WO2021121125A1 - Control method for smart home devices and medium and terminal thereof - Google Patents

Abstract

A control method for smart home devices (103-1, ..., 103-n) and a medium and a terminal thereof, which relate to the field of the Internet of Things. The method comprises: a first client (101-1) uses a first key to encrypt a control instruction for controlling the smart home devices (103-1, ..., 103-n), generates control instruction ciphertext, and generates first ciphertext check information on the basis of a service protection code, and the first client (101-1) sends the generated control instruction ciphertext and first ciphertext check information; the control method uses the key of a symmetric algorithm to encrypt the control instruction for controlling the smart home devices (103-1, ..., 103-n), and at the same time, uses the service protection code identifying a legal identity of a user to ensure the security of instruction transmission. Compared to asymmetric encryption algorithms, the volume of calculation for encryption and decryption is small, which is suitable for smart home devices where a public key and a private key required by asymmetric encryption algorithms cannot be deployed due to hardware limitations.

Description

Control method, medium and terminal for smart home equipment

This application claims the priority of a Chinese patent application filed on December 16, 2019 with the application number CN201911293948.X and the title of the invention "control method for smart home equipment and its medium and terminal", the entire content of which is incorporated by reference In this application.

Technical field

This application relates to the field of the Internet of Things, and in particular to a control method for smart home equipment, its medium, and a terminal.

Background technique

With the advent of the Internet of Things era, users can remotely control their smart home devices anytime, anywhere. In order to ensure the confidentiality, integrity and legitimacy of the control commands sent by the user through the client, the control commands are required to be transmitted in the form of ciphertext in the channel and have the function of tamper-proof. At the same time, when the smart home device receives the control instruction, it needs to authenticate the identity of the sender to ensure the legal identity of the instruction sender. Due to insufficient hardware capabilities of some smart home devices, certificates or public key mechanisms cannot be deployed. Therefore, such smart home devices cannot effectively authenticate the identity of the command sender.

Summary of the invention

The embodiment of the application provides a control method for smart home equipment and its medium and terminal. The key of a symmetric algorithm is used to encrypt the control instructions for controlling the smart home equipment, and at the same time, the business protection code that identifies the legal identity of the user is used to ensure Compared with the asymmetric encryption algorithm, the security of command transmission is less computationally intensive. It is suitable for smart home devices that cannot deploy the public and private keys required by the asymmetric encryption algorithm due to hardware limitations.

In the first aspect, an embodiment of the present application provides a control method for smart home equipment, including:

The first client uses the first key to encrypt the control instruction for controlling the smart home device, generates the control instruction ciphertext, and generates the first ciphertext verification information based on the service protection code, wherein the control instruction ciphertext It can be decrypted by the smart home device using the first key stored by itself, and the first cipher text verification information can be used by the smart home device to verify the control command password received by the smart home device. Whether the text is the same as the control instruction ciphertext generated by the first client; the first client sends the generated control instruction ciphertext and the first ciphertext check information. That is, the key of the client to encrypt the control command is the same as the key of the smart home device to decrypt the ciphertext of the control command.

In a possible implementation of the foregoing first aspect, the control instruction ciphertext and the first ciphertext check information generated by sending include:

The first client sends an instruction forwarding request to the server, where the instruction forwarding request includes the device ID of the smart home device, the control instruction ciphertext, and the first ciphertext verification information, and the instruction forwarding The request is used to request the server to forward the control instruction ciphertext and the first ciphertext verification information to the smart home device identified by the device ID. That is, the server transparently transmits the control command ciphertext and the first ciphertext verification information, and does not make any modification to the control command ciphertext. This effectively avoids the problem of tampering with control instructions after the server is attacked.

In a possible implementation of the foregoing first aspect, the control instruction ciphertext and the first ciphertext check information generated by sending include:

The first client sends the control instruction ciphertext and the first ciphertext verification information to the smart home device. That is, the client can directly send the control instruction ciphertext and the first ciphertext verification information to the smart home device without forwarding through the server.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client sends a service protection code setting request to the server; the first client receives an initial service protection code from the server, where the initial service protection code is sent by the server in response to the service protection code setting request The first client prompts the user to modify the initial service protection code to obtain the first service protection code; the first client stores the first service protection code, and prompts the user to record the first service protection code. For example, the server may generate a string of random codes as the initial service protection code. After the client receives it, the user modifies the initial service protection code and uses the modified as the service protection code.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client requests the user to input a second service protection code to update the first service protection code, where the first service protection code is different from the second service protection code; the first client sends to the server A service protection code update request, where the service protection code update request is used to request the server to send a service protection code update notification to the second client, and the service protection code update notification is used to notify the second client from The user obtains the second service protection code to update the first service protection code on the second client, and the first client and the second client use the same account to log in to the server.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client generates a random code, and generates a second key for updating the first key based on the random code, wherein the first key is different from the second key.

