WO2018120836A1 - Terminal pairing method, device, and system, terminal, and computer readable storage medium - Google Patents

Terminal pairing method, device, and system, terminal, and computer readable storage medium Download PDF

Info

Publication number
WO2018120836A1
WO2018120836A1 PCT/CN2017/095706 CN2017095706W WO2018120836A1 WO 2018120836 A1 WO2018120836 A1 WO 2018120836A1 CN 2017095706 W CN2017095706 W CN 2017095706W WO 2018120836 A1 WO2018120836 A1 WO 2018120836A1
Authority
WO
WIPO (PCT)
Prior art keywords
random factor
terminal
key
pairing
channel
Prior art date
Application number
PCT/CN2017/095706
Other languages
French (fr)
Chinese (zh)
Inventor
刘勇
梁洁
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2018120836A1 publication Critical patent/WO2018120836A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to the field of communications, and in particular, to a terminal pairing method, apparatus, and system, terminal, and computer readable storage medium.
  • the present invention provides a terminal pairing method, device and system, terminal, and computer readable storage medium, which solves the problem that the existing terminal pairing uses the plaintext mode to perform multiple security communication parameters interaction and negotiation is unsafe.
  • a terminal pairing method including:
  • the first terminal generates a first random factor, and uses a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first random factor Encrypting with the first check value, generating a first ciphertext, and transmitting the first ciphertext to the second terminal through the secure wireless channel; [0008] the second terminal decrypts the first ciphertext by using the preset second key, and obtains a first random factor and a first check value; and performs verification on the first random factor by using a preset second check algorithm.
  • the first terminal decrypts the second ciphertext by using the first key to obtain a second random factor and a second check value; and uses the first check algorithm to check the second random factor, and the second school The verification value is compared and verified; if it matches, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • the second terminal uses the combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • the first terminal and the second terminal select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
  • a terminal pairing system including: a first terminal and a second terminal, where
  • the first terminal is configured to generate a first random factor, and use a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first The random factor and the first check value are encrypted, and the first ciphertext is generated and sent to the second terminal through the secure wireless channel;
  • the second terminal is configured to decrypt the first ciphertext by using the preset second key, obtain the first random factor and the first check value, and perform the first random factor by using a preset second check algorithm. Checking, and comparing and verifying with the first check value; if matching, generating a second random factor, using a preset second check algorithm to check the second random factor to generate a second check value; Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the first terminal by using a secure wireless channel;
  • the first terminal is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • the second terminal is further configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key;
  • the first terminal and the second terminal are further configured to select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
  • a terminal pairing method comprising:
  • the pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
  • a terminal pairing method including:
  • a terminal comprising: a memory, a processor, an input and output bus connecting the memory and the processor, and a terminal pairing program stored on the memory and operable on the processor, the terminal pairing program is processed by the processor Execute ⁇ to achieve the following steps:
  • the pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
  • a terminal comprising: a memory, a processor, an input/output bus connecting the memory and the processor, and a terminal pairing program stored on the memory and operable on the processor, wherein the terminal pairing program is executed by the processor.
  • a computer readable storage medium having one or more programs stored on a computer readable storage medium, the one or more programs being executed to implement the following steps: [0045] generating a first random factor, using a preset first check algorithm to check the first random factor, generating a first check value; according to the preset first key pair, the first random factor and the first The check value is encrypted, the first ciphertext is generated, and sent to the external terminal through the secure wireless channel;
  • the pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
  • a computer readable storage medium having one or more programs stored on a computer readable storage medium, the one or more programs being executed to implement the following steps:
  • a terminal pairing device comprising: a first processing module, a first communication module, and a first pairing module, wherein
  • the first processing module is configured to generate a first random factor, and use a preset first verification algorithm to check the first random factor to generate a first check value; according to the preset first key pair a random factor and the first school Encryption is performed to generate a first ciphertext;
  • the first communication module is configured to send the first ciphertext to the external terminal through the secure wireless channel, and receive the second ciphertext sent by the external terminal through the secure wireless channel;
  • the first processing module is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and Compare and verify with the second check value;
  • the first pairing module is configured to: if matched, use a combination of the first random factor and the second random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • the terminal selects the pairing mode of the data communication channel, and uses the new communication key to perform channel encryption of the data communication channel.
  • a terminal pairing device comprising: a second processing module, a second communication module, and a second pairing module, wherein
  • the second communication module is configured to receive the first ciphertext sent by the external terminal by using the secure wireless channel
  • the second processing module is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to use the first random factor Performing a check and comparing and verifying with the first check value; if matching, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value And encrypting the second random factor and the second check value according to the second key to generate a second ciphertext;
  • the second communication module is further configured to send the second ciphertext to the external terminal by using the secure wireless channel;
  • the second pairing module is configured to use an combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key; and select a pair of the data communication channel. Mode, using the new communication key for channel encryption of the data communication channel.
  • the present invention provides a terminal pairing method, device and system, terminal and computer readable storage medium.
  • the method solves the existing terminal by negotiating a secure communication parameter before pairing with a data communication channel such as Bluetooth through a wireless secure channel. After the data communication channel is paired, the interaction of multiple secure communication parameters and the insecure problem of negotiation are performed in plain text, without affecting the user experience.
  • the secure communication parameters of the pre-pair data communication channel are negotiated through the wireless secure channel to ensure the security of the data communication channel such as Bluetooth, and the user's convenience and user experience satisfaction are improved.
  • FIG. 1 is a schematic diagram of a terminal pairing system according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of a terminal pairing method according to Embodiment 2 of the present invention.
  • FIG. 3 is a flowchart of a terminal pairing method according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 3 of the present invention.
  • FIG. 5 is a flowchart of a terminal pairing method according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 4 of the present invention.
  • FIG. 7 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a terminal pairing system according to Embodiment 5 of the present invention.
  • FIG. 9 is a flowchart of a terminal pairing method according to Embodiment 5 of the present invention.
  • FIG. 11 is a flow chart of interaction of pairing features according to Embodiment 5 of the present invention.
  • the first terminal and the second terminal of the present invention are applicable to all communication devices, including PCs, mobile phones, PADs, etc.
  • the terminal pairing system provided in this embodiment includes: a first terminal 11 and a second terminal 12, where
  • the first terminal 11 is configured to generate a first random factor, and use a preset first check algorithm to compare the first random factor Performing a check to generate a first check value; encrypting the first random factor and the first check value according to the preset first key, generating a first ciphertext, and transmitting the first ciphertext to the second terminal 12 through the secure wireless channel
  • the secure wireless channel can be secure in terms of attributes, such as a safe channel with directivity such as infrared, a secure channel with a short communication distance, or a data encryption technology to ensure communication security;
  • the second terminal 12 is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to the first random factor. Performing a check and comparing and verifying with the first check value; if matching, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the first terminal 11 through the secure wireless channel;
  • the first terminal 11 is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and Comparing with the second check value; if matching, using the combination of the first random factor and the second random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
  • the data communication channel may be a conventional Bluetooth channel, or may be a telecommunication interface or the like;
  • the second terminal 12 is further configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key;
  • the first terminal 11 and the second terminal 12 are further configured to select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
  • the first terminal 11 and the second terminal 12 in the foregoing embodiment are both low power Bluetooth devices.
  • the first terminal is a user handheld device such as a mobile phone
  • the second terminal is a smart card, such as a SIM card, an S D card, or the like.
  • the first terminal in the foregoing embodiment is configured to perform irreversible processing and replacement on the TKCTemporary Key, the temporary key value of the first terminal by using the first random factor and the second random factor combination.
  • the second terminal is configured to perform irreversible processing and replacement on the TK value of the second terminal by using the second random factor and the first random factor combination;
  • the first terminal and the second terminal select a pairing mode according to a low power Bluetooth protocol
  • the first terminal and the second terminal combine the first random factor and the second random factor with the STK (Short Term) Key, short-term key) for encryption processing and replacement;
  • the first terminal and the second terminal perform STK (Short Term Key) key channel encryption and LTK (Long Term Key) key interaction according to the Bluetooth protocol, and complete the pairing process.
  • STK Short Term Key
  • LTK Long Term Key
  • the data communication channel in the foregoing embodiment is a Bluetooth channel, which can support version 2.0, version 3.0, etc.; the data communication channel is a limited domain communication RCC interface, a 2.4G wireless interface, and a low power local area network Z. At least one of an igbee interface and a WiFi interface.
  • the first terminal 11 and the second terminal 12 in the foregoing embodiment are further configured to: obtain device information of the peer end, and determine, according to the device information, whether the peer end supports secure pairing; if not, the first terminal a pairing mode in which the terminal and the second terminal select a data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, the first terminal and the second terminal respectively generate a new communication key and select a data communication channel Pairing mode, using the new communication key for channel encryption of the data communication channel.
  • the device information may include software version information of the device and hardware version information of the device, and determining whether the peer supports secure pairing includes determining whether the hardware version information is the same, for example, according to the device identifier (IMEI) in the hardware version information. Or the Bluetooth device vendor ID, etc. to determine whether the peer device belongs to the same vendor device as the local device, and if so, it is considered to support secure pairing. In other application scenarios, if the pairing fails to prevent the user from lowering the software version of the device, the software version information can be judged. If the software version of the peer device meets certain requirements, such as greater than Bluetooth 5.0, it can be considered to support security. pair.
  • IMEI device identifier
  • Bluetooth device vendor ID etc.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1
  • the terminal pairing method provided in this embodiment includes:
  • S201 The first terminal generates a first random factor, and uses a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first The random factor and the first check value are encrypted, and the first ciphertext is generated and sent to the second terminal through the secure wireless channel;
  • S202 The second terminal decrypts the first ciphertext by using the preset second key, and obtains a first random factor and a first check value; and performs a first random factor by using a preset second check algorithm. Checking, and comparing and verifying with the first check value; if matching, generating a second random factor, using a preset second check algorithm to check the second random factor to generate a second check value; According to the second key pair, the second random factor and the The second check value is encrypted, and the second ciphertext is generated and sent to the first terminal through the secure wireless channel;
  • S203 The first terminal decrypts the second ciphertext by using the first key, and obtains a second random factor and a second check value; and uses the first check algorithm to check the second random factor, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • S204 The second terminal uses the combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key.
  • S205 The first terminal and the second terminal select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
  • the first key and the second key in the foregoing embodiment are one or more pairs of the same key or a public-private key pair stored in the first terminal and the second terminal.
  • the first verification algorithm and the second verification algorithm in the foregoing embodiment are MACs using the same parameter (Message Authentication).
  • the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
  • the first random factor and the second random factor are 16-bit fields, for example, the first random factor is 10110010, and the second random factor is 11000010, and then 16-byte length data is generated according to the agreed manner of the interval value.
  • the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination, or performing hashing using the combination and the original communication key. A value operation that generates unique irreversible data as a new communication key.
  • the method in the foregoing embodiment before the first terminal generates the first random factor, further includes: acquiring device information of the peer end, and determining, according to the device information, whether the peer end supports secure pairing; if not, Then, the first terminal and the second terminal select a pairing mode of the data communication channel, and use the original communication key to perform channel encryption of the data communication channel; if supported, the first terminal and the second terminal respectively generate a new communication key, and select data Pairing mode of the communication channel, using the new communication key for the data communication channel Channel encryption.
  • the first terminal and the second terminal in the foregoing embodiment select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel, including:
  • the terminal uses the first random factor and the second random factor combination to perform irreversible processing and replacement on the TK value of the first terminal, and the second terminal uses the second random factor and the first random factor combination to perform data on the TK value of the second terminal.
  • the first terminal and the second terminal select a pairing mode according to a low power Bluetooth protocol; the first terminal and the second terminal encrypt and process the STK by combining the first random factor and the second random factor; The first terminal and the second terminal perform S TK key channel encryption and LTK key interaction according to the low power Bluetooth protocol, and complete the pairing process.
  • the terminal pairing method provided in this embodiment includes:
  • S301 Generate a first random factor, perform a check on the first random factor by using a preset first check algorithm, generate a first check value, and generate a first random factor according to the preset first key pair.
  • the first check value is encrypted, and the first ciphertext is generated and sent to the external terminal through the secure wireless channel;
  • S302 Receive a second ciphertext sent by the external terminal by using the secure wireless channel.
  • S303 Decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; verifying the second random factor by using the first check algorithm, and verifying with the second checksum The value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • S304 Select a pairing mode of the data communication channel with the external terminal, and perform channel encryption of the data communication channel by using the new communication key.
  • the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
  • the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination; or performing hashing by using the combination with the original communication key.
  • the method in the foregoing embodiment further includes: acquiring device information of the external terminal, determining, according to the device information, whether the external terminal supports secure pairing; if not, if The external terminal selects a pairing mode of the data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, generates a new communication key with the external terminal, and selects a pairing mode of the data communication channel, and uses the new communication key The key performs channel encryption of the data communication channel.
  • the pairing mode of the data communication channel with the external terminal in the foregoing embodiment, the channel encryption of the data communication channel by using the new communication key includes: using the first random factor and the second random factor combination Performing irreversible processing and replacement on the Linyi key value; selecting the pairing mode according to the low-power Bluetooth protocol with the external terminal; encrypting and replacing the short-term key by using the combination of the first random factor and the second random factor; The external terminal performs the interaction of the short-term key and the long-term key in accordance with the Bluetooth protocol of the low-power consumption.
  • the terminal pairing apparatus 4 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 3 of the present invention.
  • the terminal pairing apparatus 4 provided in this embodiment includes: a first processing module 41, a first communication module 42, and a first Pairing module 43, wherein
  • the first processing module 41 is configured to generate a first random factor, and use a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair The first random factor and the first check value are encrypted to generate a first ciphertext;
  • the first communication module 42 is configured to send the first ciphertext to the external terminal through the secure wireless channel, and receive the second ciphertext sent by the external terminal through the secure wireless channel;
  • the first processing module 41 is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, And comparing and verifying with the second check value;
  • the first pairing module 43 is configured to: if matched, use a combination of the first random factor and the second random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
  • the external terminal selects the pairing mode of the data communication channel, and uses the new communication key to perform channel encryption of the data communication channel.
  • the combination of the first random factor and the second random factor in the foregoing embodiment is:
  • the random factor and the second random factor generate data of a preset length in an agreed manner.
  • the first processing module 41 in the foregoing embodiment is specifically configured to: encrypt the original communication key by using a combination, or perform a hash value operation using the combination with the original communication key to generate a unique irreversible The data, as a new communication key.
  • the first processing module 41 in the foregoing embodiment is specifically configured to: before acquiring the first random factor, acquire device information of the external terminal, and determine, according to the device information, whether the external terminal supports secure pairing; If it is not supported, the pairing mode of the data communication channel is selected with the external terminal, and the original communication key is used for channel encryption of the data communication channel; if supported, a new communication key is generated with the external terminal, and the pairing mode of the data communication channel is selected. , using the new communication key for channel encryption of the data communication channel.
  • the first pairing module 43 in the foregoing embodiment is specifically configured to: perform irreversible processing and replacement on the temporary key value by using the first random factor and the second random factor combination; and the external terminal Selecting the pairing mode according to the low-power Bluetooth protocol; using the combination of the first random factor and the second random factor to encrypt and replace the short-term key; and the external terminal according to the low-power Bluetooth protocol for short-term key and long-term secret Key interaction.
  • the terminal provided in this embodiment includes at least: an input/output (10) bus 71, a processor 72, a memory 73, a memory 74, and an input.
  • O (10) are connected to a bus 71 to other components (processor 72, a memory 73, a memory 74, an input module 75 and display module 76) of the terminal itself belongs, and other components to provide a transmission line
  • the processor 72 typically controls the overall operation of the terminal to which it belongs. For example, processor 72 performs operations such as calculations and acknowledgments.
  • the processor 72 can be a central processing unit (CPU).
  • processor executable software code comprising instructions (i.e., software execution functions) for controlling processor 72 to perform the functions described herein.
  • the memory 73 needs at least A program required to implement the function of the processor 72 is stored.
  • the memory 74 generally adopts a semiconductor storage unit, including a random access memory (RAM), a read only memory.
  • RAM random access memory
  • ROM read only memory
  • CACHE cache
  • Memory 44 is one of the important components in the computer. It is a bridge to communicate with the CPU. All the programs in the computer are run in memory. The function is to temporarily store the operational data in the CPU, and The data exchanged by the external memory such as the hard disk, as long as the computer is running, the CPU will transfer the data that needs to be calculated into the memory for calculation. When the operation is completed, the CPU will transmit the result, and the operation of the memory also determines the stable operation of the computer. .
  • An input module 75 such as a microphone, a sensor, a touch panel, etc., is used for user input and transmitted to the processor 72.
  • a communication module 76 such as a radio unit, is used to communicate with the outside world.
  • the terminal pairing program provided in this embodiment is executed by the processor, and all the steps of the terminal pairing method provided by the third embodiment are implemented.
  • the embodiment provides a computer readable storage medium, where one or more programs are stored on the computer readable storage medium, and one or more programs are executed by the processor to implement the third embodiment. All steps of the terminal pairing method.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • FIG. 5 is a flowchart of a terminal pairing method according to Embodiment 4 of the present invention.
  • the terminal pairing method provided in this embodiment includes:
  • S501 receiving, by using a secure wireless channel, the first ciphertext sent by the external terminal;
  • S502 Decrypt the first ciphertext using the preset second key, and obtain the first random factor and the first check value.
  • S503 Check the first random factor by using a preset second check algorithm, and perform comparison check with the first check value; if matched, generate a second random factor, using the preset The second check algorithm checks the second random factor to generate a second check value; encrypts the second random factor and the second check value according to the second key, generates a second ciphertext, and passes the secure wireless channel Send to an external terminal; [0146] S504: using a combination of the second random factor and the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
  • S505 Select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
  • the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
  • the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination; or performing hashing using the combination with the original communication key.
  • the pairing mode of the selected data communication channel in the foregoing embodiment, the channel encryption of the data communication channel by using the new communication key includes: using the second random factor and the first random factor combination to the second The temporary key value of the terminal is irreversibly processed and replaced; the pairing mode is selected according to the low power Bluetooth protocol; the short-term key is encrypted and replaced by the combination of the second random factor and the first random factor; The terminal interacts with the short-term key and the long-term key according to the Bluetooth protocol.
  • FIG. 6 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 4 of the present invention.
  • the terminal pairing apparatus 6 provided in this embodiment includes: a second processing module 61, a second communication module 62, and a second Pairing module 63, wherein
  • the second communication module 62 is configured to receive, by using a secure wireless channel, the first ciphertext sent by the external terminal;
  • the second processing module 61 is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to the first random The factor is checked and compared with the first check value; if matched, a second random factor is generated, and the second random factor is verified by using a preset second check algorithm to generate a second check And encrypting the second random factor and the second check value according to the second key to generate a second ciphertext;
  • the second communication module 62 is further configured to send the second ciphertext to the external terminal through the secure wireless channel;
  • the second pairing module 63 is configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key;
  • the pairing mode of the channel uses the new communication key for channel encryption of the data communication channel.
  • the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
  • the second pairing module 63 in the foregoing embodiment is specifically configured to: encrypt the original communication key by using a combination, or perform a hash value operation using the combination with the original communication key to generate a unique irreversible The data, as a new communication key.
  • the second pairing module 63 in the foregoing embodiment is specifically configured to: perform data irreversible processing on the temporary key value of the second terminal by using the second random factor and the first random factor combination. And replacing; selecting the pairing mode according to the low-power Bluetooth protocol; using the combination of the second random factor and the first random factor to encrypt and replace the short-term key; and the external terminal performing the short-term key according to the low-power Bluetooth protocol And the interaction of long-term keys.
  • the terminal provided in this embodiment includes at least: an input/output (10) bus 71, a processor 72, a memory 73, a memory 74, and an input.
  • the terminal pairing program provided in this embodiment is executed by the processor.
  • the fourth embodiment provides all the steps of the terminal pairing method.
  • the embodiment provides a computer readable storage medium, where one or more programs are stored on the computer readable storage medium, and one or more programs are executed by the processor, and the fourth embodiment is implemented. All steps of the terminal pairing method.
  • Embodiment 5 is a diagrammatic representation of Embodiment 5:
  • the present invention is further illustrated by taking a Bluetooth device as a terminal and a data communication channel as a Bluetooth channel as an example, and combining the specific application scenarios.
  • Bluetooth Low Energy (BLE) technology is a low-cost, short-range, interoperable, and robust wireless communication technology that operates in the unlicensed 2.4 GHz ISM RF band.
  • the communication protocol has been designed from the outset to be an ultra-low power (ULP), secure wireless communication technology.
  • ULP ultra-low power
  • When between two low-power Bluetooth devices According to the interaction, first of all, we need to establish a connection with each other, and the first time we establish a connection, we need to pair to establish a trust relationship.
  • the Bluetooth devices of the low-power consumption need to perform the interaction and negotiation of multiple secure communication parameters in clear text, which will be a low-power Bluetooth device.
  • the communication data security poses a great threat.
  • the current solution is to encrypt the communication data on the application layer of the low-power Bluetooth protocol to solve the security problem of low-power Bluetooth communication data.
  • This embodiment provides a method and system for secure pairing between low-power Bluetooth devices, and negotiates secure communication parameters before pairing through a third-party wireless security channel to solve low-power Bluetooth communication from a low-power Bluetooth protocol layer. safe question.
  • the low-power Bluetooth device-to-device security pairing system includes: a first low-power Bluetooth device and a second low-power Bluetooth device, which pass low power consumption
  • the Bluetooth communication protocol establishes a Bluetooth link communication connection.
  • the first low-power Bluetooth device includes a first main control module, a first low-power Bluetooth communication module, a first wireless communication module, a first main control module, a first low-power Bluetooth communication module, and a first wireless communication module.
  • Connecting; the first main control module includes an algorithm processing module and a random number generating module;
  • the second low power Bluetooth device includes a second main control module, a second low power Bluetooth communication module, a second wireless communication module, a second main control module and a second low power Bluetooth communication module, and a second wireless
  • the communication module is electrically connected;
  • the second main control module includes an algorithm processing module and a random number generation module;
  • the first low power Bluetooth device and the second low power Bluetooth device communicate through the low power Bluetooth interface and the wireless communication interface.
  • the first low-power Bluetooth device and the second low-power Bluetooth device establish a Bluetooth link communication connection through a low-power Bluetooth protocol
  • the low-power Bluetooth link control command is used to perform low-power Bluetooth device information interaction between the devices, and the device information includes software version information such as a Bluetooth protocol version number and a Bluetooth protocol sub-version number. And hardware version information such as a Bluetooth device vendor ID number and a device identifier IMEI;
  • the first low-power Bluetooth device generates a first random factor, and uses a first preset verification algorithm of the first low-power Bluetooth device to check the first random factor to obtain a first check value;
  • the first low-power Bluetooth device encrypts the first random factor and the first check value according to the first preset key to obtain the first ciphertext
  • the first low-power Bluetooth device sends the first ciphertext to the second low-power Bluetooth device through the wireless interface; the second low-power Bluetooth device receives the first secret according to the second preset key pair The text is decrypted to obtain a first random factor and a first check value, and the second preset check algorithm is used to verify the random factor of the first low-power Bluetooth device, and the result of the comparison check is received and received. Whether the first check value matches;
  • the second low-power Bluetooth device generates a second random factor after the check value is matched; the second low-power Bluetooth device uses the second check algorithm preset by the second low-power Bluetooth device to the second random The factor is verified to obtain a second check value;
  • the second low-power Bluetooth device encrypts the second random factor and the second check value according to the second preset key to obtain the second ciphertext
  • the second low-power Bluetooth device sends the second ciphertext to the first low-power Bluetooth device through the wireless interface; the first Bluetooth device decrypts the received second ciphertext by using the first preset key Obtaining a second random factor and a second check value, and verifying, by using the first preset check algorithm, whether the second random factor is compared with the received second check value;
  • the check value is used to ensure that the integrity of the random factor is not tampered with
  • the verification algorithm may be a MAC value verification algorithm or a CRC check algorithm.
  • the first preset key and the second preset key may be one or a group of the same key built in the low power Bluetooth device, or may be a set of public and private key pairs;
  • the first low-power Bluetooth device performs data irreversible processing on the TK value of the first low-power Bluetooth device end by using the first random factor and the second random factor combination, and assigns the processed data to the first low-power Bluetooth device.
  • the second Bluetooth device uses the second random factor and the first random factor combination to perform data irreversible processing on the threshold value of the second Bluetooth device end and assign the processed data to the second low power Bluetooth device. ⁇ .
  • the combination of the first random factor and the second random factor is specifically: a set of data of a length of sixteen bytes may be generated by any two sets of data in an agreed manner;
  • the data irreversible processing is specifically: generating a unique set of non-invertible data by using the first and second random factors and the threshold; further, the data irreversible processing may be an encryption process, or may be first and second random The factor and the ⁇ value are hashed.
  • the first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent pairing feature interaction, pairing mode selection, STK key channel encryption, LTK key interaction, etc. according to the low-power Bluetooth protocol, and complete The pairing process.
  • the first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent pairing mode selection according to the low-power Bluetooth protocol
  • the first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent STK key channel encryption, LTK key interaction and the like according to the low-power Bluetooth protocol, and complete the pairing process.
  • the wireless interface may be an RCC interface, may be a 2.4G interface, may be a Zigbee interface, may be a WIFI, or any communication interface that performs wireless transmission communication.
  • the present invention provides a terminal pairing method, apparatus and system, terminal, and computer readable storage medium, and negotiates secure communication parameters before pairing with a data communication channel such as Bluetooth through a wireless secure channel, thereby solving the problem between existing terminals.
  • a data communication channel such as Bluetooth
  • the interaction of multiple secure communication parameters and the insecure problem of negotiation are performed in clear text mode, and the pre-pair data communication channel is negotiated through the wireless secure channel without affecting the user experience.
  • the safety communication parameters ensure the security of the data communication channel such as Bluetooth, and improve the user's convenience and user experience satisfaction.

