WO2021027554A1 - 信息共享方法、终端设备、存储介质及计算机程序产品 - Google Patents
信息共享方法、终端设备、存储介质及计算机程序产品 Download PDFInfo
- Publication number
- WO2021027554A1 WO2021027554A1 PCT/CN2020/105143 CN2020105143W WO2021027554A1 WO 2021027554 A1 WO2021027554 A1 WO 2021027554A1 CN 2020105143 W CN2020105143 W CN 2020105143W WO 2021027554 A1 WO2021027554 A1 WO 2021027554A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal device
- identity
- information
- public key
- mobile phone
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 94
- 238000004590 computer program Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 276
- 238000012795 verification Methods 0.000 claims description 80
- 238000005516 engineering process Methods 0.000 claims description 62
- 230000001413 cellular effect Effects 0.000 claims description 17
- 238000004422 calculation algorithm Methods 0.000 description 38
- 230000005540 biological transmission Effects 0.000 description 31
- 230000006870 function Effects 0.000 description 30
- 238000010586 diagram Methods 0.000 description 25
- 230000008569 process Effects 0.000 description 17
- 230000003993 interaction Effects 0.000 description 14
- 230000002452 interceptive effect Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 238000001514 detection method Methods 0.000 description 9
- 238000013475 authorization Methods 0.000 description 8
- 238000009795 derivation Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 230000005236 sound signal Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000009527 percussion Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
- H04W12/55—Secure pairing of devices involving three or more devices, e.g. group pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
Definitions
- This application belongs to the field of communication technology, and in particular relates to an information sharing method, terminal equipment, storage medium, and computer program product.
- the electronic devices can be connected or paired with each other.
- the user when the user needs to pair at least two terminal devices with the same Bluetooth headset, the user triggers the terminal device to search for Bluetooth devices through the interactive interface of each terminal device, and the user selects from the searched device list
- the Bluetooth device to be paired enables the terminal device to establish a communication connection with the Bluetooth headset. For example, when a user needs to pair both a mobile phone and a tablet computer with the same Bluetooth headset, the user needs to control the mobile phone to pair with the Bluetooth headset through the interactive interface of the mobile phone, and control the tablet computer to pair with the Bluetooth headset through the interactive interface of the tablet computer.
- the embodiments of this application provide information sharing methods, terminal devices, storage media, and computer program products, which can solve the problem that in the prior art, when a user needs to connect or pair at least two terminal devices with another terminal device, the user is required to Repeated pairing or connection operations are performed on each terminal device, which is cumbersome and leads to a problem of low operation efficiency.
- an embodiment of the present application provides an information sharing method, including: a first terminal device establishes a communication connection with a second terminal device; when the first terminal device detects the third terminal device, it communicates with all users through near field communication NFC.
- the third terminal device performs identity verification; when the first terminal device confirms that the identity of the third terminal device is legal, the communication link information is sent to the third terminal device through short-range wireless communication technology, and the communication link The information is used to establish a communication connection between the third terminal device and the second terminal device.
- the short-range wireless communication technology may be NFC, Bluetooth communication, or wireless fidelity (Wireless-Fidelity, WIFI).
- the first terminal device when the first terminal device confirms that the identity of the third terminal device is legal, it may prompt the user through a text or voice message. After the first terminal device and the third terminal device establish a communication connection, the third terminal device may also send information that needs to be shared to the first terminal device.
- the first terminal device and the third terminal device belong to trusted devices under the same user account, the user account is used to identify the identity information of the owner of the user account, and the user account may be a pre-registered Huawei account.
- a trusted device refers to a user device trusted by the owner of the user account, and trusted devices have information sharing authority.
- the first terminal device and the third terminal device have previously logged in to the user account to synchronize the identity information of all trusted devices. That is, the identity information of all trusted devices is pre-stored in the first terminal device and the third terminal device.
- the first terminal device and the third terminal device can be easily and quickly established a communication connection, and then Sharing the communication link information, so that when the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- Neither other devices are required to participate in data interaction, nor the user to manipulate the third terminal device to allow the third terminal device to establish a communication connection with the second terminal device, which simplifies the operation of establishing a communication connection between the third terminal device and the second terminal device Steps, thereby improving the efficiency of establishing communication connections between at least three terminal devices.
- the cellular mobile network and the wireless local area network of the third terminal device are both in a closed state, and the short-range wireless communication technology is NFC or Bluetooth communication.
- the cellular mobile network and wireless local area network of the third terminal device are both turned off means that the third terminal device has not enabled the cellular mobile network and wireless local area network, or is currently unable to access the Internet through the cellular mobile network or wireless local area network.
- the first terminal device and the third terminal device can share information through NFC or Bluetooth communication, even if the third terminal device cannot access the Internet through the cellular mobile network or wireless local area network, the first terminal device can also communicate with the third terminal device. Sharing information, the use scene is not restricted by the Internet, and the application is more extensive.
- the second terminal device is a terminal device that has previously completed pairing with the first terminal device, and the communication link information includes Bluetooth pairing information After the third terminal device receives the Bluetooth pairing information and detects the second terminal device, it uses the received Bluetooth pairing information to pair with the second terminal device.
- the communication link information includes wireless network access information and/or NFC access control identification information.
- the wireless network access information is used to connect to routers, access points or personal hotspots.
- the access information may be Service Set Identifier (SSID) and access password.
- SSID Service Set Identifier
- the third terminal can access the wireless network currently accessed by the first terminal device or the wireless network previously accessed through the wireless network access information. .
- the NFC access control identification information is used to identify authorization information, such as NFC access control authorization information.
- the third terminal device can be used as an NFC access control card to communicate with the second terminal device to realize functions such as door opening.
- the identity verification of the third terminal device through near field communication NFC includes: : After the first terminal device establishes a communication connection with the second terminal device and is close to the third terminal device, sends an identity authentication notification message to the third terminal device through NFC; the first terminal device obtains the first terminal device 3. The first identity information returned by the terminal device via NFC when receiving the identity authentication notification message; the first terminal device gives the first identity information to the third terminal device based on the first identity information and the pre-stored second identity information Perform authentication.
- the first identity information includes the first device identifier of the third terminal device and the first public key
- the first terminal device performs identity verification on the third terminal device based on the first identity information and the pre-stored second identity information, including: the first terminal device performs identity verification based on the first device identifier Acquire the pre-stored public key corresponding to the third terminal device from the database, and perform identity verification on the third terminal device based on the first public key and the pre-stored public key; wherein, when the first public key When the key is the same as the pre-stored public key, it is determined that the identity of the third terminal device is legal.
- the first identity information includes the first device identifier of the third terminal device, and public key attribute credentials And the first random number generated by the third terminal device; the first terminal device identifies the third terminal device based on the first identity information and the pre-stored second identity information
- the verification includes: the first terminal device obtains the first public key of the third terminal device based on the first device identifier and the first version number; the first terminal device is based on its own private key and The first public key calculates a first shared key and generates a second random number; the first terminal device is based on the first shared key, the second device identification of the first terminal device, and the first A random number and the second random number to calculate a first identity characteristic value; the first terminal device sends the first identity characteristic value, the first terminal device to the third terminal device through near field communication The second device identifier of the public key attribute credential, and the second random number; the first terminal device receives the second identity characteristic value returned by the third
- the first terminal device obtains all information based on the first device identifier and the first version number.
- the first public key of the third terminal device includes: the first terminal device searches an identity database for a device identity matching the first device identity; when the matching device identity is found, and the first device identity When a version number is less than or equal to the second version number of the prestored public key attribute credential, the public key of the third terminal device is obtained from the identity database; when the matching device identification is not found, and the The first version number is greater than the second version number of the pre-stored public key attribute credential, and the third terminal device is requested to obtain the first public key.
- the eighth possible implementation manner of the first aspect after the first terminal device searches an identity database for a device identifier that matches the first device identifier , It further includes: when the matching device identifier is not found, and the first version number is less than the second version number of the pre-stored public key attribute credential, determining that the identity of the third terminal device is illegal.
- the first terminal device when the first terminal device confirms that the identity of the third terminal device is legal, it passes a short distance
- the wireless communication technology sending the communication link information to the third terminal device includes: when the first terminal device confirms that the identity of the third terminal device is legal, generating a session key, and using short-range wireless communication technology
- the session key is sent to the third terminal device; the first terminal device uses the session key to encrypt the communication link information, and sends the encrypted data to the short-range wireless communication technology The third terminal device.
- the communication link information is encrypted by the session key, which can improve the security of the data to be shared in the transmission process. Even if other untrusted devices receive the encrypted communication link information, they cannot directly obtain the communication. Link information, thereby preventing other untrusted devices from connecting to the second terminal device through the communication link information, and further protecting data security in the second terminal device.
- an embodiment of the present application provides an information sharing device, including: an identity verification unit, configured to pass through the near field after the first terminal device establishes a communication connection with the second terminal device and when it is close to the third terminal device
- the communication NFC verifies the identity of the third terminal device
- an information sharing unit is used to send communication link information to the third terminal device through short-range wireless communication technology when confirming that the identity of the third terminal device is legal
- the short-range wireless communication technology may be NFC, Bluetooth communication, or wireless fidelity (Wireless-Fidelity, WIFI).
- the first terminal device and the third terminal device can be easily and quickly established a communication connection, and then Sharing the communication link information, so that when the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- Neither other devices are required to participate in data interaction, nor the user to manipulate the third terminal device to allow the third terminal device to establish a communication connection with the second terminal device, which simplifies the operation of establishing a communication connection between the third terminal device and the second terminal device Steps, thereby improving the efficiency of establishing communication connections between at least three terminal devices.
- the cellular mobile network and wireless local area network of the third terminal device are both in a closed state, and the short-range wireless communication technology is NFC or Bluetooth communication.
- the first terminal device and the third terminal device can share information through NFC or Bluetooth communication, even if the third terminal device cannot access the Internet through the cellular mobile network or wireless local area network, the first terminal device can also communicate with the third terminal device. Sharing information, the use scene is not restricted by the Internet, and the application is more extensive.
- the second terminal device is a terminal device that has been paired with the first terminal device in advance, and the communication link information includes Bluetooth pairing information After the third terminal device receives the Bluetooth pairing information and detects the second terminal device, it uses the received Bluetooth pairing information to pair with the second terminal device.
- the communication link information sent by the information sharing unit includes a wireless network Access information and/or NFC access control identification information.
- the wireless network access information is used to connect to routers, access points or personal hotspots.
- the access information can be SSID and access password.
- the third terminal when entering the signal coverage area of the wireless network corresponding to any SSID, the third terminal can access the wireless network currently accessed by the first terminal device or the wireless network previously accessed through the wireless network access information. .
- the NFC access control identification information is used to identify authorization information, such as NFC access control authorization information.
- the third terminal device can be used as an NFC access control card to communicate with the third terminal device to realize functions such as door opening.
- the identity verification unit includes: a sending unit, configured to be close to the first terminal device after establishing a communication connection with the second terminal device In the case of three terminal devices, send an identity authentication notification message to the third terminal device via NFC; the receiving unit is configured to obtain the first identity information returned by the third terminal device via NFC when the third terminal device receives the identity authentication notification message The verification unit is configured to perform identity verification on the third terminal device based on the first identity information and the pre-stored second identity information.
- the first identity information includes the first device identifier of the third terminal device and the first public key
- the verification unit is specifically configured to obtain a pre-stored public key corresponding to the third terminal device from an identity database based on the first device identifier, and based on the first public key and the pre-stored public key pair
- the third terminal device performs identity verification; wherein, when the first public key and the pre-stored public key are the same, it is determined that the identity of the third terminal device is legal.
- the first identity information includes the first device identifier of the third terminal device, and public key attribute credentials The first version number of the device and the first random number generated by the third terminal device;
- the verification unit includes: a public key obtaining unit, configured to obtain the first device identifier and the first version number The first public key of the third terminal device; a random number generation unit, configured to calculate a first shared key based on its own private key and the first public key, and generate a second random number; a calculation unit, used to generate a second random number based on The first shared key, the second device identifier of the first terminal device, the first random number, and the second random number are used to calculate a first identity characteristic value;
- the sending unit is also used for the The first terminal device sends the first identity feature value, the second device identifier of the first terminal device, the second version number of the public key attribute credential, and the second terminal device to the third terminal device through near field communication.
- the receiving unit is further configured to: receive the second identity characteristic value returned by the third terminal device; wherein the second identity characteristic value is calculated by the third terminal device in the second shared key Is calculated based on the second shared key, the second device identifier, the first random number, and the second random number, and the second shared key is based on the private The key and the public key of the first terminal device are calculated; the comparing unit is configured to determine that the identity of the third terminal device is legal when it is confirmed that the first identity characteristic value is the same as the second identity characteristic value.
- the public key obtaining unit is specifically configured to: search an identity database that matches the first device identifier When the matching device identification is found, and the first version number is less than or equal to the second version number of the pre-stored public key attribute credential, the third terminal device is obtained from the identity database When the matching device identification is not found, and the first version number is greater than the second version number of the pre-stored public key attribute credential, request the third terminal device to obtain the first public key .
- the public key acquisition unit is further configured to: when the matching device identification is not found, and When the first version number is less than the second version number of the pre-stored public key attribute credential, it is determined that the identity of the third terminal device is illegal.
- the information sharing unit is specifically configured to: when confirming that the identity of the third terminal device is legal, Generate a session key, and send the session key to the third terminal device through short-range wireless communication technology; use the session key to encrypt the communication link information, and pass the short-range wireless The communication technology sends the encrypted data to the third terminal device.
- the communication link information is encrypted by the session key, which can improve the security of the data to be shared in the transmission process. Even if other untrusted devices receive the encrypted communication link information, they cannot directly obtain the communication. Link information, thereby preventing other untrusted devices from connecting to the second terminal device through the communication link information, and further protecting data security in the second terminal device.
- an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and running on the processor.
- a terminal device including a memory, a processor, and a computer program stored in the memory and running on the processor.
- the processor executes the computer program.
- an embodiment of the present application provides a computer-readable storage medium that stores a computer program that, when executed by a processor, realizes any of the possibilities of the first aspect Information sharing method of realization method.
- the embodiments of the present application provide a computer program product that, when the computer program product runs on a terminal device, causes the terminal device to execute the information sharing method in any one of the possible implementations of the first aspect.
- the first terminal device and the second terminal device After the first terminal device and the second terminal device establish a communication connection, when the first terminal device is close to the third terminal device, the first terminal device and the third terminal device can easily and quickly establish a communication connection, thereby sharing the communication link Path information, so that the third terminal device uses the communication link information to establish a communication connection with the second terminal device when detecting the second terminal device.
- the third terminal device uses the communication link information to establish a communication connection with the second terminal device when detecting the second terminal device.
- the third terminal device can establish a communication connection with the second terminal device, which can simplify the communication connection between the third terminal device and the second terminal device.
- the operation steps further improve the efficiency of establishing communication connections between at least three terminal devices.
- the first terminal device and the third terminal device can share information through NFC or Bluetooth communication, even if the third terminal device cannot access the Internet through a cellular mobile network or wireless local area network, the first terminal device can also share information with the third terminal device.
- the use scene is not restricted by the Internet, and the application is more extensive.
- FIG. 1 is a system schematic diagram of an information sharing method provided by an embodiment of the present application
- Figure 2 is a schematic diagram of an application scenario of an information sharing method provided by an embodiment of the present application
- FIG. 3 is a schematic diagram of a Bluetooth pairing interface provided by an embodiment of the present application.
- FIG. 4 is a schematic diagram of an application scenario of an information sharing method provided by another embodiment of the present application.
- FIG. 5 is a schematic diagram of the hardware structure of a mobile phone to which the information sharing method provided by an embodiment of the present application is applicable;
- FIG. 6 is a schematic flowchart of an information sharing method provided by an embodiment of the present application.
- FIG. 7 is a detailed flowchart of S101 in the information sharing method provided by an embodiment of the present application.
- FIG. 8 is a schematic diagram of a scenario of a trust ring registration method provided by an embodiment of the present application.
- FIG. 9 is an interaction diagram of an identity verification method provided by an embodiment of the present application.
- FIG. 10 is a detailed flowchart of S102 in the information sharing method provided by an embodiment of the present application.
- FIG. 11 is a schematic structural diagram of an information sharing device provided by an embodiment of the present application.
- FIG. 12 is a schematic structural diagram of an identity verification unit provided by an embodiment of the present application.
- FIG. 13 is a schematic structural diagram of an identity verification unit provided by another embodiment of the present application.
- FIG. 14 is a schematic structural diagram of a terminal device provided by an embodiment of the present application.
- FIG. 1 is a system schematic diagram of an information sharing method provided by an embodiment of the present application.
- the system includes a terminal device A, a terminal device B, and a terminal device C, and the terminal device A has established a communication connection with the terminal device B.
- terminal device A corresponds to the first terminal device in the claims
- terminal device B corresponds to the second terminal device in the claims
- terminal device C corresponds to the third terminal device in the claims.
- the terminal device A and the terminal device C are trusted devices under the same user account.
- the user account is used to identify the identity information of the owner of the user account, and the user account may be a pre-registered Huawei account.
- a trusted device refers to a user device trusted by the owner of the user account, and trusted devices have information sharing authority.
- the terminal device A and the terminal device C have previously logged in to the user account to synchronize the identity information of all trusted devices. That is, the terminal device A and the terminal device C have pre-stored the identity information of all trusted devices.
- the terminal device A and the terminal device C include, but are not limited to, mobile phones, notebook computers, tablet computers, and wearable devices.
- Terminal device B includes but is not limited to Bluetooth headsets, routers, access points, personal hotspot devices, mobile phones, and access control terminals.
- terminal device A When terminal device A is close to terminal device C, terminal device A authenticates terminal device C through Near Field Connection (NFC). When the identity of terminal device C is confirmed to be legal, terminal device A and terminal device C can pass NFC quickly establishes a communication connection. After that, terminal device A and terminal device C can share the communication link information used to connect to terminal device B through short-range wireless communication technology.
- the short-range wireless communication technology may be NFC communication, Bluetooth communication, or wireless fidelity (Wireless-Fidelity, WIFI).
- the communication link information may be Bluetooth pairing information, or NFC tag, or access information used to access a wireless local area network.
- the access information may be a service set identifier (SSID) and an access password. For example, the router's access information or access password.
- SSID service set identifier
- the NFC access control identification information is used to identify authorization information, such as NFC access control authorization information.
- terminal device C can be used as an NFC access control card to communicate with terminal device B to realize functions such as door opening.
- terminal device B is an access control terminal.
- the terminal device B is close to the terminal device C, and the terminal device B and the terminal device C can be easily and quickly established a communication connection without the user controlling the terminal device C
- terminal device B and terminal device C can share information through NFC, even if terminal device C cannot access the Internet through a cellular mobile network or wireless local area network, terminal device B can also share information with terminal device C, and the usage scenarios are not affected by the Internet. Restrictions, wider applications.
- FIG. 2 is a schematic diagram of an application scenario of an information sharing method provided by an embodiment of the present application
- FIG. 3 is a schematic diagram of a Bluetooth pairing interface provided by an embodiment of the present application.
- the user controls the mobile phone 100 to open the Bluetooth pairing interface as shown in Figure 3.
- the ID of the available device (for example, Bluetooth headset ID, laptop ID, smart watch ID) is displayed in the interactive interface, and the user clicks on the Bluetooth headset ID to trigger the mobile phone 100 and The Bluetooth headset 200 is paired. If a password is required to complete the pairing, the display interface of the mobile phone 100 will also pop up a dialog box prompting the user to enter the password. After the user enters the corresponding password in the dialog box and confirms the connection, the mobile phone 100 can complete the pairing with the Bluetooth headset 200.
- the display interface of the mobile phone 100 will also pop up a dialog box prompting the user to enter the password. After the user enters the corresponding password in the dialog box and confirms the connection, the mobile phone 100 can complete the pairing with the Bluetooth headset 200.
- the mobile phone 100 After the mobile phone 100 is paired with the Bluetooth headset 200, if the user brings the mobile phone 100 close to the laptop 300 or smart watch 400, the mobile phone 100 can perform identity verification on the laptop 300 or smart watch 400 based on NFC. When the identity of the watch 400 is legal, it establishes a communication connection with the laptop 300 or smart watch 400. After that, the mobile phone 100 can share the Bluetooth pairing information used for pairing with the Bluetooth headset 200 with the laptop 300 or smart watch 400 through short-range wireless communication technology , So that the laptop 300 or smart watch 400 saves the Bluetooth pairing information when receiving the Bluetooth pairing information, and then, when the Bluetooth headset 200 is detected, uses the Bluetooth pairing information to pair with the Bluetooth headset 200.
- the short-range wireless communication technology can be NFC communication, Bluetooth communication, or WIFI.
- the user does not need to search and select the Bluetooth headset in the interactive interface of the smart watch during the communication connection between the laptop 300 or smart watch 400 and the Bluetooth headset 200.
- ID you don’t need to enter the pairing key of the Bluetooth headset to pair the smart watch with the Bluetooth headset and establish a communication connection.
- the user does not need to participate in the whole process, which simplifies the operation steps of pairing the smart watch with the Bluetooth headset, thereby improving the establishment of mobile , The efficiency of the communication connection between smart watches, laptops and Bluetooth headsets.
- the mobile phone 100 and the laptop 300 or smart watch 400 can share information through NFC or Bluetooth, even if the laptop, smart watch, and mobile phone are not connected to the Internet, the mobile phone can be offline in an offline state. Status of the smart watch or laptop to send Bluetooth pairing information.
- terminal devices can share communication link information used to access the wireless local area network.
- FIG. 4 is a schematic diagram of an application scenario of an information sharing method provided by another embodiment of the present application.
- the mobile phone 100 For example, if the user takes the mobile phone 100 and the mobile phone 600 to a friend’s house, neither the mobile phone 100 nor the mobile phone 600 has been connected to the wireless router 500 of the friend’s house.
- click the SSID After entering the access password of the wireless router 500 in the pop-up password input interface, click to confirm "join", and the mobile phone 100 is successfully connected to the router.
- the mobile phone 100 has been connected to the wireless router of a friend's house during the last visit, and when the user arrives at the friend's house, the mobile phone 100 automatically connects to the wireless router 500 of the friend's house.
- the mobile phone 100 Since the mobile phone 600 has not been connected to a friend’s wireless router 500, when the mobile phone 100 is connected to a friend’s wireless router 500, the user can bring the mobile phone 100 close to the mobile phone 600. At this time, the mobile phone 100 authenticates the mobile phone 600 through short-range communication technology When the mobile phone 100 verifies that the identity of the mobile phone 600 is legal, the mobile phone 100 establishes a communication connection with the mobile phone 600. The mobile phone 100 and the mobile phone 600 can share the WIFI access information through short-range wireless communication technology, so that after the mobile phone 600 receives the WIFI access information and detects the wireless router 500, it can access friends based on the received WIFI access information Home wireless router 500.
- the shared WIFI access information may be the access information used to access the wireless router 500 (or personal hotspot, wireless access point), or the access information of the wireless local area network that the mobile phone 100 has accessed.
