively a mobile device with a Bluetooth function and a key, and the authentication mode of the background is an example of login authentication.
  • the method includes steps S41-S45:
  • S411 Establish a wired connection between the key and a personal computer (PC), and establish a secure channel between the PC and the background, and the user logs in on the PC.
  • PC personal computer
  • the login device is a PC.
  • the login device may also be a mobile device such as a mobile phone.
  • the key uses the public key of the background to encrypt the identification information of the key and the device information, and the random number and the verification information are encrypted to generate the ciphertext, and the ciphertext is sent to the background.
  • the key saves the random number, and the background uses the private key to decrypt the ciphertext, and saves the account information and the parameter information correspondingly.
  • the parameter information includes the device information of the key and the random number generated by the key.
  • the corresponding save can also be called associative save.
  • the background binding may specifically include:
  • S501 The key establishes a secure channel with the PC, and the PC establishes a secure channel with the background.
  • a security channel is established between the key and the PC, and a wireless or wired connection can be used.
  • a wired connection can be used between the key and the PC, for example, a universal serial bus (Universal Serial Bus, USB) ) Connect, negotiate the session key, and establish a secure connection.
  • USB Universal Serial Bus
  • the PC and the background can establish a connection through the network, negotiate the transmitted encryption key and verification key, and establish a secure channel.
  • S502 The user inputs an account on the PC, requests to log in to the background, the background authentication passes, and the login succeeds.
  • step S502 the user inputs the account to log in to the background on the PC, and sends the root certificate of the key to the background for authentication. If the authentication is successful, the login is successful.
  • S504 The key generates a random number by the random number generating module.
  • the key obtains the identity identification information, the device information, and the verification information of the key.
  • the identification information of the key may be an ID or a MAC address of the key
  • the device information may include: a unique serial number of the device, a digital certificate, and may also include a device address.
  • the key can also generate check information, including, for example, signature information and CRC check information.
  • the key uses the public key in the background to encrypt the identification information, the device information, the random number, and the verification information to generate an encrypted ciphertext, and sends the encrypted ciphertext to the PC.
  • S509 The background decrypts the encrypted ciphertext by using the private key to obtain the key identification information, the device information, the random number, and the verification information; and the verification information is verified; if the verification is passed, S511 is performed; otherwise, S510 is performed.
  • the background feeds back an error message to the PC.
  • the account information is stored in the background corresponding to the parameter information.
  • the account information is the account information currently registered by the PC
  • the parameter information is parameter information sent by the received key
  • the account information and parameter information are saved in the background.
  • the device determination may include:
  • S421 The mobile device logs in to the online banking APP, establishes a secure channel with the background, and logs in to the background;
  • the device determination may specifically include:
  • S512 The mobile device establishes a secure channel with the background.
  • the mobile device establishes a connection with the background through the network, negotiates the transmitted encryption key and verification key, and establishes a secure channel.
  • S513 The user inputs the account information on the mobile device, requests the login to the background, the background authentication passes, and the login succeeds.
  • the account information in step 513 may also be performed by scanning an identifier generated by the mobile device according to the account information waiting for the authentication information, and requesting the login by using the scanned information.
  • S514 Searching for parameter information corresponding to the account information in the background, where the parameter information includes the identity identification information of the key.
  • the corresponding relationship between the account information and the parameter information is saved in the background, and after receiving the account information in the background, the parameter information is searched according to the corresponding relationship.
  • the background can send an error message to the mobile device.
  • S515 The mobile device determines whether the key corresponding to the identification information is paired. If yes, execute S527, otherwise execute S516.
  • the device information of the key will appear in the paired list of the mobile device, and the two have been connected and the transmission key has been generated and saved.
  • the data can be used to transmit the data.
  • the saved transport key is encrypted and decrypted.
  • S43 may include:
  • the parameter information returned in the background in step S514 may further include device information, a random number, and/or a transmission key of the key.
  • the transmission key is generated according to the same operation method as the key; if the parameter information includes the transmission key, the transmission key is directly acquired.
  • the generating the transport key may specifically include:
  • S516 The mobile device searches for a key corresponding to the identity information, and after finding the key, performs Bluetooth pairing with the key to establish a Bluetooth connection.
  • S517 The mobile device acquires a transmission key according to the received parameter information and saves it.
  • the mobile device may generate a transmission key according to the parameter information, for example, generate a transmission key according to a random number in the parameter information, or generate a device information of the key according to the random number.
  • the transmission key is generated, or the transmission key is generated according to the random number in the parameter information, the device information of the key, and the device information of the mobile device.
  • the background may also send the verification information at the same time.
  • the transmission key is generated according to the parameter information.
  • the verification information may include: signature and/or CRC check information, and the like.
  • S518 The key generates a transport key and saves it.
  • the transmission key is directly generated; or, a button for triggering the generation of the transmission key is set on the key, and when the user clicks the button to generate a trigger instruction, the transmission is generated according to the trigger instruction.
  • the key, the button may be a physical or virtual button; or the mobile device sends an instruction to trigger a transmission key generation to the key, and generates a transmission key according to the instruction.
  • the transport key When generating the transport key, the transport key may be generated according to the random number generated by the key, or the transport key may be generated according to the device information of the random number and the key, or the device information and the key of the mobile device acquired according to the random number.
  • the device information generates a transport key.
  • the parameter information update may include:
  • This step S44 is optional.
  • the parameter information update may specifically include:
  • S519 The mobile device sends the paired instruction to the background.
  • S520 The background sends a rebind instruction to the mobile device.
  • S521 The mobile device sends a rebinding instruction to the key.
  • S522 The key regenerates the random number and generates verification information.
  • S523 The key sends a new random number and check information to the mobile device.
  • S524 The mobile device sends a new random number and a verification message to the background.
  • S525 The background determines whether the verification information passes the verification, and if so, executes S526; otherwise, executes S510.
  • the background sends an error message to the mobile device.
  • the random number in the parameter information of the key is updated from the initial random number to the new random number.
  • the data transmission can include:
  • S451 The mobile device and the key use the same transport key for encrypted transmission of the wireless link.
  • the data transmission can include:
  • the key and the mobile device perform data encryption transmission according to the generated or saved transport key.
  • the generation factor of the transmission key can be obtained from the background instead of the link between the wireless devices.
  • the generation factor is transmitted, so that the security of the generation factor can be ensured, thereby improving the security of the transmission key.
  • the identity identification information of the key is obtained from the background, so that the user does not need to select the key from the prompt list, but automatically and the key.
  • the connection improves the efficiency of the connection between the wireless devices, and achieves the effect of quickly and securely establishing a wireless connection between the wireless devices.
  • This embodiment can be used for subsequent Bluetooth pairing by performing binding update; this embodiment passes When the background sends the parameter information to the mobile device, the verification information is also sent, which can improve security.
  • FIG. 6 is a schematic flowchart of a method for communication of another wireless device according to an embodiment of the present invention.
  • the identity information of the key is obtained by scanning the two-dimensional code on the key of the mobile device as an example.
  • the parameter information is exemplified by the transmission key generated by the key.
  • the transmission key is not limited to the background. Referring to Figure 6, the method includes steps S601-S609:
  • S601 The mobile device logs in to the online banking APP to establish a secure channel with the background.
  • the mobile device can establish a connection with the background through the network, establish a secure channel, negotiate an encryption key and a verification key, etc., wherein the encryption key is used to encrypt data transmitted between the mobile device and the background, and verify the secret.
  • the key is used to verify the data transmitted between the mobile device and the background.
  • S602 The mobile device scans the two-dimensional code on the key to obtain the identification information of the key.
  • the two-dimensional code may be attached to the key in the form of a sticker, or the two-dimensional code may be displayed by the display module of the key.
  • the QR code is generated based on the identification information of the key.
  • the identification information of the key is, for example, the device serial number of the key.
  • S603 The mobile device determines whether the key is paired. If yes, execute S607; otherwise, execute S604.
  • the key identification information may exist in the pairing list of the mobile device. Therefore, according to whether the key identification information exists in the pairing list of the mobile device, it can be determined whether the key is paired. .
  • S604 The mobile device sends a request message to the background.
  • the request message may include account information and key device information.
  • the user may log in on the mobile device, and the mobile device obtains the currently registered account information according to the user login, and the mobile device obtains the key identification information by scanning the two-dimensional code.