Abstract

The invention provides a terminal pairing method, device, and system, a terminal, and a computer readable storage medium. According to the method, secure communication parameters are negotiated before pairing of data communications channels, such as Bluetooth, using a wireless security channel, thereby solving the problem in which, when pairing of data communications channels is performed between existing terminals, using cleartext to perform multiple interactions and negotiations of secure communication parameters is not secure. In addition, secure communication parameters are negotiated before pairing of data communications channels using a wireless security channel, such that the security of data communications channels, such as Bluetooth, is guaranteed without affecting user experience, improving user convenience and user satisfaction.

Description

一种终端配对方法、 装置及系统、 终端及计算机可读存 储介质  Terminal pairing method, device and system, terminal and computer readable storage medium
技术领域  Technical field
[0001] 本发明涉及通信领域, 尤其涉及一种终端配对方法、 装置及系统、 终端及计算 机可读存储介质。  [0001] The present invention relates to the field of communications, and in particular, to a terminal pairing method, apparatus, and system, terminal, and computer readable storage medium.
背景技术  Background technique
[0002] 随着智能终端的普及, 用户往往在多个终端设备之间进行数据传输, 在进行数 据传输之前, 设备之间需要进行配对, 例如用户使用智能终端将其从应用服务 商获取的应用安装包等数据写入智能数据卡吋, 智能终端与智能数据卡需要进 行配对及安全认证。  [0002] With the popularization of smart terminals, users often perform data transmission between multiple terminal devices. Before data transmission, devices need to be paired, for example, applications that users use smart terminals to obtain from application service providers. After the data such as the installation package is written to the smart data card, the smart terminal and the smart data card need to be paired and securely authenticated.
[0003] 在现有技术中, 智能终端与智能数据卡在进行数据通信信道的配对吋, 一般采 用明文方式进行多次安全通信参数的交互及协商, 这样会对数据通信信道上的 通信数据安全产生极大的威胁, 即现有采用明文方式进行多次安全通信参数的 交互及协商的终端配置方法存在不安全的问题。  [0003] In the prior art, when the smart terminal and the smart data card are paired with the data communication channel, the interaction and negotiation of multiple secure communication parameters are generally performed in a clear text manner, so that the communication data on the data communication channel is secure. There is a great threat, that is, there is an insecure problem in the terminal configuration method in which the interaction and negotiation of multiple secure communication parameters are performed in a clear text manner.
技术问题  technical problem
[0004] 本发明提供一种终端配对方法、 装置及系统、 终端及计算机可读存储介质, 以 解决现有终端配对采用明文方式进行多次安全通信参数的交互及协商存在的不 安全的问题。  The present invention provides a terminal pairing method, device and system, terminal, and computer readable storage medium, which solves the problem that the existing terminal pairing uses the plaintext mode to perform multiple security communication parameters interaction and negotiation is unsafe.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0005] 为解决上述技术问题, 本发明采用以下技术方案: [0005] In order to solve the above technical problem, the present invention adopts the following technical solutions:
[0006] 一种终端配对方法, 包括: [0006] A terminal pairing method, including:
[0007] 第一终端生成第一随机因子, 使用预设的第一校验算法对第一随机因子进行校 验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值进行 加密, 生成第一密文, 并通过安全无线通道发送至第二终端; [0008] 第二终端使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一校验 值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值进行 比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第二随 机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和第二校验 值进行加密, 生成第二密文, 并通过安全无线通道发送至第一终端; [0007] the first terminal generates a first random factor, and uses a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first random factor Encrypting with the first check value, generating a first ciphertext, and transmitting the first ciphertext to the second terminal through the secure wireless channel; [0008] the second terminal decrypts the first ciphertext by using the preset second key, and obtains a first random factor and a first check value; and performs verification on the first random factor by using a preset second check algorithm. And comparing and verifying with the first check value; if matching, generating a second random factor, using a preset second check algorithm to verify the second random factor, generating a second check value; The second key encrypts the second random factor and the second check value to generate a second ciphertext, and sends the second ciphertext to the first terminal through the secure wireless channel;
[0009] 第一终端使用第一密钥对第二密文解密, 获得第二随机因子和第二校验值; 使 用第一校验算法对第二随机因子进行校验, 并与第二校验值进行比较校验; 若 匹配, 则使用第一随机因子与第二随机因子的组合, 对其数据通信信道的原通 信密钥进行不可逆处理及替换, 生成新通信密钥;  [0009] the first terminal decrypts the second ciphertext by using the first key to obtain a second random factor and a second check value; and uses the first check algorithm to check the second random factor, and the second school The verification value is compared and verified; if it matches, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
[0010] 第二终端使用第二随机因子与第一随机因子的组合, 对其数据通信信道的原通 信密钥进行不可逆处理及替换, 生成新通信密钥;  [0010] the second terminal uses the combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
[0011] 第一终端与第二终端选择数据通信信道的配对模式, 使用新通信密钥进行数据 通信信道的通道加密。  [0011] The first terminal and the second terminal select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
[0012] 一种终端配对系统, 包括: 第一终端及第二终端, 其中,  [0012] A terminal pairing system, including: a first terminal and a second terminal, where
[0013] 第一终端用于生成第一随机因子, 使用预设的第一校验算法对第一随机因子进 行校验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值 进行加密, 生成第一密文, 并通过安全无线通道发送至第二终端;  [0013] the first terminal is configured to generate a first random factor, and use a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first The random factor and the first check value are encrypted, and the first ciphertext is generated and sent to the second terminal through the secure wireless channel;
[0014] 第二终端用于使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一 校验值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值 进行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第 二随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和第二 校验值进行加密, 生成第二密文, 并通过安全无线通道发送至第一终端;  [0014] the second terminal is configured to decrypt the first ciphertext by using the preset second key, obtain the first random factor and the first check value, and perform the first random factor by using a preset second check algorithm. Checking, and comparing and verifying with the first check value; if matching, generating a second random factor, using a preset second check algorithm to check the second random factor to generate a second check value; Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the first terminal by using a secure wireless channel;
[0015] 第一终端还用于使用第一密钥对第二密文解密, 获得第二随机因子和第二校验 值; 使用第一校验算法对第二随机因子进行校验, 并与第二校验值进行比较校 验; 若匹配, 则使用第一随机因子与第二随机因子的组合, 对其数据通信信道 的原通信密钥进行不可逆处理及替换, 生成新通信密钥;  [0015] the first terminal is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
[0016] 第二终端还用于使用第二随机因子与第一随机因子的组合, 对其数据通信信道 的原通信密钥进行不可逆处理及替换, 生成新通信密钥; [0017] 第一终端与第二终端还用于选择数据通信信道的配对模式, 使用新通信密钥进 行数据通信信道的通道加密。 [0016] the second terminal is further configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key; [0017] The first terminal and the second terminal are further configured to select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
[0018] 一种终端配对方法, 包括: [0018] A terminal pairing method, comprising:
[0019] 生成第一随机因子, 使用预设的第一校验算法对第一随机因子进行校验, 生成 第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值进行加密, 生 成第一密文, 并通过安全无线通道发送至外部终端;  [0019] generating a first random factor, verifying the first random factor by using a preset first check algorithm, generating a first check value; and using the first key pair according to the preset first key factor and the first The check value is encrypted, the first ciphertext is generated, and sent to the external terminal through the secure wireless channel;
[0020] 通过安全无线通道接收外部终端发送的第二密文;  [0020] receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
[0021] 使用第一密钥对第二密文解密, 获得第二随机因子和第二校验值; 使用第一校 验算法对第二随机因子进行校验, 并与第二校验值进行比较校验; 若匹配, 则 使用第一随机因子与第二随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥;  [0021] decrypting the second ciphertext using the first key to obtain a second random factor and a second check value; verifying the second random factor by using the first check algorithm, and performing the second check value Comparing the check; if matching, using the combination of the first random factor and the second random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0022] 与外部终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道 的通道加密。  [0022] The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
[0023] 一种终端配对方法, 包括:  [0023] A terminal pairing method, including:
[0024] 通过安全无线通道接收外部终端发送的第一密文;  [0024] receiving, by the secure wireless channel, the first ciphertext sent by the external terminal;
[0025] 使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一校验值; [0026] 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值进行比较 校验;  [0025] decrypting the first ciphertext using the preset second key to obtain a first random factor and a first check value; [0026] verifying the first random factor by using a preset second check algorithm And comparing and verifying with the first check value;
[0027] 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第二随机因子进行 校验, 生成第二校验值;  [0027] if matched, generating a second random factor, using a preset second check algorithm to check the second random factor to generate a second check value;
[0028] 根据第二密钥对第二随机因子和第二校验值进行加密, 生成第二密文, 并通过 安全无线通道发送至外部终端; [0028] encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the external terminal through the secure wireless channel;
[0029] 使用第二随机因子与第一随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥; [0029] using a combination of the second random factor and the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0030] 选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密 [0030] selecting a pairing mode of the data communication channel, using a new communication key for channel encryption of the data communication channel
[0031] 一种终端, 包括: 存储器、 处理器、 连接存储器及处理器的输入输出总线、 及 存储在存储器上并可在处理器上运行的终端配对程序, 终端配对程序被处理器 执行吋实现以下步骤: [0031] A terminal, comprising: a memory, a processor, an input and output bus connecting the memory and the processor, and a terminal pairing program stored on the memory and operable on the processor, the terminal pairing program is processed by the processor Execute 吋 to achieve the following steps:
[0032] 生成第一随机因子, 使用预设的第一校验算法对第一随机因子进行校验, 生成 第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值进行加密, 生 成第一密文, 并通过安全无线通道发送至外部终端;  [0032] generating a first random factor, using a preset first check algorithm to check the first random factor, generating a first check value; according to the preset first key pair, the first random factor and the first The check value is encrypted, the first ciphertext is generated, and sent to the external terminal through the secure wireless channel;
[0033] 通过安全无线通道接收外部终端发送的第二密文;  [0033] receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
[0034] 使用第一密钥对第二密文解密, 获得第二随机因子和第二校验值; 使用第一校 验算法对第二随机因子进行校验, 并与第二校验值进行比较校验; 若匹配, 则 使用第一随机因子与第二随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥;  [0034] decrypting the second ciphertext using the first key to obtain a second random factor and a second check value; verifying the second random factor by using the first check algorithm, and performing the second check value Comparing the check; if matching, using the combination of the first random factor and the second random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0035] 与外部终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道 的通道加密。  [0035] The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
[0036] 一种终端, 包括: 存储器、 处理器、 连接存储器及处理器的输入输出总线、 及 存储在存储器上并可在处理器上运行的终端配对程序, 终端配对程序被处理器 执行吋实现以下步骤:  [0036] A terminal, comprising: a memory, a processor, an input/output bus connecting the memory and the processor, and a terminal pairing program stored on the memory and operable on the processor, wherein the terminal pairing program is executed by the processor The following steps:
[0037] 通过安全无线通道接收外部终端发送的第一密文;  Receiving, by the secure wireless channel, the first ciphertext sent by the external terminal;
[0038] 使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一校验值; [0039] 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值进行比较 校验;  [0038] decrypting the first ciphertext using the preset second key to obtain a first random factor and a first check value; [0039] verifying the first random factor by using a preset second check algorithm And comparing and verifying with the first check value;
[0040] 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第二随机因子进行 校验, 生成第二校验值;  [0040] if matched, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value;
[0041] 根据第二密钥对第二随机因子和第二校验值进行加密, 生成第二密文, 并通过 安全无线通道发送至外部终端; [0041] encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the external terminal through the secure wireless channel;
[0042] 使用第二随机因子与第一随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥; [0042] using a combination of the second random factor and the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0043] 选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密 [0043] selecting a pairing mode of the data communication channel, using a new communication key for channel encryption of the data communication channel
[0044] 一种计算机可读存储介质, 计算机可读存储介质上存储有一个或多个程序, 一 个或多个程序被执行吋实现以下步骤: [0045] 生成第一随机因子, 使用预设的第一校验算法对第一随机因子进行校验, 生成 第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值进行加密, 生 成第一密文, 并通过安全无线通道发送至外部终端; [0044] A computer readable storage medium having one or more programs stored on a computer readable storage medium, the one or more programs being executed to implement the following steps: [0045] generating a first random factor, using a preset first check algorithm to check the first random factor, generating a first check value; according to the preset first key pair, the first random factor and the first The check value is encrypted, the first ciphertext is generated, and sent to the external terminal through the secure wireless channel;
[0046] 通过安全无线通道接收外部终端发送的第二密文;  Receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
[0047] 使用第一密钥对第二密文解密, 获得第二随机因子和第二校验值; 使用第一校 验算法对第二随机因子进行校验, 并与第二校验值进行比较校验; 若匹配, 则 使用第一随机因子与第二随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥;  [0047] decrypting the second ciphertext using the first key to obtain a second random factor and a second check value; verifying the second random factor by using the first check algorithm, and performing the second check value Comparing the check; if matching, using the combination of the first random factor and the second random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0048] 与外部终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道 的通道加密。  [0048] The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
[0049] 一种计算机可读存储介质, 计算机可读存储介质上存储有一个或多个程序, 一 个或多个程序被执行吋实现以下步骤:  [0049] A computer readable storage medium having one or more programs stored on a computer readable storage medium, the one or more programs being executed to implement the following steps:
[0050] 通过安全无线通道接收外部终端发送的第一密文; Receiving, by the secure wireless channel, the first ciphertext sent by the external terminal;
[0051] 使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一校验值; [0052] 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值进行比较 校验;  [0051] decrypting the first ciphertext using the preset second key to obtain a first random factor and a first check value; [0052] verifying the first random factor by using a preset second check algorithm And comparing and verifying with the first check value;
[0053] 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第二随机因子进行 校验, 生成第二校验值;  [0053] if matched, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value;
[0054] 根据第二密钥对第二随机因子和第二校验值进行加密, 生成第二密文, 并通过 安全无线通道发送至外部终端; [0054] encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the external terminal through the secure wireless channel;
[0055] 使用第二随机因子与第一随机因子的组合, 对其数据通信信道的原通信密钥进 行不可逆处理及替换, 生成新通信密钥; [0055] using a combination of the second random factor and the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0056] 选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密 [0056] selecting a pairing mode of the data communication channel, using a new communication key for channel encryption of the data communication channel
[0057] 一种终端配对装置, 包括: 第一处理模块、 第一通信模块及第一配对模块, 其 中, [0057] A terminal pairing device, comprising: a first processing module, a first communication module, and a first pairing module, wherein
[0058] 第一处理模块用于生成第一随机因子, 使用预设的第一校验算法对第一随机因 子进行校验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校 验值进行加密, 生成第一密文; [0058] The first processing module is configured to generate a first random factor, and use a preset first verification algorithm to check the first random factor to generate a first check value; according to the preset first key pair a random factor and the first school Encryption is performed to generate a first ciphertext;
[0059] 第一通信模块用于通过安全无线通道发送第一密文至外部终端, 通过安全无线 通道接收外部终端发送的第二密文;  [0059] the first communication module is configured to send the first ciphertext to the external terminal through the secure wireless channel, and receive the second ciphertext sent by the external terminal through the secure wireless channel;
[0060] 第一处理模块还用于使用第一密钥对第二密文解密, 获得第二随机因子和第二 校验值; 使用第一校验算法对第二随机因子进行校验, 并与第二校验值进行比 较校验; [0060] The first processing module is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and Compare and verify with the second check value;