- the mobile phone 100 successfully connected to the wireless router 500 of the friend’s house, and then returned to his home, the mobile phone 100 and the mobile phone 600 exchanged the communication link information, and the mobile phone 600 saved the usage information.
- WIFI access information for accessing the wireless router 500. Then, when the user only brings the mobile phone 600 to a friend's house, when the mobile phone 600 detects the wireless router 500, it can also connect to the wireless router 500 through the pre-saved WIFI access information.
- the mobile phone 100 After the mobile phone 100 is connected to the wireless router 500, in the process of establishing a communication connection between the mobile phone 600 and the wireless router 500, the user does not need to search for the SSID of the wireless router 500 on the interactive interface of the mobile phone 600, nor enter the access of the wireless router 500.
- the mobile phone 600 With the password, the mobile phone 600 can be connected to the wireless router 500 without user involvement in the whole process, which simplifies the operation steps of the mobile phone 600 to connect to the wireless router 500, thereby improving the efficiency of the communication connection between the mobile phone 600 and the wireless router 500.
- the mobile phone 100 and the mobile phone 600 can share information through NFC or Bluetooth, even when the mobile phone 600 is not connected to the Internet, the mobile phone 100 can send the wireless router 500 access information to the mobile phone 600.
- the information sharing method provided by the embodiments of this application can be applied to mobile phones, tablet computers, wearable devices, vehicle-mounted devices, augmented reality (AR)/virtual reality (VR) devices, notebook computers, netbooks, and personal digital devices.
- AR Augmented reality
- VR virtual reality
- PDA Personal Digital Assistant
- the terminal device that is paired or connected with the terminal device can be a Bluetooth headset, a wireless access point, or a personal hotspot.
- the wearable device can also be a general term for using wearable technology to intelligently design daily wear and develop wearable devices, such as glasses, gloves, watches, clothing, and shoes.
- a wearable device is a portable device that is directly worn on the body or integrated into the user's clothes or accessories. Wearable devices are not only a hardware device, but also realize powerful functions through software support, data interaction, and cloud interaction.
- wearable smart devices include full-featured, large-sized, complete or partial functions that can be implemented without relying on mobile phones, such as smart watches or smart glasses, and only focus on a certain type of application functions, which need to be used in conjunction with other devices such as mobile phones, such as All kinds of smart bracelets and smart jewelry for physical sign monitoring.
- FIG. 5 shows a block diagram of a part of the structure of a mobile phone provided in an embodiment of the present application.
- the mobile phone 5 includes: a radio frequency (RF) circuit 510, a memory 520, an input unit 530, a display unit 540, a sensor 550, an audio circuit 560, a WIFI module 570, a processor 580, and a power supply 590.
- RF radio frequency
- FIG. 5 does not constitute a limitation on the mobile phone, and may include more or less components than those shown in the figure, or a combination of certain components, or different component arrangements.
- the components of the mobile phone 5 are specifically introduced below in conjunction with FIG. 5:
- the RF circuit 510 can be used for receiving and sending signals during information transmission or communication. In particular, after receiving the downlink information of the base station, it is processed by the processor 580; in addition, the designed uplink data is sent to the base station.
- the RF circuit includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like.
- the RF circuit 510 can also communicate with the network and other devices through wireless communication.
- the above wireless communication can use any communication standard or protocol, including but not limited to Global System of Mobile Communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division) Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), Email, Short Messaging Service (SMS), etc.
- GSM Global System of Mobile Communication
- GPRS General Packet Radio Service
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- LTE Long Term Evolution
- Email Short Messaging Service
- the memory 520 can be used to store information sharing software programs and modules.
- the processor 180 executes various functional applications and data processing of the mobile phone by running the information sharing software programs and modules stored in the memory 520.
- the information sharing software program stored in the processor 180 may be used to perform identity verification on the terminal device C as shown in FIG. 1.
- the memory 520 may mainly include a storage program area and a storage data area.
- the storage program area may store an operating system and an application program required by at least one function (such as a sound playback function, an image playback function, an NFC communication function, a Bluetooth communication function, etc.) Etc.; the storage data area can store data created according to the use of the mobile phone (such as audio data, phone book, communication link information to be shared, wireless network access information, NFC access control identification information, etc.).
- the memory 520 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
- the input unit 530 can be used to receive inputted digital or character information, and generate key signal input related to the user settings and function control of the mobile phone 5.
- the input unit 530 may include a touch panel 531 and other input devices 532.
- the touch panel 531 also called a touch screen, can collect the user's touch operations on or near it (for example, the user uses any suitable objects or accessories such as fingers, stylus, etc.) on the touch panel 531 or near the touch panel 531. Operation), and drive the corresponding connection device according to the preset program.
- the touch panel 531 may include two parts: a touch detection device and a touch controller.
- the touch detection device detects the user's touch position, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it To the processor 580, and can receive and execute the commands sent by the processor 580.
- the touch panel 531 can be implemented in multiple types such as resistive, capacitive, infrared, and surface acoustic wave.
- the input unit 530 may also include other input devices 532.
- the other input device 532 may include, but is not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, and joystick.
- the display unit 540 may be used to display information input by the user or information provided to the user and various menus of the mobile phone.
- the display unit 540 may include a display panel 541.
- the display panel 541 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), etc.
- the touch panel 531 can cover the display panel 541. When the touch panel 531 detects a touch operation on or near it, it transmits it to the processor 580 to determine the type of the touch event, and then the processor 580 responds to the touch event. The type provides corresponding visual output on the display panel 541.
- the touch panel 531 and the display panel 541 are used as two independent components to realize the input and input functions of the mobile phone, but in some embodiments, the touch panel 531 and the display panel 541 can be integrated. Realize the input and output functions of mobile phones.
- the mobile phone 5 may also include at least one sensor 550, such as a light sensor, a motion sensor, and other sensors.
- the light sensor can include an ambient light sensor and a proximity sensor.
- the ambient light sensor can adjust the brightness of the display panel 541 according to the brightness of the ambient light.
- the proximity sensor can close the display panel 541 and/or when the mobile phone is moved to the ear. Or backlight.
- the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three-axis), and can detect the magnitude and direction of gravity when stationary, and can be used to identify mobile phone posture applications (such as horizontal and vertical screen switching, related Games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; as for other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which can be configured in mobile phones, we will not here Repeat.
- mobile phone posture applications such as horizontal and vertical screen switching, related Games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.
- vibration recognition related functions such as pedometer, percussion
- other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which can be configured in mobile phones, we will not here Repeat.
- the audio circuit 560, the speaker 561, and the microphone 562 can provide an audio interface between the user and the mobile phone.
- the audio circuit 160 can transmit the electrical signal converted from the received audio data to the speaker 561, which is converted into a sound signal by the speaker 161 for output; on the other hand, the microphone 562 converts the collected sound signal into an electrical signal, and the audio circuit 560 After being received, it is converted into audio data, and then processed by the audio data output processor 580, and then sent to another mobile phone via the RF circuit 510, or the audio data is output to the memory 520 for further processing.
- WIFI is a short-distance wireless transmission technology.
- the mobile phone can help users send and receive emails, browse web pages, and access streaming media through the WIFI module 570. It provides users with wireless broadband Internet access.
- FIG. 5 shows the WIFI module 570, it is understandable that it is not a necessary component of the mobile phone 5 and can be omitted as needed without changing the essence of the invention.
- the processor 580 is the control center of the mobile phone. It uses various interfaces and lines to connect various parts of the entire mobile phone, and executes by running or executing software programs and/or modules stored in the memory 520, and calling data stored in the memory 520. Various functions and processing data of the mobile phone can be used to monitor the mobile phone as a whole.
- the processor 580 may include one or more processing units; preferably, the processor 580 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, and application programs, etc. , The modem processor mainly deals with wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 580.
- the mobile phone 5 also includes a power source 590 (such as a battery) for supplying power to various components.
- a power source 590 such as a battery
- the power source may be logically connected to the processor 580 through a power management system, so that functions such as charging, discharging, and power consumption management can be managed through the power management system.
- the mobile phone 5 may also include a camera.
- the position of the camera on the mobile phone 500 may be front or rear, which is not limited in the embodiment of the present application.
- the mobile phone 5 may include a single camera, a dual camera, or a triple camera, etc., which is not limited in the embodiment of the present application.
- the mobile phone 5 may include three cameras, of which one is a main camera, one is a wide-angle camera, and one is a telephoto camera.
- the multiple cameras may be all front-mounted, or all rear-mounted, or partly front-mounted and another part rear-mounted, which is not limited in the embodiment of the present application.
- the mobile phone 5 may also include a Bluetooth module and the like.
- the Bluetooth module is used to set the Bluetooth pairing information used to connect the Bluetooth headset 200 according to the preset when the mobile phone 100 and the Bluetooth headset 200 as shown in FIG. 2 are paired.
- the storage path of is stored in the memory 580, and is also used to obtain the Bluetooth pairing information for connecting the Bluetooth headset 200 from the memory 580 based on the preset storage path when the mobile phone 100 establishes a communication connection with the notebook circuit 300 or the smart watch 400,
- the Bluetooth communication technology is used to send the acquired Bluetooth pairing information to the notebook circuit 300 or the smart watch 400, etc., which will not be repeated here.
- FIG. 6 is a schematic flowchart of an information sharing method provided by an embodiment of the present application. As an example and not a limitation, the method can be applied to the above-mentioned mobile phone 5.
- the information sharing method in this example includes the following steps:
- the first terminal device may store the identity information of the third terminal device. It is understandable that the first terminal device can be not only a mobile phone, but also a laptop, tablet, wearable device, etc.; the second terminal device includes but is not limited to Bluetooth headsets, routers, access points, and personal hotspots. Equipment, mobile phones, access control terminals.
- the third terminal device may be a mobile phone, or a terminal such as a notebook computer, a tablet computer, and a wearable device.
- the third terminal device may be in an offline state, that is, the third terminal device has not enabled the cellular mobile network and the wireless local area network, or currently cannot access the Internet through the cellular mobile network or wireless local area network.
- the first terminal device After the first terminal device and the second terminal device establish a communication connection, when the user needs to share the information in the first terminal device to the third terminal device, the first terminal device can be moved to the location where the third terminal device is located. Bring the first terminal device close to the third terminal device.
- the first terminal device may detect the detection signal transmitted by the third terminal device, and obtain the received Signal Strength Indication (RSSI) value of the detection signal transmitted by the third terminal device. Since the RSSI value is related to the distance between the receiving end and the transmitting end, to a certain extent, the closer the distance, the larger the RSSI value. Therefore, the first terminal device can compare the RSSI values obtained at two adjacent moments. The RSSI values acquired at two adjacent moments gradually increase, and it is determined that the first terminal device is approaching the position where the third terminal device is located. At this time, the first terminal device may perform identity verification on the third terminal device based on the near field communication technology.
- RSSI Signal Strength Indication
- the first terminal device may use a short-range wireless communication technology to detect whether a third terminal device exists around the first terminal device, and when the third terminal device is detected, perform identity verification on the third terminal device based on NFC.
- the user can turn on the Bluetooth function through the setting interface and bring the first terminal device close to the third terminal device.
- the first terminal device turns on the Bluetooth communication function, it detects whether a Bluetooth detection signal is currently received, and when it detects Bluetooth detection signals transmitted by other devices, it is determined that there is a third terminal device around the first terminal device.
- the first terminal device detects whether the NFC detection signal is currently received when the NFC function is turned on, and when detecting the NFC detection signal transmitted by other devices, it is determined that there is a third terminal device around the first terminal device. It is understandable that when the first terminal device detects the third terminal device, it can display prompt information or prompt icons on the display interface, or remind the user through voice prompt information that the third terminal device is currently detected.
- the prompt message or prompt icon is used to remind the user that the third terminal device is currently detected.
- the first terminal device detects a third terminal device supporting Bluetooth communication, it displays the device ID of the third terminal device in the display interface (for example, the ID of the available device in the display interface as shown in FIG. 3) or Displays a prompt message indicating "A Bluetooth device that can be connected is currently detected".
- the first terminal device detects a third terminal device that supports NFC communication, it may display a schematic image of the third terminal device on the display interface, or display a prompt message indicating that “connectable NFC device is currently detected”.
- the schematic image of the third terminal device may be similar to the schematic diagram of the watch, mobile phone, tablet computer or notebook computer shown in FIG. 1.
- the first terminal device when the first terminal device detects the third terminal device, it can determine that the first terminal device is greater than or equal to the preset threshold when the RSSI value obtained at any time is confirmed.
- the distance to the third terminal device belongs to the preset distance range, and the user needs to share information between the first terminal device and the third terminal device at this time.
- the first terminal device performs identity verification on the third terminal device based on the near field communication technology.
- the preset threshold is based on the RSSI setting within the preset distance range, which can be set according to the actual situation, and there is no limitation here.
- the manner in which the first terminal device performs identity verification on the third terminal device may be: the first terminal device communicates with the third terminal device through NFC, and requests the third terminal device to return the identity information of the third terminal device.
- the first terminal device obtains the identity information of the third terminal device, it searches the identity database for the identity information that matches the identity information.
- it finds the matching identity information it determines that the identity of the third terminal device is legal.
- the matching identity information is reached, it is determined that the third terminal device is illegal.
- the identity information may be the unique identification information of the third terminal device, for example, a media access control (Media Access Control, MAC) address, a unique identification code or a unique serial number.
- the unique identification code is International Mobile Equipment Identity (IMEI).
- the identity information may also be the public key in the key pair of the third terminal device.
- the key pair includes a public key and a private key, and the key pair may be generated by the third terminal device using an asymmetric encryption algorithm.
- the method for generating a key pair using an asymmetric encryption algorithm is the prior art. For details, please refer to the related description in the prior art, which will not be repeated here.
- the identity information database prestores the identity information of the terminal device that the first terminal device allows to share information.
- the identity information of the terminal device pre-stored in the identity information database can be pre-input by the user or sent by other devices, and there is no restriction here.
- the first terminal device When confirming that the identity of the third terminal device is legal, the first terminal device sends communication link information to the third terminal device through short-range wireless communication technology to trigger the third terminal device to detect When arriving at the second terminal device, use the communication link information to establish a communication connection with the second terminal device.
- the first terminal device When the first terminal device confirms that the identity of the third terminal device is legal, it determines that the third terminal device is a trusted device, the first terminal device negotiates a communication port with the third terminal device, and establishes a secure transmission channel based on the negotiated communication port.
- the first terminal device and the third terminal device negotiate security parameters that need to be used in the secure transmission channel.
- the security parameters include communication protocol version and encryption algorithm.
- the first terminal device may obtain the communication link information from the storage area for storing the communication link information, or may pop up a dialog box to prompt the user to select the communication link information, and the user may search or select the communication link information through the interactive interface.
- the negotiated communication protocol is used to send the communication link information to the third terminal device through the secure transmission channel through the short-range wireless communication technology, so that the third terminal device receives the communication link After the information, and when the second terminal device is detected, the communication link information is used to establish a communication connection with the second terminal device.
- the short-range wireless communication technology can be NFC communication, Bluetooth communication, or WIFI.
- the short-range wireless communication technology is NFC or Bluetooth communication.
- the first terminal device and the third terminal device can share files in an offline state, so that users can realize data sharing between terminals without a network.
- the communication link information includes Bluetooth pairing information for pairing with the second terminal device, so that the third terminal device can receive After the Bluetooth pairing information is received and the second terminal device is detected, the Bluetooth pairing information is used to perform Bluetooth pairing with the second terminal device.
- the communication link information may also include wireless network access information and/or NFC access control identification information.
- the default communication link information is the communication link information used to establish the communication connection with the third terminal device.
- the communication link information may include communication link information corresponding to all third terminal devices that the first terminal device is currently connected to or has been connected to. For example, the communication link information corresponding to all wireless access points, personal hotspots, or routers that the first terminal device has connected to.
- the communication link information may be stored in the configuration file of the wireless network card management program in the first terminal device.
- the storage path of the communication link information may be /data/misc/wifi/wpa_supplicant.conf.
- the mobile phone 100 uses the negotiated communication protocol to send the Bluetooth pairing information paired with the Bluetooth headset 200 to the smart watch 400 through the established secure transmission channel, so that the smart watch 400 is
- the Bluetooth headset 200 is searched based on the Bluetooth headset ID contained in the Bluetooth pairing information.
- the Bluetooth headset 200 is found, it is based on the pairing link between the Bluetooth headset and the mobile phone and the pairing key used during Bluetooth pairing , Establish a communication connection with the Bluetooth headset 200.
- the mobile phone 100 When the mobile phone 100 establishes a secure transmission channel with the notebook computer 300, it can also obtain the Bluetooth pairing information used for pairing with the Bluetooth headset 200 from the local database; and use the negotiated communication protocol to pass the Bluetooth pairing information with The secure transmission channel of the laptop 300 is sent to the laptop 300, so that when the laptop 300 receives the Bluetooth pairing information, it searches for the Bluetooth headset 200 based on the Bluetooth headset ID contained in the Bluetooth pairing information, and when it finds the Bluetooth headset 200 Establish a communication connection with the Bluetooth headset 200 based on the pairing link between the Bluetooth headset and the mobile phone and the pairing key used during Bluetooth pairing.
- the user does not need to search for the ID of the Bluetooth headset and input the pairing password in the smart watch 400 and the laptop 300, and the smart watch 400 and the laptop 300 can automatically connect to the Bluetooth headset 200.
- the mobile phone 100 when the mobile phone 100 establishes a secure transmission channel for data interaction with the mobile phone 600, the negotiated communication protocol is adopted to transmit the WIFI access information through the secure transmission with the mobile phone 600.
- the channel is sent to the mobile phone 600, so that after the mobile phone 600 receives the WIFI access information and detects the wireless router 500, it connects to the wireless router 500 based on the acquired SSID and access password.
- the mobile phone 500 can also automatically connect to the wireless router, wireless access point or personal hotspot that the mobile phone 100 has previously connected to.
- the third terminal device may also send information that needs to be shared to the first terminal device.
- the first terminal device and the third terminal device can be easily and quickly established a communication connection, and then Sharing the communication link information, so that when the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- the third terminal device detects the second terminal device, it uses the communication link information to establish a communication connection with the second terminal device.
- Neither other devices are required to participate in data interaction, nor the user to manipulate the third terminal device to allow the third terminal device to establish a communication connection with the second terminal device, which simplifies the operation of establishing a communication connection between the third terminal device and the second terminal device Steps, thereby improving the efficiency of establishing communication connections between at least three terminal devices.
- the first terminal device and the third terminal device can share files in an offline state, so that users can realize data sharing between terminals without a network.
- FIG. 7 is a detailed flowchart of S101 in the information sharing method provided by an embodiment of the present application.
- S101 may specifically include S1031 to S1033, which are specifically as follows:
- the first terminal device obtains the first identity information returned by the third terminal device through NFC when the third terminal device receives the identity authentication notification message;
- the first terminal device performs identity verification on the third terminal device based on the first identity information and the pre-stored second identity information.
- the NFC technology can be used to send an identity authentication notification message to the third terminal device to indicate that the third terminal device is receiving identity authentication
- the notification message based on the device identification of the first terminal device contained or carried in the identity authentication notification message, the first identity information of the first terminal device is returned to the first terminal device.
- the first terminal device When the first terminal device obtains the first identity information sent by the third terminal device, it searches for the identity information that matches the identity information sent by the third terminal device from the second identity information pre-stored in the identity information database, and when it finds When matching identity information, it is determined that the identity verification result of the third terminal device is the verification passed; when no matching identity information is found, it is determined that the identity verification result of the third terminal device is verification failure.
- the first identity information may include the first device identifier of the third terminal device and the first public key.
- the first identity information may include the first device identifier of the third terminal device, the first version number of the public key attribute credential, and the first random number generated by the third terminal device.
- the first random number may be generated by the third terminal device when it receives the identity authentication notification message sent by the first terminal device, or it may be generated in advance, and there is no limitation here.
- S1033 is specifically: the first terminal device slaves the identity based on the first device identity Acquire the pre-stored public key corresponding to the third terminal device from the database, and perform identity verification on the third terminal device based on the first public key and the pre-stored public key; wherein, when the first public key When the key is the same as the pre-stored public key, it is determined that the identity of the third terminal device is legal.
- the first terminal device finds the pre-stored public key corresponding to the third terminal device, it compares the first public key in the first identity information with the obtained pre-stored public key to compare the third terminal device Perform authentication.
- the comparison result is that the first public key and the pre-stored public key are the same
- the first terminal device determines that the identity of the third terminal device is legal
- the comparison result is that the first public key and the pre-stored public key are not the same
- the first terminal device A terminal device determines that the identity of the third terminal device is illegal.
- the public identity information includes the first device identification of the third terminal device, the first version number of the public key attribute credential, and the first random number generated by the third terminal device
- the public The version number of the key attribute credential is mainly used to confirm whether the other party has been revoked (removed from the trust ring), or a device newly added to the trust ring, so that offline devices can also have a certain degree of security and do not need to be online at any time Confirm the validity of each device certificate.
- S1033 includes the following steps:
- the first terminal device obtains the first public key of the third terminal device based on the first device identifier and the first version number.
- the first terminal device may search for a device ID matching the first device ID from the local database, and when it finds a matching device ID, obtain the first device ID of the public key attribute of the third terminal device from the local database based on the first device ID.
- the second version number determines whether the first public key of the third terminal device is currently obtained locally or the third terminal device is requested to return the first public key.
- the first version number is less than or equal to the first version number, obtain the first public key of the third terminal device locally; when the first version number is greater than the first version number, request the third terminal device to return the first public key .
- the third terminal device is confirmed as a newly added trusted device by searching for a device ID that matches the first device ID, and by comparing the first version number and the second version number of the public key attribute credential, Confirm whether the third terminal device is revoked credibility, so that there is a certain degree of security for offline devices, and it is not necessary to keep online to confirm the validity of the public key of each device at any time.
- the third terminal device when no matching device identification is found, the third terminal device is a newly added trusted device; when the first version number is less than the second version number and no matching device identification is found, the third terminal device is Revocation of credibility.
- S1 specifically includes: the first terminal device searches an identity database for a device identifier that matches the first device identifier;
- the matching device identifier When the matching device identifier is not found, and the first version number is greater than the second version number of the pre-stored public key attribute credential, request the third terminal device to obtain the first public key.
- the first terminal device calculates a first shared key based on its own private key and the first public key, and generates a second random number.
- the first terminal device may use the message digest algorithm to calculate the shared key based on the private key of the first terminal device and the first public key of the third terminal device; it may also use a hash algorithm to calculate the private key of the first terminal device and the first public key. 3.
- the hash value of the first public key of the terminal device obtains the shared key; other algorithms may also be used to calculate the shared key, and the method of calculating the shared key is not limited here.
- the first terminal device calculates a first identity characteristic value based on the first shared key, the second device identifier of the first terminal device, the first random number, and the second random number.
- the first terminal device may concatenate the first shared key, the second device identifier of the first terminal device, the first random number, and the second random number into a message, and use the message digest algorithm to calculate the digest value of the message to obtain the first An identity feature value.
- the first terminal device may also calculate the message authentication code (Message Authentication Code, MAC) value of the message by using the shared key to obtain the first identity characteristic value.