  • S605 The background acquires the associated transport key according to the account information and the identity information of the key.
  • the background information, the device information of the key, and the association relationship between the transport keys may be pre-stored in the background.
  • S606 The background sends the obtained transmission key to the mobile device.
  • an error message can be sent to the mobile device.
  • S607 The mobile device acquires a transport key and saves the transport key.
  • the mobile device when the mobile device is not paired with the key, the mobile device directly obtains the transmission key from the parameter information sent in the background.
  • the mobile device When the mobile device has been paired with the key, the mobile device obtains the transport key from the pairing list directly.
  • S608 The mobile device sends a connection pairing request to the key.
  • S609 The mobile device and the key use the same transport key for encrypted transmission of the Bluetooth link.
  • the key may be used to generate a pre-generated transmission key, for example, according to the device information of the random number and/or the key.
  • a pre-generated transmission key for example, according to the device information of the random number and/or the key.
  • the mobile device can obtain the identity identification information of the key after scanning the two-dimensional code, thereby acquiring corresponding parameter information in the background, and further acquiring the transmission key according to the parameter information, thereby improving the transmission key. Get the security.
  • FIG. 7 is a schematic flowchart of a method for communication of another wireless device according to an embodiment of the present invention.
  • the device information of the key is obtained by scanning the two-dimensional code on the key of the mobile device as an example.
  • the key is transmitted.
  • the key is sent to the background as an example. Referring to Figure 7, the method includes steps S701-S723:
  • S701 The key establishes a secure channel with the PC, and the PC establishes a secure channel with the background.
  • a wireless or wired connection can be used between the key and the PC.
  • a wired connection can be used between the key and the PC, for example, a Universal Serial Bus (USB) connection is used for negotiation. Session key to establish a secure connection.
  • USB Universal Serial Bus
  • the PC and the background can establish a connection through the network, negotiate the transmitted encryption key and verification key, and establish a secure channel.
  • S702 The user inputs an account on the PC, requests to log in to the background, the background authentication passes, and the login succeeds.
  • S704 The key acquires a transport key.
  • the transmission key may be generated according to the device information of the random number and/or the key. For details, refer to the foregoing embodiment, and details are not described herein again.
  • the verification information includes, for example, a signature and CRC check information.
  • the key uses the public key of the background to encrypt the identity device information, the device information, the transmission key, and the verification information of the key to generate an encrypted ciphertext, and sends the encrypted ciphertext to the PC.
  • S709 The background uses the private key to decrypt the encrypted ciphertext to obtain the key identification information, the device information, the random number, and the verification information; the verification information is verified, and if the verification is passed, S711 is performed, otherwise, S710 is performed.
  • the background feeds back an error message to the PC.
  • S711 The background information is stored in association with the account information and the key identity device information of the key.
  • the account information is the account information currently registered by the PC.
  • S712 The mobile device logs in to the online banking APP to establish a secure channel with the background.
  • S713 The mobile device uses the same transport key as the key to perform encrypted transmission of the Bluetooth link.
  • S714 The mobile device sends the completed authentication command to the background.
  • S715 The background sends a rebinding instruction to the mobile device, where the mobile device is instructed to obtain the regenerated parameter information from the key and report the information.
  • S716 The mobile device sends a rebind instruction to the key.
  • S717 a random number generated by the key, and generating a transmission key according to the random number, using the background public key to generate the encrypted ciphertext for the regenerated transmission key, and generating the two-dimensional code by encrypting the ciphertext;
  • S718 The mobile device scans the two-dimensional code on the key, obtains the encrypted ciphertext of the parameter information of the key, and reports the encrypted ciphertext of the parameter information to the background;
  • S719 The background decrypts the encrypted ciphertext by using its own private key, obtains the transport key, and replaces the transport key of the key corresponding to the account information with the new transport key.
  • the account information is the account entered by the user.
  • S720 The mobile device sends a request to the background to obtain parameter information associated with the account information.
  • S721 The background sends the transmission key to the mobile device.
  • S722 The mobile device acquires a transport key and saves the transport key.
  • S723 The mobile device and the key use the same transport key for encrypted transmission of the Bluetooth link.
  • the mobile device can scan the two-dimensional code and obtain the transmission key ciphertext of the key and report it to the background, thereby updating the transmission key associated with the account information in the background.
  • the security of the transport key can be guaranteed by updating the transport key saved in the background in real time.
  • FIG. 8 is a schematic structural diagram of a wireless device according to an embodiment of the present invention.
  • the wireless device may specifically refer to a second wireless device, such as a mobile device, and the wireless device 80 includes: an authentication module 81, an obtaining module 82, and a generating module 83. And communication module 84.
  • the authentication module 81 is configured to send an authentication request to the background, where the authentication request carries at least the account information of the user;
  • the authentication module 81 is configured to establish a secure channel with the background, and send an authentication request to the background through the secure channel, where the authentication request carries at least the account information of the user.
  • the authentication module 81 establishes a secure channel with the background, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the security of data transmission before the second wireless device and the background.
  • the backend is a trusted third party server, for example, the backend of the bank that issued the first wireless device.
  • the information to be authenticated may include account information of the user and a login password, and the background authenticates the account information and the login key of the user, and the background may be considered as the second by the authentication.
  • Wireless devices are secure.
  • the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the obtaining module 82 is configured to receive, after receiving the authentication pass response returned by the background, parameter information of the first wireless device that is returned by the background and is associated with the account information.
  • the parameter information of the first wireless device is stored in the background in association with the account information, where the parameter information includes the identity identification information and the transmission key acquisition factor of the first wireless device, and the transmission key
  • the acquisition factor includes at least one of the following: a random number generated by the first wireless device, device information of the first wireless device, and a transmission key generated by the first wireless device.
  • the identification information is used to identify the first wireless device, for example, the MAC address, the ID, the device serial number, and the like of the first wireless device.
  • the second wireless device obtains the first After the identity information of the wireless device, the user can automatically connect to the first wireless device without user selection, providing the speed of wireless device access, which is fast and efficient.
  • the playback key is generated by the wireless device of the present embodiment by using a random number, device information of the first wireless device, or a combination thereof to generate a transmission key.
  • the obtaining module 82 in the second wireless device is further configured to send a request message to the background, where the request message includes account information, and receives a response message sent in the background, where the response message includes and the request message is included Account Parameter information associated with the number information.
  • the generating module 83 is configured to obtain a transmission key according to the parameter information.
  • the transport key After the transport key is obtained, the transport key can be saved.
  • the generating module 83 is configured to obtain a transport key according to the parameter information, including:
  • the parameter information includes: a random number generated by the first wireless device, and/or device information of the first wireless device, generating a transmission key according to the parameter information; or
  • the transmission key is directly obtained from the parameter information.
  • the parameter information may be obtained from the response message, and the parameter information may include: a random number, and/or device information of the key.
  • the parameter information in this embodiment may include the generation factor (random number, device information) of the transmission key or the transmission key itself.
  • This embodiment can cope with different situations and improve the acquisition of the transmission key in different scenarios.
  • the solution, and using the random number, the device information of the first wireless device, or a combination thereof to generate a transport key, can avoid replay attacks.
  • the generating module 83 in the second wireless device may generate a transmission key according to the random number in the obtained parameter information and a preset algorithm.
  • the first wireless device may also generate a random number according to the self and the first The second preset algorithm of the wireless device generates a transmission key, implements acquisition of the transmission key, and completes pairing between the second wireless device and the first wireless device. Thereafter, the second wireless device and the first wireless device can use the transmission key for data transmission. or,
  • the generating module 83 in the second wireless device may generate a transmission key according to the random number in the obtained parameter information, the device information of the first wireless device, and a preset algorithm, and correspondingly, the first wireless device may also be configured according to The self-generated random number, its own device information, and the same preset algorithm as the second wireless device generate a transmission key to implement acquisition of the transmission key, and complete pairing between the second wireless device and the first wireless device. Thereafter, the second wireless device and the first wireless device can use the transmission key for data transmission. or,
  • the generating module 83 in the second wireless device may generate a transport key according to the random number in the acquired parameter information and the device information of the first wireless device, and the device information of the second wireless device itself, and a preset algorithm.