[0061] 第一配对模块用于若匹配, 则使用第一随机因子与第二随机因子的组合, 对其 数据通信信道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 与外部 终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道 加密。  [0061] the first pairing module is configured to: if matched, use a combination of the first random factor and the second random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key; The terminal selects the pairing mode of the data communication channel, and uses the new communication key to perform channel encryption of the data communication channel.
[0062] 一种终端配对装置, 包括: 第二处理模块、 第二通信模块及第二配对模块, 其 中,  [0062] A terminal pairing device, comprising: a second processing module, a second communication module, and a second pairing module, wherein
[0063] 第二通信模块用于通过安全无线通道接收外部终端发送的第一密文;  [0063] the second communication module is configured to receive the first ciphertext sent by the external terminal by using the secure wireless channel;
[0064] 第二处理模块用于使用预置的第二密钥对第一密文解密, 获得第一随机因子和 第一校验值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校 验值进行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法 对第二随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和 第二校验值进行加密, 生成第二密文; [0064] The second processing module is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to use the first random factor Performing a check and comparing and verifying with the first check value; if matching, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value And encrypting the second random factor and the second check value according to the second key to generate a second ciphertext;
[0065] 第二通信模块还用于通过安全无线通道发送第二密文至外部终端; [0065] the second communication module is further configured to send the second ciphertext to the external terminal by using the secure wireless channel;
[0066] 第二配对模块用于使用第二随机因子与第一随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 选择数据通信信道 的配对模式, 使用新通信密钥进行数据通信信道的通道加密。 [0066] The second pairing module is configured to use an combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key; and select a pair of the data communication channel. Mode, using the new communication key for channel encryption of the data communication channel.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0067] 本发明提供了一种终端配对方法、 装置及系统、 终端及计算机可读存储介质, 该方法通过无线安全通道协商如蓝牙等数据通信信道配对前的安全通信参数, 解决了现有终端之间在进行数据通信信道的配对吋, 采用明文方式进行多次安 全通信参数的交互及协商存在的不安全的问题, 在不影响用户的使用体验同吋 , 通过无线安全通道协商配对前数据通信信道的安全通信参数, 保证蓝牙等数 据通信信道的安全性, 提升了用户使用的方便性和用户体验的满意度。 The present invention provides a terminal pairing method, device and system, terminal and computer readable storage medium. The method solves the existing terminal by negotiating a secure communication parameter before pairing with a data communication channel such as Bluetooth through a wireless secure channel. After the data communication channel is paired, the interaction of multiple secure communication parameters and the insecure problem of negotiation are performed in plain text, without affecting the user experience. The secure communication parameters of the pre-pair data communication channel are negotiated through the wireless secure channel to ensure the security of the data communication channel such as Bluetooth, and the user's convenience and user experience satisfaction are improved.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0068] 图 1为本发明实施例一提供的终端配对系统的示意图;  1 is a schematic diagram of a terminal pairing system according to Embodiment 1 of the present invention;
[0069] 图 2为本发明实施例二提供的终端配对方法的流程图; 2 is a flowchart of a terminal pairing method according to Embodiment 2 of the present invention;
[0070] 图 3为本发明实施例三提供的终端配对方法的流程图; 3 is a flowchart of a terminal pairing method according to Embodiment 3 of the present invention;
[0071] 图 4为本发明实施例三提供的终端配对装置的结构示意图; 4 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 3 of the present invention;
[0072] 图 5为本发明实施例四提供的终端配对方法的流程图; FIG. 5 is a flowchart of a terminal pairing method according to Embodiment 4 of the present invention; FIG.
[0073] 图 6为本发明实施例四提供的终端配对装置的结构示意图; FIG. 6 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 4 of the present invention; FIG.
[0074] 图 7为本发明实施例涉及的终端的结构示意图; 7 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
[0075] 图 8为本发明实施例五提供的终端配对系统的示意图; 8 is a schematic diagram of a terminal pairing system according to Embodiment 5 of the present invention;
[0076] 图 9为本发明实施例五提供的终端配对方法的流程图; 9 is a flowchart of a terminal pairing method according to Embodiment 5 of the present invention;
[0077] 图 10为本发明实施例五涉及的通信协议交互流程图; 10 is a flow chart of communication protocol interaction according to Embodiment 5 of the present invention;
[0078] 图 11为本发明实施例五涉及的配对特征交互流程图; 11 is a flow chart of interaction of pairing features according to Embodiment 5 of the present invention;
[0079] 图 12为本发明实施例五涉及的配对模式选择流程图。 12 is a flowchart of pairing mode selection according to Embodiment 5 of the present invention.
实施该发明的最佳实施例  BEST MODE FOR CARRYING OUT THE INVENTION
本发明的最佳实施方式  BEST MODE FOR CARRYING OUT THE INVENTION
[] 本发明的实施方式  [] Embodiments of the invention
[0080] 本发明的第一终端及第二终端适用于所有的通信设备, 包括 PC、 手机、 PAD等 [0080] The first terminal and the second terminal of the present invention are applicable to all communication devices, including PCs, mobile phones, PADs, etc.
。 下面通过具体实施方式结合附图对本发明作进一步详细说明。 . The present invention will be further described in detail below with reference to the accompanying drawings.
[0081] 实施例一: Embodiment 1
[0082] 图 1为本发明实施例一提供的终端配对系统的示意图, 请参考图 1, 本实施例提 供的终端配对系统, 包括: 第一终端 11及第二终端 12, 其中,  1 is a schematic diagram of a terminal pairing system according to Embodiment 1 of the present invention. Referring to FIG. 1, the terminal pairing system provided in this embodiment includes: a first terminal 11 and a second terminal 12, where
[0083] 第一终端 11用于生成第一随机因子, 使用预设的第一校验算法对第一随机因子 进行校验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校验 值进行加密, 生成第一密文, 并通过安全无线通道发送至第二终端 12; 在实际 应用中, 安全无线通道可以在属性上保证安全, 例如红外等具备指向性的安全 通道, 超近通信距离的安全通道, 也可以是通过数据加密技术来保证通信的安 全性; [0083] The first terminal 11 is configured to generate a first random factor, and use a preset first check algorithm to compare the first random factor Performing a check to generate a first check value; encrypting the first random factor and the first check value according to the preset first key, generating a first ciphertext, and transmitting the first ciphertext to the second terminal 12 through the secure wireless channel In practical applications, the secure wireless channel can be secure in terms of attributes, such as a safe channel with directivity such as infrared, a secure channel with a short communication distance, or a data encryption technology to ensure communication security;
[0084] 第二终端 12用于使用预置的第二密钥对第一密文解密, 获得第一随机因子和第 一校验值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验 值进行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对 第二随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和第 二校验值进行加密, 生成第二密文, 并通过安全无线通道发送至第一终端 11 ;  [0084] The second terminal 12 is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to the first random factor. Performing a check and comparing and verifying with the first check value; if matching, generating a second random factor, and using a preset second check algorithm to check the second random factor to generate a second check value Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the first terminal 11 through the secure wireless channel;
[0085] 第一终端 11还用于使用第一密钥对第二密文解密, 获得第二随机因子和第二校 验值; 使用第一校验算法对第二随机因子进行校验, 并与第二校验值进行比较 校验; 若匹配, 则使用第一随机因子与第二随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 在实际应用中, 数 据通信信道可以是常规的蓝牙通道, 还可以是电信接口等;  [0085] The first terminal 11 is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, and Comparing with the second check value; if matching, using the combination of the first random factor and the second random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key; In practical applications, the data communication channel may be a conventional Bluetooth channel, or may be a telecommunication interface or the like;
[0086] 第二终端 12还用于使用第二随机因子与第一随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥;  [0086] The second terminal 12 is further configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key;
[0087] 第一终端 11与第二终端 12还用于选择数据通信信道的配对模式, 使用新通信密 钥进行数据通信信道的通道加密。  [0087] The first terminal 11 and the second terminal 12 are further configured to select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
[0088] 在一实施例中, 上述实施例中的第一终端 11及第二终端 12均为低功耗蓝牙设备 。 较优的, 第一终端为手机等用户手持设备, 第二终端为智能卡, 如 SIM卡、 S D卡等刷卡设备等。  [0088] In an embodiment, the first terminal 11 and the second terminal 12 in the foregoing embodiment are both low power Bluetooth devices. Preferably, the first terminal is a user handheld device such as a mobile phone, and the second terminal is a smart card, such as a SIM card, an S D card, or the like.
[0089] 在一实施例中, 上述实施例中的第一终端用于使用第一随机因子以及第二随机 因子组合对第一终端的 TKCTemporary Key, 临吋密钥)值进行数据不可逆处理及 替换, 第二终端用于利用第二随机因子以及第一随机因子组合对第二终端的 TK 值进行数据不可逆处理及替换;  [0089] In an embodiment, the first terminal in the foregoing embodiment is configured to perform irreversible processing and replacement on the TKCTemporary Key, the temporary key value of the first terminal by using the first random factor and the second random factor combination. The second terminal is configured to perform irreversible processing and replacement on the TK value of the second terminal by using the second random factor and the first random factor combination;
[0090] 第一终端与第二终端按照低功耗蓝牙协议规定选择配对模式; [0090] the first terminal and the second terminal select a pairing mode according to a low power Bluetooth protocol;
[0091] 第一终端与第二终端将第一随机因子与第二随机因子的组合对 STK(Short Term Key, 短期密钥)进行加密处理及替换; [0091] The first terminal and the second terminal combine the first random factor and the second random factor with the STK (Short Term) Key, short-term key) for encryption processing and replacement;
[0092] 第一终端与第二终端按照低功耗蓝牙协议规定进行 STK(Short Term Key)密钥通 道加密、 LTK (Long Term Key, 长期密钥) 密钥的交互, 完成配对过程。  [0092] The first terminal and the second terminal perform STK (Short Term Key) key channel encryption and LTK (Long Term Key) key interaction according to the Bluetooth protocol, and complete the pairing process.
[0093] 在一实施例中, 上述实施例中的数据通信信道为蓝牙通道, 可以支持 2.0版本、 3.0版本等; 数据通信信道为限域通信 RCC接口、 2.4G无线接口、 低功耗局域网 Z igbee接口、 WiFi接口中的至少一种。  [0093] In an embodiment, the data communication channel in the foregoing embodiment is a Bluetooth channel, which can support version 2.0, version 3.0, etc.; the data communication channel is a limited domain communication RCC interface, a 2.4G wireless interface, and a low power local area network Z. At least one of an igbee interface and a WiFi interface.
[0094] 在一实施例中, 上述实施例中的第一终端 11及第二终端 12还用于: 获取对端的 设备信息, 根据设备信息判断对端是否支持安全配对; 若不支持, 则第一终端 与第二终端选择数据通信信道的配对模式, 使用原通信密钥进行数据通信信道 的通道加密; 若支持, 则第一终端与第二终端分别生成新通信密钥、 并选择数 据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密。 在实 际应用中, 设备信息可以包括设备的软件版本信息以及设备的硬件版本信息, 判断对端是否支持安全配对包括为仅判断硬件版本信息是否相同, 例如根据硬 件版本信息中的设备标识 (IMEI) 或蓝牙设备商 ID等来判断对端设备是否与本 端设备属于同一个厂商的设备, 若是则认为支持安全配对。 在另外一些应用场 景下, 若为了避免用户降低设备软件版本导致配对失败, 还可以对软件版本信 息进行判断, 若对端设备的软件版本满足一定的要求, 如大于蓝牙 5.0, 则认为 可以支持安全配对。  [0094] In an embodiment, the first terminal 11 and the second terminal 12 in the foregoing embodiment are further configured to: obtain device information of the peer end, and determine, according to the device information, whether the peer end supports secure pairing; if not, the first terminal a pairing mode in which the terminal and the second terminal select a data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, the first terminal and the second terminal respectively generate a new communication key and select a data communication channel Pairing mode, using the new communication key for channel encryption of the data communication channel. In an actual application, the device information may include software version information of the device and hardware version information of the device, and determining whether the peer supports secure pairing includes determining whether the hardware version information is the same, for example, according to the device identifier (IMEI) in the hardware version information. Or the Bluetooth device vendor ID, etc. to determine whether the peer device belongs to the same vendor device as the local device, and if so, it is considered to support secure pairing. In other application scenarios, if the pairing fails to prevent the user from lowering the software version of the device, the software version information can be judged. If the software version of the peer device meets certain requirements, such as greater than Bluetooth 5.0, it can be considered to support security. pair.
[0095] 实施例二:  [0095] Embodiment 2:
[0096] 图 2为本发明实施例二提供的终端配对方法的流程图, 请参考图 2, 本实施例提 供的终端配对方法包括:  2 is a flowchart of a terminal pairing method according to Embodiment 2 of the present invention. Referring to FIG. 2, the terminal pairing method provided in this embodiment includes:
[0097] S201 : 第一终端生成第一随机因子, 使用预设的第一校验算法对第一随机因子 进行校验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校验 值进行加密, 生成第一密文, 并通过安全无线通道发送至第二终端;  [0097] S201: The first terminal generates a first random factor, and uses a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first The random factor and the first check value are encrypted, and the first ciphertext is generated and sent to the second terminal through the secure wireless channel;
[0098] S202: 第二终端使用预置的第二密钥对第一密文解密, 获得第一随机因子和第 一校验值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验 值进行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对 第二随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和第 二校验值进行加密, 生成第二密文, 并通过安全无线通道发送至第一终端;[0098] S202: The second terminal decrypts the first ciphertext by using the preset second key, and obtains a first random factor and a first check value; and performs a first random factor by using a preset second check algorithm. Checking, and comparing and verifying with the first check value; if matching, generating a second random factor, using a preset second check algorithm to check the second random factor to generate a second check value; According to the second key pair, the second random factor and the The second check value is encrypted, and the second ciphertext is generated and sent to the first terminal through the secure wireless channel;
[0099] S203: 第一终端使用第一密钥对第二密文解密, 获得第二随机因子和第二校验 值; 使用第一校验算法对第二随机因子进行校验, 并与第二校验值进行比较校 验; 若匹配, 则使用第一随机因子与第二随机因子的组合, 对其数据通信信道 的原通信密钥进行不可逆处理及替换, 生成新通信密钥; [0099] S203: The first terminal decrypts the second ciphertext by using the first key, and obtains a second random factor and a second check value; and uses the first check algorithm to check the second random factor, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
[0100] S204: 第二终端使用第二随机因子与第一随机因子的组合, 对其数据通信信道 的原通信密钥进行不可逆处理及替换, 生成新通信密钥; [0100] S204: The second terminal uses the combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key.
[0101] S205: 第一终端与第二终端选择数据通信信道的配对模式, 使用新通信密钥进 行数据通信信道的通道加密。 [0101] S205: The first terminal and the second terminal select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
[0102] 在一实施例中, 上述实施例中的第一密钥和第二密钥为存储在第一终端及第二 终端内的一对或者多对相同密钥或者公私钥对。 [0102] In an embodiment, the first key and the second key in the foregoing embodiment are one or more pairs of the same key or a public-private key pair stored in the first terminal and the second terminal.
[0103] 在一实施例中, 上述实施例中的第一校验算法及第二校验算法为使用相同参数 的 MAC (Message Authentication [0103] In an embodiment, the first verification algorithm and the second verification algorithm in the foregoing embodiment are MACs using the same parameter (Message Authentication).
Code, 消息认证码) 值校验算法或者 CRC (Cyclic Redundancy Check, 循环校验 码) 校验算法。  Code, message authentication code) Value verification algorithm or CRC (Cyclic Redundancy Check) verification algorithm.
[0104] 在一实施例中, 上述实施例中的第一随机因子与第二随机因子的组合为: 第一 随机因子与第二随机因子按照约定方式生成预设长度的数据。 例如第一随机因 子及第二随机因子均为 16位字段, 例如第一随机因子为 10110010, 第二随机因 子为 11000010, 然后按照间隔取值的约定方式, 生成 16字节长度的数据 1110001 [0104] In an embodiment, the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner. For example, the first random factor and the second random factor are 16-bit fields, for example, the first random factor is 10110010, and the second random factor is 11000010, and then 16-byte length data is generated according to the agreed manner of the interval value.
0这一个组合。 0 this one combination.
[0105] 在一实施例中, 上述实施例中的对其数据通信信道的原通信密钥进行不可逆处 理包括: 使用组合对原通信密钥进行加密, 或者使用组合与原通信密钥进行哈 希值运算, 生成唯一不可逆的数据, 作为新通信密钥。  [0105] In an embodiment, the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination, or performing hashing using the combination and the original communication key. A value operation that generates unique irreversible data as a new communication key.
[0106] 在一实施例中, 上述实施例中的方法在第一终端生成第一随机因子之前, 还包 括: 获取对端的设备信息, 根据设备信息判断对端是否支持安全配对; 若不支 持, 则第一终端与第二终端选择数据通信信道的配对模式, 使用原通信密钥进 行数据通信信道的通道加密; 若支持, 则第一终端与第二终端分别生成新通信 密钥、 并选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的 通道加密。 [0106] In an embodiment, the method in the foregoing embodiment, before the first terminal generates the first random factor, further includes: acquiring device information of the peer end, and determining, according to the device information, whether the peer end supports secure pairing; if not, Then, the first terminal and the second terminal select a pairing mode of the data communication channel, and use the original communication key to perform channel encryption of the data communication channel; if supported, the first terminal and the second terminal respectively generate a new communication key, and select data Pairing mode of the communication channel, using the new communication key for the data communication channel Channel encryption.