- message authentication code Message Authentication Code, MAC
- the first terminal device may use the device ID, the first random number, and the second random number of the first terminal device as a message M, use a message digest algorithm to calculate the digest value of the message M, and use it in the shared key Under the action, the MAC value is calculated from the summary value.
- the first terminal device uses a message authentication algorithm to calculate the MAC value of the message M with the participation of the shared key. For example, a shared key is used to encrypt the digest value of message M to obtain the MAC value, or a shared key is used to encrypt message M to obtain the MAC value.
- the first terminal device sends the first identity feature value, the second device identifier of the first terminal device, and the second version number of the public key attribute credential to the third terminal device through near field communication, and The second random number.
- the first terminal device receives the second identity characteristic value returned by the third terminal device; wherein the second identity characteristic value is calculated by the third terminal device based on the second shared key
- the second shared key, the second device identifier, the first random number, and the second random number are calculated, and the second shared key is based on the private key of the third terminal device and the The public key of the first terminal device is calculated.
- the method for the third terminal device to calculate the shared key is the same as the method for the first terminal device to calculate the shared key, and the method for the third terminal device to calculate the second identity feature value is the same as the method for the first terminal device to calculate the first identity feature value, I will not repeat them here.
- the first terminal device determines that the identity of the third terminal device is legal when confirming that the first identity characteristic value is the same as the second identity characteristic value.
- the first terminal device and the third terminal device send their own public keys to the server to register in advance by logging in the same user account.
- the third terminal device is in a disconnected state, and the first terminal device detects the third terminal device through NFC
- the third terminal device is authenticated based on the public key of the third terminal device.
- FIG. 8 is a schematic diagram of a scenario of a trust ring registration method provided by an embodiment of the present application.
- the laptop, tablet, and mobile phone are devices that have logged in to the same user account and sent their own public key to the server to register successfully, that is, they have joined the trust ring.
- Smart watches are devices that have not yet joined the circle of trust.
- each terminal device can have a public-private key pair
- the smart watch when a user purchases a new terminal device (for example, a smart watch), the smart watch can be triggered to generate a public-private key pair using an asymmetric encryption algorithm.
- the user controls the new smart watch to enter the account login interface, and enters the user account and login password in the account login interface to send a login request to the server.
- the server receives the login request, it verifies based on the registered account and registered password stored in the database Whether the user account and login password in the login request are correct, and when the user account and login password in the login request are confirmed to be correct, allow the smart watch to log in and establish a communication connection with it.
- the smart watch can display an interactive interface for successful login.
- the user can manipulate the smart watch to enter the interactive interface for registering the trust ring.
- the user can enter or select the smart watch’s public key through the interactive interface and click the "register” option.
- the registration request includes the device identification of the smart watch and its public key.
- the server When the server receives the registration request, it parses out the device identification and public key contained in the registration request, and establishes the association relationship between the device identification and public key, adds the smart watch to the trust ring, and returns the trust ring to the smart watch After that, broadcast the device identification and public key of the smart watch to the existing devices in the trust ring to notify the existing devices in the trust ring that new devices are currently joining the trust ring. To instruct existing devices in the trust ring to store the device identification and public key of the smart watch. In this way, each device that joins the trust ring has the device identities and their public keys of all devices that have joined the trust ring.
- FIG. 9 is an interaction diagram of an identity verification method provided by an embodiment of the present application.
- the first terminal device uses the following methods to authenticate the third terminal device:
- the first terminal device When the first terminal device detects the third terminal device, it may use NFC technology to send an identity authentication notification message to the third terminal device.
- the third terminal device sends authentication request information to the first terminal device.
- the authentication request information includes the device ID of the third terminal device and the version number of the public key attribute credential of the third terminal device And the first random number generated by the third terminal device.
- the first terminal device When the first terminal device receives the authentication request information sent by the third terminal device, it parses the authentication request information to obtain the device ID of the third terminal device, the version number of the third terminal device’s public key attribute credential, and the The first random number generated by the third terminal device; perform the following steps in the local public key directory:
- the version number is mainly used to confirm whether the other party has been revoked (removed from the trust ring) or a device newly added to the trust ring. In this way, there can be a certain degree of security for offline devices, and there is no need to keep online to confirm the validity of each device certificate.
- the processing strategy in the following table is processed to obtain the public key of the third terminal device.
- the third terminal device when the device ID of the third terminal device is not found, and the locally stored version number is less than the version number sent by the other party, it is determined that the third terminal device is a device newly added to the trust ring, and the third terminal device stored in the local public key directory is The public key and the public key attribute credential of the terminal device are old versions, and the public key acquisition request information is sent to the third terminal device to request the public key and the public key attribute credential of the third terminal device;
- the device ID of the third terminal device When the device ID of the third terminal device is not found, and the locally stored version number is greater than the version number sent by the other party, it is determined that the locally stored data is the latest version. After the local public key directory is last updated, the data of the third terminal device The third terminal device is no longer in the local public key directory, and the third terminal device has been revoked; at this time, the first terminal device determines that the third terminal device is not trusted and refuses to connect to the third terminal device;
- the device ID of the third terminal device When the device ID of the third terminal device is found, and the locally stored version number is greater than the version number sent by the other party, it is determined that the data stored in the local public key directory is the latest version, and the third terminal device stored in the local public key directory is used.
- the public key of the third terminal device is authenticated, and the public key of the third terminal device is obtained from the local public key directory. It is no longer necessary for the third terminal device to send the public key and public key attribute credentials.
- the first terminal device uses its private key and the public key of the third terminal device to calculate the shared key. It is understandable that the first terminal device may use the message digest algorithm to calculate the shared key based on the private key of the first terminal device and the public key of the third terminal device; it may also use a hash algorithm to calculate the private key of the first terminal device. The key and the hash value of the public key of the third terminal device are used to obtain the shared key; other algorithms may also be used to calculate the shared key, and the method of calculating the shared key is not limited here.
- the first terminal device generates a second random number, and uses the shared key to calculate the device ID of the first terminal device, the first random number generated by the third terminal device, and the second random number generated by the first terminal device.
- the MAC value of the message authentication code is the MAC value of the message authentication code.
- the first terminal device may use the device ID, the first random number, and the second random number of the first terminal device as a message M, use a message digest algorithm to calculate the digest value of the message M, and use it in the shared key Under the action, the MAC value is calculated from the summary value.
- the first terminal device uses a message authentication algorithm to calculate the MAC value of the message M with the participation of the shared key. For example, a shared key is used to encrypt the digest value of message M to obtain the MAC value, or a shared key is used to encrypt message M to obtain the MAC value.
- the first terminal device uses NFC technology to send its own device ID, the version number of its own public key attribute credential, and the second random number to the third terminal device; it is understandable that when the third terminal device needs to When the terminal device performs identity verification, the first terminal device may also send the calculated MAC value to the third terminal device, so that the third terminal device uses the shared key to verify the MAC value when calculating the shared key. Perform identity verification on the first terminal device.
- the third terminal device When obtaining the device ID of the first terminal device and the version number of the public key attribute credential, the third terminal device performs the following processing:
- the device ID of the first terminal device is not found, and the locally stored version number is less than the version number sent by the other party, it is determined that the first terminal device is a device newly added to the trust ring, and the first terminal device stored in the local public key directory
- the public key and the public key attribute credential of the terminal device are old versions, and the public key acquisition request information is sent to the first terminal device to request the public key and the public key attribute credential of the first terminal device;
- the third terminal device determines that the first terminal device is not trusted and refuses to connect to the first terminal device;
- the device ID of the first terminal device When the device ID of the first terminal device is found, and the locally stored version number is greater than the version number sent by the other party, it is determined that the data stored in the local public key directory is the latest version, and the first terminal device stored in the local public key directory is used.
- the first terminal device is authenticated by the public key of, and the public key of the first terminal device is obtained from the local public key directory. It is no longer necessary for the first terminal device to send the public key and public key attribute credentials.
- the third terminal device uses its private key and the public key of the first terminal device to calculate the shared key. It is understandable that the third terminal device may use the message digest algorithm to calculate the shared key based on the private key of the third terminal device and the public key of the first terminal device; it may also use a hash algorithm to calculate the private key of the third terminal device. The key and the hash value of the public key of the first terminal device are used to obtain the shared key; other algorithms can also be used to calculate the shared key, and the method of calculating the shared key is not limited here. Since the key agreement algorithm (Elliptic Curves Diffie-Hellman, ECDH) is exchangeable, the shared key calculated by the first terminal device and the third terminal device are the same.
- Elliptic Curves Diffie-Hellman, ECDH Elliptic Curves Diffie-Hellman
- the third terminal device uses the shared key to calculate the device ID of the first terminal device, the first random number generated by the third terminal device, and the MAC value corresponding to the second random number generated by the first terminal device.
- the method for the third terminal device to calculate the MAC value of the message authentication code is the same as the method for the first terminal device to calculate the MAC value of the message authentication code.
- the first terminal device calculating the MAC value of the message authentication code please refer to the description of the first terminal device calculating the MAC value of the message authentication code, which will not be repeated here. .
- the shared key may be used to verify the MAC value sent by the first terminal device, so as to perform identity verification on the first terminal device.
- the third terminal device may use the calculated shared key Decrypt the MAC value sent by the first terminal device. If the device ID, the first random number, and the second random number of the first terminal device are obtained by decryption, it is determined that the identity of the first terminal device is legal and the identity verification is passed; if it is obtained after decryption When the data of is different from any one of the device ID, the first random number, and the second random number of the first terminal device, it is determined that the identity of the first terminal device is illegal and the identity verification fails.
- the first terminal device when the MAC value sent by the first terminal device is encrypted by the shared key to the digest value (the digest value is calculated from the device ID of the first terminal device, the first random number, and the second random number), the first The third terminal device can use the calculated shared key to decrypt the MAC value sent by the first terminal device. If the digest value is decrypted, the message digest algorithm is used to calculate the device ID, the first random number, and the first terminal device.
- the digest value corresponding to the random number if the decrypted digest value is the same as the calculated digest value, it is determined that the identity of the first terminal device is legal and the identity verification is passed; if the decrypted digest value is different from the calculated digest value, It is determined that the identity of the first terminal device is illegal, and the identity verification fails.
- the first terminal device receives the MAC value sent by the third terminal device, it compares the received MAC value with the MAC value sent to the third terminal device. When the two are the same, it determines that the third terminal device’s If the identity is legal, the identity verification passes; when the two are different, it is determined that the identity of the third terminal device is illegal and the identity verification fails.
- the mobile phone 100 is the first terminal device
- the Bluetooth headset 200 is the accessory device
- the notebook computer 300 and the smart watch 400 are the third terminal device.
- the mobile phone 100 pre-stores the identity information of the smart watch 400 and the laptop 300
- the smart watch 400 pre-stores the identity information of the mobile phone 100 and the laptop 300
- the laptop 300 pre-stores the identity information of the mobile phone 100 and the smart watch 400 .
- the identity information is explained using the public key as an example.
- the mobile phone 100 After the mobile phone 100 establishes a communication connection with the Bluetooth headset 200, the user can bring the mobile phone 100 close to the smart watch 400. At this time, the mobile phone 100 can use Bluetooth communication technology to detect whether there is a connectable Bluetooth device within the communication range of the mobile phone 100, so as to detect other connectable Bluetooth devices carried by the user. When the mobile phone 100 detects that the user carries the smart watch 400 with the Bluetooth function turned on, the mobile phone 100 uses NFC technology to communicate with the smart watch 400 to authenticate the smart watch 400. It is understandable that, in other embodiments, the mobile phone 100 may use NFC technology to detect whether there is a connectable device supporting NFC communication within the communication range of the mobile phone 100.
- the mobile phone 100 When the mobile phone 100 detects the connectable smart watch 400 currently carried by the user, it can remind the user through a text or voice message that a connectable smart watch is currently detected, and the mobile phone 100 can use NFC technology to send an identity authentication notification message to the smart watch 400 , To instruct the smart watch 400 to send authentication request information to the mobile phone 100 when receiving the identity authentication notification message.
- the authentication request information includes the device ID of the smart watch 400, the version number of the public key attribute credential of the smart watch 400, and the smart watch 400 400 The first random number generated.
- the mobile phone 100 When the mobile phone 100 receives the authentication request information sent by the smart watch 400, it parses out the device ID of the smart watch 400, the version number of the public key attribute credential of the smart watch 400 and the first random number in the authentication request information.
- the mobile phone 100 looks up the device ID of the smart watch 400 in the local public key database, and compares the version number of the public key attribute credential stored locally with the version number of the public key attribute credential sent by the smart watch 400. Based on the search result and the comparison result, the mobile phone obtains the public key of the smart watch 400 in the following manner.
- the mobile phone 100 determines that the smart watch 400 is a newly added device to the trust ring, and sends the public to the smart watch 400 Key acquisition request information to request to acquire the public key of the smart watch 400 and public key attribute credentials.
- the mobile phone 100 finds the device ID of the smart watch 400 and the locally stored version number is greater than the version number sent by the smart watch 400, it determines that the data stored in the local directory is the latest version and uses the public key of the smart watch 400 stored locally The identity verification is performed on the third terminal device, and the public key of the smart smart watch 400 is obtained locally. It is no longer necessary for the smart smart watch 400 to send the public key and public key attribute credentials.
- the mobile phone 100 fails to find the device ID of the smart watch 400 and the locally stored version number is greater than the version number sent by the smart watch 400, it determines that the data stored in the local directory is the latest version. After the local directory is last updated , The data of the smart watch 400 is no longer in the local directory, and the smart watch 400 has been revoked. At this time, the mobile phone 100 determines that the smart watch 400 is not trusted, the smart watch 400 fails the identity verification, and the mobile phone 100 refuses to connect to the smart watch 400.
- the mobile phone 100 uses its private key and the public key of the smart watch 400 to calculate the shared key. It is understandable that the mobile phone 100 can use the message digest algorithm to calculate the shared key based on the private key of the mobile phone 100 and the public key of the smart watch 400; it can also use the hash algorithm to calculate the private key of the mobile phone 100 and the public key of the smart watch 400.
- the hash value of the key is used to obtain the shared key; other algorithms can also be used to calculate the shared key, and the method of calculating the shared key is not limited here.
- the mobile phone 100 generates a second random number, and calculates the MAC value corresponding to the device ID of the mobile phone 100, the first random number generated by the smart watch 400, and the second random number generated by the mobile phone 100 using the shared key.
- the mobile phone 100 may use the device ID, the first random number, and the second random number of the mobile phone 100 as a message M, calculate the digest value of the message M using a message digest algorithm, and use the shared secret key to calculate the digest value of the message M.
- the digest value calculates the MAC value.
- the mobile phone 100 uses a message authentication algorithm to calculate the MAC value of the message M with the participation of the shared key. For example, a shared key is used to encrypt the digest value of message M to obtain the MAC value, or a shared key is used to encrypt message M to obtain the MAC value.
- the mobile phone 100 uses NFC technology to send its own device ID, the version number of its own public key attribute credentials, and the second random number to the smart watch 400; it is understandable that when the smart watch 400 needs to authenticate the mobile phone 100, the mobile phone 100 may also send the calculated MAC value to the smart watch 400, so that when the smart watch 400 calculates the shared key, it uses the shared key to verify the MAC value sent by the mobile phone 100, thereby authenticating the mobile phone 100.
- the smart watch 400 obtains the device ID of the mobile phone 100 and the version number of the public key attribute credential, it performs the following processing:
- the smart watch 400 searches for the device ID of the mobile phone 100, and compares the locally stored version number with the version number sent by the mobile phone 100; based on the search result and the comparison result, the public key of the mobile phone 100 is obtained as follows:
- the smart watch 400 determines that the mobile phone 100 is a newly added device to the trust ring, and the local directory stores the mobile phone 100’s public
- the key and public key attribute credentials are old versions, and the public key acquisition request information is sent to the mobile phone 100 to request the public key and public key attribute credentials of the mobile phone 100.
- the smart watch 400 finds the device ID of the mobile phone 100, and the locally stored version number is greater than the version number sent by the other party, it determines that the data stored in the local directory is the latest version, and uses the public key of the mobile phone 100 stored in the local directory to 100 performs identity verification and obtains the public key of the mobile phone 100 from the local directory. It is no longer necessary for the mobile phone 100 to send the public key and public key attribute credentials.
- the smart watch 400 When the smart watch 400 does not find the device ID of the mobile phone 100, and the locally stored version number is greater than the version number sent by the mobile phone 100, it is determined that the data stored in the local directory is the latest version. After the local directory is last updated, the data of the mobile phone 100 has been updated. If the mobile phone 100 is not in the local directory, the trust qualification of the mobile phone 100 has been revoked; at this time, the smart watch 400 determines that the mobile phone 100 is not trusted, the mobile phone 100 fails the authentication, and the smart watch 400 refuses to connect to the mobile phone 100.
- the smart watch 400 uses its private key and the public key of the mobile phone 100 to calculate the shared key. It is understandable that the smart watch 400 can use the message digest algorithm to calculate the shared key based on the private key of the smart watch 400 and the public key of the mobile phone 100; it can also use the hash algorithm to calculate the private key of the smart watch 400 and the mobile phone 100. The hash value of the public key is used to obtain the shared key; other algorithms can also be used to calculate the shared key, and the method of calculating the shared key is not limited here. Since the key agreement algorithm ECDH is exchangeable, the shared keys calculated by the mobile phone 100 and the smart watch 400 are the same.
- the smart watch 400 uses the shared key to calculate the device ID of the mobile phone 100, the first random number generated by the smart watch 400, and the message authentication code MAC value corresponding to the second random number generated by the mobile phone 100, based on the mobile phone 100
- the device ID uses the NFC technology to send the calculated MAC value to the mobile phone 100.
- the method for calculating the MAC value of the message authentication code by the smart watch 400 is the same as the method for calculating the MAC value of the message authentication code by the mobile phone 100.
- the description of calculating the MAC value of the message authentication code by the mobile phone 100 please refer to the description of calculating the MAC value of the message authentication code by the mobile phone 100, which will not be repeated here.
- the shared key may be used to verify the MAC value sent by the mobile phone 100, so as to authenticate the mobile phone 100.
- the smart watch 400 may use the calculated shared key to send the mobile phone 100
- the MAC value is decrypted. If the device ID, the first random number and the second random number of the mobile phone 100 are decrypted, the identity of the mobile phone 100 is determined to be legal and the identity verification is passed; if the decrypted data is the same as the device ID of the mobile phone 100, the first random number When any one of the random number and the second random number is not the same, it is determined that the identity of the mobile phone 100 is illegal and the identity verification fails.
- the smart watch 400 can use The calculated shared key decrypts the MAC value sent by the mobile phone 100, if the digest value obtained is decrypted, and the message digest algorithm is used to calculate the digest value corresponding to the device ID, the first random number, and the second random number of the mobile phone 100; If the decrypted digest value is the same as the calculated digest value, it is determined that the identity of the mobile phone 100 is legal and the identity verification is passed; if the decrypted digest value is different from the calculated digest value, it is determined that the identity of the mobile phone 100 is illegal and the identity verification fails.
- the mobile phone 100 When the mobile phone 100 receives the MAC value sent by the smart watch 400, it compares the received MAC value with the MAC value sent to the smart watch 400. When the two are the same, the smart watch 400 is determined to be legal and the identity verification is passed. Perform S102; when the two are different, it is determined that the identity of the smart watch 400 is illegal and the identity verification fails.
- the mobile phone 100 completes the identity verification on the smart watch 400, it can display the identity verification result on the display interface or broadcast the identity verification result by voice.
- the mobile phone 100 uses Bluetooth communication technology to detect whether there is a connectable Bluetooth device at home, or the mobile phone 100 uses NFC technology to detect the mobile phone 100 Is there a connectable NFC device nearby?
- the mobile phone 100 detects the notebook computer 300 with the Bluetooth function turned on at home, it uses NFC technology to communicate with the notebook computer, and the notebook computer 300 is authenticated according to the above method.
- the mobile phone 100 is the first terminal device
- the wireless router, wireless access point or personal hotspot 500 is the third terminal device
- the mobile phone 600 is the third terminal device.
- the mobile phone 600 Since the mobile phone 600 has not been connected to the wireless router 500 of a friend’s house, when the mobile phone 100 is connected to the wireless router 500 of a friend’s house, the user can bring the mobile phone 100 close to the mobile phone 600. At this time, the mobile phone 100 detects that the short-range communication is currently enabled through Bluetooth communication or NFC. A functional mobile phone 300, and when the mobile phone 300 is detected, the NFC technology is used to verify the identity of the mobile phone 600 according to the above-mentioned method.
- the first terminal device determines that the identity of the third terminal device is legal, it determines that the identity verification is passed, and executes the above S102; when it determines that the identity of the third terminal device is not legal, this process ends.
- S102 specifically includes: encrypting the communication link information with the session key, and sending the encrypted communication link information to the The third terminal device.
- S102 is detailed, please refer to FIG. 10, which is a detailed flowchart of S102 in the information sharing method provided by an embodiment of the present application.
- S102 includes S1021 to S1022, as follows:
- the first terminal device generates a session key when confirming that the identity of the third terminal device is legal, and sends the session key to the third terminal device through a short-range wireless communication technology.
- the first terminal device encrypts the communication link information using the session key, and sends the encrypted data to the third terminal device through the short-range wireless communication technology.
- the first terminal device In S1021, the first terminal device generates a session key when confirming that the identity of the third terminal device is legal, establishes a secure transmission channel with the third terminal device, and sends the session key to the third terminal device through the secure transmission channel.
- the session key is used to encrypt or decrypt the data transmitted through the secure transmission channel using the negotiated encryption algorithm.
- the first terminal device obtains the communication link information from the storage area for storing communication link information, and uses the negotiated encryption algorithm to encrypt the communication link information with the session key, and passes the encrypted communication link information through The secure transmission channel is sent to the third terminal device.
- the first terminal device may use the public key of the third terminal device to randomly generate the session key.
- the first terminal device may be based on the shared key calculated in S101, the fixed derivation factor, the first random number generated by the third terminal device, and the second random number generated by the first terminal device, Generate a session key.
- the fixed derivation factor is a fixed random number used to identify the authentication service.
- the length of the fixed random number can be 8 bytes (Byte), but is not limited to this, and can be set to other lengths according to actual needs.
- Authentication services include but are not limited to fast file transfer, fast hotspot sharing, shared communication link, short message forwarding or call relay.
- the first terminal device Based on the shared key, the fixed derivation factor, the first random number, and the second random number, the first terminal device generates the session key by using a message digest algorithm to calculate the shared key, the fixed derivation factor, and the first random number. And the digest value of the message composed of the second random number, using the digest value as the session key; it can also be: with the participation of the shared key, the message authentication algorithm is used to calculate the shared key, the fixed derivation factor, and the first random number. The MAC value of the message composed of the number and the second random number, and the MAC value is used as the session key. It is understandable that the first terminal device may also use other algorithms to generate the session key, which is not limited here.
- the mobile phone 100 determines that the smart watch 400 is authentic, it generates a session key, establishes a secure transmission channel for data interaction with the smart watch 400, and passes the session key through The secure transmission channel is sent to the smart watch 400.