  • the first wireless device may acquire the device information of the second wireless device, and then according to the random number generated by the first wireless device itself, the device information of the device, and the acquired device information of the second wireless device, and the second
  • the same preset algorithm of the wireless device generates a transmission key, implements acquisition of the transmission key, and completes pairing between the second wireless device and the first wireless device.
  • the first wireless device may acquire the device information of the second wireless device by using the information exchanged after establishing the connection with the second wireless device.
  • the first wireless device and the second wireless device may generate a preliminary transmission according to the information after the connection.
  • the first wireless device acquires the device information of the second wireless device by using the initial transmission key.
  • This embodiment provides various ways to generate a transmission key, which increases the possibility and complexity of generating a transmission key. If the person who maliciously steals the transmission key does not know which way, the security of the transmission key is increased.
  • the communication module 84 is configured to perform access authentication and communication with the first wireless device by using the identity identification information of the first wireless device and the transmission key.
  • the communication module 84 includes: a search unit, a connection unit, and an encryption and decryption list, wherein: the searching unit is configured to be found according to the identity identification information of the first wireless device.
  • the first wireless device, the connection unit is configured to request to establish a wireless connection with the first wireless device, and the encryption and decryption unit is configured to use the transmission confidentiality after receiving the information that the first wireless device passes the authentication Encrypting and decrypting the transmission data between the key pair and the first wireless device;
  • the communication module 84 includes: an outgoing unit, a connecting unit, and an encryption and decryption unit, wherein: the outgoing unit is configured to send the identity identification information of the first wireless device and the transmission key, and the connection unit, And configured to request to establish a wireless connection with the first wireless device, where the encryption and decryption unit is configured to use, after receiving the information that the first wireless device passes the authentication, using the transmission key pair with the first wireless device Transfer data for encryption and decryption.
  • the second wireless device does not need to search for the first wireless device, but broadcasts the identity identification information of the first wireless device, and the first wireless device that has the side identification information receives the connection of the second wireless device.
  • the incoming request automatically establishes a connection with the second wireless device after the authentication is passed, so that the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, thereby improving the efficiency of the connection between the wireless devices.
  • the transmission key encryption and decryption the security of the transmitted data is improved, and the effect of establishing a wireless connection between the wireless devices quickly and safely is achieved.
  • the communication module includes: a searching unit, a connecting unit, a key sending unit, and an encryption and decryption unit, wherein: a searching unit, configured to be used according to the first wireless device The identification information is found by the first wireless device, the connection unit is configured to request to establish a wireless connection with the first wireless device, and the key sending unit is configured to send the transmission key to the first wireless device Performing an authentication, encryption and decryption unit, configured to encrypt and decrypt the transmission data between the first wireless device and the first wireless device after receiving the information that the first wireless device authenticates the transmission key ;
  • the communication module includes: an outgoing unit, a connecting unit, and an encryption and decryption unit, wherein: an outgoing unit, configured to send the identity identification information of the first wireless device and the transmission key, and connect the unit, And requesting to establish a wireless connection with the first wireless device, where the encryption and decryption unit is configured to use the transmission key pair and the information after receiving the information that the first wireless device authenticates the transmission key
  • the transmission data between the first wireless devices is encrypted and decrypted.
  • the optional embodiment is different from the previous optional embodiment in that the first wireless device authenticates the transmission key sent by the second wireless device, and establishes a wireless connection after the authentication is passed, thereby further ensuring the security of establishing the connection.
  • the device 80 may further include: a scanning module 85, configured to be used on the first wireless device The set identifier is scanned to obtain identity device information of the first wireless device;
  • the identification code is, for example, a two-dimensional code.
  • the identification code may be attached to the first wireless device in the form of a sticker, or the display module may be disposed on the first wireless device, and the identification code is displayed by the display module.
  • the acquiring module 82 is configured to acquire the identity device information of the first wireless device, and specifically includes:
  • the second wireless device may acquire the identity device information of the first wireless device by scanning the identifier on the first wireless device, instead of transmitting the identity device information on the link between the wireless devices, so The security of the identity device information is guaranteed, thereby improving the security of obtaining the transmission key.
  • the device 80 may further include:
  • a determining module 86 configured to obtain verification information
  • the generating module 83 is configured to obtain a transmission key according to the parameter information, including:
  • a transmission key is generated according to the parameter information.
  • the wireless device in this embodiment can authenticate the identity of the first wireless device by using the foregoing verification information, and ensure the validity of the first wireless device, thereby ensuring the security of the parameter information acquired by the wireless device in this embodiment. To further ensure the security of the acquired transport key.
  • the device 80 may further include:
  • the update module 87 is configured to send the completed authentication instruction to the background after the communication module uses the identity identification information of the first wireless device and the transmission key to complete the access authentication with the first wireless device. After receiving the rebinding instruction sent by the background, sending the rebinding instruction to the first wireless device; acquiring parameter information regenerated by the first wireless device, and the regenerated Parameter information is sent to the background.
  • the first wireless device and the second wireless device are mutually authenticated two wireless devices. After the authentication is passed, the two can respectively encrypt and decrypt the transmission data by using the respective transmission keys.
  • the wireless device in this embodiment has wireless functions, such as Bluetooth, wifi, NFC, radio frequency, and the like.
  • the first wireless device and the second wireless device refer to a Bluetooth-enabled electronic device.
  • the second wireless device is a Bluetooth-enabled mobile device (such as a smart phone or a tablet).
  • Etc. the first wireless device is a smart key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) with Bluetooth function as an example.
  • the background refers to the server, and the background can be used to save account information, passwords, and so on.
  • the background information is also saved in the background.
  • the account information is, for example, a bank card number, or a user name.
  • the mobile device may include a module that establishes a connection with the key, and determines whether the key is in the paired list. If not, the acquisition module in the mobile device sends a request message to the background. When the key is in the paired list, it indicates that the mobile device has established a connection with the key, and the module in the mobile device stores the transmission key. At this time, the obtaining module can directly obtain the transmission key from the saved information of the mobile device.
  • the account information and the parameter information may be saved in the background.
  • the parameter information includes, for example, a random number generated by a key, and/or a device information of the key.
  • the device information includes, for example, a unique serial number of the device, a digital certificate, and may also include: a device address. Wait.
  • the background information of the account information included in the request message may be found by the background according to the pre-stored correspondence relationship, and then the background information may be sent to the mobile device by the background.
  • the mobile device and the key can be established by searching and initiating a Bluetooth connection
  • the mobile device and the key can establish a connection, and the data can be transmitted through the connection, but the data before the pairing is not encrypted, and some can be transmitted for connection and pairing.
  • Device pairing feature values for example, IO Capability, OOB data flag, AuthReq, Max Enc Key Size, Init Key Distribution, Resp Key Distribution, and the like.
  • the transmission key is saved, and data encryption transmission can be performed, which can be used for transmission of important data of the application layer.
  • the first wireless device and the second wireless device may also refer to a Bluetooth electronic device having an NFC function
  • the second wireless device is an NFC-enabled mobile device (eg, a smartphone, a tablet, etc.)
  • the first wireless device is an intelligent key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) with an NFC function as an example.
  • the generation factor or the transmission key of the transmission key can be obtained from the background, instead of being in the wireless device.
  • the generation factor is transmitted on the link, so the security of the generation factor can be guaranteed, thereby improving the security of the transmission key.
  • FIG. 10 is a schematic structural diagram of another wireless device according to an embodiment of the present invention.
  • the wireless device may be specifically a first wireless device, such as a key, and the wireless device 100 includes: an authentication module 101, a sending module 102, a generating module 103, and a communication. Module 104.
  • the authentication module 101 is configured to send an authentication request to the background, where the account information of at least the user that carries the user triggers the sending module 102 to work after receiving the authentication response returned by the background;
  • the authentication module 101 is configured to establish a secure channel with the background, and send an authentication request to the background through the secure channel, where the authentication request carries at least the account information returned by the user, and the authentication response returned by the background is received. After that, the sending module is triggered to work;
  • the authentication module establishes a secure channel with the background, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the security of data transmission before the first wireless device and the background.
  • Backstage is A trusted third-party server, for example, the backend of the bank that issued the first wireless device.
  • the to-be-authenticated information may include the user account information and the login password, and the background authenticates the user's account information and the login key, and the background may be considered as the first Wireless devices are secure.
  • the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the root certificate of the first wireless device is also carried in the authentication request.