In a possible implementation of the foregoing first aspect, the generating a second key for updating the first key based on the random code includes:

Encrypting the random code and the service protection code by using the first key to generate the second key.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client generates first key verification information based on the service protection code and the random code, where the first key verification information can be used by the smart home device to verify whether the received random code is The same as the random code generated by the first client.

In a possible implementation of the foregoing first aspect, the first client generating first key verification information based on the service protection code and random code includes:

The first client uses a key-based message authentication code algorithm, uses the service protection code as an input key, and transforms the random code to generate the first key verification information.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client sends a key update request to the server, where the key update request includes the random code and the first key verification information, and is used to request the server to send the key to the smart home The device forwards the random code and the first key verification information.

In a possible implementation of the foregoing first aspect, the generating of the first ciphertext verification information based on the service protection code includes:

The first client uses the service protection code as an input key, and transforms the control instruction ciphertext through a key-based message authentication code algorithm to obtain the first ciphertext verification information.

In a possible implementation of the foregoing first aspect, the method further includes:

The first client sends the key encrypted by the service protection code to the second client, where the first client and the second client log in to the server through the same account.

In the second aspect, the implementation of this application provides a control method for smart home devices, including:

The smart home device receives the control instruction ciphertext and the first ciphertext verification information; the smart home device checks whether the received control instruction ciphertext is based on its own service protection code and the first ciphertext verification information The ciphertext of the control instruction generated by the client is the same; when the smart home device verifies that the received ciphertext of the control instruction is the same as the ciphertext of the control instruction generated by the client, the smart home device uses its own first key to decrypt the The control instruction ciphertext obtains the control instruction; the smart home device executes the control instruction.

In a possible implementation of the above second aspect, the smart home device verifies whether the received control instruction ciphertext is consistent with the client based on its own service protection code and the first ciphertext verification information. The ciphertext of the control instruction generated by the terminal includes:

The smart home device uses its own service protection code as an input key, and transforms the received control instruction ciphertext through a key-based message authentication code algorithm to obtain the second ciphertext verification information; When the smart home device determines that the second ciphertext verification information is the same as the received first ciphertext verification information, it verifies that the received control instruction ciphertext is the same as the one generated by the client The control command ciphertext is the same.

In a possible implementation of the above second aspect, the method further includes:

The smart home device receives the random code and the first key verification information sent by the server; the smart home device verifies whether the received random code is the same as the random code generated by the client according to the first key verification information; smart home When the device verifies that the received random code is the same as the random code generated by the client, it generates a second key based on the random code to update the first key in the smart home device.

In a possible implementation of the above second aspect, the smart home device verifying whether the received random code is the same as the random code generated by the client according to the first key verification information includes:

The smart home device uses the service protection code as an input key, and transforms the received random code through a key-based message authentication code algorithm to generate second key verification information; the smart home device determines Whether the generated second key verification information is the same as the received first key verification information; the smart home device is verifying the first key verification information and the second key verification information If the verification information is the same, it is determined that the received random code is the same as the random code generated by the client.

In a possible implementation of the foregoing second aspect, the generating a second key based on the random code includes:

The smart home device uses the first key to encrypt the service protection code and the received random code to generate the second key.

In the third aspect, the implementation of this application provides a control method for smart home devices, including:

The server receives an instruction forwarding request from the first client, where the instruction forwarding request includes the device ID of the smart home device, the control instruction ciphertext, and the first ciphertext verification information, wherein the control instruction ciphertext can be The smart home device uses the first key stored by itself to decrypt, and the first cipher text verification information can be used by the smart home device to verify whether the cipher text of the control instruction received by the smart home device is consistent with The control instruction ciphertext generated by the first client is the same; the server forwards the control instruction ciphertext and the first ciphertext verification information to the smart home device identified by the device ID.