- the mobile phone 100 obtains Bluetooth pairing information for pairing with the Bluetooth headset 200 from a local database.
- the Bluetooth pairing information includes at least the ID of the Bluetooth headset, the pairing link between the Bluetooth headset and the mobile phone, and the pairing key used during Bluetooth pairing.
- the mobile phone 100 uses the session key to encrypt the Bluetooth pairing information to be shared based on the negotiated encryption algorithm, and uses the negotiated communication protocol to send the encrypted Bluetooth pairing information to the smart watch 400 through the established secure transmission channel.
- the smart watch 400 uses the session key to decrypt it to obtain the Bluetooth pairing information; and based on the Bluetooth headset ID contained in the Bluetooth pairing information, search for the Bluetooth headset 200, When arriving at the Bluetooth headset 200, a communication connection is established with the Bluetooth headset 200 based on the pairing link between the Bluetooth headset and the mobile phone and the pairing key used during Bluetooth pairing.
- the mobile phone 100 determines that the notebook computer 300 is authentic, it establishes a secure transmission channel for data interaction with the mobile phone 200 and sends the session key to the notebook computer 300 through the secure transmission channel.
- the secure transmission channel is used for the mobile phone 100 to send the encrypted Bluetooth pairing information to the notebook computer 300.
- the mobile phone 100 obtains the Bluetooth pairing information for pairing with the Bluetooth headset 200 from the local database; and based on the negotiated encryption algorithm, uses the session key to encrypt the Bluetooth pairing information to be shared, and uses the negotiated communication protocol to
- the encrypted Bluetooth pairing information is sent to the notebook computer 300 through the secure transmission channel with the notebook computer 300, so that when the notebook computer 300 receives the encrypted Bluetooth pairing information, it uses the session key to decrypt it to obtain the Bluetooth pairing information; and Based on the Bluetooth headset ID contained in the Bluetooth pairing information, search for the Bluetooth headset 200.
- the Bluetooth headset 200 When the Bluetooth headset 200 is found, establish communication with the Bluetooth headset 200 based on the pairing link between the Bluetooth headset and the mobile phone and the pairing key used during Bluetooth pairing connection.
- the user does not need to search for the ID of the Bluetooth headset and input the pairing password on the smart watch 400 and the laptop 300, and the smart watch 400 and the laptop 300 can automatically connect to the Bluetooth headset 200.
- the mobile phone 100 when the mobile phone 100 determines that the mobile phone 600 is trustworthy, it generates a session key, establishes a secure transmission channel for data interaction with the mobile phone 600, and passes the session key through the session key.
- the secure transmission channel is sent to the mobile phone 600.
- the mobile phone 100 obtains WIFI access information from a local database.
- the WIFI access information is used to access the router 500 (or personal hotspot or wireless access point).
- the WIFI access information includes at least the SSID and the access password.
- the mobile phone 100 encrypts the WIFI access information to be shared with the session key, and uses the negotiated communication protocol to send the encrypted WIFI access information to the mobile phone 600 through the secure transmission channel with the mobile phone 600, so that the mobile phone 600 is
- the session key is used to decrypt it to obtain the WIFI access information, so that the mobile phone 600 can access the wireless router based on the acquired SSID and access password when the wireless router 500 is detected 500.
- the mobile phone 100 can also send to the mobile phone 600 the respective SSIDs and access passwords corresponding to all wireless access points, personal hotspots or routers it has connected to. For example, when the user takes the mobile phone 100 to a friend’s house, manually enters the SSID and access password of the friend’s wireless router 500 on the interactive interface of the mobile phone 100, and triggers the mobile phone 100 to connect to the wireless access point. The communication link information is exchanged with the new mobile phone 600, and the WIFI access information used to access the wireless router 500 is sent to the new mobile phone 600.
- the new mobile phone 600 sends out when the wireless router 500 of the friend's home is detected
- a communication connection is established with the wireless router 500 based on the SSID and access password of the wireless router 500, so that the new mobile phone 600 automatically connects to the wireless router 500 of a friend’s home.
- the mobile phone 600 can also automatically connect to the wireless router, wireless access point or personal hotspot that the mobile phone 100 has previously connected to.
- the mobile phone 100 when the mobile phone 100 obtains the NFC access control identification information, for example, the mobile phone 100 obtains the NFC door opening permission and NFC video permission of the access control card, the mobile phone 100 establishes a secure transmission channel for data interaction with the mobile phone 600 , Use the session key to encrypt the NFC door opening permission information or NFC video permission information, and use the negotiated communication protocol to send the encrypted NFC door opening permission information or NFC video permission information to the mobile phone through the secure transmission channel with the mobile phone 600 600, so that when the mobile phone 600 receives the encrypted NFC door opening permission information or NFC video permission information, it uses the session key to decrypt it to obtain the NFC door opening permission information or NFC video permission information, so that the mobile phone 600 can be used as an NFC access control card .
- the mobile phone 600 can be close to the NFC access control sensor, so that the mobile phone 600 can release the access control based on the acquired NFC door opening permission information or NFC video permission information.
- the user does not need to manually authorize the NFC access control to the mobile phone 600, and the mobile phone 600 can also be used as an access control card.
- the first terminal device may also establish a communication connection with the third terminal device through the near field communication technology, thereby synchronizing the communication link information to the third terminal device.
- the third terminal device can establish a communication connection with the second terminal device through the communication link information shared by the first terminal device. In this way, the operation steps for establishing communication connections between at least three terminal devices can be simplified, thereby reducing user operations, and thereby improving the efficiency of establishing communication connections between at least three terminal devices.
- the first terminal device and the third terminal device exchange information through NFC, the first terminal device and the third terminal device can share files in an offline state, so that users can realize data sharing between terminals without a network.
- Encrypting the communication link information through the session key can improve the security of the data to be shared in the transmission process. Even if other untrusted devices receive the encrypted communication link information, they cannot directly obtain the communication link information. This prevents other untrusted devices from connecting to the second terminal device through the communication link information, and further protects the data security in the second terminal device.
- FIG. 11 shows a schematic block diagram of the structure of an information sharing device provided in an embodiment of the present application.
- the information sharing device 9 includes an identity verification unit 910 and an information sharing unit 920. among them,
- the identity verification unit 910 is configured to perform identity verification on the third terminal device through near field communication NFC after the first terminal device establishes a communication connection with the second terminal device and is close to the third terminal device; the identity verification unit 910 The identity verification result is sent to the information sharing unit 920.
- the identity verification unit 910 is configured to execute S101 in the embodiment corresponding to FIG. 6.
- S101 for a specific implementation process, please refer to the specific description of S101, which is not repeated here.
- the information sharing unit 920 is configured to receive the identity verification result sent by the identity verification unit 910, and when confirming that the identity of the third terminal device is legal, send communication link information to the third terminal device through short-range wireless communication technology, To trigger the third terminal device to use the communication link information to establish a communication connection with the second terminal device when the second terminal device is detected.
- the information sharing unit 920 is configured to execute S102 in the embodiment corresponding to FIG. 6.
- S102 For the specific implementation process, please refer to the specific description of S102, which is not repeated here.
- the short-range wireless communication technology may be NFC, Bluetooth communication, or wireless fidelity (Wireless-Fidelity, WIFI).
- the cellular mobile network and wireless local area network of the third terminal device are both in a closed state, and the short-range wireless communication technology is NFC or Bluetooth communication.
- the cellular mobile network and wireless local area network of the third terminal device are both turned off means that the third terminal device has not enabled the cellular mobile network and wireless local area network, or is currently unable to access the Internet through the cellular mobile network or wireless local area network.
- the second terminal device is a terminal device that has been paired with the first terminal device in advance, and the communication link information sent by the information sharing unit 920 includes Bluetooth pairing information for pairing with the second terminal device , So that after receiving the Bluetooth pairing information and detecting the second terminal device, the third terminal device uses the received Bluetooth pairing information to pair with the second terminal device.
- the communication link information sent by the information sharing unit 920 includes wireless network access information and/or NFC access control identification information.
- the wireless network access information is used to connect to routers, access points or personal hotspots.
- the access information can be SSID and access password.
- the third terminal when entering the signal coverage area of the wireless network corresponding to any SSID, the third terminal can access the wireless network currently accessed by the first terminal device or the wireless network previously accessed through the wireless network access information. .
- the NFC access control identification information is used to identify authorization information, such as NFC access control authorization information.
- the third terminal device can be used as an NFC access control card to communicate with the second terminal device to realize functions such as door opening.
- FIG. 12 is a schematic structural diagram of an identity verification unit provided by an embodiment of the present application.
- the identity verification unit 910 includes:
- the sending unit 911 is configured to send an identity authentication notification message to the third terminal device through NFC when the first terminal device is close to the third terminal device; the sending unit 911 sends a notification message to the receiving unit 912 to notify the receiving unit 912 receives the first identity information returned by the third terminal device.
- the receiving unit 912 is configured to receive the notification message sent by the sending unit 911, and obtain the first identity information returned by the third terminal device via NFC when the third terminal device receives the identity authentication notification message; the receiving unit 912 transfers the first identity The information is sent to the verification unit 913.
- the verification unit 913 is configured to receive the first identity information sent by the receiving unit 912, and perform identity verification on the third terminal device based on the first identity information and the pre-stored second identity information.
- the first identity information includes a first device identifier and a first public key of the third terminal device
- the verification unit 913 is specifically configured to: obtain the pre-stored public key corresponding to the third terminal device from the identity database based on the first device identifier, and pair the first public key and the pre-stored public key to the The third terminal device performs identity verification; wherein, when the first public key and the pre-stored public key are the same, it is determined that the identity of the third terminal device is legal.
- the first identity information includes the first device identifier of the third terminal device, the first version number of the public key attribute credential, and the first random number generated by the third terminal device;
- FIG. 13 is a schematic structural diagram of an identity verification unit provided by another embodiment of the present application.
- the verification unit 913 may specifically include:
- the public key obtaining unit 9131 is configured to receive the first identity information sent by the receiving unit 912, and obtain the third terminal based on the first device identifier and the first version number in the first identity information The first public key of the device; the public key obtaining unit 9131 sends the first public key to the random number generating unit 9132;
- the random number generation unit 9132 is configured to receive the first public key sent by the public key acquisition unit 9131, calculate the first shared key based on its own private key and the first public key, and generate a second random number; The number generation unit 9132 sends the first shared key, the second device identifier of the first terminal device, the first random number, and the second random number to the calculation unit 9133;
- the calculation unit 9133 is configured to receive data sent by the random number generation unit 9132, based on the first shared key, the second device identifier of the first terminal device, the first random number, and the second random number , Calculate the first identity characteristic value; the calculation unit 9133 sends the first identity characteristic value to the comparison unit 9134, and informs the sending unit 911 to send the first identity characteristic value, the first identity characteristic value, and the first identity characteristic value to the third terminal device.
- the sending unit 911 is further configured to receive the notification message sent by the sending unit 911, and send the first identity feature value, the second device identifier of the first terminal device, and the public key attribute to the third terminal device through near field communication.
- the second version number of the credential and the second random number; the sending unit 911 informs the receiving unit to receive the second identity feature value sent by the third terminal device;
- the receiving unit 912 is further configured to: receive the notification message sent by the sending unit 911, and receive the second identity characteristic value returned by the third terminal device; wherein the second identity characteristic value is calculated by the third terminal device.
- the second shared key is calculated based on the second shared key, the second device identifier, the first random number, and the second random number, the second shared key is based on the first Third, the private key of the terminal device and the public key of the first terminal device are calculated; the receiving unit 912 sends the second identity characteristic value to the comparing unit 9134;
- the comparing unit 9134 is configured to receive the first identity characteristic value sent by the calculating unit 9133 and the second identity characteristic value sent by the receiving unit 912, and compare the first identity characteristic value with the second identity characteristic When it is confirmed that the first identity characteristic value is the same as the second identity characteristic value, it is determined that the identity of the third terminal device is legal.
- the public key obtaining unit 9131 is specifically configured to:
- the matching device identifier When the matching device identifier is not found, and the first version number is greater than the second version number of the pre-stored public key attribute credential, request the third terminal device to obtain the first public key.
- the public key obtaining unit 9131 is further configured to: when the matching device identification is not found, and the first version number is less than the second version number of the pre-stored public key attribute credential, determine that the third terminal The device identity is illegal.
- the information sharing unit 920 is specifically configured to:
- the session key is used to encrypt the communication link information, and the encrypted data is sent to the third terminal device through the short-range wireless communication technology.
- the communication link information is encrypted by the session key, which can improve the security of the data to be shared in the transmission process. Even if other untrusted devices receive the encrypted communication link information, they cannot directly obtain the communication. Link information, thereby preventing other untrusted devices from connecting to the second terminal device through the communication link information, and further protecting data security in the second terminal device.
- At least two terminal devices can share files in an offline state, so that users can share data between terminals without a network.
- FIG. 14 is a schematic structural diagram of a terminal device provided by an embodiment of this application.
- the terminal device 1414 includes: at least one processor 1410 (only one is shown in FIG. 14), a processor, a memory 1420, and a memory 1420 stored in the memory 1420 and available on the at least one processor 1410
- a running computer program 1421 is executed, and the processor 1410 implements the steps in any of the foregoing information sharing method embodiments when the computer program 1421 is executed.
- the terminal device 14 may be a wearable device such as a mobile phone, a notebook computer, or a smart watch.
- the terminal device may include, but is not limited to, a processor 1410 and a memory 1420.
- FIG. 14 is only an example of the terminal device 14 and does not constitute a limitation on the terminal device 14. It may include more or less components than shown in the figure, or a combination of certain components, or different components. , For example, can also include input and output devices, network access devices, etc.
- the so-called processor 1410 may be a central processing unit (Central Processing Unit, CPU), and the processor 1410 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), and application specific integrated circuits (Application Specific Integrated Circuits). , ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
- the memory 1420 may be an internal storage unit of the terminal device 14 in some embodiments, such as a hard disk or memory of the terminal device 14. In other embodiments, the memory 1420 may also be an external storage device of the terminal device 14, such as a Smart Media Card (SMC), a Secure Digital (SD) card, and a flash memory card on the terminal device 14. Card) and so on. Further, the memory 1420 may also include both an internal storage unit of the terminal device 14 and an external storage device.
- the memory 1420 is used to store an operating system, an application program, a boot loader (Boot Loader), data, and other programs, such as the program code of the computer program. The memory 1420 can also be used to temporarily store data that has been output or will be output.
- the processor 1410 executes the following operations by calling the computer program 1421 stored in the memory:
- the processor 1410 is configured to: after the first terminal device establishes a communication connection with the second terminal device, and when approaching the third terminal device, perform identity verification on the third terminal device through NFC;
- the communication link information is used to establish a communication connection with the second terminal device.
- the cellular mobile network and the wireless local area network of the third terminal device are both in a closed state, and the short-range wireless communication technology is NFC or Bluetooth communication.
- the second terminal device is a terminal device that has been paired with the first terminal device in advance, and the communication link information includes Bluetooth pairing information used for pairing with the second terminal device.
- the communication link information includes wireless network access information and/or NFC access control identification information.
- processor 1410 is specifically configured to:
- the first identity information includes a first device identifier and a first public key of the third terminal device
- the processor 1410 is specifically configured to obtain a pre-stored public key corresponding to the third terminal device from an identity database based on the first device identifier, and to pair the public key based on the first public key and the pre-stored public key.
- the third terminal device performs identity verification; wherein, when the first public key and the pre-stored public key are the same, it is determined that the identity of the third terminal device is legal.
- the first identity information includes the first device identifier of the third terminal device, the first version number of the public key attribute credential, and the first random number generated by the third terminal device;
- the processor 1410 is specifically used for:
- the control antenna sends the first identity feature value, the second device identifier of the first terminal device, the second version number of the public key attribute credential, and the second random number to the third terminal device through near field communication ;
- the second identity characteristic value is calculated by the third terminal device based on the second shared key when calculating the second shared key
- the secret key, the second device identifier, the first random number, and the second random number are calculated, and the second shared key is based on the private key of the third terminal device and the first terminal device
- the public key of is calculated;
- processor 1410 is specifically configured to include:
- the matching device identifier When the matching device identifier is not found, and the first version number is greater than the second version number of the pre-stored public key attribute credential, request the third terminal device to obtain the first public key.
- the processor 1410 is specifically configured to: when the matching device identifier is not found, and the first version number is less than the pre-stored When the second version number of the public key attribute credentials, it is determined that the identity of the third terminal device is illegal.
- processor 1410 is specifically configured to include:
- the session key is used to encrypt the communication link information, and the antenna is controlled to send the encrypted data to the third terminal device through the short-range wireless communication technology.
- the disclosed device and method may be implemented in other ways.
- the system embodiment described above is merely illustrative.
- the division of the modules or units is only a logical function division.
- there may be other division methods for example, multiple units or components may be Combined or can be integrated into another system, or some features can be ignored or not implemented.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
- the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
- the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
- the computer program can be stored in a computer-readable storage medium. When executed by the processor, the steps of the foregoing method embodiments can be implemented.
- the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
- the computer-readable medium may include at least: any entity or device capable of carrying computer program code to the terminal device 14, recording medium, computer memory, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium.
- any entity or device capable of carrying computer program code to the terminal device 14 recording medium, computer memory, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium.