  • the authentication module 101 includes:
  • a establishing unit configured to establish a secure channel with the login device, and establish a secure channel with the background through the login device
  • a sending unit configured to send the authentication request to the background by using the login device, where the The connection between a wireless device and the second wireless device is a wired connection.
  • the login device establishes a secure channel with the background, and the first wireless device establishes a secure channel with the PC, and the first wireless device sends the authentication request to the background through the login device.
  • the channel between the first wireless device and the backend is secure, thus ensuring the security of the transmitted data.
  • connection between the first wireless device and the PC may be a wired connection to improve security.
  • the login device can also adopt a wireless device, and the first wireless device can be connected to the login device in a wireless manner.
  • the PC may send a binding request to the first wireless device.
  • the sending module 102 may generate parameter information and send the parameter information. The parameter information.
  • the sending module 102 is configured to: after receiving the trigger of the authentication module, send the parameter information of the first wireless device to the background, where the parameter information of the first wireless device includes: the first wireless device Identification information and transmission key acquisition factor;
  • the sending module 102 is configured to send, after the trigger of the authentication module, the ciphertext encrypted by the parameter information of the first wireless device to the background, and indicate the background
  • the parameter information of the first wireless device is stored in association with the account information
  • the parameter information of the first wireless device includes identity identification information and a transmission key acquisition factor, where the transmission key acquisition factor includes at least one of the following: a random number generated by the first wireless device, where a device information (a device unique serial number, a digital certificate, a device address, etc.) of the first wireless device, a transmission key generated by the first wireless device; wherein the identification information is used to identify the first wireless device, For example, it may be a MAC address, an ID, a unique serial number, and the like of the first wireless device.
  • the second wireless device may Automatically connect to the first wireless device, providing the speed of wireless device access, fast and efficient.
  • the embodiment uses a random number, device information of the first wireless device, or a combination thereof As a transport key, replay attacks can be avoided.
  • the verification information may also be sent at the same time, and the verification information may be generated according to the parameter information, where the verification information includes: authentication information, and/or a cyclic redundancy check code (Cyclic) Redundancy Check (CRC), the authentication information is, for example, signature information, and the signature information may be information obtained by signing device information of the first wireless device (such as a unique serial number of the device).
  • the second wireless device may further perform authentication verification information according to the received authentication information and/or CRC check information.
  • the identity of the first wireless device can be authenticated by the verification information to ensure the validity of the first wireless device, thereby ensuring the security of the parameter information acquired by the second wireless device, thereby further ensuring the obtained transmission key. safety.
  • the device 100 when the parameter information includes the device information of the first wireless device, the device 100 further includes:
  • the display module 105 is configured to generate an identifier according to the identity identification information of the first wireless device and display the identifier.
  • the generating module 103 is configured to acquire a transmission key according to the parameter information.
  • the transport key After the transport key is obtained, the transport key can be saved.
  • the generating module 103 is configured to obtain a transport key according to the parameter information, including:
  • the transmission key is directly obtained according to the parameter information.
  • generating the transport key according to the parameter information may include:
  • the device information of the first wireless device, the acquired device information of the second wireless device, and a preset algorithm generate a transmission key.
  • the first wireless device and the second wireless device are electronic devices having a Bluetooth function.
  • the second wireless device is a Bluetooth-enabled mobile device (eg, a smart phone, a tablet, etc.), first.
  • the wireless device is a smart key device (key, such as the U shield of ICBC, K Bao of ABC, etc.) with Bluetooth function as an example.
  • the first wireless device is a key.
  • the module in the key can obtain the device information of the mobile device in the following manner:
  • the receiving mobile device encrypts the device information of the mobile device by using a preliminary transmission key, and acquires device information of the mobile device.
  • the generating module is configured to obtain a transport key according to the parameter information, including:
  • the parameter information includes: a random number generated by the first wireless device, and/or device information of the first wireless device, generating a transmission key according to the parameter information; or
  • the transmission key is directly obtained from the parameter information.
  • the parameter information in this embodiment may include the generation factor (random number, device information) of the transmission key or the transmission key itself.
  • This embodiment can cope with different situations and improve the acquisition of the transmission key in different scenarios.
  • the solution, and using the random number, the device information of the first wireless device, or a combination thereof to generate a transport key, can avoid replay attacks.
  • the communication module 104 is configured to: after receiving the request for the second wireless device to establish a wireless connection, the request carries a transmission key that is acquired by the second wireless device from the background and associated with the account information, And completing the access authentication and communication with the second wireless device by using the transmission key associated with the account information and the transmission key acquired by the first wireless device.
  • the communications module includes:
  • An authentication unit configured to determine whether a transmission key of the second wireless device matches a transmission key acquired by the first wireless device, and if yes, the authentication is passed, otherwise the authentication fails;
  • an encryption and decryption unit configured to encrypt and decrypt the transmission data between the second wireless device and the second wireless device by using the transmission key acquired by the first wireless device after the authentication unit passes the authentication.
  • the device 100 further includes: a determining module 106, configured to generate verification information according to the parameter information, and send the same to the background together with the parameter information.
  • a determining module 106 configured to generate verification information according to the parameter information, and send the same to the background together with the parameter information.
  • the verification information may be verified first, and after the verification is passed, the storage parameter information and the account information are associated.
  • the first wireless device and the second wireless device refer to an electronic device having a Bluetooth function or a wireless function such as NFC or WIFI.
  • the transmission key is the Bluetooth pairing information; when the NFC function is used,
  • the transport key is the authentication information carried in the NFC tag.
  • the transport key is the key for accessing the WIFI.
  • the second wireless device is a mobile device (such as a smart phone, a tablet computer, etc.) having the wireless function described above
  • the first wireless device is a smart key device (key, such as IC of the ICBC) having the wireless function described above. Shield, KB of ABC, etc.).
  • the parameter information includes at least the identity information of the first wireless device
  • the second wireless device obtains the parameter information
  • the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device.
  • the connection improves the efficiency of the connection between the wireless devices; and the parameter information can be transmitted to another wireless device through the background, so that the transmission key generation factor or the transmission key is transmitted through the background instead of between the wireless devices.
  • the generation factor is transmitted on the link, so the security of the generation factor can be guaranteed, thereby improving the security of the transmission key.
  • FIG. 12 is a schematic structural diagram of a server according to an embodiment of the present invention.
  • the server 120 includes an authentication module 121, an associated storage module 122, a lookup module 123, and a sending module 124.
  • the authentication module 121 is configured to receive an authentication request sent by the first wireless device and the second wireless device, respectively, and perform authentication on the authentication request of the first wireless device and the second wireless device, where the authentication request is carried Authentication information, where the information to be authenticated includes at least: account information of the user;
  • the authentication module 121 is configured to establish a secure channel with the first wireless device and the second wireless device respectively, and receive, by using the secure channel, an authentication request sent by the first wireless device and the second wireless device, where The wireless device and the second wireless device perform authentication, and the authentication request carries at least the account information of the user;
  • the first wireless device and the second wireless device and the second wireless device respectively establish a secure channel, such as a Secure Sockets Layer (SSL) channel, thereby ensuring the first wireless device and the second wireless device and the background.
  • SSL Secure Sockets Layer
  • the backend is a trusted third-party server, for example, the backend that issues the first wireless device, such as a bank that issues keys.
  • the information to be authenticated may include account information of the user and a login password
  • the background is authenticated by the user account information and the login key
  • the first wireless device and the second After the authentication of the to-be-authenticated information sent by the wireless device passes, the background may consider that the first wireless device or the second wireless device is secure.
  • the authentication request may also carry the to-be-authenticated information negotiated with the background, so that the background authenticates the information to be authenticated.
  • the authentication request sent by the first wireless device further includes a root certificate sent by the first wireless device
  • the authentication module is configured to perform authentication on the first wireless device, including: verifying the root certificate.
  • the root certificate may be authenticated in the background to ensure the legality of the first wireless device, thereby ensuring the security of the parameter information saved by the first wireless device and requesting wireless establishment of a wireless connection with the first wireless device.
  • Equipment security may be used to ensure the legality of the first wireless device, thereby ensuring the security of the parameter information saved by the first wireless device and requesting wireless establishment of a wireless connection with the first wireless device.