[0107] 如图 10所示, 在一实施例中, 上述实施例中的第一终端与第二终端选择数据通 信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密包括: 第一 终端使用第一随机因子以及第二随机因子组合对第一终端的 TK值进行数据不可 逆处理及替换, 第二终端利用第二随机因子以及第一随机因子组合对第二终端 的 TK值进行数据不可逆处理及替换; 第一终端与第二终端按照低功耗蓝牙协议 规定选择配对模式;第一终端与第二终端将第一随机因子与第二随机因子的组合 对 STK进行加密处理及替换;第一终端与第二终端按照低功耗蓝牙协议规定进行 S TK密钥通道加密、 LTK密钥的交互, 完成配对过程。  [0107] As shown in FIG. 10, in an embodiment, the first terminal and the second terminal in the foregoing embodiment select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel, including: The terminal uses the first random factor and the second random factor combination to perform irreversible processing and replacement on the TK value of the first terminal, and the second terminal uses the second random factor and the first random factor combination to perform data on the TK value of the second terminal. Irreversible processing and replacement; the first terminal and the second terminal select a pairing mode according to a low power Bluetooth protocol; the first terminal and the second terminal encrypt and process the STK by combining the first random factor and the second random factor; The first terminal and the second terminal perform S TK key channel encryption and LTK key interaction according to the low power Bluetooth protocol, and complete the pairing process.
[0108]  [0108]
[0109] 实施例三:  [0109] Embodiment 3:
[0110] 图 3为本发明实施例三提供的终端配对方法的流程图, 请参考图 3, 本实施例提 供的终端配对方法包括:  3 is a flowchart of a terminal pairing method according to Embodiment 3 of the present invention. Referring to FIG. 3, the terminal pairing method provided in this embodiment includes:
[0111] S301 : 生成第一随机因子, 使用预设的第一校验算法对第一随机因子进行校验 , 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一校验值进行加 密, 生成第一密文, 并通过安全无线通道发送至外部终端;  [0111] S301: Generate a first random factor, perform a check on the first random factor by using a preset first check algorithm, generate a first check value, and generate a first random factor according to the preset first key pair. The first check value is encrypted, and the first ciphertext is generated and sent to the external terminal through the secure wireless channel;
[0112] S302: 通过安全无线通道接收外部终端发送的第二密文;  [0112] S302: Receive a second ciphertext sent by the external terminal by using the secure wireless channel.
[0113] S303: 使用第一密钥对第二密文解密, 获得第二随机因子和第二校验值; 使用 第一校验算法对第二随机因子进行校验, 并与第二校验值进行比较校验; 若匹 配, 则使用第一随机因子与第二随机因子的组合, 对其数据通信信道的原通信 密钥进行不可逆处理及替换, 生成新通信密钥;  [0113] S303: Decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; verifying the second random factor by using the first check algorithm, and verifying with the second checksum The value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key;
[0114] S304: 与外部终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通 信信道的通道加密。  [0114] S304: Select a pairing mode of the data communication channel with the external terminal, and perform channel encryption of the data communication channel by using the new communication key.
[0115] 在一实施例中, 上述实施例中的第一随机因子与第二随机因子的组合为: 第一 随机因子与第二随机因子按照约定方式生成预设长度的数据。  [0115] In an embodiment, the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
[0116] 在一实施例中, 上述实施例中的对其数据通信信道的原通信密钥进行不可逆处 理包括: 使用组合对原通信密钥进行加密; 或者使用组合与原通信密钥进行哈 希值运算, 生成唯一不可逆的数据, 作为新通信密钥。 [0117] 在一实施例中, 上述实施例中的方法在生成第一随机因子之前, 还包括: 获取 外部终端的设备信息, 根据设备信息判断外部终端是否支持安全配对; 若不支 持, 则与外部终端选择数据通信信道的配对模式, 使用原通信密钥进行数据通 信信道的通道加密; 若支持, 则与外部终端分别生成新通信密钥、 并选择数据 通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道加密。 [0116] In an embodiment, the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination; or performing hashing by using the combination with the original communication key. A value operation that generates unique irreversible data as a new communication key. [0117] In an embodiment, before the generating the first random factor, the method in the foregoing embodiment further includes: acquiring device information of the external terminal, determining, according to the device information, whether the external terminal supports secure pairing; if not, if The external terminal selects a pairing mode of the data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, generates a new communication key with the external terminal, and selects a pairing mode of the data communication channel, and uses the new communication key The key performs channel encryption of the data communication channel.
[0118] 在一实施例中, 上述实施例中的与外部终端选择数据通信信道的配对模式, 使 用新通信密钥进行数据通信信道的通道加密包括: 使用第一随机因子以及第二 随机因子组合对临吋密钥值进行数据不可逆处理及替换; 与外部终端按照低功 耗蓝牙协议规定选择配对模式;使用第一随机因子与第二随机因子的组合对短期 密钥进行加密处理及替换;与外部终端按照低功耗蓝牙协议规定进行短期密钥及 长期密钥的交互。  [0118] In an embodiment, the pairing mode of the data communication channel with the external terminal in the foregoing embodiment, the channel encryption of the data communication channel by using the new communication key includes: using the first random factor and the second random factor combination Performing irreversible processing and replacement on the Linyi key value; selecting the pairing mode according to the low-power Bluetooth protocol with the external terminal; encrypting and replacing the short-term key by using the combination of the first random factor and the second random factor; The external terminal performs the interaction of the short-term key and the long-term key in accordance with the Bluetooth protocol of the low-power consumption.
[0119]  [0119]
[0120] 图 4为本发明实施例三提供的终端配对装置的结构示意图, 请参考图 4, 本实施 例提供的终端配对装置 4包括: 第一处理模块 41、 第一通信模块 42及第一配对模 块 43, 其中,  4 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 3 of the present invention. Referring to FIG. 4, the terminal pairing apparatus 4 provided in this embodiment includes: a first processing module 41, a first communication module 42, and a first Pairing module 43, wherein
[0121] 第一处理模块 41用于生成第一随机因子, 使用预设的第一校验算法对第一随机 因子进行校验, 生成第一校验值; 根据预置的第一密钥对第一随机因子和第一 校验值进行加密, 生成第一密文;  [0121] The first processing module 41 is configured to generate a first random factor, and use a preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair The first random factor and the first check value are encrypted to generate a first ciphertext;
[0122] 第一通信模块 42用于通过安全无线通道发送第一密文至外部终端, 通过安全无 线通道接收外部终端发送的第二密文; [0122] The first communication module 42 is configured to send the first ciphertext to the external terminal through the secure wireless channel, and receive the second ciphertext sent by the external terminal through the secure wireless channel;
[0123] 第一处理模块 41还用于使用第一密钥对第二密文解密, 获得第二随机因子和第 二校验值; 使用第一校验算法对第二随机因子进行校验, 并与第二校验值进行 比较校验; [0123] The first processing module 41 is further configured to decrypt the second ciphertext by using the first key to obtain a second random factor and a second check value; and verify the second random factor by using the first check algorithm, And comparing and verifying with the second check value;
[0124] 第一配对模块 43用于若匹配, 则使用第一随机因子与第二随机因子的组合, 对 其数据通信信道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 与外 部终端选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通 道加密。  [0124] The first pairing module 43 is configured to: if matched, use a combination of the first random factor and the second random factor to irreversibly process and replace the original communication key of the data communication channel to generate a new communication key; The external terminal selects the pairing mode of the data communication channel, and uses the new communication key to perform channel encryption of the data communication channel.
[0125] 在一实施例中, 上述实施例中的第一随机因子与第二随机因子的组合为: 第一 随机因子与第二随机因子按照约定方式生成预设长度的数据。 [0125] In an embodiment, the combination of the first random factor and the second random factor in the foregoing embodiment is: The random factor and the second random factor generate data of a preset length in an agreed manner.
[0126] 在一实施例中, 上述实施例中的第一处理模块 41具体用于: 使用组合对原通信 密钥进行加密, 或者使用组合与原通信密钥进行哈希值运算, 生成唯一不可逆 的数据, 作为新通信密钥。 [0126] In an embodiment, the first processing module 41 in the foregoing embodiment is specifically configured to: encrypt the original communication key by using a combination, or perform a hash value operation using the combination with the original communication key to generate a unique irreversible The data, as a new communication key.
[0127] 在一实施例中, 上述实施例中的第一处理模块 41具体用于: 在生成第一随机因 子之前, 获取外部终端的设备信息, 根据设备信息判断外部终端是否支持安全 配对; 若不支持, 则与外部终端选择数据通信信道的配对模式, 使用原通信密 钥进行数据通信信道的通道加密; 若支持, 则与外部终端分别生成新通信密钥 、 并选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通道 加密。 [0127] In an embodiment, the first processing module 41 in the foregoing embodiment is specifically configured to: before acquiring the first random factor, acquire device information of the external terminal, and determine, according to the device information, whether the external terminal supports secure pairing; If it is not supported, the pairing mode of the data communication channel is selected with the external terminal, and the original communication key is used for channel encryption of the data communication channel; if supported, a new communication key is generated with the external terminal, and the pairing mode of the data communication channel is selected. , using the new communication key for channel encryption of the data communication channel.
[0128] 在一实施例中, 上述实施例中的第一配对模块 43具体用于: 使用第一随机因子 以及第二随机因子组合对临吋密钥值进行数据不可逆处理及替换; 与外部终端 按照低功耗蓝牙协议规定选择配对模式;使用第一随机因子与第二随机因子的组 合对短期密钥进行加密处理及替换;与外部终端按照低功耗蓝牙协议规定进行短 期密钥及长期密钥的交互。  [0128] In an embodiment, the first pairing module 43 in the foregoing embodiment is specifically configured to: perform irreversible processing and replacement on the temporary key value by using the first random factor and the second random factor combination; and the external terminal Selecting the pairing mode according to the low-power Bluetooth protocol; using the combination of the first random factor and the second random factor to encrypt and replace the short-term key; and the external terminal according to the low-power Bluetooth protocol for short-term key and long-term secret Key interaction.
[0129]  [0129]
[0130] 图 7为本发明实施例涉及的终端的结构示意图, 请参考图 7, 本实施例提供的终 端至少包括: 输入输出 (10) 总线 71、 处理器 72、 存储器 73、 内存 74、 输入模 块 75、 通信模块 76及存储在存储器 73上并可在处理器 72上运行的终端配对程序 7 is a schematic structural diagram of a terminal according to an embodiment of the present invention. Referring to FIG. 7, the terminal provided in this embodiment includes at least: an input/output (10) bus 71, a processor 72, a memory 73, a memory 74, and an input. Module 75, communication module 76, and terminal pairing program stored on memory 73 and operable on processor 72
, 其中, , among them,
[0131] 输入输出 (10) 总线 71分别与自身所属的终端的其它部件 (处理器 72、 存储器 73、 内存 74、 输入模块 75及展示模块 76) 连接, 并且为其它部件提供传送线路 [0131] O (10) are connected to a bus 71 to other components (processor 72, a memory 73, a memory 74, an input module 75 and display module 76) of the terminal itself belongs, and other components to provide a transmission line
[0132] 处理器 72通常控制自身所属的终端的总体操作。 例如, 处理器 72执行计算和确 认等操作。 其中, 处理器 72可以是中央处理器 (CPU) 。 [0132] The processor 72 typically controls the overall operation of the terminal to which it belongs. For example, processor 72 performs operations such as calculations and acknowledgments. The processor 72 can be a central processing unit (CPU).
[0133] 存储器 [0133] memory
73存储处理器可读、 处理器可执行的软件代码, 其包含用于控制处理器 72执行 本文描述的功能的指令 (即软件执行功能) 。 在本实施例中, 存储器 73至少需 要存储有实现处理器 72执行功能需要的程序。 73 storage processor readable, processor executable software code comprising instructions (i.e., software execution functions) for controlling processor 72 to perform the functions described herein. In this embodiment, the memory 73 needs at least A program required to implement the function of the processor 72 is stored.
[0134] 内存 74, 一般采用半导体存储单元, 包括随机存储器 (RAM) , 只读存储器 [0134] The memory 74 generally adopts a semiconductor storage unit, including a random access memory (RAM), a read only memory.
(ROM) , 以及高速缓存 (CACHE) , RAM是其中最重要的存储器。 内存 44是 计算机中重要的部件之一, 它是与 CPU进行沟通的桥梁, 计算机中所有程序的运 行都是在内存中进行的, 其作用是用于暂吋存放 CPU中的运算数据, 以及与硬盘 等外部存储器交换的数据, 只要计算机在运行中, CPU就会把需要运算的数据调 到内存中进行运算, 当运算完成后 CPU再将结果传送出来, 内存的运行也决定了 计算机的稳定运行。  (ROM), as well as the cache (CACHE), RAM is the most important of these. Memory 44 is one of the important components in the computer. It is a bridge to communicate with the CPU. All the programs in the computer are run in memory. The function is to temporarily store the operational data in the CPU, and The data exchanged by the external memory such as the hard disk, as long as the computer is running, the CPU will transfer the data that needs to be calculated into the memory for calculation. When the operation is completed, the CPU will transmit the result, and the operation of the memory also determines the stable operation of the computer. .
[0135] 输入模块 75, 如麦克风、 传感器及触控面板等, 用于用户输入, 并传输到处理 器 72。  [0135] An input module 75, such as a microphone, a sensor, a touch panel, etc., is used for user input and transmitted to the processor 72.
[0136] 通信模块 76, 如射频单元等, 用于与外界进行通信。  [0136] A communication module 76, such as a radio unit, is used to communicate with the outside world.
[0137] 在图 7所示的终端构件基础上, 本实施例提供的终端配对程序被处理器执行吋 实现第三实施例提供的终端配对方法的所有步骤。  [0137] Based on the terminal component shown in FIG. 7, the terminal pairing program provided in this embodiment is executed by the processor, and all the steps of the terminal pairing method provided by the third embodiment are implemented.
[0138]  [0138]
[0139] 同吋, 本实施例提供了一种计算机可读存储介质, 计算机可读存储介质上存储 有一个或多个程序, 一个或多个程序被处理器执行吋实现第三实施例提供的终 端配对方法的所有步骤。  [0139] In the embodiment, the embodiment provides a computer readable storage medium, where one or more programs are stored on the computer readable storage medium, and one or more programs are executed by the processor to implement the third embodiment. All steps of the terminal pairing method.
[0140]  [0140]
[0141] 实施例四:  Embodiment 4:
[0142] 图 5为本发明实施例四提供的终端配对方法的流程图, 请参考图 5, 本实施例提 供的终端配对方法包括:  FIG. 5 is a flowchart of a terminal pairing method according to Embodiment 4 of the present invention. Referring to FIG. 5, the terminal pairing method provided in this embodiment includes:
[0143] S501 : 通过安全无线通道接收外部终端发送的第一密文; [0143] S501: receiving, by using a secure wireless channel, the first ciphertext sent by the external terminal;
[0144] S502: 使用预置的第二密钥对第一密文解密, 获得第一随机因子和第一校验值  [0144] S502: Decrypt the first ciphertext using the preset second key, and obtain the first random factor and the first check value.
[0145] S503: 使用预设的第二校验算法对第一随机因子进行校验, 并与第一校验值进 行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算法对第二 随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子和第二校 验值进行加密, 生成第二密文, 并通过安全无线通道发送至外部终端; [0146] S504: 使用第二随机因子与第一随机因子的组合, 对其数据通信信道的原通信 密钥进行不可逆处理及替换, 生成新通信密钥; [0145] S503: Check the first random factor by using a preset second check algorithm, and perform comparison check with the first check value; if matched, generate a second random factor, using the preset The second check algorithm checks the second random factor to generate a second check value; encrypts the second random factor and the second check value according to the second key, generates a second ciphertext, and passes the secure wireless channel Send to an external terminal; [0146] S504: using a combination of the second random factor and the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key;
[0147] S505: 选择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通 道加密。 [0147] S505: Select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
[0148] 在一实施例中, 上述实施例中的第一随机因子与第二随机因子的组合为: 第一 随机因子与第二随机因子按照约定方式生成预设长度的数据。  [0148] In an embodiment, the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
[0149] 在一实施例中, 上述实施例中的对其数据通信信道的原通信密钥进行不可逆处 理包括: 使用组合对原通信密钥进行加密; 或者使用组合与原通信密钥进行哈 希值运算, 生成唯一不可逆的数据, 作为新通信密钥。  [0149] In an embodiment, the irreversible processing of the original communication key of the data communication channel in the foregoing embodiment includes: encrypting the original communication key by using a combination; or performing hashing using the combination with the original communication key. A value operation that generates unique irreversible data as a new communication key.
[0150] 在一实施例中, 上述实施例中的选择数据通信信道的配对模式, 使用新通信密 钥进行数据通信信道的通道加密包括: 利用第二随机因子以及第一随机因子组 合对第二终端的临吋密钥值值进行数据不可逆处理及替换; 按照低功耗蓝牙协 议规定选择配对模式;使用第二随机因子与第一随机因子的组合对短期密钥进行 加密处理及替换;与外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥 的交互。  [0150] In an embodiment, the pairing mode of the selected data communication channel in the foregoing embodiment, the channel encryption of the data communication channel by using the new communication key includes: using the second random factor and the first random factor combination to the second The temporary key value of the terminal is irreversibly processed and replaced; the pairing mode is selected according to the low power Bluetooth protocol; the short-term key is encrypted and replaced by the combination of the second random factor and the first random factor; The terminal interacts with the short-term key and the long-term key according to the Bluetooth protocol.
[0151]  [0151]
[0152] 图 6为本发明实施例四提供的终端配对装置的结构示意图, 请参考图 6, 本实施 例提供的终端配对装置 6包括: 第二处理模块 61、 第二通信模块 62及第二配对模 块 63, 其中,  FIG. 6 is a schematic structural diagram of a terminal pairing apparatus according to Embodiment 4 of the present invention. Referring to FIG. 6, the terminal pairing apparatus 6 provided in this embodiment includes: a second processing module 61, a second communication module 62, and a second Pairing module 63, wherein
[0153] 第二通信模块 62用于通过安全无线通道接收外部终端发送的第一密文;  [0153] The second communication module 62 is configured to receive, by using a secure wireless channel, the first ciphertext sent by the external terminal;