- ROM read-only memory
- RAM Random Access Memory
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
本申请适用于通信技术领域,提供了一种信息共享方法、终端设备、存储介质及计算机程序产品,该信息共享方法包括:在第一终端设备与第二终端设备建立通信连接之后,将第一终端设备靠近第三终端设备时,第一终端设备通过近场通信NFC对第三终端设备进行身份验证;第一终端设备在确认第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送给第三终端设备,以便第三终端设备在接收到通信链路信息后,并且检测到第二终端设备时,使用该通信链路信息与第二终端设备建立通信连接。上述方案,将第一终端设备靠近第三终端设备时即可方便快捷地建立通信连接并实现信息共享,可简化第三终端设备与第二终端设备建立通信连接的操作步骤。
Description
本申请要求于2019年08月09日提交国家知识产权局、申请号为201910735944.6、申请名称为“信息共享方法、终端设备、存储介质及计算机程序产品”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请属于通信技术领域,尤其涉及一种信息共享方法、终端设备、存储介质及计算机程序产品。
随着科学技术的发展,人们在日常生活中使用的电子设备的种类越来越多,例如,手机、可穿戴设备、平板电脑、笔记本电脑、蓝牙耳机以及路由器等。电子设备之间可以互相连接或配对。
在一应用场景中,当用户需要将至少两个终端设备与同一个蓝牙耳机配对时,用户分别通过每个终端设备的交互界面,触发终端设备搜索蓝牙设备,用户从搜索到的设备列表中选择待配对的蓝牙设备,从而使终端设备与蓝牙耳机建立通信连接。例如,当用户需要将手机、平板电脑均与同一个蓝牙耳机配对时,用户需要通过手机的交互界面控制手机与蓝牙耳机进行配对,并通过平板电脑的交互界面控制平板电脑与蓝牙耳机进行配对。
然而,这种建立至少两个终端设备与同一个蓝牙耳机之间的通信连接的方法,需要用户在每个终端设备上重复进行配对连接操作,操作较繁琐,导致配对效率较低。
发明内容
本申请实施例提供了信息共享方法、终端设备、存储介质及计算机程序产品,可以解决现有技术中,当用户需要将至少两个终端设备与另一个终端设备连接或配对时,需要用户在每个终端设备上重复进行配对或连接操作,操作较繁琐,导致操作效率较低的问题。
第一方面,本申请实施例提供了一种信息共享方法,包括:第一终端设备与第二终端设备建立通信连接;第一终端设备检测到第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证;所述第一终端设备在确认第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,所述通信链路信息用于所述第三终端设备和所述第二终端设备之间建立通信连接。
可选地,短距离无线通信技术可以为NFC、蓝牙通信或无线保真(Wireless-Fidelity,WIFI)。
可选地,所述第一终端设备在确认所述第三终端设备身份合法时,可以通过文字或语音消息等方式提示用户。第一终端设备与第三终端设备建立通信连接后,第三终端设备也可以向第一终端设备发送需要共享的信息。
第一终端设备以及第三终端设备属于同一用户账号下的可信设备,用户账号用于标识用户账号的拥有者的身份信息,用户账号可以是预先注册的华为账号。可信设备是指该用户账号的拥有者信任的用户设备,可信设备之间具有信息分享权限。第一终端设备以及第三终端设备预先已通过登录该用户账号,同步所有可信设备的身份信息。即,第一终端设备以及第三终端设备内预先存储有所有可信设备的身份信息。
上述方案,在第一终端设备与第二终端设备建立通信连接之后,将第一终端设备靠近第三终端设备时,即可方便快捷地使第一终端设备与第三终端设备建立通信连接,进而共享通信链路信 息,以使得第三终端设备在检测到第二终端设备时,使用该通信链路信息与第二终端设备建立通信连接。既不需要其他设备参与数据交互,也不需要用户操控第三终端设备即可让第三终端设备与第二终端设备建立通信连接,可简化第三终端设备与第二终端设备建立通信连接的操作步骤,进而提高建立至少三个终端设备之间的通信连接的效率。
结合第一方面,在第一方面的第一种可能的实现方式中,所述第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态,短距离无线通信技术为NFC或蓝牙通信。
其中,第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态是指:第三终端设备未启用蜂窝移动网络和无线局域网,或者当前无法通过蜂窝移动网络或无线局域网接入互联网。
本方案,由于第一终端设备与第三终端设备可以通过NFC或蓝牙通信共享信息,即使第三终端设备无法通过蜂窝移动网络或无线局域网接入互联网,第一终端设备也可与第三终端设备共享信息,使用场景不受互联网的限制,应用更广泛。
结合第一方面,在第一方面的第二种可能的实现方式中,所述第二终端设备为预先与所述第一终端设备完成配对的终端设备,所述通信链路信息包括蓝牙配对信息,第三终端设备在接收到蓝牙配对信息后,并且检测到第二终端设备时,使用接收到的蓝牙配对信息与第二终端设备进行配对。
结合第一方面,在第一方面或第一方面的第二种实现方式,在第一方面的第三种可能的实现方式中,所述通信链路信息包括无线网的接入信息和/或NFC门禁识别信息。
其中,无线网的接入信息用于连接路由器、接入点或个人热点。接入信息可以是服务集标识(Service Set Identifier,SSID)和接入密码。此时,第三终端可以在进入任一SSID对应的无线网的信号覆盖范围时,通过无线网的接入信息,接入第一终端设备当前接入的无线网或曾接入过的无线网。
NFC门禁识别信息用于标识授权信息,例如NFC门禁授权信息,此时第三终端设备可作为NFC门禁卡与第二终端设备进行通信,从而实现开门等功能。
结合第一方面,在第一方面的第四种可能的实现方式中,所述第一终端设备检测到第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证,包括:所述第一终端设备与第二终端设备建立通信连接后,并且靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;所述第一终端设备获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
结合第一方面的第四种可能的实现方式,在第一方面的第五种可能的实现方式中,所述第一身份信息包括所述第三终端设备的第一设备标识以及第一公钥;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证,包括:所述第一终端设备基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
结合第一方面的第四种可能的实现方式,在第一方面的第六种可能的实现方式中,所述第一身份信息包括所述第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由所述第三终端设备生成的第一随机数;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证,包括:所述第一终端设备基于所述第一设备标识以及所述第 一版本号,获取所述第三终端设备的第一公钥;所述第一终端设备基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数;所述第一终端设备基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值;所述第一终端设备通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;所述第一终端设备接收所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到;所述第一终端设备在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
结合第一方面的第六种可能的实现方式,在第一方面的第七种可能的实现方式中,所述第一终端设备基于所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥,包括:所述第一终端设备从身份数据库中查找与所述第一设备标识匹配的设备标识;当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
本方案中,通过比较公钥属性凭据的第一版本号以及第二版本号,来确认第三终端设备是否被撤销可信资格,或者确认第三终端设备是否为新加入的可信设备,这样对于离线设备也有一定的安全性,不必随时保持在线确认每个设备的公钥的有效性。其中,当所述第一版本号大于所述第二版本号时,判定第三终端设备为新加入的可信设备;当所述第一版本号小于所述第二版本号,且在本地数据库中未查找到与第一设备标识匹配的设备标识时,判定第三终端设备已被撤销可信资格。
结合第一方面的第七种可能的实现方式,在第一方面的第八种可能的实现方式中,所述第一终端设备从身份数据库中查找与所述第一设备标识匹配的设备标识之后,还包括:当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
结合第一方面以及第一方面的任一种实现方式,在第一方面的第九种可能的实现方式中,所述第一终端设备在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,包括:所述第一终端设备在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备;所述第一终端设备采用所述会话密钥对所述通信链路信息进行加密,并通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
本方案中,通过会话密钥对通信链路信息进行加密,能够提高待分享数据在传输过程中的安全性,即使其他不可信设备接收到加密后的通信链路信息,也无法直接获取到通信链路信息,进而避免其他不可信设备通过通信链路信息连接第二终端设备,进一步保护第二终端设备内的数据安全。
第二方面,本申请实施例提供了一种信息共享装置,包括:身份验证单元,用于第一终端设备与第二终端设备建立通信连接后,并且在靠近第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证;信息共享单元,用于在确认所述第三终端设备身份合法时,通过短距离 无线通信技术将通信链路信息发送至所述第三终端设备,以触发所述第三终端设备在检测到所述第二终端设备时,使用所述通信链路信息与第二终端设备建立通信连接。
可选地,短距离无线通信技术可以为NFC、蓝牙通信或无线保真(Wireless-Fidelity,WIFI)。
上述方案,在第一终端设备与第二终端设备建立通信连接之后,将第一终端设备靠近第三终端设备时,即可方便快捷地使第一终端设备与第三终端设备建立通信连接,进而共享通信链路信息,以使得第三终端设备在检测到第二终端设备时,使用该通信链路信息与第二终端设备建立通信连接。既不需要其他设备参与数据交互,也不需要用户操控第三终端设备即可让第三终端设备与第二终端设备建立通信连接,可简化第三终端设备与第二终端设备建立通信连接的操作步骤,进而提高建立至少三个终端设备之间的通信连接的效率。
结合第二方面,在第二方面的第一种可能的实现方式中,所述第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态,所述短距离无线通信技术为NFC或蓝牙通信。
本方案,由于第一终端设备与第三终端设备可以通过NFC或蓝牙通信共享信息,即使第三终端设备无法通过蜂窝移动网络或无线局域网接入互联网,第一终端设备也可与第三终端设备共享信息,使用场景不受互联网的限制,应用更广泛。
结合第二方面,在第二方面的第二种可能的实现方式中,所述第二终端设备为预先与所述第一终端设备完成配对的终端设备,所述通信链路信息包括蓝牙配对信息,第三终端设备在接收到蓝牙配对信息后,并且检测到第二终端设备时,使用接收到的蓝牙配对信息与第二终端设备进行配对。
结合第二方面,在第二方面或第二方面的第二种实现方式,在第二方面的第三种可能的实现方式中,所述信息共享单元发送的所述通信链路信息包括无线网的接入信息和/或NFC门禁识别信息。
其中,无线网的接入信息用于连接路由器、接入点或个人热点。接入信息可以是SSID和接入密码。此时,第三终端可以在进入任一SSID对应的无线网的信号覆盖范围时,通过无线网的接入信息,接入第一终端设备当前接入的无线网或曾接入过的无线网。
NFC门禁识别信息用于标识授权信息,例如NFC门禁授权信息,此时第三终端设备可作为NFC门禁卡与第三终端设备进行通信,从而实现开门等功能。
结合第二方面,在第二方面的第四种可能的实现方式中,所述身份验证单元包括:发送单元,用于所述第一终端设备与第二终端设备建立通信连接后,并且靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;接收单元,用于获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;验证单元,用于基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
结合第二方面的第四种可能的实现方式,在第二方面的第五种可能的实现方式中,所述第一身份信息包括所述第三终端设备的第一设备标识以及第一公钥;所述验证单元具体用于:基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
结合第二方面的第四种可能的实现方式,在第二方面的第六种可能的实现方式中,所述第一身份信息包括所述第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由所述第三终端设备生成的第一随机数;所述验证单元包括:公钥获取单元,用于基于所述第一设备标识以及 所述第一版本号,获取所述第三终端设备的第一公钥;随机数生成单元,用于基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数;计算单元,用于基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值;所述发送单元还用于所述第一终端设备通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;所述接收单元还用于:接收所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到;比较单元,用于在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
结合第二方面的第六种可能的实现方式,在第二方面的第七种可能的实现方式中,所述公钥获取单元具体用于:从身份数据库中查找与所述第一设备标识匹配的设备标识;当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
本方案中,通过比较公钥属性凭据的第一版本号以及第二版本号,来确认第三终端设备是否被撤销可信资格,或者确认第三终端设备是否为新加入的可信设备,这样对于离线设备也有一定的安全性,不必随时保持在线确认每个设备的公钥的有效性。其中,当所述第一版本号大于所述第二版本号时,判定第三终端设备为新加入的可信设备;当所述第一版本号小于所述第二版本号,且在本地数据库中未查找到与第一设备标识匹配的设备标识时,判定第三终端设备已被撤销可信资格。
结合第二方面的第七种可能的实现方式,在第二方面的第八种可能的实现方式中,所述公钥获取单元还用于:当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
结合第二方面以及第二方面的任一种实现方式,在第二方面的第九种可能的实现方式中,所述信息共享单元具体用于:在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备;采用所述会话密钥对所述通信链路信息进行加密,并通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
本方案中,通过会话密钥对通信链路信息进行加密,能够提高待分享数据在传输过程中的安全性,即使其他不可信设备接收到加密后的通信链路信息,也无法直接获取到通信链路信息,进而避免其他不可信设备通过通信链路信息连接第二终端设备,进一步保护第二终端设备内的数据安全。
第三方面,本申请实施例提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述第一方面的任一种可能的实现方式的信息共享方法。
第四方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现上述第一方面的任一种可能的实现方式的信息共享方法。
第五方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在终端设备上运行 时,使得终端设备执行上述第一方面中任一种可能的实现方式的信息共享方法。
本申请实施例与现有技术相比存在的有益效果是:
在第一终端设备与第二终端设备建立通信连接之后,将第一终端设备靠近第三终端设备时,即可方便快捷地使第一终端设备与第三终端设备建立通信连接,进而共享通信链路信息,以使得第三终端设备在检测到第二终端设备时,使用该通信链路信息与第二终端设备建立通信连接。既不需要其他设备参与数据交互,也不需要用户操控第三终端设备,即可让第三终端设备与第二终端设备建立通信连接,可简化第三终端设备与第二终端设备建立通信连接的操作步骤,进而提高建立至少三个终端设备之间的通信连接的效率。
由于第一终端设备与第三终端设备可以通过NFC或蓝牙通信共享信息,即使第三终端设备无法通过蜂窝移动网络或无线局域网接入互联网,第一终端设备也可与第三终端设备共享信息,使用场景不受互联网的限制,应用更广泛。
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
图1是本申请一实施例提供的信息共享方法的系统示意图;
图2是本申请一实施例提供的信息共享方法的应用场景示意图;
图3是本申请实施例提供的一种蓝牙配对界面的示意图;
图4是本申请另一实施例提供的信息共享方法的应用场景示意图;
图5是本申请一实施例提供的信息共享方法所适用于的手机的硬件结构示意图;
图6是本申请一实施例提供的信息共享方法的示意性流程图;
图7是本申请一实施例提供的信息共享方法中S101的细化流程图;
图8是本申请实施例提供的一种信任环的注册方法的场景示意图;
图9是本申请实施例提供的一种身份验证方法的交互图;
图10是本申请一实施例提供的信息共享方法中S102的细化流程图;
图11是本申请实施例提供的信息共享装置的结构示意图;
图12是本申请一实施例提供的身份验证单元的结构示意图;
图13是本申请另一实施例提供的身份验证单元的结构示意图;
图14是本申请实施例提供的终端设备的结构示意图。
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。
请参阅图1,图1是本申请一实施例提供的信息共享方法的系统示意图。在图1所示的系统示意图中,该系统中包括终端设备A、终端设备B以及终端设备C,终端设备A已与终端设备B建立通信连接。在本实施例中,终端设备A对应于权利要求中的第一终端设备,终端设备B对应于权利要求中的第二终端设备,终端设备C对应于权利要求中的第三终端设备。
终端设备A以及终端设备C是属于同一用户账号下的可信设备,用户账号用于标识用户账号 的拥有者的身份信息,用户账号可以是预先注册的华为账号。可信设备是指该用户账号的拥有者信任的用户设备,可信设备之间具有信息分享权限。终端设备A以及终端设备C预先已通过登录该用户账号,同步所有可信设备的身份信息。即,终端设备A以及终端设备C内预先存储有所有可信设备的身份信息。终端设备A以及终端设备C包括但不限于手机、笔记本电脑、平板电脑、可穿戴设备。终端设备B包括但不限于蓝牙耳机、路由器、接入点、个人热点设备、手机、门禁终端。
当终端设备A靠近终端设备C时,终端设备A通过近场通信(Near Field Connection,NFC)对终端设备C进行身份验证,在确认终端设备C身份合法时,终端设备A与终端设备C可以通过NFC快捷地建立通信连接,之后,终端设备A与终端设备C可以通过短距离无线通信技术共享用于连接终端设备B的通信链路信息。短距离无线通信技术可以是NFC通信,也可以是蓝牙通信,还可以是无线保真(Wireless-Fidelity,WIFI)。通信链路信息可以是蓝牙配对信息,也可以是NFC标签,还可以是用于接入无线局域网的接入信息,接入信息可以是服务集标识(Service Set Identifier,SSID)和接入密码。例如,路由器的接入信息或接入密码。
NFC门禁识别信息用于标识授权信息,例如NFC门禁授权信息,此时终端设备C可作为NFC门禁卡与终端设备B进行通信,从而实现开门等功能,此时终端设备B为门禁终端。
本申请方案,在终端设备A与终端设备B建立通信连接之后,将终端设备B靠近终端设备C,即可方便快捷地使终端设备B与终端设备C建立通信连接,不需要用户操控终端设备C,可简化终端设备C与终端设备A建立通信连接的操作步骤,进而提高建立至少三个终端设备之间的通信连接的效率。
并且,由于终端设备B与终端设备C可以通过NFC共享信息,即使终端设备C无法通过蜂窝移动网络或无线局域网接入互联网,终端设备B也可与终端设备C共享信息,使用场景不受互联网的限制,应用更广泛。
为了便于理解,下面结合具体的应用场景进行说明。
请一并参阅图2以及图3,图2是本申请一实施例提供的信息共享方法的应用场景示意图,图3是本申请实施例提供的一种蓝牙配对界面的示意图。如图2所示,在用户想要将手机、笔记本电脑、智能手表中的至少两个同时与同一个蓝牙耳机配对的应用场景下,用户操控手机100打开如图3所示的蓝牙配对界面,触发手机100搜索附近的可用设备,在搜索到可用设备时,在交互界面中显示可用设备的ID(例如,蓝牙耳机ID、笔记本电脑ID、智能手表ID),用户点击蓝牙耳机ID触发手机100与蓝牙耳机200进行配对。如果需要密码才能完成配对时,手机100的显示界面还会弹出提示用户输入密码的对话框,用户在该对话框中输入相应的密码并确认连接后,手机100即可与蓝牙耳机200完成配对。
在手机100与蓝牙耳机200完成配对后,如果用户将手机100靠近笔记本电脑300或智能手表400,手机100可以基于NFC对笔记本电脑300或智能手表400进行身份校验,在确认笔记本电脑300或智能手表400身份合法时,与笔记本电脑300或智能手表400建立通信连接,之后,手机100可以与笔记本电脑300或智能手表400通过短距离无线通信技术共享用于与蓝牙耳机200进行配对的蓝牙配对信息,以使得笔记本电脑300或智能手表400在接收到该蓝牙配对信息时,保存该蓝牙配对信息,之后,在检测到蓝牙耳机200时,使用该蓝牙配对信息与蓝牙耳机200进行配对。短距离无线通信技术可以是NFC通信,也可以是蓝牙通信,还可以是WIFI。
手机100与笔记本电脑300或智能手表400共享蓝牙配对信息后,在笔记本电脑300或智能 手表400与蓝牙耳机200建立通信连接的过程中,用户不需要在智能手表的交互界面查找、选择蓝牙耳机的ID,也不需要输入蓝牙耳机的配对密钥就可以实现智能手表与蓝牙耳机的配对并建立通信连接,全程不需要用户参与,简化了智能手表与蓝牙耳机进行配对的操作步骤,进而提高建立手机、智能手表、笔记本电脑与蓝牙耳机之间的通信连接的效率。并且,由于手机100与笔记本电脑300或智能手表400可以通过NFC或蓝牙共享信息,因此,即使笔记本电脑、智能手表以及手机在未接入互联网的情况下,手机也能在离线状态下向处于离线状态的智能手表或笔记本电脑发送蓝牙配对信息。
在另一应用场景中,终端设备之间可以共享用于接入无线局域网的通信链路信息。请一并参阅图4,图4是本申请另一实施例提供的信息共享方法的应用场景示意图。
例如,用户携带手机100和手机600去朋友家,手机100和手机600均未连接过朋友家的无线路由器500,当用户在手机100的设置界面查找到无线路由器500的SSID时,点击该SSID,在弹出的密码输入界面输入无线路由器500的接入密码后点击确认“加入”,手机100成功接入该路由器。或者手机100在上次拜访时已连接过朋友家的无线路由器,在用户到朋友家时,手机100自动连接朋友家的无线路由器500。
由于手机600未曾连接朋友家的无线路由器500,手机100在接入朋友家的无线路由器500时,用户可以将手机100靠近手机600,此时,手机100通过近程通信技术对手机600进行身份验证,手机100在验证手机600身份合法时,手机100与手机600建立通信连接。手机100与手机600可以通过短距离无线通信技术共享WIFI接入信息,以使手机600在接收到WIFI接入信息之后,并且检测到无线路由器500时,基于接收到的WIFI接入信息接入朋友家的无线路由器500。共享的WIFI接入信息可以是用于接入无线路由器500(或个人热点、无线接入点)的接入信息,还可以是手机100接入过的无线局域网的接入信息。
再例如,用户上次带手机100去朋友家,手机100成功连接了朋友家的无线路由器500,然后回到自己家后,手机100和手机600交换了通信链路信息,手机600内保存了用于接入无线路由器500的WIFI接入信息。然后,用户只带手机600再去朋友家时,手机600在检测到无线路由器500时,也可以通过预先保存的WIFI接入信息连上无线路由器500。手机100接入无线路由器500后,在手机600与无线路由器500建立通信连接的过程中,用户不需要在手机600的交互界面查找、无线路由器500的SSID,也不需要输入无线路由器500的接入密码,手机600就可以连接无线路由器500,全程不需要用户参与,简化了手机600连接无线路由器500的操作步骤,进而提高手机600与无线路由器500之间的通信连接的效率。并且,由于手机100与手机600可以通过NFC或蓝牙共享信息即使手机600在未接入互联网的情况下,手机100也能向手机600发送无线路由器500的接入信息。
可以理解的是,本申请中所使用的术语只是为了描述特定实施例的目的,而并非旨在作为对本申请的限制。如在本申请的说明书和所附权利要求书中所使用的那样,单数表达形式“一个”、“一种”、“所述”、“上述”、“该”和“这一”旨在也包括例如“一个或多个”这种表达形式,除非其上下文中明确地有相反指示。还应当理解,在本申请实施例中,“一个或多个”是指一个、两个或两个以上;“和/或”,描述关联对象的关联关系,表示可以存在三种关系;例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A、B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。
本申请实施例提供的信息共享方法可以应用于手机、平板电脑、可穿戴设备、车载设备、增 强现实(Augmented Reality,AR)/虚拟现实(Virtual Reality,VR)设备、笔记本电脑、上网本、个人数字助理(Personal Digital Assistant,PDA)等支持近程无线通信的终端设备上,本申请实施例对终端设备的具体类型不作任何限制。与终端设备通信配对或连接的终端设备可以是蓝牙耳机、无线接入点或个人热点等。
当终端设备为可穿戴设备时,该可穿戴设备还可以是应用穿戴式技术对日常穿戴进行智能化设计、开发出可以穿戴的设备的总称,如眼镜、手套、手表、服饰及鞋等。可穿戴设备即直接穿在身上,或是整合到用户的衣服或配件的一种便携式设备。可穿戴设备不仅仅是一种硬件设备,更是通过软件支持以及数据交互、云端交互来实现强大的功能。广义穿戴式智能设备包括功能全、尺寸大、可不依赖手机实现完整或者部分的功能,如智能手表或智能眼镜等,以及只专注于某一类应用功能,需要和其它设备如手机配合使用,如各类进行体征监测的智能手环、智能首饰等。
以所述终端设备为手机为例。图5示出的是与本申请实施例提供的手机的部分结构的框图。参考图5,手机5包括:射频(Radio Frequency,RF)电路510、存储器520、输入单元530、显示单元540、传感器550、音频电路560、WIFI模块570、处理器580、以及电源590等部件。本领域技术人员可以理解,图5中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。
下面结合图5对手机5的各个构成部件进行具体的介绍:
RF电路510可用于收发信息或通话过程中,信号的接收和发送,特别地,将基站的下行信息接收后,给处理器580处理;另外,将设计上行的数据发送给基站。通常,RF电路包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器(Low Noise Amplifier,LNA)、双工器等。此外,RF电路510还可以通过无线通信与网络和其他设备通信。上述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(Global System of Mobile communication,GSM)、通用分组无线服务(General Packet Radio Service,GPRS)、码分多址(Code Division Multiple Access,CDMA)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、长期演进(Long Term Evolution,LTE))、电子邮件、短消息服务(Short Messaging Service,SMS)等。