In a fourth aspect, an electronic device is provided in the implementation of this application, and the electronic device has the function of realizing the first client or the second client in the above-mentioned control method for smart home devices. The function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.

In a fifth aspect, an electronic device is provided in the implementation of the present application, and the electronic device has the function of realizing the server in the above-mentioned control method for smart home devices. The function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.

In the sixth aspect, an electronic device is provided in the implementation of the present application, and the electronic device has the function of realizing the smart home device in the above-mentioned control method for smart home device. The function can be realized by hardware, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-mentioned functions.

In the seventh aspect, the implementation of the present application provides a computer-readable medium with instructions stored on the computer-readable medium. When the instructions are executed on a machine, the machine executes any of the above-mentioned aspects of the first to third aspects. The described control method for smart home equipment.

In an eighth aspect, a terminal is provided in the implementation of this application, including:

One or more processors; and

The memory is used to store instructions; when the instructions are executed by the one or more processors, the terminal is made to execute the control method for smart home devices described in any one of the first to third aspects above .

Description of the drawings

Fig. 1 shows a schematic structural diagram of an Internet of Things system 100 according to some embodiments of the present application.

Fig. 2 shows a schematic diagram of a process of activating a smart home device by a client according to some embodiments of the present application.

Fig. 3 shows a schematic flowchart of a client sending a control instruction to a smart home device through a server according to some embodiments of the present application.

Fig. 4 shows a schematic flow chart of a client directly sending a control instruction to a smart home device according to some embodiments of the present application.

Fig. 5 shows a schematic flow chart of a client obtaining a key required for an encryption control instruction from another client according to some embodiments of the present application.

Fig. 6 shows a schematic flow chart of setting a service protection code according to some embodiments of the present application.

Fig. 7 shows a schematic flow chart of updating a service protection code according to some embodiments.

Fig. 8 shows a schematic flow chart of updating a key according to some embodiments.

Fig. 9 shows a schematic structural diagram of an electronic device according to some embodiments of the present application.

Fig. 10 shows a schematic structural diagram of an electronic device according to some embodiments of the present application.

Fig. 11 shows a schematic structural diagram of an electronic device according to some embodiments of the present application.

Specific embodiment

Illustrative embodiments of the present application include, but are not limited to, a blockchain-based IP address prefix authentication method and device.

It is understood that, as used herein, the term "module" can refer to or include an application specific integrated circuit (ASIC), an electronic circuit, a processor (shared, dedicated, or group) that executes one or more software or firmware programs And/or memory, combinational logic circuit, and/or other suitable hardware components that provide the described functions, or may be part of these hardware components.

The embodiments of the present application will be described in further detail below in conjunction with the accompanying drawings.

According to some embodiments of the present application, an IoT system 100 is disclosed. FIG. 1 shows a schematic diagram of the structure of the system 100.

Specifically, as shown in FIG. 1, the Internet of Things system 100 includes clients 101-1 to 101-n, a server 102, and smart home devices 103-1 to 103-n. Wherein, at least one of the client 101-1 to the client 101-n can use the key to encrypt the control command of at least one of the smart home devices 103-1 to 103-n, and use the service protection code to generate the control command secret. The cipher text verification information of the text, and then the server 102 sends the control command cipher text and the cipher text verification information to at least one of the smart home devices 103-1 to 103-n, or directly to the smart home devices 103-1 to 103 At least one of -n sends the control command ciphertext. It can be understood that the client 101-1 to the client 101-n may be any terminal device used by the user to send the cipher text of the control instruction, etc., for example, may include, but not limited to, a laptop computer, a desktop computer, a tablet computer, and a mobile phone. Telephones, wearable devices, head-mounted displays, mobile email devices, portable game consoles, portable music players, reader devices, televisions with one or more processors embedded or coupled to them, or capable of accessing the Internet Other electronic equipment.

The server 102 can be used to receive the command forwarding request from the client 101-1 to the client 101-n, and forward the control command ciphertext and ciphertext verification information generated by the client 101-1 to the client 101-n to the smart home Devices 103-1 to 103-n. The server 102 may be various types of servers, such as a cloud server, which is not limited here.