[0154] 第二处理模块 61用于使用预置的第二密钥对第一密文解密, 获得第一随机因子 和第一校验值; 使用预设的第二校验算法对第一随机因子进行校验, 并与第一 校验值进行比较校验; 若匹配, 则生成第二随机因子, 使用预设的第二校验算 法对第二随机因子进行校验, 生成第二校验值; 根据第二密钥对第二随机因子 和第二校验值进行加密, 生成第二密文; [0154] The second processing module 61 is configured to decrypt the first ciphertext using the preset second key, obtain the first random factor and the first check value, and use the preset second check algorithm to the first random The factor is checked and compared with the first check value; if matched, a second random factor is generated, and the second random factor is verified by using a preset second check algorithm to generate a second check And encrypting the second random factor and the second check value according to the second key to generate a second ciphertext;
[0155] 第二通信模块 62还用于通过安全无线通道发送第二密文至外部终端; [0155] The second communication module 62 is further configured to send the second ciphertext to the external terminal through the secure wireless channel;
[0156] 第二配对模块 63用于使用第二随机因子与第一随机因子的组合, 对其数据通信 信道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 选择数据通信信 道的配对模式, 使用新通信密钥进行数据通信信道的通道加密。 [0156] The second pairing module 63 is configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using a combination of the second random factor and the first random factor to generate a new communication key; The pairing mode of the channel uses the new communication key for channel encryption of the data communication channel.
[0157] 在一实施例中, 上述实施例中的第一随机因子与第二随机因子的组合为: 第一 随机因子与第二随机因子按照约定方式生成预设长度的数据。 [0157] In an embodiment, the combination of the first random factor and the second random factor in the foregoing embodiment is: the first random factor and the second random factor generate data of a preset length according to an agreed manner.
[0158] 在一实施例中, 上述实施例中的第二配对模块 63具体用于: 使用组合对原通信 密钥进行加密, 或者使用组合与原通信密钥进行哈希值运算, 生成唯一不可逆 的数据, 作为新通信密钥。  [0158] In an embodiment, the second pairing module 63 in the foregoing embodiment is specifically configured to: encrypt the original communication key by using a combination, or perform a hash value operation using the combination with the original communication key to generate a unique irreversible The data, as a new communication key.
[0159] 在一实施例中, 上述实施例中的述第二配对模块 63具体用于: 利用第二随机因 子以及第一随机因子组合对第二终端的临吋密钥值值进行数据不可逆处理及替 换; 按照低功耗蓝牙协议规定选择配对模式;使用第二随机因子与第一随机因子 的组合对短期密钥进行加密处理及替换;与外部终端按照低功耗蓝牙协议规定进 行短期密钥及长期密钥的交互。  [0159] In an embodiment, the second pairing module 63 in the foregoing embodiment is specifically configured to: perform data irreversible processing on the temporary key value of the second terminal by using the second random factor and the first random factor combination. And replacing; selecting the pairing mode according to the low-power Bluetooth protocol; using the combination of the second random factor and the first random factor to encrypt and replace the short-term key; and the external terminal performing the short-term key according to the low-power Bluetooth protocol And the interaction of long-term keys.
[0160]  [0160]
[0161] 图 7为本发明实施例涉及的终端的结构示意图, 请参考图 7, 本实施例提供的终 端至少包括: 输入输出 (10) 总线 71、 处理器 72、 存储器 73、 内存 74、 输入模 块 75、 通信模块 76及存储在存储器 73上并可在处理器 72上运行的终端配对程序 , 在图 7所示的终端构件基础上, 本实施例提供的终端配对程序被处理器执行吋 实现第四实施例提供的终端配对方法的所有步骤。  7 is a schematic structural diagram of a terminal according to an embodiment of the present invention. Referring to FIG. 7, the terminal provided in this embodiment includes at least: an input/output (10) bus 71, a processor 72, a memory 73, a memory 74, and an input. The module 75, the communication module 76, and the terminal pairing program stored on the memory 73 and operable on the processor 72. On the basis of the terminal component shown in FIG. 7, the terminal pairing program provided in this embodiment is executed by the processor. The fourth embodiment provides all the steps of the terminal pairing method.
[0162]  [0162]
[0163] 同吋, 本实施例提供了一种计算机可读存储介质, 计算机可读存储介质上存储 有一个或多个程序, 一个或多个程序被处理器执行吋实现第四实施例提供的终 端配对方法的所有步骤。  [0163] In the embodiment, the embodiment provides a computer readable storage medium, where one or more programs are stored on the computer readable storage medium, and one or more programs are executed by the processor, and the fourth embodiment is implemented. All steps of the terminal pairing method.
[0164]  [0164]
[0165] 实施例五:  Embodiment 5:
[0166] 现以终端均为蓝牙设备、 数据通信信道为蓝牙信道为例, 结合具体应用场景对 本发明做进一步的诠释说明。  [0166] The present invention is further illustrated by taking a Bluetooth device as a terminal and a data communication channel as a Bluetooth channel as an example, and combining the specific application scenarios.
[0167] 低功耗蓝牙 (BLE)技术是低成本、 短距离、 可互操作的、 鲁棒性非常好的无线 通信技术, 工作在免许可的 2.4GHz ISM射频频段。 该通信协议从一幵始就设计 为超低功耗 (ULP)、 安全的无线通信技术。 当两个低功耗蓝牙设备之间要进行数 据交互吋, 首先需要建立相互之间的连接, 且首次建立连接吋需要进行配对以 建立信任关系。 然而, 随着低功耗蓝牙技术的应用场景越来越广泛, 在配对过 程中需要低功耗蓝牙设备双方以明文形式进行多次安全通信参数的交互及协商 , 这样会对低功耗蓝牙设备间的通信数据安全产生极大的威胁, 而目前惯用的 解决办法是在低功耗蓝牙协议的应用层上对通信的数据进行加密处理, 解决低 功耗蓝牙通信数据的安全问题。 [0167] Bluetooth Low Energy (BLE) technology is a low-cost, short-range, interoperable, and robust wireless communication technology that operates in the unlicensed 2.4 GHz ISM RF band. The communication protocol has been designed from the outset to be an ultra-low power (ULP), secure wireless communication technology. When between two low-power Bluetooth devices According to the interaction, first of all, we need to establish a connection with each other, and the first time we establish a connection, we need to pair to establish a trust relationship. However, as the application scenarios of the low-power Bluetooth technology become more and more extensive, in the pairing process, the Bluetooth devices of the low-power consumption need to perform the interaction and negotiation of multiple secure communication parameters in clear text, which will be a low-power Bluetooth device. The communication data security poses a great threat. The current solution is to encrypt the communication data on the application layer of the low-power Bluetooth protocol to solve the security problem of low-power Bluetooth communication data.
[0168] 本实施例提出一种低功耗蓝牙设备间安全配对方法及系统, 通过第三方的无线 安全通道协商配对前的安全通信参数, 从低功耗蓝牙协议层面解决低功耗蓝牙 的通信安全问题。  [0168] This embodiment provides a method and system for secure pairing between low-power Bluetooth devices, and negotiates secure communication parameters before pairing through a third-party wireless security channel to solve low-power Bluetooth communication from a low-power Bluetooth protocol layer. safe question.
[0169] 具体的, 如图 8所示, 本实施例提供的低功耗蓝牙设备间安全配对系统,包括: 第一低功耗蓝牙设备与第二低功耗蓝牙设备, 其通过低功耗蓝牙通信协议建立 蓝牙链路通信连接。 第一低功耗蓝牙设备包括第一主控制模块、 第一低功耗蓝 牙通信模块、 第一无线通信模块, 第一主控制模块与第一低功耗蓝牙通信模块 、 第一无线通信模块电连接; 第一主控制模块包括算法处理模块、 随机数产生 模块;  [0169] Specifically, as shown in FIG. 8, the low-power Bluetooth device-to-device security pairing system provided by the embodiment includes: a first low-power Bluetooth device and a second low-power Bluetooth device, which pass low power consumption The Bluetooth communication protocol establishes a Bluetooth link communication connection. The first low-power Bluetooth device includes a first main control module, a first low-power Bluetooth communication module, a first wireless communication module, a first main control module, a first low-power Bluetooth communication module, and a first wireless communication module. Connecting; the first main control module includes an algorithm processing module and a random number generating module;
[0170] 第二低功耗蓝牙设备包括第二主控制模块、 第二低功耗蓝牙通信模块、 第二无 线通信模块, 第二主控制模块与第二低功耗蓝牙通信模块、 第二无线通信模块 电连接; ; 第二主控制模块包括算法处理模块、 随机数产生模块;  [0170] The second low power Bluetooth device includes a second main control module, a second low power Bluetooth communication module, a second wireless communication module, a second main control module and a second low power Bluetooth communication module, and a second wireless The communication module is electrically connected; the second main control module includes an algorithm processing module and a random number generation module;
[0171] 第一低功耗蓝牙设备与第二低功耗蓝牙设备通过低功耗蓝牙接口及无线通信接 口进行通信。  [0171] The first low power Bluetooth device and the second low power Bluetooth device communicate through the low power Bluetooth interface and the wireless communication interface.
[0172] 针对图 8所示系统, 下面结合图 9、 图 10、 图 11、 图 12详细说明本方法在上述系 统上的实施流程:  [0172] For the system shown in FIG. 8, the implementation process of the method on the above system will be described in detail below with reference to FIG. 9, FIG. 10, FIG. 11, and FIG.
[0173] 第一低功耗蓝牙设备与第二低功耗蓝牙设备通过低功耗蓝牙协议建立蓝牙链路 通信连接;  [0173] the first low-power Bluetooth device and the second low-power Bluetooth device establish a Bluetooth link communication connection through a low-power Bluetooth protocol;
[0174] 链路通信连接建立成功以后, 通过低功耗蓝牙链路控制命令做设备间的低功耗 蓝牙设备信息交互, 设备信息包括蓝牙协议版本号及蓝牙协议子版本号等软件 版本信息, 以及蓝牙设备商 ID号及设备标识 IMEI等硬件版本信息;  [0174] After the link communication connection is successfully established, the low-power Bluetooth link control command is used to perform low-power Bluetooth device information interaction between the devices, and the device information includes software version information such as a Bluetooth protocol version number and a Bluetooth protocol sub-version number. And hardware version information such as a Bluetooth device vendor ID number and a device identifier IMEI;
[0175] 根据此设备信息判断当前通信的低功耗蓝牙设备是否支持安全配对方法, 如不 支持, 则后续低功耗蓝牙设备间的通信交互按低功耗蓝牙协议定义的配对模式 进行配对, 如支持, 则第一低功耗蓝牙设备与第二低功耗蓝牙设备通过无线接 口建立无线连接, 启动第三通道协商配对前的安全通信参数; [0175] determining, according to the device information, whether the currently-powered Bluetooth low energy device supports the secure pairing method, if not Supporting, the communication interaction between the subsequent low-power Bluetooth devices is paired according to the pairing mode defined by the low-power Bluetooth protocol. If supported, the first low-power Bluetooth device and the second low-power Bluetooth device establish wireless through the wireless interface. Connect, start the third channel to negotiate the security communication parameters before pairing;
[0176] 第一低功耗蓝牙设备生成第一随机因子, 并利用第一低功耗蓝牙设备第一预置 的校验算法对第一随机因子进行校验, 获得第一校验值;  [0176] The first low-power Bluetooth device generates a first random factor, and uses a first preset verification algorithm of the first low-power Bluetooth device to check the first random factor to obtain a first check value;
[0177] 第一低功耗蓝牙设备根据第一预置的密钥对第一随机因子和第一校验值进行加 密, 获得第一密文;  [0177] The first low-power Bluetooth device encrypts the first random factor and the first check value according to the first preset key to obtain the first ciphertext;
[0178] 第一低功耗蓝牙设备将第一密文通过无线接口发送至第二低功耗蓝牙设备; 第 二低功耗蓝牙设备根据第二预置的密钥对接收到的第一密文进行解密得到第一 随机因子和第一校验值, 同吋利用第二预置的校验算法对第一低功耗蓝牙设备 的随机因子进行校验同吋比较校验的结果与接收到的第一校验值是否匹配; [0178] the first low-power Bluetooth device sends the first ciphertext to the second low-power Bluetooth device through the wireless interface; the second low-power Bluetooth device receives the first secret according to the second preset key pair The text is decrypted to obtain a first random factor and a first check value, and the second preset check algorithm is used to verify the random factor of the first low-power Bluetooth device, and the result of the comparison check is received and received. Whether the first check value matches;
[0179] 第二低功耗蓝牙设备在校验值匹配后, 生成第二随机因子; 第二低功耗蓝牙设 备利用第二低功耗蓝牙设备预置的第二校验算法对第二随机因子进行校验, 获 得第二校验值; [0179] the second low-power Bluetooth device generates a second random factor after the check value is matched; the second low-power Bluetooth device uses the second check algorithm preset by the second low-power Bluetooth device to the second random The factor is verified to obtain a second check value;
[0180] 第二低功耗蓝牙设备根据第二预置密钥对第二随机因子和第二校验值进行加密 , 获得第二密文;  [0180] The second low-power Bluetooth device encrypts the second random factor and the second check value according to the second preset key to obtain the second ciphertext;
[0181] 第二低功耗蓝牙设备将第二密文通过无线接口发送至第一低功耗蓝牙设备; 第 一蓝牙设备利用第一预置的密钥对接收到的第二密文进行解密得到第二随机因 子和第二校验值, 同吋利用第一预置的校验算法对第二随机因子进行校验同吋 比较校验的结果与接收到的第二校验值是否匹配;  [0181] the second low-power Bluetooth device sends the second ciphertext to the first low-power Bluetooth device through the wireless interface; the first Bluetooth device decrypts the received second ciphertext by using the first preset key Obtaining a second random factor and a second check value, and verifying, by using the first preset check algorithm, whether the second random factor is compared with the received second check value;
[0182] 校验值用于确保随机因子的完整性不受篡改;  [0182] The check value is used to ensure that the integrity of the random factor is not tampered with;
[0183] 进一步的, 校验算法可以是 MAC值校验算法, 也可以是 CRC校验算法;  [0183] Further, the verification algorithm may be a MAC value verification algorithm or a CRC check algorithm.
[0184] 第一预置密钥、 第二预置密钥可以是内置在低功耗蓝牙设备中的一组或是几组 相同的密钥, 也可以是一组公私钥对; [0184] The first preset key and the second preset key may be one or a group of the same key built in the low power Bluetooth device, or may be a set of public and private key pairs;
[0185] 第一低功耗蓝牙设备利用第一随机因子以及第二随机因子组合对第一低功耗蓝 牙设备端的 TK值进行数据不可逆处理并将处理后数据赋值给第一低功耗蓝牙设 备的 τκ, 第二蓝牙设备利用第二随机因子以及第一随机因子组合对第二蓝牙设 备端的 ΤΚ值进行数据不可逆处理并将处理后数据赋值给第二低功耗蓝牙设备的 Τ κ。 [0185] the first low-power Bluetooth device performs data irreversible processing on the TK value of the first low-power Bluetooth device end by using the first random factor and the second random factor combination, and assigns the processed data to the first low-power Bluetooth device. Τκ, the second Bluetooth device uses the second random factor and the first random factor combination to perform data irreversible processing on the threshold value of the second Bluetooth device end and assign the processed data to the second low power Bluetooth device. κ.
[0186] 第一随机因子与第二随机因子的组合具体为: 可以是由两组数据以约定任何方 式生成一组十六字节长度的数据;  [0186] The combination of the first random factor and the second random factor is specifically: a set of data of a length of sixteen bytes may be generated by any two sets of data in an agreed manner;
[0187] 数据不可逆处理具体为: 通过第一、 第二随机因子和 ΤΚ值产生一组唯一的不 可逆变的数据; 进一步, 数据不可逆处理可以是加密处理, 也可以是第一、 第 二随机因子与 ΤΚ值做哈希运算处理。 [0187] The data irreversible processing is specifically: generating a unique set of non-invertible data by using the first and second random factors and the threshold; further, the data irreversible processing may be an encryption process, or may be first and second random The factor and the ΤΚ value are hashed.
[0188] 第一低功耗蓝牙设备与第二低功耗蓝牙设备按照低功耗蓝牙协议规定完成后续 的配对特征交互、 配对模式选择、 STK密钥通道加密、 LTK密钥交互等交互, 完 成配对过程。 [0188] The first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent pairing feature interaction, pairing mode selection, STK key channel encryption, LTK key interaction, etc. according to the low-power Bluetooth protocol, and complete The pairing process.
[0189] 在实际应用中, 第一低功耗蓝牙设备与第二低功耗蓝牙设备按照低功耗蓝牙协 议规定完成后续的配对模式选择;  [0189] In a practical application, the first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent pairing mode selection according to the low-power Bluetooth protocol;
[0190] 根据第一随机因子与第二随机因子的组合做密钥 KEY, 对 STK进行加密处理并 将值赋予 STK, 即: STK = e ((第一随机因子 II第二随机因子, STK));  [0190] The key KEY is performed according to the combination of the first random factor and the second random factor, and the STK is encrypted and the value is assigned to the STK, namely: STK = e ((first random factor II second random factor, STK) );
[0191] 第一低功耗蓝牙设备与第二低功耗蓝牙设备按照低功耗蓝牙协议规定完成后续 的 STK密钥通道加密、 LTK密钥交互等交互, 完成配对过程。  [0191] The first low-power Bluetooth device and the second low-power Bluetooth device complete the subsequent STK key channel encryption, LTK key interaction and the like according to the low-power Bluetooth protocol, and complete the pairing process.
[0192] 在实际应用中, 无线接口可以是 RCC接口、 可以是 2.4G接口、 可以是 Zigbee接 口、 可以是 WIFI或是任何做无线传输通信的通信接口。  [0192] In practical applications, the wireless interface may be an RCC interface, may be a 2.4G interface, may be a Zigbee interface, may be a WIFI, or any communication interface that performs wireless transmission communication.
[0193] 通过以上实施例的实施可知, 本发明提供的方法具备以下有益效果:  [0193] It can be seen from the implementation of the above embodiments that the method provided by the present invention has the following beneficial effects:
[0194] 本发明提供了一种终端配对方法、 装置及系统、 终端及计算机可读存储介质, 通过无线安全通道协商如蓝牙等数据通信信道配对前的安全通信参数, 解决了 现有终端之间在进行数据通信信道的配对吋, 采用明文方式进行多次安全通信 参数的交互及协商存在的不安全的问题, 在不影响用户的使用体验同吋, 通过 无线安全通道协商配对前数据通信信道的安全通信参数, 保证蓝牙等数据通信 信道的安全性, 提升了用户使用的方便性和用户体验的满意度。  [0194] The present invention provides a terminal pairing method, apparatus and system, terminal, and computer readable storage medium, and negotiates secure communication parameters before pairing with a data communication channel such as Bluetooth through a wireless secure channel, thereby solving the problem between existing terminals. After the data communication channel is paired, the interaction of multiple secure communication parameters and the insecure problem of negotiation are performed in clear text mode, and the pre-pair data communication channel is negotiated through the wireless secure channel without affecting the user experience. The safety communication parameters ensure the security of the data communication channel such as Bluetooth, and improve the user's convenience and user experience satisfaction.
[0195] 以上内容是结合具体的实施方式对本发明所作的进一步详细说明, 不能认定本 发明的具体实施只局限于这些说明。 对于本发明所属技术领域的普通技术人员 来说, 在不脱离本发明构思的前提下, 还可以做出若干简单推演或替换, 都应 当视为属于本发明的保护范围。  The above is a further detailed description of the present invention in connection with the specific embodiments, and the specific embodiments of the present invention are not limited to the description. It will be apparent to those skilled in the art that the present invention may be practiced without departing from the spirit and scope of the invention.