存储器520可用于存储信息共享软件程序以及模块,处理器180通过运行存储在存储器520的信息共享软件程序以及模块,从而执行手机的各种功能应用以及数据处理。例如,处理器180内存储的信息共享软件程序可用于对如图1中的终端设备C进行身份验证。存储器520可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能、NFC通信功能、蓝牙通信功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本、待共享的通信链路信息、无线网的接入信息、NFC门禁识别信息等)等。此外,存储器520可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。
输入单元530可用于接收输入的数字或字符信息,以及产生与手机5的用户设置以及功能控制有关的键信号输入。具体地,输入单元530可包括触控面板531以及其他输入设备532。触控面板531,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板531上或在触控面板531附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板531可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触 摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器580,并能接收处理器580发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板531。除了触控面板531,输入单元530还可以包括其他输入设备532。具体地,其他输入设备532可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。
显示单元540可用于显示由用户输入的信息或提供给用户的信息以及手机的各种菜单。显示单元540可包括显示面板541,可选的,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板541。进一步的,触控面板531可覆盖显示面板541,当触控面板531检测到在其上或附近的触摸操作后,传送给处理器580以确定触摸事件的类型,随后处理器580根据触摸事件的类型在显示面板541上提供相应的视觉输出。虽然在图5中,触控面板531与显示面板541是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板531与显示面板541集成而实现手机的输入和输出功能。
手机5还可包括至少一种传感器550,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板541的亮度,接近传感器可在手机移动到耳边时,关闭显示面板541和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于手机还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。
音频电路560、扬声器561,传声器562可提供用户与手机之间的音频接口。音频电路160可将接收到的音频数据转换后的电信号,传输到扬声器561,由扬声器161转换为声音信号输出;另一方面,传声器562将收集的声音信号转换为电信号,由音频电路560接收后转换为音频数据,再将音频数据输出处理器580处理后,经RF电路510以发送给比如另一手机,或者将音频数据输出至存储器520以便进一步处理。
WIFI属于短距离无线传输技术,手机通过WIFI模块570可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图5示出了WIFI模块570,但是可以理解的是,其并不属于手机5的必须构成,完全可以根据需要在不改变发明的本质的范围内而省略。
处理器580是手机的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器520内的软件程序和/或模块,以及调用存储在存储器520内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器580可包括一个或多个处理单元;优选的,处理器580可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器580中。
手机5还包括给各个部件供电的电源590(比如电池),优选的,电源可以通过电源管理系统与处理器580逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。
尽管未示出,手机5还可以包括摄像头。可选地,摄像头在手机500的上的位置可以为前置的,也可以为后置的,本申请实施例对此不作限定。
可选地,手机5可以包括单摄像头、双摄像头或三摄像头等,本申请实施例对此不作限定。
例如,手机5可以包括三摄像头,其中,一个为主摄像头、一个为广角摄像头、一个为长焦摄像头。
可选地,当手机5包括多个摄像头时,这多个摄像头可以全部前置,或者全部后置,或者一部分前置、另一部分后置,本申请实施例对此不作限定。
另外,尽管未示出,手机5还可以包括蓝牙模块等,蓝牙模块用于在如图2中的手机100与蓝牙耳机200完成配对时,将用于连接蓝牙耳机200的蓝牙配对信息按预设的存储路径存储到存储器580中,还用于在手机100与笔记本电路300或智能手表400建立通信连接时,基于预设的存储路径从存储器580中获取用于连接蓝牙耳机200的蓝牙配对信息,并采用蓝牙通信技术将获取到的蓝牙配对信息发送给笔记本电路300或智能手表400等,在此不再赘述。
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述。以下实施例可以在具有上述硬件结构的手机5上实现。以下实施例将以手机5为例,对本申请实施例提供的信息共享方法进行说明。
请参阅图6,图6是本申请一实施例提供的信息共享方法的示意性流程图,作为示例而非限定,该方法可以应用于上述手机5中。本实例中的信息共享方法包括以下步骤:
S101:第一终端设备在与第二终端设备建立通信连接后,并且靠近第三终端设备时,基于近场通信技术对所述第三终端设备进行身份验证。
其中,第一终端设备可以存储有第三终端设备的身份信息。可以理解的是,第一终端设备除了可以是手机之外,也可以是笔记本电脑、平板电脑、可穿戴设备等终端;第二终端设备包括但不限于蓝牙耳机、路由器、接入点、个人热点设备、手机、门禁终端。第三终端设备可以是手机,也可以是笔记本电脑、平板电脑、可穿戴设备等终端。
进一步地,第三终端设备可以处于离线状态,即,第三终端设备未启用蜂窝移动网络和无线局域网,或者当前无法通过蜂窝移动网络或无线局域网接入互联网。
在第一终端设备与第二终端设备建立通信连接之后,用户需要将第一终端设备内的信息共享到第三终端设备时,可以将第一终端设备向第三终端设备所在的位置移动,以使第一终端设备靠近第三终端设备。第一终端设备可以检测第三终端设备发射的探测信号,并获取接收到的第三终端设备发射的探测信号的信号强度指示(Received Signal Strength Indication,RSSI)值。由于RSSI值的大小与接收端和发射端之间的距离有关,在一定程度上距离越近,RSSI值越大,因此,第一终端设备可以比较相邻两个时刻获取到的RSSI值,当相邻两个时刻获取到的RSSI值逐渐变大,判定第一终端设备向第三终端设备所在的位置靠近。此时,第一终端设备可以基于近场通信技术对所述第三终端设备进行身份验证。
或者,第一终端设备可以采用近程无线通信技术探测在第一终端设备周围是否存在第三终端设备,并在检测到第三终端设备时,基于NFC对第三终端设备进行身份验证。
例如,用户可以通过设置界面开启蓝牙功能,并将第一终端设备靠近第三终端设备。第一终端设备在开启蓝牙通信功能时,检测当前是否接收到蓝牙探测信号,当检测到其他设备发射的蓝牙探测信号时,判定在第一终端设备周围存在第三终端设备。或者,第一终端设备在开启NFC功能时,检测当前是否接收到NFC探测信号,当检测到其他设备发射的NFC探测信号时,判定在第一终端设备周围存在第三终端设备。可以理解的是,第一终端设备在检测到第三终端设备时,可以在显示界面中显示提示信息或提示图标,或者通过语音提示信息提醒用户当前检测到第三终端 设备。该提示信息或提示图标用于提醒用户当前检测到第三终端设备。例如,第一终端设备当检测到支持蓝牙通信的第三终端设备时,在显示界面中显示第三终端设备的设备ID(例如,如图3所示的显示界面中的可用设备的ID)或者显示用于表示“当前检测到可连接的蓝牙设备”的提示信息。第一终端设备当检测到支持NFC通信的第三终端设备时,可以在显示界面显示第三终端设备的示意图像,或显示用于表示“当前检测到可连接的NFC设备”的提示信息。第三终端设备的示意图像可以类似于图1所示的手表、手机、平板电脑或笔记本电脑的示意图。
进一步地,为了更准确地确定需要共享信息的终端设备,第一终端设备在检测到第三终端设备时,可以在确认任意时刻获得的RSSI值大于或等于预设阈值时,判定第一终端设备与第三终端设备之间的距离属于预设距离范围,用户此时需要使第一终端设备与第三终端设备实现信息共享。第一终端设备基于近场通信技术对第三终端设备进行身份验证。预设阈值基于预设距离范围内的RSSI设置,具体可根据实际情况进行设置,此处不做限制。
第一终端设备对第三终端设备进行身份验证的方式可以为:第一终端设备通过NFC与第三终端设备进行通信,请求第三终端设备返回第三终端设备的身份信息。第一终端设备在获取到第三终端设备的身份信息时,从身份数据库中查找与该身份信息匹配的身份信息,在查找到匹配的身份信息时,判定第三终端设备身份合法,在未查找到匹配的身份信息时,判定第三终端设备不合法。
其中,该身份信息可以是第三终端设备的唯一身份识别信息,例如,介质访问控制(Media Access Control,MAC)地址,唯一识别码或唯一序列号。当第三终端设备为手机时,该唯一识别码为国际移动设备识别码(International Mobile Equipment Identity,IMEI)。
该身份信息也可以是第三终端设备的密钥对中的公钥。密钥对包括公钥和私钥,密钥对可以是第三终端设备采用非对称加密算法生成。采用非对称加密算法生成密钥对的方法为现有技术,具体请参阅现有技术中的相关描述,此处不赘述。
身份信息数据库中预先存储有第一终端设备允许共享信息的终端设备的身份信息。身份信息数据库中预先存储的终端设备的身份信息可以由用户预先输入,也可以由其他设备发送,此处不做限制。
S102:所述第一终端设备在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,以触发所述第三终端设备在检测到所述第二终端设备时,使用所述通信链路信息与第二终端设备建立通信连接。
第一终端设备在确认第三终端设备的身份合法时,判定第三终端设备为可信设备,第一终端设备与第三终端设备协商通信端口,并基于协商好的通信端口建立安全传输通道。第一终端设备与第三终端设备协商在安全传输通道中需要使用的安全参数。其中,安全参数包括通信协议版本以及加密算法。
第一终端设备可以从用于存储通信链路信息的存储区域获取通信链路信息,也可以弹出对话框提示用户选择通信链路信息,用户可以通过交互界面查找或选择通信链路信息。在获取到通信链路信息之后,采用协商好的通信协议,通过短距离无线通信技术将通信链路信息通过安全传输通道发送给第三终端设备,以使得第三终端设备在接收到通信链路信息之后,并且检测到第二终端设备时,使用通信链路信息与第二终端设备建立通信连接。
可以理解的是,当第三终端设备可连接无线局域网时,短距离无线通信技术可以是NFC通信,也可以是蓝牙通信,还可以是WIFI。
进一步地,当第三终端设备处于离线状态时,短距离无线通信技术为NFC或蓝牙通信。此时,第一终端设备和第三终端设备可以在离线状态共享文件,以使用户在没有网络的情况下,实现终端之间的数据共享。
进一步地,当第二终端设备为预先与第一终端设备完成配对的终端设备时,通信链路信息包括用于与第二终端设备进行配对的蓝牙配对信息,以使得第三终端设备能够在接收到蓝牙配对信息后,并且检测到第二终端设备时,使用该蓝牙配对信息与第二终端设备进行蓝牙配对。
进一步地,通信链路信息还可以包括无线网的接入信息和/或NFC门禁识别信息。
可以理解的是,第一终端设备在当前已与第三终端设备建立通信连接时,默认通信链路信息为用于与第三终端设备建立通信连接的通信链路信息。
通信链路信息可以包括第一终端设备当前连接或曾连接的所有第三终端设备对应的通信链路信息。例如,第一终端设备已连接过的所有无线接入点、个人热点或路由器各自对应的通信链路信息。
通信链路信息可以存储于第一终端设备内的无线网卡管理程序的配置文件中。例如,通信链路信息的存储路径可以为/data/misc/wifi/wpa_supplicant.conf。
例如,如图2所示的应用场景中,手机100采用协商好的通信协议,将与蓝牙耳机200进行配对的蓝牙配对信息通过建立的安全传输通道发送给智能手表400,以使智能手表400在接收到蓝牙配对信息时,基于蓝牙配对信息中包含的蓝牙耳机的ID,查找蓝牙耳机200,在查找到蓝牙耳机200时,基于蓝牙耳机与手机的配对链路以及蓝牙配对时使用的配对密钥,与蓝牙耳机200建立通信连接。
手机100在建立与笔记本电脑300之间的安全传输通道时,也可以从本地数据库中获取用于与蓝牙耳机200进行配对的蓝牙配对信息;并采用协商好的通信协议,将蓝牙配对信息通过与笔记本电脑300的安全传输通道发送给笔记本电脑300,以使笔记本电脑300在接收到蓝牙配对信息时,基于蓝牙配对信息中包含的蓝牙耳机的ID,查找蓝牙耳机200,在查找到蓝牙耳机200时,基于蓝牙耳机与手机的配对链路以及蓝牙配对时使用的配对密钥,与蓝牙耳机200建立通信连接。
此时,用户不需要在智能手表400和笔记本电脑300中查找蓝牙耳机的ID以及输入配对密码,智能手表400和笔记本电脑300就可以自动连接蓝牙耳机200。
再例如,在如图4所示的应用场景中,手机100建立用于与手机600进行数据交互的安全传输通道时,采用协商好的通信协议,将WIFI接入信息通过与手机600的安全传输通道发送给手机600,以使手机600在接收到WIFI接入信息后,并且检测到无线路由器500时,基于获取到的SSID以及接入密码,接入无线路由器500。
此时,手机500在用户没有输入WIFI接入密码时,也可以自动连接手机100之前已连接过的无线路由器、无线接入点或个人热点。
可以理解的是,第一终端设备与第三终端设备建立通信连接后,第三终端设备也可以向第一终端设备发送需要共享的信息。
上述方案,在第一终端设备与第二终端设备建立通信连接之后,将第一终端设备靠近第三终端设备时,即可方便快捷地使第一终端设备与第三终端设备建立通信连接,进而共享通信链路信息,以使得第三终端设备在检测到第二终端设备时,使用该通信链路信息与第二终端设备建立通信连接。既不需要其他设备参与数据交互,也不需要用户操控第三终端设备即可让第三终端设备 与第二终端设备建立通信连接,可简化第三终端设备与第二终端设备建立通信连接的操作步骤,进而提高建立至少三个终端设备之间的通信连接的效率。第一终端设备和第三终端设备可以在离线状态共享文件,以使用户在没有网络的情况下,实现终端之间的数据共享。
进一步地,在另一实施例中,对图1中的S101进行了细化,请阅图7,图7是本申请一实施例提供的信息共享方法中S101的细化流程图。S101可以具体包括S1031~S1033,具体如下:
S1031:所述第一终端设备在与所述第二终端设备建立通信连接后,并且靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;
S1032:所述第一终端设备获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;
S1033:所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
例如,第一终端设备与第二终端设备建立通信连接后,并且靠近第三终端设备时,可以采用NFC技术向第三终端设备发送身份认证通知消息,以指示第三终端设备在接收到身份认证通知消息时,基于身份认证通知消息包含或携带的第一终端设备的设备标识,将自身的第一身份信息返回给第一终端设备。第一终端设备在获取到第三终端设备发送的第一身份信息时,从身份信息数据库中预存的第二身份信息中查找与第三终端设备发送的身份信息相匹配的身份信息,当查找到匹配的身份信息时,判定第三终端设备的身份验证结果为验证通过;当未查找到匹配的身份信息时,判定第三终端设备的身份验证结果为验证失败。
进一步地,第一身份信息可以包括第三终端设备的第一设备标识以及第一公钥。
进一步地,第一身份信息可以包括第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由第三终端设备生成的第一随机数。第一随机数可以是第三终端设备在接收到第一终端设备发送的身份认证通知消息时生成,也可以预先生成,此处不做限制。
进一步地,在一实施方式中,当第一身份信息包括第三终端设备的第一设备标识以及第一公钥时,S1033具体为:所述第一终端设备基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
具体地,第一终端设备在查找到第三终端设备对应的预存的公钥时,将第一身份信息中的第一公钥与获取到的预存的公钥进行比较,以对第三终端设备进行身份验证。当比较结果为第一公钥和所述预存的公钥相同时,第一终端设备判定第三终端设备身份合法;当比较结果为第一公钥和所述预存的公钥不相同时,第一终端设备判定第三终端设备身份不合法。
进一步地,在另一实施方式中,当第一身份信息包括第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由第三终端设备生成的第一随机数时,公钥属性凭据的版本号主要是为了确认对方是否已被撤销(从信任环中移除),或是新加入信任环的设备,这样对于离线设备也可以有一定的安全性,不需要随时保持在线确认每个设备证书的有效性。S1033包括以下步骤:
S1:所述第一终端设备基于所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥。
第一终端设备可以从本地数据库中查找与第一设备标识匹配的设备标识,并在查找到匹配的设备标识时,基于第一设备标识从本地数据库中获取第三终端设备的公钥属性的第二版本号,基于比较结果确定当前是从本地获取第三终端设备的第一公钥,还是向第三终端设备请求返回第一 公钥。当第一版本号小于或等于第一版本号时,从本地获取第三终端设备的第一公钥;当第一版本号大于第一版本号时,向第三终端设备请求返回第一公钥。
本实施例方式中,通过查找与第一设备标识匹配的设备标识来确认第三终端设备是否为新加入的可信设备,通过比较公钥属性凭据的第一版本号以及第二版本号,来确认第三终端设备是否被撤销可信资格,这样对于离线设备也有一定的安全性,不必随时保持在线确认每个设备的公钥的有效性。
其中,当未查找到匹配的设备标识时,第三终端设备为新加入的可信设备;当第一版本号小于第二版本号,且未查找到匹配的设备标识时,第三终端设备被撤销可信资格。
进一步地,S1具体包括:所述第一终端设备从身份数据库中查找与所述第一设备标识匹配的设备标识;
当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;
当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
可以理解的是,当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
S2:所述第一终端设备基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数。
第一终端设备可以基于第一终端设备的私钥以及第三终端设备的第一公钥,采用消息摘要算法计算得到共享密钥;也可以采用哈希算法计算第一终端设备的私钥以及第三终端设备的第一公钥的哈希值,得到共享密钥;还可以通过其他算法计算共享密钥,在此不对计算共享密钥的方式做限定。
S3:所述第一终端设备基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值。
第一终端设备可以将第一共享密钥、第一终端设备的第二设备标识、第一随机数以及第二随机数拼接成一条消息,并采用消息摘要算法计算该消息的摘要值,得到第一身份特征值。
第一终端设备也可以以共享密钥计算该消息的消息认证码(Message Authentication Code,MAC)值,得到第一身份特征值。
具体地,第一终端设备可以将第一终端设备的设备ID、第一随机数以及第二随机数作为一条消息M,采用消息摘要算法计算出该消息M的摘要值,并在共享密钥的作用下由该摘要值计算出MAC值。或者,第一终端设备在共享密钥的参与下采用消息认证算法计算消息M的MAC值。例如,采用共享密钥对消息M的摘要值进行加密得到MAC值,或者采用共享密钥对消息M加密得到MAC值。
S4:所述第一终端设备通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数。
S5:所述第一终端设备接收所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到。
第三终端设备计算共享密钥的方法与第一终端设备计算共享密钥的方法相同,第三终端设备计算第二身份特征值的方法与第一终端设备计算第一身份特征值的方法相同,此处不赘述。
S6:所述第一终端设备在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
下面结合身份验证方法的交互图详细阐述身份验证过程,具体如下:
在S1之前,第一终端设备以及第三终端设备预先通过登录同一用户账号向服务器发送自己的公钥进行注册,当第三终端设备处于断网状态,且第一终端设备通过NFC检测到第三终端设备时,基于第三终端设备的公钥对第三终端设备进行身份认证。
具体地,请一并参阅图8,图8是本申请实施例提供的一种信任环的注册方法的场景示意图。图8中,笔记本电脑、平板电脑以及手机是已经登录同一用户账号,且向服务器发送自身的公钥注册成功的设备,即已加入信任环。智能手表是还未加入信任环的设备。
由于每个终端设备都可以拥有一个公私钥对,当用户购买了新的终端设备(例如,智能手表)时,可以触发智能手表采用非对称加密算法生成公私钥对。用户操控新的智能手表进入账号登录界面,并在账号登录界面中输入用户账号以及登录密码向服务器发送登录请求,服务器在接收到登录请求时,基于数据库中存储的注册账号及注册密码,校验登录请求中的用户账号以及登录密码是否正确,并在确认登录请求中的用户账号以及登录密码正确时,允许智能手表登录并与其建立通信连接。此时,智能手表可以显示登录成功的交互界面,用户可以操控智能手表进入用于注册信任环的交互界面,用户可以通过该交互界面输入或选择智能手表的公钥,并点击“注册”选项,触发智能手表向服务器发送注册请求。注册请求包括智能手表的设备标识及其公钥。
服务器在接收到注册请求时,解析出注册请求中包含的设备标识以及公钥,并建立该设备标识及公钥之间的关联关系,将智能手表添加至信任环,向智能手表返回信任环中的现有设备的设备标识及各自的公钥,之后,向信任环中的现有设备广播智能手表的设备标识以及公钥,以通知信任环中的现有设备当前有新设备加入信任环,以指示信任环中的现有设备存储智能手表的设备标识以及公钥。这样一来,加入信任环的每个设备内存有已加入信任环的所有设备的设备标识及其公钥。
请一并参阅图9,图9是本申请实施例提供的一种身份验证方法的交互图。第一终端设备采用以下方式对第三终端设备进行身份验证:
1、第一终端设备在检测到第三终端设备时,可以采用NFC技术向第三终端设备发送身份认证通知消息。
2、第三终端设备在接收到身份认证通知消息时,向第一终端设备发送认证请求信息,认证请求信息中包括第三终端设备的设备ID、第三终端设备的公钥属性凭据的版本号以及由第三终端设备生成的第一随机数。
3、第一终端设备在接收到第三终端设备发送的认证请求信息时,对认证请求信息进行解析,得到第三终端设备的设备ID、第三终端设备的公钥属性凭据的版本号以及由第三终端设备生成的第一随机数;在本地公钥目录执行以下步骤:
a)查找第三终端设备的设备ID,并比较本地公钥目录存储的版本号与对方发来的版本号,也即,比较接收到的公钥属性凭据的版本号(第三终端设备发送的公钥属性凭据的第一版本号)与本地存储的版本号(本地存储的第三终端设备对应的公钥属性凭据的第二版本号),判断接收到的公钥属性凭据的版本号是否为最新的版本号。版本号主要是为了确认对方是否已被撤销(从 信任环中移除),或是新加入信任环的设备。如此对于离线设备也可以有一定的安全性,不需要随时保持在线确认每个设备证书的有效性。
b)基于查找结果以及比较结果,按下表中的处理策略进行处理,从而获取第三终端设备的公钥。
其中,当未查找到第三终端设备的设备ID,且本地存储的版本号小于对方发来的版本号时,判定第三终端设备是新加入信任环的设备,本地公钥目录存储的第三终端设备的公钥以及公钥属性凭据为旧版本,向第三终端设备发送公钥获取请求信息,以请求获取第三终端设备的公钥以及公钥属性凭据;
当未查找到第三终端设备的设备ID,且本地存储的版本号大于对方发来的版本号时,判定本地存储的数据为最新版本,本地公钥目录最后更新后,第三终端设备的数据已不在本地公钥目录中,第三终端设备已被撤销信任资格;此时第一终端设备判定第三终端设备不可信,拒绝连接第三终端设备;
当查找到第三终端设备的设备ID,且本地存储的版本号大于对方发来的版本号时,判定本地公钥目录存储的数据为最新版本,使用本地公钥目录中存储的第三终端设备的公钥对第三终端设备进行身份验证,从本地公钥目录获取第三终端设备的公钥,不再需要第三终端设备发送公钥及公钥属性凭据。
4、第一终端设备在获取到第三终端设备的公钥时,第一终端设备以自己的私钥与第三终端设备的公钥计算共享密钥。可以理解的是,第一终端设备可以基于第一终端设备的私钥以及第三终端设备的公钥,采用消息摘要算法计算得到共享密钥;也可以采用哈希算法计算第一终端设备的私钥以及第三终端设备的公钥的哈希值,得到共享密钥;还可以通过其他算法计算共享密钥,在此不对计算共享密钥的方式做限定。
5、第一终端设备生成第二随机数,以共享密钥计算第一终端设备的设备ID、由第三终端设备生成的第一随机数以及由第一终端设备生成的第二随机数所对应的消息认证码MAC值。
具体地,第一终端设备可以将第一终端设备的设备ID、第一随机数以及第二随机数作为一条消息M,采用消息摘要算法计算出该消息M的摘要值,并在共享密钥的作用下由该摘要值计算出MAC值。或者,第一终端设备在共享密钥的参与下采用消息认证算法计算消息M的MAC值。例如,采用共享密钥对消息M的摘要值进行加密得到MAC值,或者采用共享密钥对消息M加密得到MAC值。
6、第一终端设备采用NFC技术将自己的设备ID、自己的公钥属性凭据的版本号、第二随机 数发送给第三终端设备;可以理解的是,当第三终端设备需要对第一终端设备进行身份验证时,第一终端设备还可以将计算得到的MAC值发送给第三终端设备,以使第三终端设备在计算出共享密钥时,采用共享密钥验证该MAC值,从而对第一终端设备进行身份验证。
7、第三终端设备在获取到第一终端设备的设备ID以及公钥属性凭据的版本号时,进行以下处理:
查找第一终端设备的设备ID,并比较本地存储的版本号与对方发来的版本号;基于查找结果以及比较结果,按上表中的处理策略进行处理;
其中,当未查找到第一终端设备的设备ID,且本地存储的版本号小于对方发来的版本号时,判定第一终端设备是新加入信任环的设备,本地公钥目录存储的第一终端设备的公钥以及公钥属性凭据为旧版本,向第一终端设备发送公钥获取请求信息,以请求获取第一终端设备的公钥以及公钥属性凭据;
当未查找到第一终端设备的设备ID,且本地存储的版本号大于对方发来的版本号时,判定本地公钥目录存储的数据为最新版本,本地公钥目录最后更新后,第一终端设备的数据已不在本地公钥目录中,第一终端设备已被撤销信任资格;此时第三终端设备判定第一终端设备不可信,拒绝连接第一终端设备;
当查找到第一终端设备的设备ID,且本地存储的版本号大于对方发来的版本号时,判定本地公钥目录存储的数据为最新版本,使用本地公钥目录中存储的第一终端设备的公钥对第一终端设备进行身份验证,从本地公钥目录获取第一终端设备的公钥,不再需要第一终端设备发送公钥及公钥属性凭据。
8、第三终端设备在获取到第一终端设备的公钥时,第三终端设备以自己的私钥与第一终端设备的公钥计算共享密钥。可以理解的是,第三终端设备可以基于第三终端设备的私钥以及第一终端设备的公钥,采用消息摘要算法计算得到共享密钥;也可以采用哈希算法计算第三终端设备的私钥以及第一终端设备的公钥的哈希值,得到共享密钥;还可以通过其他算法计算共享密钥,在此不对计算共享密钥的方式做限定。由于密钥协商算法(Elliptic Curves Diffie-Hellman,ECDH)具有交换性,因此,第一终端设备以及第三终端设备计算得到的共享密钥相同。
9、第三终端设备以共享密钥计算第一终端设备的设备ID、由第三终端设备生成的第一随机数以及由第一终端设备生成的第二随机数所对应的MAC值。
10、采用NFC技术将计算得到的MAC值发送给第一终端设备。
其中,第三终端设备计算消息认证码MAC值的方法与第一终端设备计算消息认证码MAC值的方法相同,具体请参阅上述第一终端设备计算消息认证码MAC值的描述,此处不赘述。
可选地,当第三终端设备接收到第一终端设备发送的MAC值时,可以采用共享密钥验证第一终端设备发送的MAC值,从而对第一终端设备进行身份验证。