At least one of the smart home devices 103-1 to 103-n can be used to receive the control instruction ciphertext and ciphertext verification information generated by at least one of the client 101-1 to the client 101-n, and based on its own The service protection code and the received ciphertext verification information verify the received instruction ciphertext, and the control instruction ciphertext can be decrypted with its own key after the control instruction ciphertext verification is passed, and the decryption is performed Control instructions coming out. It can be understood that the smart home devices 103-1 to 103-n can be any home devices that can receive control command ciphertext and ciphertext verification information, and execute control commands, for example, can include, but are not limited to, smart TVs, smart speakers , Smart sockets, smart door locks, smart weight (fat) scales, smart bulbs, smart fans, smart air conditioners, smart desk lamps, smart sweeping robots and other smart home appliances.

In the following description, the client 101-1, the client 101-2, and the smart home device 103-1 are taken as examples to illustrate the process of implementing the control technology of the smart home device in the Internet of Things system 100.

When the client 101-1 uses the smart home device 103-1 for the first time, the smart home device 103-1 needs to be activated. Fig. 2 shows a schematic diagram of a process for the client 101-1 to activate the smart home device 103-1 according to some embodiments. Specifically, as shown in FIG. 2, the process of the client 101-1 activating the smart home device 103-1 includes:

202: The client 101-1 logs in to the server 102 through an account, and establishes a connection with the server 102.

It can be understood that the client 101-1 can establish a secure communication connection with the server 102 via HTTP (Hypertext Transfer Protocol).

204: The user starts the smart home device 103-1 for the first time, and the smart home device 103-1 can issue an SSID (Service Set Identifier) to the outside through wireless communication technologies such as Bluetooth and NFC (Near Field Communication). The SSID is used to identify the smart home device 103-1.

206: The client 101-1 finds the SSID of the smart home device 103-1 when scanning.

208: After scanning the SSID of the smart home device 103-1, the client 101-1 sends an activation request to the server 10 to obtain the activation code. Wherein, the activation request includes the SSID of the smart home device 103-1.

210: After receiving the activation code acquisition request, the server 102 determines whether the smart home device 103-1 is a smart home device produced by a legal manufacturer according to the SSID in the activation request.

212: The server 102 returns an activation code after verifying that the smart home device 103-1 is produced by a legal manufacturer. In some embodiments, the activation code can be used by the smart home device 103-1 to connect to the server.

214: After the client 101-1 receives the activation code, it uses the activation code to activate the smart home device 103-1, and configures basic information for the smart home device 103-1. For example, configuring basic information for the smart home device 103-1 may be to send the SSID and password of the wireless network to the smart home device 103-1, so that the smart home device 103-1 can log in to the wireless network.

216: After the client 101-1 activates the smart home device 103-1, it generates a key S0 for the smart home device 103-1, and sets the service protection code T0 through the server 102.

It can be understood that the client 101-1 can randomly generate a key for encrypting the control command, and the key can be a key for encrypting the control command using a block encryption algorithm, so that the smart home device side can use the same key to Decrypt the cipher text of the control instruction. Among them, the block encryption algorithm includes, but is not limited to, AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, SM4 algorithm, SIMON algorithm, SPECK code algorithm, etc.

In addition, it can be understood that the service protection code is used to identify the legitimacy of the user issuing the instruction, that is, the client and the smart home device under the same account that log in to the server have the same service protection code. For example, if a user has multiple clients, or the user's family members use other clients, these clients can use the same account to log in to the server 102 to control the smart home device 103-1. The service protection code may be a random string code sent by the server 102 for the same account, or a string set by the user. Refer to Figure 7 and Figure 8 for the setting and updating of the service protection code.

Compared with the public key and private key settings in the asymmetric encryption algorithm, the block encryption key in the symmetric encryption algorithm has much lower requirements on the computing power of the device. Therefore, the technical solution of this application is suitable for non-deployment due to hardware limitations. The symmetric encryption algorithm requires public and private keys for smart home devices. In addition, the legal identity of the user is identified by the service protection code T, which can effectively check whether the encrypted control command has been tampered with during the transmission process, thereby ensuring the security of the encrypted control command.

218: After the client 101-1 generates the key S0 and the service protection code T0, it establishes a connection with the smart home device 103-1. For example, the client 101-1 may establish a secure communication connection with the smart home device 103-1 through the CoAP protocol.