  • the association storage module 122 is configured to acquire parameter information of the first wireless device after the first wireless device is authenticated, and store the parameter information in association with the account information, where the first wireless device
  • the parameter information includes: identity identification information of the first wireless device and a transmission key acquisition factor;
  • the association storage module 122 is configured to acquire the encrypted ciphertext of the parameter information of the first wireless device after the first wireless device is authenticated, and decrypt the encrypted ciphertext of the parameter information of the first wireless device. Then, the decrypted parameter information is stored in association with the account information.
  • the parameter information of the first wireless device includes identity identification information of the first wireless device and a transmission key acquisition factor, where the transmission key acquisition factor includes at least one of: a random generated by the first wireless device Number, the device information of the first wireless device (device unique serial number, digital certificate, device address, etc.), the transmission key generated by the first wireless device; wherein the identification information is used to identify the first wireless
  • the device for example, may be the MAC address, the ID, the device unique serial number, and the like of the first wireless device.
  • the second wireless device acquires the identity identification information of the first wireless device, the user does not need to select the user. , it can automatically connect to the first wireless device, providing the speed of wireless device access, fast and efficient.
  • the random number, the device information of the first wireless device, or a combination thereof to generate a transmission key by the present embodiment a replay attack can be avoided.
  • the account information and the parameter information of the first wireless device are in a many-to-one relationship.
  • the parameter information may be obtained by the background from the first wireless device, or may be directly configured locally.
  • the association storage module 122 is further configured to: after the user logs in to the background according to the account information, receive the parameter information sent by the first wireless device.
  • the login device can send a binding request to the first wireless device.
  • the first wireless device After receiving the binding request, the first wireless device generates parameter information and sends the parameter information to the background through the login device.
  • the login device establishes a secure channel with the background.
  • a secure channel is established between the first wireless device and the login device.
  • the wireless device can be connected in a wireless or wired manner. To improve security, the first wireless device and the login device use a wired connection.
  • the account information and the parameter information of the first wireless device are in a many-to-one relationship. That is, one account information may correspond to a plurality of first wireless devices.
  • the association storage module 122 is further configured to: receive the first verification information
  • association storage module 122 is configured to associate the parameter information with the account information, including:
  • the parameter information is stored in association with the account information.
  • the identity authentication of the first wireless device can be implemented by verifying the verification information in the background, and the storage parameter information and the account information are associated after the authentication is passed to ensure the security of the stored information.
  • the association storage module 122 is further configured to receive account information sent by the second wireless device.
  • the searching module 123 is configured to search for parameter information of the first wireless device associated with the account information after the second wireless device is authenticated to pass;
  • the sending module 124 is configured to send the found parameter information of the first wireless device to the second wireless device.
  • the sending module 124 is further configured to: generate second verification information according to the parameter information, and send the same to the second wireless device together with the parameter information.
  • the authentication module 121 is further configured to receive the completed authentication command sent by the second wireless device, where the sending module 124 is further configured to: after receiving the completed authentication command, pass the second wireless The device sends a rebinding instruction to the first wireless device, where the associated storage module 122 is further configured to receive regenerated parameter information sent by the first wireless device by using the second wireless device, and The parameter information of the first wireless device associated with the account information is updated to the regenerated parameter information.
  • the parameter information associated with the account information may be updated in the background to ensure the real-time performance of the parameter information, thereby providing the second wireless device with the latest parameter information.
  • the parameter information of the first wireless device can be transmitted to the second wireless device in the background, so that the second wireless device acquires the identity identification information of the first wireless device from the background, thereby
  • the user does not need to select the first wireless device from the prompt list, but automatically connects with the first wireless device, which improves the efficiency of the connection between the wireless devices; and, the transmission key generation factor or the transmission key is transmitted through the background.
  • the generation factor is not transmitted on the link between the wireless devices, so the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the effect of establishing a wireless connection quickly and securely between the wireless devices is achieved.
  • first wireless device and the second wireless device are Bluetooth-enabled Bluetooth electronic devices.
  • the first wireless device and the second wireless device are Bluetooth-enabled Bluetooth electronic devices.
  • the second wireless device is a Bluetooth-enabled mobile device (for example, a smart phone, Tablet PC, etc.)
  • the first wireless device is a smart key device (key, such as IC's U-Shield, Agricultural Bank's K-Bao, etc.) with Bluetooth function.
  • the Bluetooth-enabled electronic signature device and the Bluetooth-enabled mobile device are mutually authenticated two Bluetooth devices. After the authentication is passed, the two can use the respective transmission keys to encrypt and decrypt the transmission data.
  • 13 to FIG. 15 are schematic flowcharts of a communication method of a Bluetooth-enabled mobile device according to an embodiment of the present invention
  • FIG. 16 to FIG. 17 are schematic flowcharts of a communication method of a Bluetooth-enabled electronic signature device according to an embodiment of the present invention; .
  • FIG. 13 is a communication method of a Bluetooth-enabled mobile device according to an embodiment of the present invention, the method including: (Steps S81-S84):
  • the mobile device with Bluetooth function sends an authentication request to the background, and the authentication request carries the information to be authenticated.
  • the information to be authenticated includes at least: account information of the user.
  • the mobile device with the Bluetooth function After receiving the authentication response returned by the background, the mobile device with the Bluetooth function receives the parameter information of the Bluetooth-enabled electronic signature device associated with the account information returned by the background.
  • S83 The mobile device with Bluetooth function acquires the transmission key according to the parameter information, and saves the transmission key.
  • the Bluetooth-enabled mobile device performs Bluetooth pairing with the Bluetooth-enabled electronic signature device by using the identity information of the Bluetooth-enabled electronic signature device, and after the pairing is successful, the transmission key is used to complete the Bluetooth-enabled electronic signature device. Access authentication and communication.
  • step S84 specifically includes one of the following manners:
  • Method 1 After finding the electronic signature device with Bluetooth function according to the identification information of the electronic signature device with Bluetooth function, request to perform Bluetooth pairing with the electronic signature device with Bluetooth function, and interactively pair feature values with the electronic signature device with Bluetooth function After receiving the information that the Bluetooth-enabled electronic signature device is paired, the transmission key is used to encrypt and decrypt the transmission data between the Bluetooth-enabled electronic signature device;
  • the Bluetooth-enabled mobile device uses the identity information of the Bluetooth-enabled electronic signature device to find a Bluetooth-enabled electronic signature device, requesting Bluetooth pairing with the Bluetooth-enabled electronic signature device, thereby eliminating the need for the user. Selecting the electronic signature device with Bluetooth function from the prompt list, and automatically connecting with the electronic signature device with Bluetooth function, improving the efficiency of the connection between the Bluetooth devices, and using the transmission key encryption and decryption to improve the security of transmitting data. Sexuality achieves the effect of establishing a wireless setup quickly and safely.
  • Manner 2 outgoing identification information and transmission key of the electronic signature device with Bluetooth function, requesting Bluetooth signature with the Bluetooth-enabled electronic signature device corresponding to the identification information, and interacting with the electronic signature device with Bluetooth function The value, and after receiving the information that the Bluetooth-enabled electronic signature device is paired, uses the transmission key to encrypt and decrypt the transmission data between the Bluetooth-enabled electronic signature device.
  • the Bluetooth-enabled mobile device does not need to look for a Bluetooth-enabled electronic signature device, but broadcasts the identity information of the Bluetooth-enabled electronic signature device, and has Bluetooth-enabled identification information.
  • the electronic signature device After receiving the Bluetooth pairing request of the Bluetooth-enabled mobile device, the electronic signature device interactively pairs the feature value with the Bluetooth-enabled electronic signature device to complete the Bluetooth pairing with the Bluetooth-enabled electronic signature device, and after the pairing is successful,
  • the Bluetooth-enabled mobile device automatically establishes a connection, thereby eliminating the need for the user to select a Bluetooth-enabled electronic signature device from the prompt list, and automatically connecting to the Bluetooth-enabled electronic signature device, thereby improving the efficiency of the connection between the Bluetooth devices and utilizing
  • the transmission key encryption and decryption improves the security of transmitting data, and achieves the effect of establishing a wireless connection quickly and securely between Bluetooth devices.