例如,当第一终端设备发送的MAC值由共享密钥对第一终端设备的设备ID、第一随机数以及第二随机数进行加密得到时,第三终端设备可以采用计算得到的共享密钥对第一终端设备发送的MAC值进行解密,如果解密得到第一终端设备的设备ID、第一随机数以及第二随机数时,判定第一终端设备身份合法,身份验证通过;如果解密后得到的数据与第一终端设备的设备ID、第一随机数以及第二随机数中的任一个不相同时,判定第一终端设备身份不合法,身份验证失败。
再例如,当第一终端设备发送的MAC值由共享密钥对摘要值(该摘要值由第一终端设备的设备ID、第一随机数以及第二随机数计算得到)进行加密得到时,第三终端设备可以采用计算得到 的共享密钥对第一终端设备发送的MAC值进行解密,如果解密得到的摘要值,并采用消息摘要算法计算第一终端设备的设备ID、第一随机数以及第二随机数所对应的摘要值;如果解密得到的摘要值与计算得到的摘要值相同,判定第一终端设备身份合法,身份验证通过;如果解密得到的摘要值与计算得到的摘要值不同时,判定第一终端设备身份不合法,身份验证失败。
11、第一终端设备在接收到第三终端设备发送的MAC值时,将接收到的MAC值与发送给第三终端设备的MAC值进行比较,当两者相同时,判定第三终端设备的身份合法,身份验证通过;当两者不同时,判定第三终端设备身份不合法,身份验证失败。
为了便于理解,下面结合具体的应用场景对上述过程描述,具体如下:
请继续参阅图2,在图2中,手机100为第一终端设备,蓝牙耳机200为附件设备,笔记本电脑300以及智能手表400为第三终端设备。
在一应用场景中,假设,用户早上去上班时,携带了手机100、蓝牙耳机200以及智能手表400去上班,用户的笔记本电脑300放在家中。智能手表400以及笔记本电脑300均未接入互联网,即处于断网状态。手机100、智能手表400以及笔记本电脑300预先均通过登录同一个用户账号向服务器完成注册(注册过程具体请参阅图8及图8注册过程的相关描述),即,手机100、智能手表400以及笔记本电脑300均已加入信任环中。手机100中预先存储了智能手表400以及笔记本电脑300的身份信息,智能手表400中预先存储了手机100以及笔记本电脑300的身份信息,笔记本电脑300中预先存储了手机100以及智能手表400的身份信息。身份信息以公钥为例进行说明。
在下班回家途中,用户想要通过蓝牙耳机听音乐时,通过手机100的交互界面开启手机100的蓝牙功能并搜索蓝牙设备;当手机100的交互界面显示查找到的蓝牙耳机200的ID时,点击该ID以触发手机100连接该蓝牙耳机200;之后,在手机100弹出的配对界面中输入配对密钥,点击确认配对连接,以使手机100与蓝牙耳机200完成配对,建立通信连接。
在手机100与蓝牙耳机200建立通信连接后,用户可以将手机100靠近智能手表400。此时,手机100可以采用蓝牙通信技术检测在手机100的通信范围内是否存在可连接的蓝牙设备,以检测用户随身携带的其他可连接的蓝牙设备。手机100在检测到用户随身携带有已开启蓝牙功能的智能手表400时,采用NFC技术与智能手表400进行通信,对智能手表400进行身份验证。可以理解的是,在其他实施例中,手机100可以采用NFC技术检测在手机100的通信范围内是否存在可连接的支持NFC通信的设备。
当手机100检测到用户当前随身携带的可连接的智能手表400时,可以通过文字或语音消息提醒用户当前检测到可连接的智能手表,手机100可以采用NFC技术向智能手表400发送身份认证通知消息,以指示智能手表400在接收到身份认证通知消息时,向手机100发送认证请求信息,认证请求信息中包括智能手表400的设备ID、智能手表400的公钥属性凭据的版本号以及由智能手表400生成的第一随机数。
手机100在接收到智能手表400发送的认证请求信息时,解析出该认证请求信息中的智能手表400的设备ID、智能手表400的公钥属性凭据的版本号以及第一随机数。
手机100在本地公钥数据库中查找智能手表400的设备ID,并比较本地存储的公钥属性凭据的版本号与智能手表400发送的公钥属性凭据的版本号。手机基于查找结果以及比较结果,按以下方式获取智能手表400的公钥。
其中,手机100在未查找到智能手表400的设备ID,且本地存储的版本号小于智能手表400 发来的版本号时,判定智能手表400是新加入信任环的设备,向智能手表400发送公钥获取请求信息,以请求获取智能手表400的公钥以及公钥属性凭据。
手机100当查找到智能手表400的设备ID,且本地存储的版本号大于智能手表400发来的版本号时,判定本地目录存储的数据为最新版本,使用本地中存储的智能手表400的公钥对第三终端设备进行身份验证,从本地获取智智能手表400的公钥,不再需要智智能手表400发送公钥及公钥属性凭据。
可以理解的是,手机100在未查找到智能手表400的设备ID,且本地存储的版本号大于智能手表400发来的版本号时,判定本地目录存储的数据为最新版本,本地目录最后更新后,智能手表400的数据已不在本地目录中,智能手表400已被撤销信任资格;此时手机100判定智能手表400不可信,智能手表400身份验证失败,手机100拒绝连接智能手表400。
手机100在获取到智能手表400的公钥时,手机100以自己的私钥与智能手表400的公钥计算共享密钥。可以理解的是,手机100可以基于手机100的私钥以及智能手表400的公钥,采用消息摘要算法计算得到共享密钥;也可以采用哈希算法计算手机100的私钥以及智能手表400的公钥的哈希值,得到共享密钥;还可以通过其他算法计算共享密钥,在此不对计算共享密钥的方式做限定。
手机100生成第二随机数,以共享密钥计算手机100的设备ID、由智能手表400生成的第一随机数以及由手机100生成的第二随机数所对应的MAC值。
具体地,手机100可以将手机100的设备ID、第一随机数以及第二随机数作为一条消息M,采用消息摘要算法计算出该消息M的摘要值,并在共享密钥的作用下由该摘要值计算出MAC值。或者,手机100在共享密钥的参与下采用消息认证算法计算消息M的MAC值。例如,采用共享密钥对消息M的摘要值进行加密得到MAC值,或者采用共享密钥对消息M加密得到MAC值。
手机100采用NFC技术将自己的设备ID、自己的公钥属性凭据的版本号、第二随机数发送给智能手表400;可以理解的是,当智能手表400需要对手机100进行身份验证时,手机100还可以将计算得到的MAC值发送给智能手表400,以使智能手表400在计算出共享密钥时,采用共享密钥验证手机100发送的MAC值,从而对手机100进行身份验证。
智能手表400在获取到手机100的设备ID以及公钥属性凭据的版本号时,进行以下处理:
a)智能手表400查找手机100的设备ID,并比较本地存储的版本号与手机100发来的版本号;基于查找结果以及比较结果,按按以下方式获取手机100的公钥:
其中,智能手表400在未查找到手机100的设备ID,且本地存储的版本号小于手机100发来的版本号时,判定手机100是新加入信任环的设备,本地目录存储的手机100的公钥以及公钥属性凭据为旧版本,向手机100发送公钥获取请求信息,以请求获取手机100的公钥以及公钥属性凭据。
智能手表400当查找到手机100的设备ID,且本地存储的版本号大于对方发来的版本号时,判定本地目录存储的数据为最新版本,使用本地目录中存储的手机100的公钥对手机100进行身份验证,从本地目录获取手机100的公钥,不再需要手机100发送公钥及公钥属性凭据。
智能手表400当未查找到手机100的设备ID,且本地存储的版本号大于手机100发来的版本号时,判定本地目录存储的数据为最新版本,本地目录最后更新后,手机100的数据已不在本地目录中,手机100已被撤销信任资格;此时智能手表400判定手机100不可信,手机100身份验证失败,智能手表400拒绝连接手机100。
b)智能手表400在获取到手机100的公钥时,智能手表400以自己的私钥与手机100的公钥计算共享密钥。可以理解的是,智能手表400可以基于智能手表400的私钥以及手机100的公钥,采用消息摘要算法计算得到共享密钥;也可以采用哈希算法计算智能手表400的私钥以及手机100的公钥的哈希值,得到共享密钥;还可以通过其他算法计算共享密钥,在此不对计算共享密钥的方式做限定。由于密钥协商算法ECDH具有交换性,因此,手机100以及智能手表400计算得到的共享密钥相同。
c)智能手表400以共享密钥计算手机100的设备ID、由智能手表400生成的第一随机数以及由手机100生成的第二随机数所对应的消息认证码MAC值,并基于手机100的设备ID,采用NFC技术将计算得到的MAC值发送给手机100。
其中,智能手表400计算消息认证码MAC值的方法与手机100计算消息认证码MAC值的方法相同,具体请参阅上述手机100计算消息认证码MAC值的描述,此处不赘述。
可选地,当智能手表400接收到手机100发送的MAC值时,可以采用共享密钥验证手机100发送的MAC值,从而对手机100进行身份验证。
例如,当手机100发送的MAC值由共享密钥对手机100的设备ID、第一随机数以及第二随机数进行加密得到时,智能手表400可以采用计算得到的共享密钥对手机100发送的MAC值进行解密,如果解密得到手机100的设备ID、第一随机数以及第二随机数时,判定手机100身份合法,身份验证通过;如果解密后得到的数据与手机100的设备ID、第一随机数以及第二随机数中的任一个不相同时,判定手机100身份不合法,身份验证失败。
再例如,当手机100发送的MAC值由共享密钥对摘要值(该摘要值由手机100的设备ID、第一随机数以及第二随机数计算得到)进行加密得到时,智能手表400可以使用计算得到的共享密钥对手机100发送的MAC值进行解密,如果解密得到的摘要值,并采用消息摘要算法计算手机100的设备ID、第一随机数以及第二随机数所对应的摘要值;如果解密得到的摘要值与计算得到的摘要值相同,判定手机100身份合法,身份验证通过;如果解密得到的摘要值与计算得到的摘要值不同时,判定手机100身份不合法,身份验证失败。
手机100在接收到智能手表400发送的MAC值时,将接收到的MAC值与发送给智能手表400的MAC值进行比较,当两者相同时,判定智能手表400的身份合法,身份验证通过,执行S102;当两者不同时,判定智能手表400身份不合法,身份验证失败。
可以理解的是,手机100在对智能手表400完成身份验证时,可以在显示界面显示身份验证结果,或语音播报身份验证结果。
在另一应用场景中,当用户回到家时,用户靠近放置笔记本电脑300的位置时,手机100采用蓝牙通信技术检测在家中是否存在可连接的蓝牙设备,或者,手机100采用NFC技术检测手机100附近是否存在可连接的NFC设备。手机100在检测到家中放置的已开启蓝牙功能的笔记本电脑300时,采用NFC技术与笔记本电脑进行通信,按照上述方法对笔记本电脑300进行身份验证。
在另一应用场景中,在图4中,手机100为第一终端设备,无线路由器、无线接入点或个人热点500为第三终端设备,手机600为第三终端设备。
由于手机600未曾连接朋友家的无线路由器500,手机100在接入朋友家的无线路由器500时,用户可以将手机100靠近手机600,此时,手机100通过蓝牙通信或NFC检测当前启用近程通信功能的手机300,并在检测到手机300时,采用NFC技术按照上述方法对手机600进行身份验证。
第一终端设备在判定第三终端设备身份合法时,判定身份验证通过,执行上述S102;在判定第三终端设备身份不合法时,结束本次流程。
进一步地,当第一终端设备生成了会话密钥时,S102具体为:将通信链路信息通过所述会话密钥进行加密,并通过所述安全传输通道将加密后的通信链路信息发送至所述第三终端设备。
进一步地,在另一实施例中,对S102进行了细化,请参阅图10,图10是本申请一实施例提供的信息共享方法中S102的细化流程图。为了提高通过安全传输通道传输的数据的安全性,S102包括S1021~S1022,具体如下:
S1021:所述第一终端设备在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备。
S1022:所述第一终端设备采用所述会话密钥对所述通信链路信息进行加密,并通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
在S1021中,第一终端设备在确认第三终端设备的身份合法时,生成会话密钥,并与第三终端设备建立安全传输通道,通过安全传输通道将会话密钥发送给第三终端设备。会话密钥用于采用协商好的加密算法对通过安全传输通道传输的数据进行加密或解密。
第一终端设备从用于存储通信链路信息的存储区域获取通信链路信息,并采用协商好的加密算法,用会话密钥对通信链路信息进行加密,将加密后的通信链路信息通过安全传输通道发送给第三终端设备。
在一实施方式中,第一终端设备可以使用第三终端设备的公钥随机生成会话密钥。
在另一实施方式中,第一终端设备可以基于S101中计算得到的共享密钥、固定派生因子、由第三终端设备生成的第一随机数以及由第一终端设备生成的第二随机数,生成会话密钥。固定派生因子为用于标识认证业务的固定随机数。该固定随机数的长度可以是8字节(Byte),但并不限于此,可以根据实际需要设置为其他长度。认证业务包括但不限于文件快传、快速热点共享、共享通信链路、短信转发或通话中继。
第一终端设备基于共享密钥、固定派生因子、第一随机数以及第二随机数,生成会话密钥的方法可以是:采用消息摘要算法计算由共享密钥、固定派生因子、第一随机数以及第二随机数构成的消息的摘要值,将该摘要值作为会话密钥;还可以是:在共享密钥的参与下,采用消息认证算法计算由共享密钥、固定派生因子、第一随机数以及第二随机数构成的消息的MAC值,并将该MAC值作为会话密钥。可以理解的是,第一终端设备还可以采用其他算法生成会话密钥,此处不做限制。
下面结合具体的应用场景描述信息共享过程:
例如,在如图2所示的应用场景中,手机100在判定智能手表400可信时,生成会话密钥,建立用于与智能手表400进行数据交互的安全传输通道,并将会话密钥通过该安全传输通道发送给智能手表400。手机100从本地数据库中获取用于与蓝牙耳机200进行配对的蓝牙配对信息。蓝牙配对信息至少包括蓝牙耳机的ID、蓝牙耳机与手机的配对链路以及蓝牙配对时使用的配对密钥。之后,手机100基于协商好的加密算法,用会话密钥对待分享的蓝牙配对信息进行加密,并采用协商好的通信协议,将加密后的蓝牙配对信息通过建立的安全传输通道发送给智能手表400,以使智能手表400在接收到加密的蓝牙配对信息时,采用会话密钥对其进行解密,得到蓝牙配对信息;并基于蓝牙配对信息中包含的蓝牙耳机的ID,查找蓝牙耳机200,在查找到蓝牙耳机200时,基于蓝牙耳机与手机的配对链路以及蓝牙配对时使用的配对密钥,与蓝牙耳机200建立通信 连接。
手机100在判定笔记本电脑300可信时,建立用于与手机200进行数据交互的安全传输通道,并将会话密钥通过该安全传输通道发送给笔记本电脑300。安全传输通道用于手机100向笔记本电脑300发送加密后的蓝牙配对信息。手机100从本地数据库中获取用于与蓝牙耳机200进行配对的蓝牙配对信息;并基于协商好的加密算法,用会话密钥对待分享的蓝牙配对信息进行加密,并采用协商好的通信协议,将加密后的蓝牙配对信息通过与笔记本电脑300的安全传输通道发送给笔记本电脑300,以使笔记本电脑300在接收到加密的蓝牙配对信息时,采用会话密钥对其解密,得到蓝牙配对信息;并基于蓝牙配对信息中包含的蓝牙耳机的ID,查找蓝牙耳机200,在查找到蓝牙耳机200时,基于蓝牙耳机与手机的配对链路以及蓝牙配对时使用的配对密钥,与蓝牙耳机200建立通信连接。
此时,用户不需要在智能手表400和笔记本电脑300查找蓝牙耳机的ID以及输入配对密码,智能手表400和笔记本电脑300就可以自动连接蓝牙耳机200。
再例如,在如图4所示的应用场景中,手机100在判定手机600可信时,生成会话密钥,建立用于与手机600进行数据交互的安全传输通道,并将会话密钥通过该安全传输通道发送给手机600。手机100从本地数据库中获取WIFI接入信息,该WIFI接入信息用于接入路由器500(或个人热点、无线接入点),WIFI接入信息至少包括SSID以及接入密码。手机100用会话密钥对待分享的WIFI接入信息进行加密,并采用协商好的通信协议,将加密后的WIFI接入信息通过与手机600的安全传输通道发送给手机600,以使手机600在接收到加密的WIFI接入信息时,采用会话密钥对其解密,得到WIFI接入信息,从而使得手机能够600在检测到无线路由器500时基于获取到的SSID以及接入密码,接入无线路由器500。
可以理解的是,手机100还可以将其连接过的所有无线接入点、个人热点或路由器各自对应的SSID及接入密码发送给手机600。例如,当用户携带手机100去朋友家,在手机100的交互界面手动输入朋友家的无线路由器500的SSID和接入密码,触发手机100连接该无线接入点后,用户回家后,手机100与新手机600交换了通信链路信息,将用于接入无线路由器500的WIFI接入信息发送给了新手机600。当用户携带新手机600再次去朋友家时,由于手机600中已经同步了手机100中存储的已连接过的所有无线路由器的WIFI接入信息,新手机600在检测到朋友家的无线路由器500发出的无线信号时,基于该无线路由器500的SSID及接入密码,与该无线路由器500建立通信连接,从而使得新手机600自动连接朋友家的无线路由器500。
此时,手机600在用户没有输入WIFI接入密码时,也可以自动连接手机100之前已连接过的无线路由器、无线接入点或个人热点。
在另一应用场景中,当手机100获取了NFC门禁识别信息,例如,手机100获取了门禁卡的NFC开门权限、NFC视频权限时,手机100建立用于与手机600进行数据交互的安全传输通道,用会话密钥对NFC开门权限信息或NFC视频权限信息进行加密,并采用协商好的通信协议,将加密后的NFC开门权限信息或NFC视频权限信息通过与手机600的安全传输通道发送给手机600,以使手机600在接收到加密的NFC开门权限信息或NFC视频权限信息时,采用会话密钥对其解密,得到NFC开门权限信息或NFC视频权限信息,从而使得手机600能够作为NFC门禁卡。用户在需要通过手机600开门时,可以将手机600靠近NFC门禁感应器,以使手机600基于获取到的NFC开门权限信息或NFC视频权限信息解除门禁。
此时,用户不需要手动对手机600进行NFC门禁授权,手机600也可作为门禁卡使用。
上述方案,对于同一用户账号下的终端设备,第一终端设备在与第二终端设备建立通信连接之后,并且近距离发现第三终端设备时,即使第三终端设备处于断网状态,第一终端设备也可以通过近场通信技术与第三终端设备建立通信连接,从而将通信链路信息同步到第三终端设备。不需要用户参与,第三终端设备即可通过第一终端设备共享的通信链路信息与第二终端设备建立通信连接。通过这种方式,能够简化至少三个终端设备建立通信连接的操作步骤,从而减少用户操作,进而提高建立至少三个终端设备之间的通信连接的效率。
由于第一终端设备和第三终端设备通过NFC交换信息,第一终端设备和第三终端设备可以在离线状态共享文件,以使用户在没有网络的情况下,实现终端之间的数据共享。
通过会话密钥对通信链路信息进行加密,能够提高待分享数据在传输过程中的安全性,即使其他不可信设备接收到加密后的通信链路信息,也无法直接获取到通信链路信息,进而避免其他不可信设备通过通信链路信息连接第二终端设备,进一步保护第二终端设备内的数据安全。
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。
对应于上文实施例所述的信息共享方法,图11示出了本申请实施例提供的信息共享装置的结构示意框图,为了便于说明,仅示出了与本申请实施例相关的部分。信息共享装置9包括身份验证单元910以及信息共享单元920。其中,
身份验证单元910,用于第一终端设备与第二终端设备建立通信连接后,并且靠近第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证;身份验证单元910将身份验证结果发送给信息共享单元920。
身份验证单元910用于执行图6对应的实施例中S101,具体实现过程请参阅S101的具体描述,此处不赘述。
信息共享单元920,用于接收身份验证单元910发送的身份验证结果,在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,以触发所述第三终端设备在检测到所述第二终端设备时,使用通信链路信息与所述第二终端设备建立通信连接。
信息共享单元920用于执行图6对应的实施例中的S102,具体实现过程请参阅S102的具体描述,此处不赘述。
可选地,短距离无线通信技术可以为NFC、蓝牙通信或无线保真(Wireless-Fidelity,WIFI)。
进一步地,所述第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态,所述短距离无线通信技术为NFC或蓝牙通信。
其中,第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态是指:第三终端设备未启用蜂窝移动网络和无线局域网,或者当前无法通过蜂窝移动网络或无线局域网接入互联网。进一步地,所述第二终端设备为预先与所述第一终端设备完成配对的终端设备,信息共享单元920发送的所述通信链路信息包括用于与第二终端设备进行配对的蓝牙配对信息,以使第三终端设备在接收到蓝牙配对信息后,并且检测到第二终端设备时,使用接收到的蓝牙配对信息与第二终端设备进行配对。
进一步地,信息共享单元920发送的所述通信链路信息包括无线网的接入信息和/或NFC门禁识别信息。
其中,无线网的接入信息用于连接路由器、接入点或个人热点。接入信息可以是SSID和接入 密码。此时,第三终端可以在进入任一SSID对应的无线网的信号覆盖范围时,通过无线网的接入信息,接入第一终端设备当前接入的无线网或曾接入过的无线网。
NFC门禁识别信息用于标识授权信息,例如NFC门禁授权信息,此时第三终端设备可作为NFC门禁卡与第二终端设备进行通信,从而实现开门等功能。
可选地,请一并参阅图12,图12是本申请一实施例提供的身份验证单元的结构示意图,身份验证单元910包括:
发送单元911,用于所述第一终端设备在靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;发送单元911向接收单元912发送通知消息,以通知接收单元912接收第三终端设备返回的第一身份信息。
接收单元912,用于接收发送单元911发送的通知消息,获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;接收单元912将所述第一身份信息发送给验证单元913。
验证单元913,用于接收接收单元912发送的第一身份信息,基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
进一步地,所述第一身份信息包括所述第三终端设备的第一设备标识以及第一公钥;
验证单元913具体用于:基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
进一步地,所述第一身份信息包括所述第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由所述第三终端设备生成的第一随机数;
请一并参阅图13,图13是本申请另一实施例提供的身份验证单元的结构示意图,验证单元913具体可以包括:
公钥获取单元9131,用于接收接收单元912发送的所述第一身份信息,基于所述第一身份信息中的所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥;公钥获取单元9131将所述第一公钥发送给随机数生成单元9132;
随机数生成单元9132,用于接收公钥获取单元9131发送的所述第一公钥,基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数;随机数生成单元9132将所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数发送给计算单元9133;
计算单元9133,用于接收随机数生成单元9132发送的数据,基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值;计算单元9133将所述第一身份特征值发送给比较单元9134,并通知发送单元911向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;
发送单元911还用于接收发送单元911发送的通知消息,通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;发送单元911通知接收单元接收所述第三终端设备发送的第二身份特征值;
接收单元912还用于:接收发送单元911发送的通知消息,接收所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第 二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到;接收单元912将所述第二身份特征值发送给比较单元9134;
比较单元9134,用于接收计算单元9133发送的所述第一身份特征值以及接收接收单元912发送的所述第二身份特征值,并比较所述第一身份特征值与所述第二身份特征值,在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
进一步地,公钥获取单元9131具体用于:
从身份数据库中查找与所述第一设备标识匹配的设备标识;
当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;
当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
进一步地,公钥获取单元9131还用于:当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
进一步地,所述信息共享单元920具体用于:
在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备;
采用所述会话密钥对所述通信链路信息进行加密,并通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
本方案中,通过会话密钥对通信链路信息进行加密,能够提高待分享数据在传输过程中的安全性,即使其他不可信设备接收到加密后的通信链路信息,也无法直接获取到通信链路信息,进而避免其他不可信设备通过通信链路信息连接第二终端设备,进一步保护第二终端设备内的数据安全。
至少两个终端设备可以在离线状态共享文件,以使用户在没有网络的情况下,实现终端之间的数据共享。
请参阅图14,图14为本申请一实施例提供的终端设备的结构示意图。如图14所示,该终端设备1414包括:至少一个处理器1410(图14中仅示出一个)处理器、存储器1420以及存储在所述存储器1420中并可在所述至少一个处理器1410上运行的计算机程序1421,所述处理器1410执行所述计算机程序1421时实现上述任意各个信息共享方法实施例中的步骤。
终端设备14可以是手机、笔记本电脑、智能手表等可穿戴设备。该终端设备可包括,但不仅限于,处理器1410、存储器1420。本领域技术人员可以理解,图14仅仅是终端设备14的举例,并不构成对终端设备14的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如还可以包括输入输出设备、网络接入设备等。
所称处理器1410可以是中央处理单元(Central Processing Unit,CPU),该处理器1410还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
存储器1420在一些实施例中可以是终端设备14的内部存储单元,例如终端设备14的硬盘或内存。存储器1420在另一些实施例中也可以是终端设备14的外部存储设备,例如终端设备14上 的智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器1420还可以既包括终端设备14的内部存储单元也包括外部存储设备。存储器1420用于存储操作系统、应用程序、引导装载程序(Boot Loader)、数据以及其他程序等,例如所述计算机程序的程序代码等。所述存储器1420还可以用于暂时地存储已经输出或者将要输出的数据。
在本申请实施例中,处理器1410通过调用存储器存储的计算机程序1421,执行如下操作:
处理器1410用于:第一终端设备与第二终端设备建立通信连接后,并且在靠近第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证;
以及用于在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,以触发所述第三终端设备在检测到所述第二终端设备时,使用所述通信链路信息与第二终端设备建立通信连接。
可选地,所述第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态,所述短距离无线通信技术为NFC或蓝牙通信。
可选地,所述第二终端设备为预先与所述第一终端设备完成配对的终端设备,所述通信链路信息包括用于与所述第二终端设备进行配对的蓝牙配对信息。
可选地,所述通信链路信息包括无线网的接入信息和/或NFC门禁识别信息。
可选地,处理器1410具体用于:
在靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;
获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;
基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
进一步地,所述第一身份信息包括所述第三终端设备的第一设备标识以及第一公钥;