Claims

权利要求书  Claim
[权利要求 1] 一种终端配对方法, 其特征在于, 包括:  [Claim 1] A terminal pairing method, comprising:
第一终端生成第一随机因子, 使用预设的第一校验算法对所述第一随 机因子进行校验, 生成第一校验值; 根据预置的第一密钥对所述第一 随机因子和第一校验值进行加密, 生成第一密文, 并通过安全无线通 道发送至第二终端;  The first terminal generates a first random factor, and uses the preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair, the first random value The factor and the first check value are encrypted, and the first ciphertext is generated and sent to the second terminal through the secure wireless channel;
所述第二终端使用预置的第二密钥对所述第一密文解密, 获得所述第 一随机因子和第一校验值; 使用预设的第二校验算法对所述第一随机 因子进行校验, 并与所述第一校验值进行比较校验; 若匹配, 则生成 第二随机因子, 使用预设的第二校验算法对所述第二随机因子进行校 验, 生成第二校验值; 根据所述第二密钥对所述第二随机因子和第二 校验值进行加密, 生成第二密文, 并通过所述安全无线通道发送至所 述第一终端;  Decrypting the first ciphertext by using the preset second key to obtain the first random factor and the first check value; using the preset second check algorithm for the first The random factor is checked and compared with the first check value; if matched, the second random factor is generated, and the second random factor is verified by using a preset second check algorithm. Generating a second check value; encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting the second ciphertext to the first terminal by using the secure wireless channel ;
所述第一终端使用所述第一密钥对所述第二密文解密, 获得所述第二 随机因子和第二校验值; 使用所述第一校验算法对所述第二随机因子 进行校验, 并与所述第二校验值进行比较校验; 若匹配, 则使用所述 第一随机因子与所述第二随机因子的组合, 对其数据通信信道的原通 信密钥进行不可逆处理及替换, 生成新通信密钥; 所述第二终端使用所述第二随机因子与所述第一随机因子的组合, 对 其数据通信信道的原通信密钥进行不可逆处理及替换, 生成新通信密 钥;  Decrypting the second ciphertext by using the first key to obtain the second random factor and the second check value; using the first check algorithm to use the second random factor Performing a check and performing a comparison check with the second check value; if matching, using a combination of the first random factor and the second random factor to perform an original communication key of the data communication channel thereof Irreversible processing and replacement, generating a new communication key; the second terminal uses the combination of the second random factor and the first random factor to irreversibly process and replace the original communication key of the data communication channel to generate New communication key;
所述第一终端与第二终端选择所述数据通信信道的配对模式, 使用所 述新通信密钥进行数据通信信道的通道加密。  The first terminal and the second terminal select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
[权利要求 2] 如权利要求 1所述的终端配对方法, 其特征在于, 所述第一密钥和所 述第二密钥为存储在第一终端及第二终端内的相同密钥或者公私钥对  [Claim 2] The terminal pairing method according to claim 1, wherein the first key and the second key are the same key or public and private stored in the first terminal and the second terminal. Key pair
[权利要求 3] 如权利要求 1所述的终端配对方法, 其特征在于, 所述第一校验算法 及所述第二校验算法为使用相同参数的消息认证码校验算法或者循环 校验码校验算法。 [Claim 3] The terminal pairing method according to claim 1, wherein the first verification algorithm and the second verification algorithm are message authentication code verification algorithms or loops using the same parameters. Check code verification algorithm.
[权利要求 4] 如权利要求 1所述的终端配对方法, 其特征在于, 所述第一随机因子 与所述第二随机因子的组合为: 第一随机因子与第二随机因子按照约 定方式生成预设长度的数据。  [Claim 4] The terminal pairing method according to claim 1, wherein the combination of the first random factor and the second random factor is: the first random factor and the second random factor are generated according to an agreed manner Preset length data.
[权利要求 5] 如权利要求 1所述的终端配对方法, 其特征在于, 所述对其数据通信 信道的原通信密钥进行不可逆处理包括: 使用所述组合对所述原通信 密钥进行加密, 或者使用所述组合与所述原通信密钥进行哈希值运算 , 生成唯一不可逆的数据, 作为所述新通信密钥。  [Claim 5] The terminal pairing method according to claim 1, wherein the irreversible processing of the original communication key of the data communication channel comprises: encrypting the original communication key using the combination Or performing a hash value operation with the original communication key using the combination to generate unique irreversible data as the new communication key.
[权利要求 6] 如权利要求 1至 5任一项所述的终端配对方法, 其特征在于, 在第一终 端生成第一随机因子之前, 还包括: 获取所述第二终端的设备信息, 根据所述设备信息判断对端是否支持安全配对; 若不支持, 则所述第 一终端与第二终端选择所述数据通信信道的配对模式, 使用所述原通 信密钥进行数据通信信道的通道加密; 若支持, 则所述第一终端与第 二终端分别生成新通信密钥、 并选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数据通信信道的通道加密。  [Claim 6] The terminal pairing method according to any one of claims 1 to 5, wherein before the first terminal generates the first random factor, the method further includes: acquiring device information of the second terminal, according to Determining, by the device information, whether the peer end supports secure pairing; if not, the first terminal and the second terminal select a pairing mode of the data communication channel, and use the original communication key to perform channel encryption of the data communication channel. And if supported, the first terminal and the second terminal respectively generate a new communication key, select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
[权利要求 7] 如权利要求 1至 5任一项所述的终端配对方法, 其特征在于, 所述第一 终端与第二终端选择数据通信信道的配对模式, 使用新通信密钥进行 数据通信信道的通道加密包括:  [Claim 7] The terminal pairing method according to any one of claims 1 to 5, wherein the first terminal and the second terminal select a pairing mode of a data communication channel, and use a new communication key for data communication. Channel encryption for the channel includes:
第一终端使用第一随机因子以及第二随机因子组合对第一终端的临吋 密钥值进行数据不可逆处理及替换, 第二终端利用第二随机因子以及 第一随机因子组合对第二终端的临吋密钥值进行数据不可逆处理及替 换;  The first terminal performs data irreversible processing and replacement on the temporary key value of the first terminal by using the first random factor and the second random factor combination, and the second terminal uses the second random factor and the first random factor combination to the second terminal. The Linyi key value is used for irreversible processing and replacement of data;
第一终端与第二终端按照低功耗蓝牙协议规定选择配对模式; 第一终端与第二终端使用第一随机因子与第二随机因子的组合对短期 密钥进行加密处理及替换;  The first terminal and the second terminal select a pairing mode according to a low power Bluetooth protocol; the first terminal and the second terminal encrypt and replace the short-term key by using a combination of the first random factor and the second random factor;
第一终端与第二终端按照低功耗蓝牙协议规定进行短期密钥及长期密 钥的交互。  The first terminal and the second terminal perform short-term key and long-term key interaction according to the Bluetooth low energy protocol.
[权利要求 8] —种终端配对系统, 其特征在于, 包括: 第一终端及第二终端, 其中 所述第一终端用于生成第一随机因子, 使用预设的第一校验算法对所 述第一随机因子进行校验, 生成第一校验值; 根据预置的第一密钥对 所述第一随机因子和第一校验值进行加密, 生成第一密文, 并通过安 全无线通道发送至第二终端; [Claim 8] A terminal pairing system, comprising: a first terminal and a second terminal, wherein The first terminal is configured to generate a first random factor, and use the preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair Encoding the first random factor and the first check value to generate a first ciphertext, and sending the first ciphertext to the second terminal by using a secure wireless channel;
所述第二终端用于使用预置的第二密钥对所述第一密文解密, 获得所 述第一随机因子和第一校验值; 使用预设的第二校验算法对所述第一 随机因子进行校验, 并与所述第一校验值进行比较校验; 若匹配, 则 生成第二随机因子, 使用预设的第二校验算法对所述第二随机因子进 行校验, 生成第二校验值; 根据所述第二密钥对所述第二随机因子和 第二校验值进行加密, 生成第二密文, 并通过所述安全无线通道发送 至所述第一终端;  The second terminal is configured to decrypt the first ciphertext by using a preset second key, obtain the first random factor and a first check value, and use the preset second check algorithm to The first random factor is checked and compared with the first check value; if matched, a second random factor is generated, and the second random factor is determined by using a preset second check algorithm. And generating a second check value; encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and sending the second ciphertext through the secure wireless channel a terminal
所述第一终端还用于使用所述第一密钥对所述第二密文解密, 获得所 述第二随机因子和第二校验值; 使用所述第一校验算法对所述第二随 机因子进行校验, 并与所述第二校验值进行比较校验; 若匹配, 则使 用所述第一随机因子与所述第二随机因子的组合, 对其数据通信信道 的原通信密钥进行不可逆处理及替换, 生成新通信密钥;  The first terminal is further configured to decrypt the second ciphertext by using the first key, to obtain the second random factor and a second check value, and use the first check algorithm to Two random factors are checked and compared with the second check value; if matched, the original communication of the data communication channel is used by using the combination of the first random factor and the second random factor The key is irreversibly processed and replaced to generate a new communication key;
所述第二终端还用于使用所述第二随机因子与所述第一随机因子的组 合, 对其数据通信信道的原通信密钥进行不可逆处理及替换, 生成新 通信密钥;  The second terminal is further configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using the combination of the second random factor and the first random factor to generate a new communication key;
所述第一终端与第二终端还用于选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数据通信信道的通道加密。  The first terminal and the second terminal are further configured to select a pairing mode of the data communication channel, and use the new communication key to perform channel encryption of the data communication channel.
[权利要求 9] 如权利要求 8所述的终端配对系统, 其特征在于, 所述第一终端及所 述第二终端均为低功耗蓝牙设备。  [Claim 9] The terminal pairing system according to claim 8, wherein the first terminal and the second terminal are both Bluetooth low energy devices.
[权利要求 10] 如权利要求 9所述的终端配对系统, 其特征在于, 所述第一终端用于 使用第一随机因子以及第二随机因子组合对第一终端的临吋密钥值进 行数据不可逆处理及替换, 第二终端用于利用第二随机因子以及第一 随机因子组合对第二终端的临吋密钥值进行数据不可逆处理及替换; 第一终端与第二终端用于按照低功耗蓝牙协议规定选择配对模式; 第 一终端与第二终端用于使用第一随机因子与第二随机因子的组合对短 期密钥进行加密处理及替换; 第一终端与第二终端用于按照低功耗蓝 牙协议规定进行短期密钥密钥通道加密、 长期密钥的交互。 [Claim 10] The terminal pairing system according to claim 9, wherein the first terminal is configured to perform data on a temporary key value of the first terminal by using the first random factor and the second random factor combination. Irreversible processing and replacement, the second terminal is configured to perform irreversible processing and replacement on the temporary key value of the second terminal by using the second random factor and the first random factor combination; The first terminal and the second terminal are configured to select a pairing mode according to a low power Bluetooth protocol; the first terminal and the second terminal are configured to encrypt and replace the short-term key by using a combination of the first random factor and the second random factor The first terminal and the second terminal are configured to perform short-term key key channel encryption and long-term key interaction according to the low-power Bluetooth protocol.
[权利要求 11] 如权利要求 8所述的终端配对系统, 其特征在于, 所述数据通信信道 为蓝牙通道; 所述数据通信信道为限域通信接口、 2.4G接口、 低功耗 局域网 Zigbee接口、 WiFi接口中的至少一种。  [Claim 11] The terminal pairing system according to claim 8, wherein the data communication channel is a Bluetooth channel; the data communication channel is a limited domain communication interface, a 2.4G interface, and a low power local area network Zigbee interface. At least one of the WiFi interfaces.
[权利要求 12] 如权利要求 8至 11任一项所述的终端配对系统, 其特征在于, 所述第 一终端及所述第二终端还用于: 获取对端的设备信息, 根据所述设备 信息判断对端是否支持安全配对; 若不支持, 则所述第一终端与第二 终端选择所述数据通信信道的配对模式, 使用所述原通信密钥进行数 据通信信道的通道加密; 若支持, 则所述第一终端与第二终端分别生 成新通信密钥、 并选择所述数据通信信道的配对模式, 使用所述新通 信密钥进行数据通信信道的通道加密。  [Claim 12] The terminal pairing system according to any one of claims 8 to 11, wherein the first terminal and the second terminal are further configured to: acquire device information of the peer end, according to the device Determining whether the peer supports secure pairing; if not, the first terminal and the second terminal select a pairing mode of the data communication channel, and use the original communication key to perform channel encryption of the data communication channel; And the first terminal and the second terminal respectively generate a new communication key, select a pairing mode of the data communication channel, and perform channel encryption of the data communication channel by using the new communication key.
[权利要求 13] —种终端配对方法, 其特征在于, 包括:  [Claim 13] A terminal pairing method, comprising:
生成第一随机因子, 使用预设的第一校验算法对所述第一随机因子进 行校验, 生成第一校验值; 根据预置的第一密钥对所述第一随机因子 和第一校验值进行加密, 生成第一密文, 并通过安全无线通道发送至 外部终端;  Generating a first random factor, verifying the first random factor by using a preset first check algorithm, and generating a first check value; according to the preset first key pair, the first random factor and the first A check value is encrypted to generate a first ciphertext and sent to an external terminal through a secure wireless channel;
通过安全无线通道接收所述外部终端发送的第二密文;  Receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
使用所述第一密钥对所述第二密文解密, 获得第二随机因子和第二校 验值; 使用所述第一校验算法对所述第二随机因子进行校验, 并与所 述第二校验值进行比较校验; 若匹配, 则使用所述第一随机因子与所 述第二随机因子的组合, 对其数据通信信道的原通信密钥进行不可逆 处理及替换, 生成新通信密钥;  Decrypting the second ciphertext by using the first key to obtain a second random factor and a second check value; using the first check algorithm to verify the second random factor, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new one. Communication key
与所述外部终端选择所述数据通信信道的配对模式, 使用所述新通信 密钥进行数据通信信道的通道加密。  The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
[权利要求 14] 如权利要求 13所述的终端配对方法, 其特征在于, 所述第一随机因子 与所述第二随机因子的组合为: 第一随机因子与第二随机因子按照约 定方式生成预设长度的数据。 [Claim 14] The terminal pairing method according to claim 13, wherein the first random factor The combination with the second random factor is: the first random factor and the second random factor generate data of a preset length in an agreed manner.
如权利要求 13所述的终端配对方法, 其特征在于, 所述对其数据通信 信道的原通信密钥进行不可逆处理包括: 使用所述组合对所述原通信 密钥进行加密, 或者使用所述组合与所述原通信密钥进行哈希值运算 , 生成唯一不可逆的数据, 作为所述新通信密钥。 The terminal pairing method according to claim 13, wherein the irreversible processing of the original communication key of the data communication channel comprises: encrypting the original communication key using the combination, or using the Combining the original communication key with a hash value operation to generate unique irreversible data as the new communication key.
如权利要求 13所述的终端配对方法, 其特征在于, 在生成第一随机因 子之前, 还包括: 获取所述外部终端的设备信息, 根据所述设备信息 判断所述外部终端是否支持安全配对; 若不支持, 则与所述外部终端 选择所述数据通信信道的配对模式, 使用所述原通信密钥进行数据通 信信道的通道加密; 若支持, 则与所述外部终端分别生成新通信密钥 、 并选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数 据通信信道的通道加密。 The terminal pairing method according to claim 13, wherein before the generating the first random factor, the method further includes: acquiring device information of the external terminal, and determining, according to the device information, whether the external terminal supports secure pairing; If not, the external terminal selects a pairing mode of the data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, generates a new communication key separately from the external terminal And selecting a pairing mode of the data communication channel, and using the new communication key to perform channel encryption of the data communication channel.
如权利要求 13至 16任一项所述的终端配对方法, 其特征在于, 所述与 所述外部终端选择所述数据通信信道的配对模式, 使用所述新通信密 钥进行数据通信信道的通道加密包括: The terminal pairing method according to any one of claims 13 to 16, wherein the external terminal selects a pairing mode of the data communication channel, and uses the new communication key to perform a channel of a data communication channel. Encryption includes:
使用第一随机因子以及第二随机因子组合对临吋密钥值进行数据不可 逆处理及替换; 与所述外部终端按照低功耗蓝牙协议规定选择配对模式; And using the first random factor and the second random factor combination to perform data irreversible processing and replacement on the temporary key value; and selecting, by the external terminal, the pairing mode according to the low power Bluetooth protocol;
使用第一随机因子与第二随机因子的组合对短期密钥进行加密处理及 替换; The short-term key is encrypted and replaced using a combination of the first random factor and the second random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。 The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
一种终端配对方法, 其特征在于, 包括: A terminal pairing method, comprising:
通过安全无线通道接收外部终端发送的第一密文; Receiving the first ciphertext sent by the external terminal through the secure wireless channel;
使用预置的第二密钥对所述第一密文解密, 获得第一随机因子和第一 校验值; Decrypting the first ciphertext using a preset second key to obtain a first random factor and a first check value;
使用预设的第二校验算法对所述第一随机因子进行校验, 并与所述第 一校验值进行比较校验; The first random factor is verified using a preset second verification algorithm, and the first A check value is compared and verified;
若匹配, 则生成第二随机因子, 使用预设的第二校验算法对所述第二 随机因子进行校验, 生成第二校验值; If yes, generate a second random factor, and use the preset second check algorithm to check the second random factor to generate a second check value;
根据所述第二密钥对所述第二随机因子和第二校验值进行加密, 生成 第二密文, 并通过所述安全无线通道发送至所述外部终端; 使用所述第二随机因子与所述第一随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数据通 信信道的通道加密。 Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting to the external terminal by using the secure wireless channel; using the second random factor Combining with the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key; selecting a pairing mode of the data communication channel, using the new communication key Channel encryption of the data communication channel.
如权利要求 18所述的终端配对方法, 其特征在于, 所述第一随机因子 与所述第二随机因子的组合为: 第一随机因子与第二随机因子按照约 定方式生成预设长度的数据。 The terminal pairing method according to claim 18, wherein the combination of the first random factor and the second random factor is: the first random factor and the second random factor generate data of a preset length according to an agreed manner .
如权利要求 18所述的终端配对方法, 其特征在于, 所述对其数据通信 信道的原通信密钥进行不可逆处理包括: 使用所述组合对所述原通信 密钥进行加密, 或者使用所述组合与所述原通信密钥进行哈希值运算 , 生成唯一不可逆的数据, 作为所述新通信密钥。 The terminal pairing method according to claim 18, wherein the irreversible processing of the original communication key of the data communication channel comprises: encrypting the original communication key using the combination, or using the Combining the original communication key with a hash value operation to generate unique irreversible data as the new communication key.
如权利要求 18至 20任一项所述的终端配对方法, 其特征在于, 所述选 择数据通信信道的配对模式, 使用新通信密钥进行数据通信信道的通 道加密包括: The terminal pairing method according to any one of claims 18 to 20, wherein the selecting a pairing mode of the data communication channel and performing channel encryption of the data communication channel using the new communication key comprises:
利用第二随机因子以及第一随机因子组合对第二终端的临吋密钥值值 进行数据不可逆处理及替换; Data non-reversible processing and replacement of the temporary key value of the second terminal by using the second random factor and the first random factor combination;
按照低功耗蓝牙协议规定选择配对模式; Select the pairing mode according to the Bluetooth protocol of low power consumption;
使用第二随机因子与第一随机因子的组合对短期密钥进行加密处理及 替换; Encrypting and replacing the short-term key using a combination of the second random factor and the first random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。 The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
一种终端, 其特征在于, 包括: 存储器、 处理器、 连接所述存储器及 处理器的输入输出总线、 及存储在所述存储器上并可在所述处理器上 运行的终端配对程序, 所述终端配对程序被所述处理器执行吋实现以 下步骤: A terminal, comprising: a memory, a processor, an input/output bus connecting the memory and the processor, and being stored on the memory and on the processor The running terminal pairing program, which is executed by the processor, implements the following steps:
生成第一随机因子, 使用预设的第一校验算法对所述第一随机因子进 行校验, 生成第一校验值; 根据预置的第一密钥对所述第一随机因子 和第一校验值进行加密, 生成第一密文, 并通过安全无线通道发送至 外部终端;  Generating a first random factor, verifying the first random factor by using a preset first check algorithm, and generating a first check value; according to the preset first key pair, the first random factor and the first A check value is encrypted to generate a first ciphertext and sent to an external terminal through a secure wireless channel;
通过安全无线通道接收所述外部终端发送的第二密文;  Receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
使用所述第一密钥对所述第二密文解密, 获得第二随机因子和第二校 验值; 使用所述第一校验算法对所述第二随机因子进行校验, 并与所 述第二校验值进行比较校验; 若匹配, 则使用所述第一随机因子与所 述第二随机因子的组合, 对其数据通信信道的原通信密钥进行不可逆 处理及替换, 生成新通信密钥;  Decrypting the second ciphertext by using the first key to obtain a second random factor and a second check value; using the first check algorithm to verify the second random factor, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new one. Communication key
与所述外部终端选择所述数据通信信道的配对模式, 使用所述新通信 密钥进行数据通信信道的通道加密。  The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key.
[权利要求 23] 如权利要求 22所述的终端, 其特征在于, 所述终端配对程序被所述处 理器执行吋实现步骤: 使用所述组合对所述原通信密钥进行加密, 或 者使用所述组合与所述原通信密钥进行哈希值运算, 生成唯一不可逆 的数据, 作为所述新通信密钥。  [Claim 23] The terminal according to claim 22, wherein the terminal pairing program is executed by the processor, the implementation step of: encrypting the original communication key by using the combination, or using the The combination performs a hash value operation with the original communication key to generate unique irreversible data as the new communication key.