220: The client 101-1 sends the generated key S0 and the service protection code T0 to the smart home device 103-1.

222: The smart home device 103-1 encrypts and stores the password S0 and the business protection code T0.

After the client 101-1 completes the activation of the smart home device 103-1, the smart home device can be controlled by sending a control instruction. The control instruction can be forwarded to the smart home device 103-1 through the server 120, or directly sent to the smart home device 103-1. Household equipment 103-1. Fig. 3 shows a schematic flow chart of the client 101-1 sending a control instruction to the smart home device 103-1 through the server 120 according to some embodiments.

As shown in FIG. 3, the process of the client 101-1 sending a control instruction to the smart home device 103-1 through the server 120 is as follows:

302: The client 101-1 logs in to the server 102 and establishes a connection with the server. For example, a communication connection can be established through technologies such as Wi-Fi, Bluetooth, and NFC.

304: The client 101-1 generates a control instruction P, encrypts the control instruction P with a key S, generates a control instruction ciphertext C, and uses the service protection code T to generate ciphertext verification information Vc1. Among them, the key S can be the key S0, or other keys after updating.

For example, in some embodiments, the block encryption algorithm AES may be used to encrypt the control instruction with the key S to generate the control instruction ciphertext C. Then, the service protection code T is used as the input key of the HMAC (Hash-based Message Authentication Code) algorithm to transform the control command ciphertext to generate a MAC (Message Authentication Code) value. The MAC value is the cipher text verification information Vc1.

In addition, in some embodiments, the key S is used as the input key of the HMAC algorithm, and the service protection code is transformed to generate a MAC value, which is the ciphertext verification information Vc1.

In addition, it can be understood that other key-based message authentication code algorithms can also be used to generate the cipher text verification information Vc1 of the control command cipher text C, which is not limited here, for example, the CBC MAC algorithm (a kind of implementation based on symmetric cryptography) Message authentication code algorithm) generates cipher text verification information Vc1.

306: The client 101-1 sends a control forwarding request to the server 102. Wherein, the control forwarding request includes the device ID that identifies the smart home device 103-1, the control instruction ciphertext C generated by the client 101-1, and the ciphertext verification information Vc1. Among them, in some embodiments, the device ID may be a logical ID generated by the server 102 and bound to the UUID of the smart home device 103, and used to identify the smart home device 103-1.

308: After receiving the control forwarding request, the server 102 recognizes according to the device ID therein that the target device requested in the control forwarding request is the smart home device 103-1.

310: After the server 102 recognizes the smart home device 103-1, it establishes a connection with the smart home device 103-1, and forwards the control instruction cipher text C and the cipher text verification information Vc1 in the control forwarding request to the smart home device 103-1 .

312: The smart home device 103-1 receives the control command cipher text C and the cipher text verification information Vc1 from the server 102, and after receiving the control command cipher text C and the cipher text verification information Vc1, it uses its own stored service protection code T and the cipher text verification information Vc1, using the same message code verification algorithm as the client 101-1 to generate the cipher text verification information Vc1, verify whether the received control command cipher text C is the same as the control command generated by the client 101-1 The ciphertext C is the same.

If it is verified that the received control instruction ciphertext C is the same as the control instruction ciphertext C generated by the client 101-1, then proceed to 314; otherwise, no processing is performed or a message indicating an error is sent to the server 102, and the server 102 receives After that, a control failure message can be sent to the client 101-1.

Specifically, in some embodiments, the smart home device 103-1 verifies whether the received control instruction ciphertext C is the same as the control instruction ciphertext C generated by the client 101-1 in the following manner:

As mentioned above, if the client 101-1 adopts the HMAC algorithm when generating the cipher text verification information Vc1, the smart home device 103-1 also adopts the HMAC algorithm, and uses the service protection code T stored in itself as the input key to receive The received control instruction ciphertext C is transformed to generate a MAC value, thereby obtaining the ciphertext verification information Vc2. The client 101-1 compares the cipher text verification information Vc2 with the cipher text verification information Vc1 received from the server 102. If the two are the same, it is determined that the control instruction ciphertext C received from the server 102 is the same as the control instruction ciphertext C generated by the client 101-1. If Vc1 and Vc2 are not the same, it is determined that the control command cipher text C received from the server 102 is different from the control command cipher text C generated by the client 101-1, and the control command cipher text C may be tampered with during transmission.