处理器1410具体用于:基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
进一步地,所述第一身份信息包括所述第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由所述第三终端设备生成的第一随机数;
处理器1410具体用于:
基于所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥;
基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数;
基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值;
控制天线通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;
获取天线接收的所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到;
在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
进一步地,处理器1410具体用于包括:
从身份数据库中查找与所述第一设备标识匹配的设备标识;
当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;
当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
进一步地,在从身份数据库中查找与所述第一设备标识匹配的设备标识之后,处理器1410具体用于:当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
进一步地,处理器1410具体用于包括:
在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备;
采用所述会话密钥对所述通信链路信息进行加密,并控制天线通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
在本申请所提供的实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到终端设备14的任何实体或装置、记录介质、计算机存储器、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、电载波信号、电信信号以及软件分发介质。例如U盘、移动硬盘、磁碟或者光盘等。在某些司法管辖区,根据立法和专利实践,计算机可读介质不可以是电载波信号和电信信号。
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。
Claims (13)
- 一种信息共享方法,其特征在于,包括:第一终端设备与第二终端设备建立通信连接;所述第一终端设备检测到第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证;所述第一终端设备在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,所述通信链路信息用于所述第三终端设备和所述第二终端设备之间建立通信连接。
- 如权利要求1所述的信息共享方法,其特征在于,所述第三终端设备的蜂窝移动网络和无线局域网均处于关闭状态,所述短距离无线通信技术为NFC或蓝牙通信。
- 如权利要求1所述的信息共享方法,其特征在于,所述第二终端设备为预先与所述第一终端设备完成配对的终端设备,所述通信链路信息包括用于与所述第二终端设备进行配对的蓝牙配对信息。
- 如权利要求1或3所述的信息共享方法,其特征在于,所述通信链路信息包括无线网的接入信息和/或NFC门禁识别信息。
- 如权利要求1所述的信息共享方法,其特征在于,所述第一终端设备检测到第三终端设备时,通过近场通信NFC对所述第三终端设备进行身份验证,包括:所述第一终端设备在与所述第二终端设备建立通信连接后,并且靠近第三终端设备时,通过NFC向所述第三终端设备发送身份认证通知消息;所述第一终端设备获取所述第三终端设备在接收到所述身份认证通知消息时通过NFC返回的第一身份信息;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证。
- 如权利要求5所述的信息共享方法,其特征在于,所述第一身份信息包括所述第三终端设备的第一设备标识以及第一公钥;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证,包括:所述第一终端设备基于所述第一设备标识从身份数据库中获取所述第三终端设备对应的预存的公钥,并基于所述第一公钥和所述预存的公钥对所述第三终端设备进行身份验证;其中,当所述第一公钥和所述预存的公钥相同时,判定所述第三终端设备身份合法。
- 如权利要求5所述的信息共享方法,其特征在于,所述第一身份信息包括所述第三终端设备的第一设备标识、公钥属性凭据的第一版本号以及由所述第三终端设备生成的第一随机数;所述第一终端设备基于所述第一身份信息以及预存的第二身份信息,对所述第三终端设备进行身份验证,包括:所述第一终端设备基于所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥;所述第一终端设备基于自身的私钥和所述第一公钥计算第一共享密钥,并生成第二随机数;所述第一终端设备基于所述第一共享密钥、所述第一终端设备的第二设备标识、所述第一随机数以及所述第二随机数,计算第一身份特征值;所述第一终端设备通过近场通信向所述第三终端设备发送所述第一身份特征值、所述第一终端设备的第二设备标识、公钥属性凭据的第二版本号以及所述第二随机数;所述第一终端设备接收所述第三终端设备返回的第二身份特征值;其中,所述第二身份特征值由所述第三终端设备在计算出第二共享密钥时,基于所述第二共享密钥、所述第二设备标识、所述第一随机数以及所述第二随机数计算得到,所述第二共享密钥基于所述第三终端设备的私钥以及所述第一终端设备的公钥计算得到;所述第一终端设备在确认所述第一身份特征值与所述第二身份特征值相同时,判定所述第三终端设备身份合法。
- 如权利要求7所述的信息共享方法,其特征在于,所述第一终端设备基于所述第一设备标识以及所述第一版本号,获取所述第三终端设备的第一公钥,包括:所述第一终端设备从身份数据库中查找与所述第一设备标识匹配的设备标识;当查找到所述匹配的设备标识,且所述第一版本号小于或等于预存的公钥属性凭据的第二版本号时,从所述身份数据库中获取所述第三终端设备的公钥;当未查找到所述匹配的设备标识,且所述第一版本号大于预存的公钥属性凭据的第二版本号,向所述第三终端设备请求获取所述第一公钥。
- 如权利要求8所述的信息共享方法,其特征在于,所述第一终端设备从身份数据库中查找与所述第一设备标识匹配的设备标识之后,还包括:当未查找到所述匹配的设备标识,且所述第一版本号小于预存的公钥属性凭据的第二版本号时,判定所述第三终端设备身份不合法。
- 如权利要求1-3、5-9任一项所述的信息共享方法,其特征在于,所述第一终端设备在确认所述第三终端设备身份合法时,通过短距离无线通信技术将通信链路信息发送至所述第三终端设备,包括:所述第一终端设备在确认所述第三终端设备身份合法时,生成会话密钥,并通过短距离无线通信技术将所述会话密钥发送至所述第三终端设备;所述第一终端设备采用所述会话密钥对所述通信链路信息进行加密,并通过所述短距离无线通信技术将加密数据发送至所述第三终端设备。
- 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至10任一项所述的信息共享方法。
- 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至10任一项所述的信息共享方法。
- 一种计算机程序产品,其特征在于,当所述计算机程序产品在终端设备上运行时,所述终端设备实现如权利要求1至10任一项所述的信息共享方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20852334.0A EP4007321B1 (en) | 2019-08-09 | 2020-07-28 | Information sharing method, terminal apparatus, storage medium, and computer program product |
US17/665,779 US12010519B2 (en) | 2019-08-09 | 2022-02-07 | Information sharing method, terminal device, storage medium, and computer program product |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910735944.6A CN110611905B (zh) | 2019-08-09 | 2019-08-09 | 信息共享方法、终端设备、存储介质及计算机程序产品 |
CN201910735944.6 | 2019-08-09 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/665,779 Continuation US12010519B2 (en) | 2019-08-09 | 2022-02-07 | Information sharing method, terminal device, storage medium, and computer program product |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021027554A1 true WO2021027554A1 (zh) | 2021-02-18 |
Family
ID=68889918
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/105143 WO2021027554A1 (zh) | 2019-08-09 | 2020-07-28 | 信息共享方法、终端设备、存储介质及计算机程序产品 |
Country Status (4)
Country | Link |
---|---|
US (1) | US12010519B2 (zh) |
EP (1) | EP4007321B1 (zh) |
CN (2) | CN110611905B (zh) |
WO (1) | WO2021027554A1 (zh) |
Families Citing this family (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110611905B (zh) * | 2019-08-09 | 2023-11-21 | 华为技术有限公司 | 信息共享方法、终端设备、存储介质及计算机程序产品 |
CN111063070B (zh) * | 2019-12-26 | 2021-07-09 | 捷德(中国)科技有限公司 | 数字钥匙的共享方法、验证方法、及设备 |
CN112596907B (zh) | 2019-12-31 | 2021-12-03 | 华为技术有限公司 | 占用设备的方法以及电子设备 |
CN111404950B (zh) * | 2020-03-23 | 2021-12-10 | 腾讯科技(深圳)有限公司 | 一种基于区块链网络的信息共享方法、装置和相关设备 |
WO2021212516A1 (zh) * | 2020-04-24 | 2021-10-28 | 华为技术有限公司 | 应用于短距离通信系统的配对方法和无线设备 |
CN113573109B (zh) * | 2020-04-28 | 2024-05-10 | 明基智能科技(上海)有限公司 | 无线通讯的配对方法与无线通讯的配对系统 |
CN113676879A (zh) * | 2020-05-14 | 2021-11-19 | 华为技术有限公司 | 一种分享信息的方法、电子设备和系统 |
WO2021227942A1 (zh) * | 2020-05-14 | 2021-11-18 | 华为技术有限公司 | 一种分享信息的方法、电子设备和系统 |
CN111669741A (zh) * | 2020-06-17 | 2020-09-15 | 深圳市欧思数码科技有限公司 | 一种基于蓝牙通信的信号分享连接方法 |
CN113830026A (zh) * | 2020-06-24 | 2021-12-24 | 华为技术有限公司 | 一种设备控制方法及计算机可读存储介质 |
KR20230038571A (ko) * | 2020-07-30 | 2023-03-20 | 후아웨이 테크놀러지 컴퍼니 리미티드 | 연관 제어 방법 및 관련 장치 |
CN114095998B (zh) * | 2020-07-31 | 2023-06-20 | 华为技术有限公司 | 用于局域网络中终端的服务信息同步方法及终端 |
CN114079658B (zh) * | 2020-08-03 | 2022-10-28 | 荣耀终端有限公司 | 跨设备同步方法、终端设备及存储介质 |
CN112165704A (zh) * | 2020-09-21 | 2021-01-01 | 上海闻泰信息技术有限公司 | 信息共享方法、耳机盒及计算机可读存储介质 |
CN114363868A (zh) * | 2020-09-30 | 2022-04-15 | 华为技术有限公司 | 一种蓝牙系统、蓝牙耳机和密码验证方法 |
CN112887983B (zh) * | 2021-01-27 | 2023-11-24 | 上海银基信息安全技术股份有限公司 | 设备身份认证方法、装置、设备及介质 |
CN112995829B (zh) * | 2021-02-25 | 2023-04-25 | 恒玄科技(上海)股份有限公司 | 一种用于无线通信的音频处理组件及其信号处理方法 |
CN115134402B (zh) * | 2021-03-29 | 2024-06-04 | 华为技术有限公司 | 设备连接方法及电子设备 |
CN113163383B (zh) * | 2021-04-20 | 2023-01-03 | Oppo广东移动通信有限公司 | 通信连接控制方法、装置、计算机设备及可读存储介质 |
CN113301537B (zh) * | 2021-05-19 | 2023-09-15 | 闪耀现实(无锡)科技有限公司 | 用于建立通信连接的方法、装置、电子设备以及存储介质 |
CN115396983A (zh) * | 2021-05-25 | 2022-11-25 | Oppo广东移动通信有限公司 | 连接处理方法、装置、系统、存储介质和电子设备 |
CN115735352A (zh) * | 2021-06-25 | 2023-03-03 | 华为技术有限公司 | 控制方法、分享方法、设备和系统 |
CN113556423B (zh) * | 2021-07-15 | 2023-04-07 | Oppo广东移动通信有限公司 | 信息处理方法、装置、系统、存储介质和电子设备 |
CN113613313A (zh) * | 2021-08-19 | 2021-11-05 | 杭州涂鸦信息技术有限公司 | 一种蓝牙设备配对的通信方法、装置以及介质 |
CN113709737B (zh) * | 2021-08-24 | 2024-01-26 | 深圳艾创力科技有限公司 | 一种基于tws蓝牙耳机的语音通信方法及装置 |
CN113919457A (zh) * | 2021-09-30 | 2022-01-11 | 联想(北京)有限公司 | 一种处理方法及相关设备 |
CN116264678A (zh) * | 2021-12-14 | 2023-06-16 | 华为技术有限公司 | 一种蓝牙连接建立方法、设备及系统 |
CN114220201A (zh) * | 2022-01-19 | 2022-03-22 | 深圳指芯物联技术有限公司 | 一种基于小程序扫码绑定前后锁的方法、系统及智能锁 |
CN115413058A (zh) * | 2022-03-09 | 2022-11-29 | 北京罗克维尔斯科技有限公司 | 控制设备的连接方法、装置、电子设备和介质 |
CN116795310A (zh) * | 2022-03-17 | 2023-09-22 | 北京荣耀终端有限公司 | 一种数据传输方法及系统 |
WO2023184560A1 (zh) * | 2022-04-02 | 2023-10-05 | Oppo广东移动通信有限公司 | 设备分享方法、装置、设备、存储介质及程序产品 |
US20240007862A1 (en) * | 2022-06-30 | 2024-01-04 | Microsoft Technology Licensing, Llc | Automated pairing of devices based on proximity detection |
CN115297442B (zh) * | 2022-08-03 | 2024-04-12 | 中国电信股份有限公司 | 中继通信连接建立方法、存储介质及电子设备 |
CN115079226B (zh) * | 2022-08-16 | 2022-11-11 | 中航信移动科技有限公司 | 一种基于多源位置数据的显示数据确定方法、介质及设备 |
CN117793678A (zh) * | 2022-09-28 | 2024-03-29 | 华为技术有限公司 | 网络连接方法、电子设备及系统 |
WO2024087071A1 (zh) * | 2022-10-26 | 2024-05-02 | 华为技术有限公司 | 一种通信方法、装置及系统 |
CN116975821A (zh) * | 2023-04-18 | 2023-10-31 | 腾讯科技(深圳)有限公司 | 信息处理方法、装置、电子设备、存储介质及程序产品 |
CN117864059A (zh) * | 2023-06-30 | 2024-04-12 | 花瓣支付(深圳)有限公司 | 一种车辆控制系统、方法及电子设备 |
CN116761167B (zh) * | 2023-08-21 | 2023-11-03 | 北京领创医谷科技发展有限责任公司 | 一种数据加密传输方法、系统、电子设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120207056A1 (en) * | 2011-02-14 | 2012-08-16 | General Electric Company | System and method of wireless enabled device configuration over an advanced metering infrastructure (ami) |
CN105101339A (zh) * | 2015-08-18 | 2015-11-25 | 小米科技有限责任公司 | 使用权限获取方法和装置 |
CN106131828A (zh) * | 2016-06-30 | 2016-11-16 | 维沃移动通信有限公司 | 一种WiFi密码共享方法、移动终端及云服务器 |
CN110611905A (zh) * | 2019-08-09 | 2019-12-24 | 华为技术有限公司 | 信息共享方法、终端设备、存储介质及计算机程序产品 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011127084A2 (en) * | 2010-04-05 | 2011-10-13 | Vivotech, Inc. | Systems, methods, and computer readable media for performing multiple transactions through a single near field communication (nfc) tap |
TWI521905B (zh) * | 2013-02-01 | 2016-02-11 | 寶貝安科技股份有限公司 | 藍牙裝置配對資訊交換方法及應用該方法的藍牙裝置的配對切換方法 |
US8844012B1 (en) * | 2013-03-21 | 2014-09-23 | Nextbit Systems Inc. | Connecting to Wi-Fi network based off approval from another user device |
CN103391541B (zh) * | 2013-05-10 | 2016-12-28 | 华为终端有限公司 | 无线设备的配置方法及装置、系统 |
CN105307166B (zh) * | 2014-05-27 | 2019-06-21 | 华为技术有限公司 | 终端切换方法、接入设备、终端及系统 |
CN104104414A (zh) * | 2014-06-18 | 2014-10-15 | 深圳市警豹电子科技有限公司 | 多台蓝牙设备通讯及蓝牙设备配对信息的转送方法 |
CN104219055A (zh) | 2014-09-10 | 2014-12-17 | 天津大学 | 一种基于nfc的点对点可信认证方法 |
US10637650B2 (en) * | 2014-10-29 | 2020-04-28 | Hewlett-Packard Development Company, L.P. | Active authentication session transfer |
CN104537298B (zh) | 2014-12-04 | 2016-08-31 | 腾讯科技(深圳)有限公司 | 基于微处理器卡进行授权的方法和装置 |
CN104780204A (zh) * | 2015-03-24 | 2015-07-15 | 四川长虹电器股份有限公司 | 一种用于终端间快速分享文件的方法及系统 |
US9913079B2 (en) | 2015-06-05 | 2018-03-06 | Apple Inc. | Cloud-based proximity pairing and switching for peer-to-peer devices |
CN106209386B (zh) | 2016-10-10 | 2019-09-27 | 中国银行股份有限公司 | 一种实现安全认证的方法、装置和系统 |
CN108616847B (zh) * | 2016-12-07 | 2021-09-28 | 海能达通信股份有限公司 | 一种蓝牙链接方法、装置及蓝牙设备 |
-
2019
- 2019-08-09 CN CN201910735944.6A patent/CN110611905B/zh active Active
- 2019-08-09 CN CN202311461617.9A patent/CN117544931A/zh active Pending
-
2020
- 2020-07-28 EP EP20852334.0A patent/EP4007321B1/en active Active
- 2020-07-28 WO PCT/CN2020/105143 patent/WO2021027554A1/zh unknown
-
2022
- 2022-02-07 US US17/665,779 patent/US12010519B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120207056A1 (en) * | 2011-02-14 | 2012-08-16 | General Electric Company | System and method of wireless enabled device configuration over an advanced metering infrastructure (ami) |
CN105101339A (zh) * | 2015-08-18 | 2015-11-25 | 小米科技有限责任公司 | 使用权限获取方法和装置 |
CN106131828A (zh) * | 2016-06-30 | 2016-11-16 | 维沃移动通信有限公司 | 一种WiFi密码共享方法、移动终端及云服务器 |
CN110611905A (zh) * | 2019-08-09 | 2019-12-24 | 华为技术有限公司 | 信息共享方法、终端设备、存储介质及计算机程序产品 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4007321A4 |
Also Published As
Publication number | Publication date |
---|---|
US12010519B2 (en) | 2024-06-11 |
EP4007321A1 (en) | 2022-06-01 |
CN117544931A (zh) | 2024-02-09 |
CN110611905A (zh) | 2019-12-24 |
EP4007321B1 (en) | 2024-10-23 |
CN110611905B (zh) | 2023-11-21 |
US20220159471A1 (en) | 2022-05-19 |
EP4007321A4 (en) | 2022-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021027554A1 (zh) | 信息共享方法、终端设备、存储介质及计算机程序产品 | |
US20220330029A1 (en) | Method for mutual recognition or mutual trust between bluetooth devices | |
EP3605989B1 (en) | Information sending method, information receiving method, apparatus, and system | |
US10341860B2 (en) | Learned dual band WIFI network association | |
EP3308519B1 (en) | System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource | |
CN106663162B (zh) | 安全地将计算设备配对 | |
US7581096B2 (en) | Method, apparatus, and program product for automatically provisioning secure network elements | |
CN111818100B (zh) | 一种跨网配置通道的方法、相关设备及存储介质 | |
JP2003500923A (ja) | セキュア通信をイニシャライズし、装置を排他的にペアリングする方法、コンピュータ・プログラムおよび装置 | |
JP2018526905A (ja) | メッセージ保護方法、ならびに関連デバイスおよびシステム | |
WO2011035614A1 (zh) | 将手机信息同步到计算机的方法、手机、计算机及网络系统 | |
WO2021164312A1 (zh) | 设备无线网络信息配置方法及装置 | |
WO2014161277A1 (zh) | 便携式wlan热点的连接方法及系统 | |
CN116325664A (zh) | 一种智能设备配网的方法和装置 | |
US9590974B2 (en) | Communication apparatus, communication system, and recording medium | |
US20210243599A1 (en) | User authentication method through bluetooth device and device therefor | |
WO2015139401A1 (zh) | 无线网络的建立方法、系统及无线路由装置 | |
TWI633800B (zh) | 手持通訊裝置之裝置配對與資料傳輸之方法 | |
WO2016003310A1 (en) | Bootstrapping a device to a wireless network | |
WO2018023495A1 (zh) | 手持通信装置的装置配对与数据传输的方法 | |
WO2023000139A1 (zh) | 传输凭证的方法、装置、通信设备及存储介质 | |
WO2023240657A1 (zh) | 认证与授权方法、装置、通信设备及存储介质 | |
WO2023240575A1 (zh) | 一种中继通信方法、通信装置及通信设备 | |
JP2007259280A (ja) | 無線通信信頼構築システム、無線端末および無線通信信頼構築方法 | |
WO2008075626A1 (ja) | 通信端末認証システム、インターネットを使用した電話システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20852334 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2020852334 Country of ref document: EP Effective date: 20220228 |