[权利要求 24] 如权利要求 22所述的终端, 其特征在于, 所述终端配对程序被所述处 理器执行吋实现以下步骤: 在生成第一随机因子之前, 获取所述外部 终端的设备信息, 根据所述设备信息判断所述外部终端是否支持安全 配对; 若不支持, 则与所述外部终端选择所述数据通信信道的配对模 式, 使用所述原通信密钥进行数据通信信道的通道加密; 若支持, 则 与所述外部终端分别生成新通信密钥、 并选择所述数据通信信道的配 对模式, 使用所述新通信密钥进行数据通信信道的通道加密。  [Claim 24] The terminal according to claim 22, wherein the terminal pairing procedure is executed by the processor, and the following steps are implemented: acquiring device information of the external terminal before generating the first random factor Determining, according to the device information, whether the external terminal supports secure pairing; if not, selecting a pairing mode of the data communication channel with the external terminal, and performing channel encryption of the data communication channel by using the original communication key And if supported, generating a new communication key with the external terminal, selecting a pairing mode of the data communication channel, and performing channel encryption of the data communication channel using the new communication key.
[权利要求 25] 如权利要求 22至 24任一项所述的终端, 其特征在于, 所述终端配对程 序被所述处理器执行吋实现以下步骤:  [Claim 25] The terminal according to any one of claims 22 to 24, wherein the terminal pairing program is executed by the processor, and the following steps are implemented:
使用第一随机因子以及第二随机因子组合对临吋密钥值进行数据不可 逆处理及替换; Data for the Linyi key value is not available using the first random factor and the second random factor combination Reverse processing and replacement;
与所述外部终端按照低功耗蓝牙协议规定选择配对模式;  Selecting a pairing mode with the external terminal according to a low power Bluetooth protocol specification;
使用第一随机因子与第二随机因子的组合对短期密钥进行加密处理及 替换;  The short-term key is encrypted and replaced using a combination of the first random factor and the second random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。  The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
[权利要求 26] —种终端, 其特征在于, 包括: 存储器、 处理器、 连接所述存储器及 处理器的输入输出总线、 及存储在所述存储器上并可在所述处理器上 运行的终端配对程序, 所述终端配对程序被所述处理器执行吋实现以 下步骤:  [Claim 26] A terminal, comprising: a memory, a processor, an input/output bus connecting the memory and the processor, and a terminal stored on the memory and operable on the processor a pairing procedure, the terminal pairing procedure being executed by the processor, implementing the following steps:
通过安全无线通道接收外部终端发送的第一密文; 使用预置的第二密钥对所述第一密文解密, 获得第一随机因子和第一 校验值;  Receiving, by the secure wireless channel, the first ciphertext sent by the external terminal; decrypting the first ciphertext by using the preset second key, to obtain the first random factor and the first check value;
使用预设的第二校验算法对所述第一随机因子进行校验, 并与所述第 一校验值进行比较校验;  The first random factor is verified by using a preset second check algorithm, and compared with the first check value;
若匹配, 则生成第二随机因子, 使用预设的第二校验算法对所述第二 随机因子进行校验, 生成第二校验值;  If yes, generate a second random factor, and use the preset second check algorithm to check the second random factor to generate a second check value;
根据所述第二密钥对所述第二随机因子和第二校验值进行加密, 生成 第二密文, 并通过所述安全无线通道发送至所述外部终端; 使用所述第二随机因子与所述第一随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; 选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数据通 信信道的通道加密。  Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting to the external terminal by using the secure wireless channel; using the second random factor Combining with the first random factor, irreversibly processing and replacing the original communication key of the data communication channel to generate a new communication key; selecting a pairing mode of the data communication channel, using the new communication key Channel encryption of the data communication channel.
[权利要求 27] 如权利要求 26所述的终端, 其特征在于, 所述终端配对程序被所述处 理器执行吋实现步骤: 使用所述组合对所述原通信密钥进行加密, 或 者使用所述组合与所述原通信密钥进行哈希值运算, 生成唯一不可逆 的数据, 作为所述新通信密钥。  [Claim 27] The terminal according to claim 26, wherein the terminal pairing program is executed by the processor, the implementation step of: encrypting the original communication key by using the combination, or using the The combination performs a hash value operation with the original communication key to generate unique irreversible data as the new communication key.
[权利要求 28] 如权利要求 26或 27所述的终端, 其特征在于, 所述终端配对程序被所 述处理器执行吋实现以下步骤: [Claim 28] The terminal according to claim 26 or 27, wherein the terminal pairing program is The processor executes 吋 to implement the following steps:
利用第二随机因子以及第一随机因子组合对第二终端的临吋密钥值值 进行数据不可逆处理及替换; Data non-reversible processing and replacement of the temporary key value of the second terminal by using the second random factor and the first random factor combination;
按照低功耗蓝牙协议规定选择配对模式; Select the pairing mode according to the Bluetooth protocol of low power consumption;
使用第二随机因子与第一随机因子的组合对短期密钥进行加密处理及 替换; Encrypting and replacing the short-term key using a combination of the second random factor and the first random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。 The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
一种计算机可读存储介质, 其特征在于, 所述计算机可读存储介质上 存储有一个或多个程序, 所述一个或多个程序被执行吋实现以下步骤 生成第一随机因子, 使用预设的第一校验算法对所述第一随机因子进 行校验, 生成第一校验值; 根据预置的第一密钥对所述第一随机因子 和第一校验值进行加密, 生成第一密文, 并通过安全无线通道发送至 外部终端; A computer readable storage medium, wherein the computer readable storage medium stores one or more programs, and the one or more programs are executed to implement the following steps to generate a first random factor, using a preset The first check algorithm performs verification on the first random factor to generate a first check value; and encrypts the first random factor and the first check value according to the preset first key to generate a first a ciphertext and sent to the external terminal through a secure wireless channel;
通过安全无线通道接收所述外部终端发送的第二密文; Receiving, by the secure wireless channel, the second ciphertext sent by the external terminal;
使用所述第一密钥对所述第二密文解密, 获得第二随机因子和第二校 验值; 使用所述第一校验算法对所述第二随机因子进行校验, 并与所 述第二校验值进行比较校验; 若匹配, 则使用所述第一随机因子与所 述第二随机因子的组合, 对其数据通信信道的原通信密钥进行不可逆 处理及替换, 生成新通信密钥; Decrypting the second ciphertext by using the first key to obtain a second random factor and a second check value; using the first check algorithm to verify the second random factor, and The second check value is compared and verified; if matched, the combination of the first random factor and the second random factor is used to irreversibly process and replace the original communication key of the data communication channel to generate a new one. Communication key
与所述外部终端选择所述数据通信信道的配对模式, 使用所述新通信 密钥进行数据通信信道的通道加密。 10.在此处键入权利要求项 10。 如权利要求 29所述的计算机可读存储介质, 其特征在于, 所述一个或 多个程序被执行吋实现步骤: 使用所述组合对所述原通信密钥进行加 密, 或者使用所述组合与所述原通信密钥进行哈希值运算, 生成唯一 不可逆的数据, 作为所述新通信密钥。 The pairing mode of the data communication channel is selected with the external terminal, and the channel encryption of the data communication channel is performed using the new communication key. 10. Type claim 10 here. The computer readable storage medium of claim 29, wherein the one or more programs are executed, the implementing step of: encrypting the original communication key using the combination, or using the combination and The original communication key performs a hash value operation to generate unique irreversible data as the new communication key.
如权利要求 29所述的计算机可读存储介质, 其特征在于, 所述一个或 多个程序被执行吋实现以下步骤: 在生成第一随机因子之前, 获取所 述外部终端的设备信息, 根据所述设备信息判断所述外部终端是否支 持安全配对; 若不支持, 则与所述外部终端选择所述数据通信信道的 配对模式, 使用所述原通信密钥进行数据通信信道的通道加密; 若支 持, 则与所述外部终端分别生成新通信密钥、 并选择所述数据通信信 道的配对模式, 使用所述新通信密钥进行数据通信信道的通道加密。 A computer readable storage medium according to claim 29, wherein said one or The plurality of programs are executed to implement the following steps: before generating the first random factor, acquiring device information of the external terminal, determining, according to the device information, whether the external terminal supports secure pairing; if not, The external terminal selects a pairing mode of the data communication channel, and uses the original communication key to perform channel encryption of the data communication channel; if supported, generates a new communication key with the external terminal, and selects the data communication channel Pairing mode, using the new communication key for channel encryption of the data communication channel.
[权利要求 32] 如权利要求 29至 31任一项所述的计算机可读存储介质, 其特征在于, 所述一个或多个程序被执行吋实现以下步骤:  [Claim 32] The computer readable storage medium according to any one of claims 29 to 31, wherein the one or more programs are executed to implement the following steps:
使用第一随机因子以及第二随机因子组合对临吋密钥值进行数据不可 逆处理及替换;  Data non-reversible processing and replacement of the Linyi key value using the first random factor and the second random factor combination;
与所述外部终端按照低功耗蓝牙协议规定选择配对模式;  Selecting a pairing mode with the external terminal according to a low power Bluetooth protocol specification;
使用第一随机因子与第二随机因子的组合对短期密钥进行加密处理及 替换;  The short-term key is encrypted and replaced using a combination of the first random factor and the second random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。  The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
[权利要求 33] —种计算机可读存储介质, 其特征在于, 所述计算机可读存储介质上 存储有一个或多个程序, 所述一个或多个程序被执行吋实现以下步骤  [Claim 33] A computer readable storage medium, wherein the computer readable storage medium stores one or more programs, and the one or more programs are executed to implement the following steps
通过安全无线通道接收外部终端发送的第一密文; 使用预置的第二密钥对所述第一密文解密, 获得第一随机因子和第一 校验值; Receiving, by the secure wireless channel, the first ciphertext sent by the external terminal; decrypting the first ciphertext by using the preset second key, to obtain the first random factor and the first check value;
使用预设的第二校验算法对所述第一随机因子进行校验, 并与所述第 一校验值进行比较校验;  The first random factor is verified by using a preset second check algorithm, and compared with the first check value;
若匹配, 则生成第二随机因子, 使用预设的第二校验算法对所述第二 随机因子进行校验, 生成第二校验值;  If yes, generate a second random factor, and use the preset second check algorithm to check the second random factor to generate a second check value;
根据所述第二密钥对所述第二随机因子和第二校验值进行加密, 生成 第二密文, 并通过所述安全无线通道发送至所述外部终端; 使用所述第二随机因子与所述第一随机因子的组合, 对其数据通信信 道的原通信密钥进行不可逆处理及替换, 生成新通信密钥; Encrypting the second random factor and the second check value according to the second key, generating a second ciphertext, and transmitting to the external terminal by using the secure wireless channel; using the second random factor a data communication letter with the first random factor The original communication key of the channel is irreversibly processed and replaced to generate a new communication key;
选择所述数据通信信道的配对模式, 使用所述新通信密钥进行数据通 信信道的通道加密。  A pairing mode of the data communication channel is selected, and channel encryption of the data communication channel is performed using the new communication key.
[权利要求 34] 如权利要求 33所述的计算机可读存储介质, 其特征在于, 所述一个或 多个程序被执行吋实现以下步骤: 使用所述组合对所述原通信密钥进 行加密, 或者使用所述组合与所述原通信密钥进行哈希值运算, 生成 唯一不可逆的数据, 作为所述新通信密钥。  [Claim 34] The computer readable storage medium of claim 33, wherein the one or more programs are executed to: perform the following steps: encrypting the original communication key using the combination, Or performing a hash value operation with the original communication key using the combination to generate unique irreversible data as the new communication key.
[权利要求 35] 如权利要求 33或 34所述的计算机可读存储介质, 其特征在于, 所述一 个或多个程序被执行吋实现以下步骤:  [Claim 35] The computer readable storage medium of claim 33 or 34, wherein the one or more programs are executed to implement the following steps:
利用第二随机因子以及第一随机因子组合对第二终端的临吋密钥值值 进行数据不可逆处理及替换;  Data non-reversible processing and replacement of the temporary key value of the second terminal by using the second random factor and the first random factor combination;
按照低功耗蓝牙协议规定选择配对模式;  Select the pairing mode according to the Bluetooth protocol of low power consumption;
使用第二随机因子与第一随机因子的组合对短期密钥进行加密处理及 替换;  Encrypting and replacing the short-term key using a combination of the second random factor and the first random factor;
与所述外部终端按照低功耗蓝牙协议规定进行短期密钥及长期密钥的 交互。  The short-term key and the long-term key are exchanged with the external terminal in accordance with the Bluetooth Low Energy Protocol.
[权利要求 36] —种终端配对装置, 其特征在于, 包括: 第一处理模块、 第一通信模 块及第一配对模块, 其中,  [Claim 36] A terminal pairing device, comprising: a first processing module, a first communication module, and a first pairing module, wherein
所述第一处理模块用于生成第一随机因子, 使用预设的第一校验算法 对所述第一随机因子进行校验, 生成第一校验值; 根据预置的第一密 钥对所述第一随机因子和第一校验值进行加密, 生成第一密文; 所述第一通信模块用于通过安全无线通道发送所述第一密文至外部终 端, 通过安全无线通道接收所述外部终端发送的第二密文; 所述第一处理模块还用于使用所述第一密钥对所述第二密文解密, 获 得第二随机因子和第二校验值; 使用所述第一校验算法对所述第二随 机因子进行校验, 并与所述第二校验值进行比较校验;  The first processing module is configured to generate a first random factor, and use the preset first check algorithm to check the first random factor to generate a first check value; according to the preset first key pair The first random factor and the first check value are encrypted to generate a first ciphertext; the first communication module is configured to send the first ciphertext to an external terminal through a secure wireless channel, and receive the device through a secure wireless channel. a second ciphertext sent by the external terminal; the first processing module is further configured to decrypt the second ciphertext by using the first key, to obtain a second random factor and a second check value; The first verification algorithm checks the second random factor and compares and verifies with the second check value;
所述第一配对模块用于若匹配, 则使用所述第一随机因子与所述第二 随机因子的组合, 对其数据通信信道的原通信密钥进行不可逆处理及 替换, 生成新通信密钥; 与所述外部终端选择所述数据通信信道的配 对模式, 使用所述新通信密钥进行数据通信信道的通道加密。 The first pairing module is configured to: if matched, use the combination of the first random factor and the second random factor to perform irreversible processing on an original communication key of the data communication channel and Alternatively, generating a new communication key; selecting a pairing mode of the data communication channel with the external terminal, and performing channel encryption of the data communication channel using the new communication key.
如权利要求 36所述的终端配对装置, 其特征在于, 所述第一随机因子 与所述第二随机因子的组合为: 第一随机因子与第二随机因子按照约 定方式生成预设长度的数据。 The terminal pairing device according to claim 36, wherein the combination of the first random factor and the second random factor is: the first random factor and the second random factor generate data of a preset length according to an agreed manner .
如权利要求 36所述的终端配对装置, 其特征在于, 所述第一处理模块 具体用于: 使用所述组合对所述原通信密钥进行加密, 或者使用所述 组合与所述原通信密钥进行哈希值运算, 生成唯一不可逆的数据, 作 为所述新通信密钥。 The terminal pairing device according to claim 36, wherein the first processing module is specifically configured to: encrypt the original communication key by using the combination, or use the combination to communicate with the original communication key The key performs a hash value operation to generate unique irreversible data as the new communication key.
如权利要求 36所述的终端配对装置, 其特征在于, 所述第一处理模块 具体用于: 在生成第一随机因子之前, 获取所述外部终端的设备信息 , 根据所述设备信息判断所述外部终端是否支持安全配对; 若不支持 , 则与所述外部终端选择所述数据通信信道的配对模式, 使用所述原 通信密钥进行数据通信信道的通道加密; 若支持, 则与所述外部终端 分别生成新通信密钥、 并选择所述数据通信信道的配对模式, 使用所 述新通信密钥进行数据通信信道的通道加密。 The terminal pairing device according to claim 36, wherein the first processing module is configured to: obtain device information of the external terminal, and determine, according to the device information, before generating the first random factor Whether the external terminal supports secure pairing; if not, selecting the pairing mode of the data communication channel with the external terminal, and using the original communication key to perform channel encryption of the data communication channel; if supported, the external The terminal respectively generates a new communication key, selects a pairing mode of the data communication channel, and performs channel encryption of the data communication channel using the new communication key.
如权利要求 36至 39任一项所述的终端配对装置, 其特征在于, 所述第 一配对模块具体用于: 使用第一随机因子以及第二随机因子组合对临 吋密钥值进行数据不可逆处理及替换; 与所述外部终端按照低功耗蓝 牙协议规定选择配对模式;使用第一随机因子与第二随机因子的组合 对短期密钥进行加密处理及替换;与所述外部终端按照低功耗蓝牙协 议规定进行短期密钥及长期密钥的交互。 The terminal pairing device according to any one of claims 36 to 39, wherein the first pairing module is specifically configured to: use the first random factor and the second random factor combination to perform data irreversible on the temporary key value. Processing and replacing; selecting a pairing mode according to the low-power Bluetooth protocol specified by the external terminal; encrypting and replacing the short-term key by using a combination of the first random factor and the second random factor; and performing low-power with the external terminal The Bluetooth-consuming protocol specifies the interaction of short-term and long-term keys.
一种终端配对装置, 其特征在于, 包括: 第二处理模块、 第二通信模 块及第二配对模块, 其中, A terminal pairing device, comprising: a second processing module, a second communication module, and a second pairing module, where
所述第二通信模块用于通过安全无线通道接收外部终端发送的第一密 文; The second communication module is configured to receive, by using a secure wireless channel, the first ciphertext sent by the external terminal;
所述第二处理模块用于使用预置的第二密钥对所述第一密文解密, 获 得第一随机因子和第一校验值; 使用预设的第二校验算法对所述第一 随机因子进行校验, 并与所述第一校验值进行比较校验; 若匹配, 则 生成第二随机因子, 使用预设的第二校验算法对所述第二随机因子进 行校验, 生成第二校验值; 根据所述第二密钥对所述第二随机因子和 第二校验值进行加密, 生成第二密文; The second processing module is configured to decrypt the first ciphertext by using a preset second key, obtain a first random factor and a first check value, and use the preset second check algorithm to One The random factor is checked and compared with the first check value; if matched, the second random factor is generated, and the second random factor is verified by using a preset second check algorithm. Generating a second check value; encrypting the second random factor and the second check value according to the second key to generate a second ciphertext;
所述第二通信模块还用于通过所述安全无线通道发送所述第二密文至 所述外部终端;  The second communication module is further configured to send the second ciphertext to the external terminal by using the secure wireless channel;
所述第二配对模块用于使用所述第二随机因子与所述第一随机因子的 组合, 对其数据通信信道的原通信密钥进行不可逆处理及替换, 生成 新通信密钥; 选择所述数据通信信道的配对模式, 使用所述新通信密 钥进行数据通信信道的通道加密。  The second pairing module is configured to perform irreversible processing and replacement on the original communication key of the data communication channel by using the combination of the second random factor and the first random factor to generate a new communication key; A pairing mode of the data communication channel, using the new communication key for channel encryption of the data communication channel.
[权利要求 42] 如权利要求 41所述的终端配对装置, 其特征在于, 所述第一随机因子 与所述第二随机因子的组合为: 第一随机因子与第二随机因子按照约 定方式生成预设长度的数据。  [Claim 42] The terminal pairing device according to claim 41, wherein the combination of the first random factor and the second random factor is: the first random factor and the second random factor are generated according to an agreed manner Preset length data.
[权利要求 43] 如权利要求 41所述的终端配对装置, 其特征在于, 所述第二配对模块 具体用于: 使用所述组合对所述原通信密钥进行加密, 或者使用所述 组合与所述原通信密钥进行哈希值运算, 生成唯一不可逆的数据, 作 为所述新通信密钥。  [Claim 43] The terminal pairing device according to claim 41, wherein the second pairing module is specifically configured to: encrypt the original communication key by using the combination, or use the combination and The original communication key performs a hash value operation to generate unique irreversible data as the new communication key.
[权利要求 44] 如权利要求 41至 43任一项所述的终端配对装置, 其特征在于, 所述述 第二配对模块具体用于: 利用第二随机因子以及第一随机因子组合对 第二终端的临吋密钥值值进行数据不可逆处理及替换; 按照低功耗蓝 牙协议规定选择配对模式;使用第二随机因子与第一随机因子的组合 对短期密钥进行加密处理及替换;与所述外部终端按照低功耗蓝牙协 议规定进行短期密钥及长期密钥的交互。 [Claim 44] The terminal pairing device according to any one of claims 41 to 43, wherein the second pairing module is specifically configured to: use a second random factor and a first random factor combination to pair The temporary key value of the terminal is irreversibly processed and replaced; the pairing mode is selected according to the Bluetooth protocol of the low power consumption; and the short-term key is encrypted and replaced by using the combination of the second random factor and the first random factor; The external terminal performs the interaction of the short-term key and the long-term key according to the low-power Bluetooth protocol.
PCT/CN2017/095706 2016-12-30 2017-08-02 Terminal pairing method, device, and system, terminal, and computer readable storage medium WO2018120836A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611257262.1 2016-12-30
CN201611257262.1A CN108270554B (en) 2016-12-30 2016-12-30 Terminal pairing method and system