  • step S84 specifically includes one of the following manners:
  • Method 1 After finding the electronic signature device with Bluetooth function according to the identification information of the electronic signature device with Bluetooth function, request to perform Bluetooth pairing with the electronic signature device with Bluetooth function, and the electronic device with Bluetooth function
  • the signature device interactively pairs the feature values, and sends the transmission key to the electronic signature device with Bluetooth function for pairing authentication, and after receiving the pairing of the electronic signature device with Bluetooth function and the information for the authentication of the transmission key pairing, use The transmission key pair is encrypted and decrypted with the transmission data between the Bluetooth-enabled electronic signature device;
  • Manner 2 outgoing identification information and transmission key of the electronic signature device with Bluetooth function, requesting Bluetooth signature with the Bluetooth-enabled electronic signature device corresponding to the identification information, and interacting with the electronic signature device with Bluetooth function And after receiving the information that the Bluetooth-enabled electronic signature device is paired and the transmission key pairing authentication pass, the transmission key is used to encrypt and decrypt the transmission data with the Bluetooth-enabled electronic signature device.
  • the electronic signature device with Bluetooth function authenticates the transmission key sent by the Bluetooth-enabled mobile device, and the wireless connection is established after the authentication is passed, thereby further ensuring the establishment of the wireless connection. The security of the connection.
  • the identity identification information of the electronic signature device with the Bluetooth function is obtained from the background, so that the user does not need to select the electronic signature device with the Bluetooth function from the prompt list, but automatically
  • the electronic signature device with Bluetooth function is connected to improve the efficiency of the connection between the Bluetooth devices; the parameter information is obtained from the background and the transmission key is generated according to the parameter information, and the generation factor of the transmission key can be obtained from the background or the transmission key can be directly obtained.
  • the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the transmission key encryption and decryption is used to improve the security of the transmission data.
  • FIG. 14 is a communication method of another Bluetooth-enabled mobile device according to an embodiment of the present invention, the method including: (Steps S91-S96):
  • Steps S91-S92 are the same as steps S81-82, and are not described herein again.
  • the Bluetooth-enabled mobile device determines, according to the identification information, whether the paired authentication has been completed with the Bluetooth-enabled electronic signature device, and if so, step S94 is performed; if not, steps S95-S96 are performed;
  • the Bluetooth-enabled mobile device determines, according to the identity identification information, whether the paired authentication has been completed with the Bluetooth-enabled electronic signature device, including:
  • the Bluetooth-enabled mobile device determines whether the identification information exists in the device information list that has completed the paired authentication. If it is, it means that two Bluetooth devices have been paired and authenticated. If not, it means that there is no paired authentication. Steps S95-S96 are required.
  • S94 The Bluetooth-enabled mobile device communicates with the Bluetooth-enabled electronic signature device by using the saved transmission key
  • the method before communicating with the electronic signature device having the Bluetooth function according to the saved transmission key, the method further includes:
  • the transmission key is obtained according to the parameter information, and the transmission key is saved in the Bluetooth-enabled mobile device.
  • Steps S95-S96 are the same as steps S83-84, and are not described herein again.
  • the connection after obtaining the identity identification information of the electronic signature device, it is first determined whether the Bluetooth signature authentication has been completed with the electronic signature device, and if so, the connection may be directly performed, and the saved transmission key is used for communication, thereby enabling Quickly implement pairing and communication between Bluetooth devices; if not, obtain identification information of the Bluetooth-enabled electronic signature device from the background, thereby eliminating the need for the user to select a Bluetooth-enabled electronic signature device from the prompt list, but automatically
  • the connection with the electronic signature device with Bluetooth function improves the efficiency of the connection between the Bluetooth devices; obtains the parameter information from the background and generates the transmission key according to the parameter information, can obtain the generation factor of the transmission key from the background or directly obtain the transmission key Instead of transmitting the generation factor on the link between the Bluetooth devices, the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the transmission key encryption and decryption is used to improve the security of the transmission data. Achieve fast and secure wireless connection between Bluetooth devices Effect.
  • FIG. 15 is a schematic flowchart of a communication method of another Bluetooth-enabled mobile device according to an embodiment of the present invention, where the method includes: (Steps S101-S102):
  • S101 a Bluetooth-enabled mobile device performs Bluetooth pairing with a Bluetooth-enabled electronic signature device that has completed pairing authentication
  • S102 a Bluetooth-enabled mobile device and using a saved transmission key to communicate with a Bluetooth-enabled electronic signature device after successful pairing;
  • the mobile terminal directly searches for the surrounding Bluetooth device. Since the paired authentication has been completed with the electronic signature device with Bluetooth function, the two Bluetooth devices can be directly connected and communicated by using the saved transmission key. Fast pairing and communication between Bluetooth devices.
  • FIG. 16 is a schematic flowchart of a communication method of an electronic signature device with Bluetooth function according to an embodiment of the present invention, where the method includes (steps S111-S114):
  • the electronic signature device with the Bluetooth function sends an authentication request to the background by using the login device, where the authentication request carries the information to be authenticated, and the information to be authenticated at least includes: the account information of the user;
  • S112 After receiving the authentication response returned by the background, sending the parameter information of the electronic signature device with the Bluetooth function to the background;
  • S113 The electronic signature device with Bluetooth function acquires the transmission key according to the parameter information, and saves the transmission key.
  • the electronic signature device having the Bluetooth function After receiving the request for Bluetooth pairing by the Bluetooth-enabled mobile device, the electronic signature device having the Bluetooth function carries the transmission confidentiality associated with the account information acquired by the Bluetooth-enabled mobile device from the background. Key, complete the Bluetooth pairing with the specific Bluetooth-enabled mobile device, and after the pairing is successful, use the transmission key of the Bluetooth-enabled mobile device and the transmission key of the Bluetooth-enabled electronic signature device to complete the connection with the Bluetooth-enabled mobile device. Into the certification and communication.
  • step S114 after the pairing is successful, the transmission key of the Bluetooth-enabled mobile device and the transmission key of the Bluetooth-enabled electronic signature device and the Bluetooth-enabled function are used.
  • the mobile device completes the access authentication and communication, including:
  • the electronic signature device with Bluetooth function determines whether the transmission key of the Bluetooth-enabled mobile device matches the transmission key acquired by the Bluetooth-enabled electronic signature device. If it matches, the authentication passes, and after the authentication is passed, the Bluetooth function is used.
  • the transmission key obtained by the electronic signature device encrypts and decrypts the transmission data between the Bluetooth-enabled mobile device.
  • FIG. 17 is a schematic flowchart of a communication method of another Bluetooth-enabled electronic signature device according to an embodiment of the present invention, where the method includes (steps S121-S122):
  • the Bluetooth-enabled electronic signature mobile device performs Bluetooth pairing with the Bluetooth-enabled mobile device that has completed pairing authentication
  • the mobile terminal directly searches for the surrounding Bluetooth device. Since the paired authentication has been completed with the Bluetooth-enabled mobile device, the two Bluetooth devices can be directly connected and communicated by using the saved transmission key, thereby being able to quickly Achieve pairing and communication between Bluetooth devices.
  • the first wireless device and the second wireless device are Bluetooth-enabled Bluetooth electronic devices.
  • the second wireless device is a Bluetooth-enabled mobile device (for example, a smart phone, Tablet PC, etc.)
  • the first wireless device is a smart key device (key, such as IC's U-Shield, Agricultural Bank's K-Bao, etc.) with Bluetooth function.
  • the Bluetooth-enabled electronic signature device and the Bluetooth-enabled mobile device are mutually authenticated two Bluetooth devices. After the authentication is passed, the two can use the respective transmission keys to encrypt and decrypt the transmission data.
  • the embodiment of the present invention provides a mobile device with a Bluetooth function, and the structure of the mobile device is the same as that of the wireless device proposed in FIG. 8 to FIG. 9 in Embodiment 2.
  • the Bluetooth function is provided.
  • the mobile device differs from the wireless device of FIGS. 8-9 in that the communication module in the Bluetooth-enabled mobile device has slightly different functions than the communication module 84 of the wireless device in FIGS. 8-9.
  • the communication module in the Bluetooth-enabled mobile device has slightly different functions than the communication module 84 of the wireless device in FIGS. 8-9.
  • the communication module is configured to use the identification information of the electronic signature device with Bluetooth function and The Bluetooth-enabled electronic signature device completes the Bluetooth pairing, and after the pairing is successful, uses the transmission key and the Bluetooth-enabled electronic signature device to complete the access authentication and communication.