Publications (1)

Publication Number Publication Date
WO2018120836A1 true WO2018120836A1 (en) 2018-07-05

Family

ID=62706972

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/095706 WO2018120836A1 (en) 2016-12-30 2017-08-02 Terminal pairing method, device, and system, terminal, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108270554B (en)
WO (1) WO2018120836A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023227059A1 (en) * 2022-05-25 2023-11-30 中国移动通信有限公司研究院 Negotiation method, apparatus, network device, and terminal
CN117279119A (en) * 2023-11-21 2023-12-22 微泰医疗器械(杭州)股份有限公司 Method and communication device for wireless communication between devices

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451477A (en) * 2018-12-18 2019-03-08 东莞市韵茂电子科技有限公司 A kind of bluetooth communication encryption method of smart machine
EP3908017A4 (en) 2019-01-25 2022-01-26 Huawei Technologies Co., Ltd. Method and apparatus for establishing bluetooth data channel
CN110266498B (en) * 2019-06-28 2022-04-08 恒宝股份有限公司 Safe payment system and method for non-stop automobile
CN111132154B (en) * 2019-12-26 2022-10-21 飞天诚信科技股份有限公司 Method and system for negotiating session key
CN111953362B (en) * 2020-07-16 2022-01-14 深圳安吉尔饮水产业集团有限公司 Communication method, communication device, communication transceiver and readable storage medium
CN111935686B (en) * 2020-07-21 2023-09-15 深圳市创鸿新智能科技有限公司 Intelligent electric energy meter system and wireless meter calibration method thereof
CN116761167B (en) * 2023-08-21 2023-11-03 北京领创医谷科技发展有限责任公司 Data encryption transmission method, system, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050172129A1 (en) * 2004-01-29 2005-08-04 Nec Corporation Random number generating and sharing system, encrypted communication apparatus, and random number generating and sharing method for use therein
CN105407109A (en) * 2015-12-25 2016-03-16 武汉信安珞珈科技有限公司 Data secure transmission method between Bluetooth devices
CN105430605A (en) * 2015-12-10 2016-03-23 飞天诚信科技股份有限公司 Bluetooth master and slave devices and method for establishing safety channel between same
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8260261B2 (en) * 2009-08-31 2012-09-04 Qualcomm Incorporated Securing pairing verification of devices with minimal user interfaces
WO2013191648A1 (en) * 2012-06-20 2013-12-27 Certis Cisco Security Pte Ltd Bluetooth pairing system, method, and apparatus
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system
CN102983892B (en) * 2012-11-19 2016-01-20 深圳市文鼎创数据科技有限公司 Bluetooth pairing methods and system
CN104158567B (en) * 2014-07-25 2016-05-18 天地融科技股份有限公司 Matching method between bluetooth equipment and system, data interactive method and system
US9667608B2 (en) * 2014-09-26 2017-05-30 Apple Inc. Enhanced two-factor verification for device pairing
CN104540132B (en) * 2015-01-15 2019-05-17 天地融科技股份有限公司 The means of communication, mobile device, electronic signature equipment and the server of bluetooth equipment
US10382210B2 (en) * 2016-01-10 2019-08-13 Apple Inc. Secure device pairing
CN105933039B (en) * 2016-06-24 2018-06-29 飞天诚信科技股份有限公司 A kind of bluetooth equipment and its method of work

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050172129A1 (en) * 2004-01-29 2005-08-04 Nec Corporation Random number generating and sharing system, encrypted communication apparatus, and random number generating and sharing method for use therein
CN105430605A (en) * 2015-12-10 2016-03-23 飞天诚信科技股份有限公司 Bluetooth master and slave devices and method for establishing safety channel between same
CN105407109A (en) * 2015-12-25 2016-03-16 武汉信安珞珈科技有限公司 Data secure transmission method between Bluetooth devices
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023227059A1 (en) * 2022-05-25 2023-11-30 中国移动通信有限公司研究院 Negotiation method, apparatus, network device, and terminal
CN117279119A (en) * 2023-11-21 2023-12-22 微泰医疗器械(杭州)股份有限公司 Method and communication device for wireless communication between devices
CN117279119B (en) * 2023-11-21 2024-02-02 微泰医疗器械(杭州)股份有限公司 Method and communication device for wireless communication between devices

Also Published As

Publication number Publication date
CN108270554B (en) 2022-06-10
CN108270554A (en) 2018-07-10

Similar Documents

Publication Publication Date Title
WO2018120836A1 (en) Terminal pairing method, device, and system, terminal, and computer readable storage medium
CN110177354B (en) Wireless control method and system for vehicle
US10979412B2 (en) Methods and apparatus for secure device authentication
CN107231627B (en) Bluetooth network and network distribution method
US10003966B2 (en) Key configuration method and apparatus
US10305684B2 (en) Secure connection method for network device, related apparatus, and system
WO2015149723A1 (en) Method, device and system for establishing secure connection
US10652738B2 (en) Authentication module
US11736304B2 (en) Secure authentication of remote equipment
JP2016533694A (en) User identity authentication method, terminal and server
CN101662360B (en) Short message service-based certificated symmetric key negotiation method
WO2014180296A1 (en) Method, configuration device, and wireless device for establishing connection between devices
KR20160078475A (en) Key configuration method, system and apparatus
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
CN105814859B (en) A kind of network collocating method, relevant apparatus and system
CN114125832B (en) Network connection method, terminal, network equipment to be distributed and storage medium
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
WO2010023506A1 (en) Methods, apparatuses, computer program products, and systems for providing secure pairing and association for wireless devices
CN102420642B (en) Bluetooth device and communication method thereof
TWI633800B (en) Methods for device pairing and data transmission in handheld communication devices
US20220368522A1 (en) Bluetooth peripheral and central apparatuses and verification method
WO2021212516A1 (en) Pairing method and wireless device applied to short-distance communication system
WO2016112860A1 (en) Communication method for wireless device, wireless device and server
KR101785382B1 (en) Method for authenticating client, operation method of client, server enabling the method, and communication software enabling the operation method
WO2018023495A1 (en) Device pairing and data transmission method for handheld communication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17889050

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23.10.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 17889050

Country of ref document: EP

Kind code of ref document: A1