  • the communication module is configured to perform Bluetooth pairing with the Bluetooth-enabled electronic signature device by using the identity information of the Bluetooth-enabled electronic signature device, and use the The transmission key and the electronic signature device with Bluetooth function complete the access authentication and communication, including:
  • the communication module After finding the electronic signature device with Bluetooth function according to the identification information of the electronic signature device with Bluetooth function, the communication module requests Bluetooth pairing with the electronic signature device with Bluetooth function, and interactively pairs the feature value with the electronic signature device with Bluetooth function. After receiving the information that the Bluetooth-enabled electronic signature device is paired, the transmission key is used to encrypt and decrypt the transmission data between the Bluetooth-enabled electronic signature device;
  • the communication module sends out the identification information and the transmission key of the Bluetooth-enabled electronic signature device, requests the Bluetooth-enabled electronic signature device corresponding to the identification information to perform Bluetooth pairing, and interacts with the Bluetooth-enabled electronic signature device.
  • the feature value and after receiving the information that the Bluetooth-enabled electronic signature device is paired, uses the transmission key to encrypt and decrypt the transmission data between the Bluetooth-enabled electronic signature device.
  • the Bluetooth-enabled mobile device does not need to look for a Bluetooth-enabled electronic signature device, but broadcasts the identity information of the Bluetooth-enabled electronic signature device, and has Bluetooth-enabled identification information.
  • the electronic signature device receives the access request of the Bluetooth-enabled mobile device, and automatically establishes a connection with the Bluetooth-enabled mobile device after the authentication is passed, thereby eliminating the need for the user to select the Bluetooth-enabled electronic signature device from the prompt list, but Automatically connect with the electronic signature device with Bluetooth function, improve the efficiency of the connection between the Bluetooth devices, and use the transmission key encryption and decryption to improve the security of the transmitted data, and achieve a fast and secure wireless connection between the Bluetooth devices. Effect.
  • the communication module is configured to perform Bluetooth pairing with the Bluetooth-enabled electronic signature device by using the identity information of the Bluetooth-enabled electronic signature device, and use the pairing success.
  • the transmission key and the electronic signature device with Bluetooth function complete the access authentication and communication, including:
  • the communication module After finding the electronic signature device with Bluetooth function according to the identification information of the electronic signature device with Bluetooth function, the communication module requests Bluetooth pairing with the electronic signature device with Bluetooth function, and interactively pairs the feature value with the electronic signature device with Bluetooth function. And transmitting the transmission key to the electronic signature device with Bluetooth function for pairing authentication, and after receiving the pairing of the electronic signature device with Bluetooth function and the information for the authentication of the transmission key pairing, using the transmission key pair and having Bluetooth
  • the transmission data between the functional electronic signature devices is encrypted and decrypted;
  • the communication module sends out the identification information and the transmission key of the Bluetooth-enabled electronic signature device, requests the Bluetooth-enabled electronic signature device corresponding to the identification information to perform Bluetooth pairing, and interacts with the Bluetooth-enabled electronic signature device.
  • the feature value and after receiving the pairing of the electronic signature device with the Bluetooth function and the information for the transmission key pairing authentication, using the transmission key pair and the Bluetooth-enabled electronic signature device Lose data for encryption and decryption.
  • the electronic signature device with Bluetooth function authenticates the transmission key sent by the Bluetooth-enabled mobile device, and the wireless connection is established after the authentication is passed, thereby further ensuring the establishment of the wireless connection. The security of the connection.
  • the embodiment of the present invention further provides another Bluetooth-enabled mobile device, and the mobile device is different from the Bluetooth-enabled mobile device proposed in the previous optional manner, and further includes:
  • the determining module 83 and the generating module 83 and the communication module 84 of the Bluetooth-enabled mobile device proposed by the present alternative embodiment have slightly different working modes and functions than the generating module 83 and the communication module 84 proposed in the previous alternative manner.
  • the determining module 83 and the generating module 83 and the communication module 84 of the Bluetooth-enabled mobile device proposed by the present alternative embodiment have slightly different working modes and functions than the generating module 83 and the communication module 84 proposed in the previous alternative manner.
  • a determining module configured to determine, according to the identification information, whether the paired authentication has been completed with the electronic signature device having the Bluetooth function, and if yes, triggering the communication module to communicate with the electronic signature device having the Bluetooth function by using the saved transmission key; If not, the trigger key acquisition module acquires the transport key according to the parameter information, and saves the transport key;
  • a generating module 83 configured to acquire a transmission key according to the parameter information, and save the transmission key
  • the communication module 84 is configured to communicate with the electronic signature device having the Bluetooth function by using the saved transmission key if the judgment result of the determination module is YES; and use the electronic signature device with the Bluetooth function if the determination result of the determination module is not
  • the identification information is Bluetooth paired with the electronic signature device with Bluetooth function, and after the pairing is successful, the transmission key and the electronic signature device with Bluetooth function are used to complete the access authentication and communication.
  • the connection after obtaining the identity identification information of the electronic signature device, it is first determined whether the Bluetooth signature authentication has been completed with the electronic signature device, and if so, the connection may be directly performed, and the saved transmission key is used for communication, thereby enabling Quickly implement pairing and communication between Bluetooth devices; if not, obtain identification information of the Bluetooth-enabled electronic signature device from the background, thereby eliminating the need for the user to select a Bluetooth-enabled electronic signature device from the prompt list, but automatically
  • the connection with the electronic signature device with Bluetooth function improves the efficiency of the connection between the Bluetooth devices; obtains the parameter information from the background and generates the transmission key according to the parameter information, can obtain the generation factor of the transmission key from the background or directly obtain the transmission key Instead of transmitting the generation factor on the link between the Bluetooth devices, the security of the generation factor can be ensured, thereby improving the security of the transmission key; and the transmission key encryption and decryption is used to improve the security of the transmission data. Achieve fast and secure wireless connection between Bluetooth devices Effect.
  • the embodiment of the present invention provides another mobile device with Bluetooth function, and the device 180 includes a pairing module 181 and a communication module 182.
  • the pairing module 181 is configured to perform Bluetooth matching with the Bluetooth-enabled electronic signature device that has completed pairing authentication. Correct;
  • the communication module 182 is configured to communicate with the electronic signature device with Bluetooth function by using the saved transmission key after the pairing is successful.
  • the device 180 further includes: an authentication module, an obtaining module, a generating module, a scanning module, a determining module, and an updating module.
  • the authentication module 81, the obtaining module, the generating module, the scanning module, the determining module, and the updating module 81, the obtaining module 82, the generating module 83, the scanning module 85, the determining module 86, and the updating module 87 of the device 80 in this embodiment are For the same module, refer to the description of FIG. 8 to FIG. 9 , and details are not described herein again.
  • the mobile terminal directly searches for the surrounding Bluetooth device. Since the paired authentication has been completed with the electronic signature device with Bluetooth function, the two Bluetooth devices can be directly connected and communicated by using the saved transmission key. Fast pairing and communication between Bluetooth devices.
  • the embodiment of the present invention provides an electronic signature device with a Bluetooth function
  • the structure of the wireless signature device is the same as that of the wireless device provided in FIG. 10 to FIG.
  • the functional electronic signature device differs from the wireless device of FIGS. 10 to 11 in that the communication module in the Bluetooth-enabled electronic signature device has slightly different functions than the communication module of the wireless device in FIGS. 10 to 11.
  • the communication module in the Bluetooth-enabled electronic signature device has slightly different functions than the communication module of the wireless device in FIGS. 10 to 11.
  • the communication module in this embodiment is configured to receive a Bluetooth pairing request from a mobile device having a Bluetooth function, where the request carries a transmission key associated with the account acquired by the second wireless device from the background, and the mobile function of the Bluetooth function
  • the device performs Bluetooth pairing, and after the pairing is successful, the access authentication and communication are completed with the Bluetooth-enabled mobile device by using the transmission key associated with the account and the transmission key obtained by the Bluetooth-enabled electronic signature device.
  • the communication module is configured to use the transmission key associated with the account and the transmission key acquired by the Bluetooth key to complete the access authentication with the Bluetooth-enabled mobile device after the pairing is successful.
  • communications including:
  • the communication module determines whether the transmission key of the Bluetooth-enabled mobile device matches the transmission key acquired by the Bluetooth key, and if it matches, the authentication passes, and after the authentication is passed, the transmission key pair obtained by using the Bluetooth key has Bluetooth
  • the data transmitted between the functional mobile devices is encrypted and decrypted.
  • the embodiment of the present invention further provides another electronic signature device with Bluetooth function, and the device 190 includes: a pairing module 191 and a communication module 192.
  • a pairing module 191 configured to perform Bluetooth pairing with a Bluetooth-enabled mobile device that has completed pairing authentication
  • the communication module 192 is configured to communicate with the Bluetooth-enabled mobile device by using the saved transmission key after the pairing is successful.
  • the device 190 includes a pairing module and a communication module. It also includes an authentication module, a sending module, a generating module, a display module, and a determining module.
  • the authentication module, the sending module, the generating module, the display module, and the determining module in this embodiment are the same as the authentication module 101, the sending module 102, the generating module 103, the display module 105, and the determining module 106 of the device 100 in FIGS. 10 and 11.
  • FIGS. 10 and 11 For details, refer to the description of FIG. 10 and FIG. 11 , and details are not described herein again.
  • the mobile terminal directly searches for the surrounding Bluetooth device. Since the paired authentication has been completed with the electronic signature device with Bluetooth function, the two Bluetooth devices can be directly connected and communicated by using the saved transmission key. Fast pairing and communication between Bluetooth devices.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de communication pour un dispositif sans fil, un dispositif sans fil et un serveur. Le procédé de communication pour le dispositif sans fil est appliqué à un second dispositif sans fil, et comprend les étapes consistant : à envoyer à l'arrière-plan une demande d'authentification transportant les informations à authentifier, et les informations à authentifier comprennent au moins des informations de compte d'un utilisateur ; après réception d'une réponse de réussite d'authentification renvoyée par l'arrière-plan, à recevoir des informations de paramètre d'un premier dispositif sans fil associé aux informations de compte, et les informations de paramètre sont renvoyées par l'arrière-plan et au moins comprennent des informations d'identification du premier dispositif sans fil ; à obtenir une clé de transmission selon les informations de paramètres ; à accomplir une communication et une authentification d'accès avec le premier dispositif sans fil par utilisation des informations d'identification du premier dispositif sans fil et de la clé de transmission.
PCT/CN2016/070892 2015-01-15 2016-01-14 Procédé de communication pour dispositif sans fil, dispositif sans fil et serveur WO2016112860A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201510020739.3 2015-01-15
CN201510020798.0 2015-01-15
CN201510020739.3A CN104540132B (zh) 2015-01-15 2015-01-15 蓝牙设备的通讯方法、移动设备、电子签名设备和服务器
CN201510020798.0A CN104661219B (zh) 2015-01-15 2015-01-15 一种无线设备的通讯方法、无线设备和服务器

Publications (1)

Publication Number Publication Date
WO2016112860A1 true WO2016112860A1 (fr) 2016-07-21

Family

ID=56405257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/070892 WO2016112860A1 (fr) 2015-01-15 2016-01-14 Procédé de communication pour dispositif sans fil, dispositif sans fil et serveur

Country Status (1)

Country Link
WO (1) WO2016112860A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3588890A4 (fr) * 2017-03-14 2020-03-04 Huawei Technologies Co., Ltd. Procédé et dispositif de connexion sans fil de multiples dispositifs
US11432357B2 (en) 2018-02-06 2022-08-30 Huawei Technologies Co., Ltd. Multipath establishment method and apparatus

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1283827A (zh) * 2000-08-18 2001-02-14 郝孟一 通用电子信息网络认证系统及方法
CN103646455A (zh) * 2013-12-24 2014-03-19 杨密凯 一种智能锁装置及其使用方法、电子钥匙的配制方法
CN104144424A (zh) * 2013-05-07 2014-11-12 华为终端有限公司 一种设备之间建立连接的方法、配置设备和无线设备
CN104283688A (zh) * 2014-10-11 2015-01-14 东软集团股份有限公司 一种USBKey安全认证系统及安全认证方法
CN104540132A (zh) * 2015-01-15 2015-04-22 天地融科技股份有限公司 蓝牙设备的通讯方法、移动设备、电子签名设备和服务器
CN104661215A (zh) * 2015-01-15 2015-05-27 天地融科技股份有限公司 无线设备的通讯方法和无线设备
CN104661219A (zh) * 2015-01-15 2015-05-27 天地融科技股份有限公司 一种无线设备的通讯方法、无线设备和服务器

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1283827A (zh) * 2000-08-18 2001-02-14 郝孟一 通用电子信息网络认证系统及方法
CN104144424A (zh) * 2013-05-07 2014-11-12 华为终端有限公司 一种设备之间建立连接的方法、配置设备和无线设备
CN103646455A (zh) * 2013-12-24 2014-03-19 杨密凯 一种智能锁装置及其使用方法、电子钥匙的配制方法
CN104283688A (zh) * 2014-10-11 2015-01-14 东软集团股份有限公司 一种USBKey安全认证系统及安全认证方法
CN104540132A (zh) * 2015-01-15 2015-04-22 天地融科技股份有限公司 蓝牙设备的通讯方法、移动设备、电子签名设备和服务器
CN104661215A (zh) * 2015-01-15 2015-05-27 天地融科技股份有限公司 无线设备的通讯方法和无线设备
CN104661219A (zh) * 2015-01-15 2015-05-27 天地融科技股份有限公司 一种无线设备的通讯方法、无线设备和服务器

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3588890A4 (fr) * 2017-03-14 2020-03-04 Huawei Technologies Co., Ltd. Procédé et dispositif de connexion sans fil de multiples dispositifs
US11432142B2 (en) 2017-03-14 2022-08-30 Huawei Technologies Co., Ltd. Multi-device wireless connection method and device
US11432357B2 (en) 2018-02-06 2022-08-30 Huawei Technologies Co., Ltd. Multipath establishment method and apparatus

Similar Documents

Publication Publication Date Title
CN104661219B (zh) 一种无线设备的通讯方法、无线设备和服务器
US11765172B2 (en) Network system for secure communication
JP6218841B2 (ja) ワイヤレス通信システム
KR102134302B1 (ko) 무선 네트워크 접속 방법 및 장치, 및 저장 매체
KR101889495B1 (ko) 패시브 근거리 통신을 이용하는 무선 구성
CN104540132B (zh) 蓝牙设备的通讯方法、移动设备、电子签名设备和服务器
KR102349605B1 (ko) 사용자 기기의 식별자에 기반하여 서비스를 제공하는 방법 및 장치
WO2015149723A1 (fr) Procédé, dispositif et système d'établissement de connexion sécurisée
KR101706117B1 (ko) 휴대용 단말기에서 다른 휴대용 단말기를 인증하는 장치 및 방법
WO2014180296A1 (fr) Procédé, dispositif de configuration et dispositif sans fil permettant d'établir une connexion entre des dispositifs
CN110635901B (zh) 用于物联网设备的本地蓝牙动态认证方法和系统
WO2019051776A1 (fr) Procédé et dispositif de transmission de clé
JP2016533694A (ja) ユーザアイデンティティ認証方法、端末及びサーバ
WO2011140924A1 (fr) Procédé, dispositif et système pour passerelle, nœud et serveur d'authentification
CN110087240B (zh) 基于wpa2-psk模式的无线网络安全数据传输方法及系统
CN105704709B (zh) 用于安全的听力设备通信的装置和相关方法
CN104661215B (zh) 无线设备的通讯方法和无线设备
JP2012235214A (ja) 暗号通信装置および暗号通信システム
WO2014176743A1 (fr) Procédé, dispositif et système permettant de configurer un terminal sans fil
WO2014127751A1 (fr) Méthode de configuration de terminal sans fil, appareil et terminal sans fil
WO2019221905A1 (fr) Procédés et systèmes sécurisés permettant d'identifier des dispositifs connectés bluetooth avec application installée
JP2018129793A (ja) 聴覚システムの通信方法及び関連する装置
WO2023083170A1 (fr) Procédé et appareil de génération de clé, dispositif terminal et serveur
EP3820186B1 (fr) Procédé et appareil de transmission d'informations de sécurité de routeur
WO2016112860A1 (fr) Procédé de communication pour dispositif sans fil, dispositif sans fil et serveur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16737085

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16737085

Country of ref document: EP

Kind code of ref document: A1