In some other embodiments, the smart home device 103-1 verifies whether the received control instruction ciphertext C is the same as the control instruction ciphertext C generated by the client 101-1 in the following manner:

As described above, if the client 101-1 uses the HMAC algorithm when generating the cipher text verification information Vc1, the smart home device 103-1 also uses the HMAC algorithm, and uses the secret key S as the input key to protect the business stored by itself The code is transformed to generate the MAC value, thereby obtaining the cipher text verification information Vc2. The client 101-1 compares the cipher text verification information Vc2 with the cipher text verification information Vc1 received from the server 102. If the two are the same, it is determined that the control instruction ciphertext C received from the server 102 is the same as the control instruction ciphertext C generated by the client 101-1. If Vc1 and Vc2 are not the same, it is determined that the control command cipher text C received from the server 102 is different from the control command cipher text C generated by the client 101-1, and the control command cipher text C may be tampered with during transmission.

It can be understood that if the client 101-1 uses other key-based message verification algorithms when generating the cipher text verification information Vc1, at this time, the smart home device 103-1 also uses the corresponding algorithm to generate the cipher text verification information Vc2.

314: The smart home device 103-1 uses the key S obtained in advance from the client 101-1 to decrypt the control instruction cipher text C to obtain the control instruction P.

316: The smart home device 103-1 executes the control instruction P. For example, if the smart home device 103-1 is an air purifier, the control instruction P may be to instruct it to turn on, adjust the purification mode, and so on.

It can be seen from the above description that when the client implements the control of the smart home device through the server, the encryption and decryption of the control instruction is performed on the client side and the smart home device side respectively, and the server only transmits the control instruction ciphertext and ciphertext correction. Verify the information so as to prevent the server from being attacked and control the security of the command. In addition, as described above, based on the service protection code, the smart home device can verify whether the ciphertext of the control instruction is the same as the ciphertext of the control instruction generated by the client, thereby ensuring the security of the transmission of the control instruction ciphertext.

Fig. 4 shows a schematic flow chart of the client 101-1 directly sending a control instruction to the smart home device 103-1 according to some embodiments.

Specifically, the process of the client 101-1 directly sending a control instruction to the smart home device 103-1 is as follows:

402: The client 101-1 establishes a connection with the smart home device 103-1. For example, a communication connection can be established through technologies such as Wi-Fi, Bluetooth, and NFC.

404: The client 101-1 generates a control instruction P, encrypts the control instruction P with a key S, generates a control instruction ciphertext C, and uses the service protection code T to generate ciphertext verification information Vc1. The specific method for generating the command ciphertext C and the ciphertext verification information Vc1 is the same as that of 304 in FIG. 3, and will not be repeated here.

406: The client 101-1 sends the control instruction cipher text C and the cipher text verification information Vc1 to the smart home device 103-1.

408: The smart home device 103-1 receives the control command cipher text C and the cipher text verification information Vc1 from the client 101-1, and after receiving the control command cipher text C and the cipher text verification information Vc1, it uses its own storage Service protection code T and ciphertext verification information Vc1, using the same message code verification algorithm as the client 101-1 to generate ciphertext verification information Vc1, verify whether the received control command ciphertext C is generated by the client 101-1 The control command ciphertext C is the same. The specific verification method is the same as that of 312 in FIG. 3, so it will not be repeated here.

410 and 412 are the same as 314 and 316 in FIG. 3, so they will not be repeated here.

As mentioned earlier, the service protection code corresponds to the account used by the client 101-1 to log in to the server 102, or corresponding to the user of the smart home device 103-1. The user can use multiple clients to realize the connection to the smart home device 103- 1 control. If the user wants to use a new client to control the smart home device 103-1, for example, use the client 101-m, the client 101-m needs to obtain the key required for the encryption control command from the client 101-1 S and obtain the service protection code T from the user. Fig. 5 shows a schematic flow chart of the client 101-m obtaining the key S required by the encryption control instruction from the client 101- 1 according to some embodiments of the present application. Specifically, the process in which the client 101-m obtains the key S from the client 101-1 includes:

502: The client 101-1 establishes a connection with the client 101-m. For example, a communication connection can be established through technologies such as Wi-Fi, Bluetooth, and NFC.

504: The client 101-m sends a key acquisition request to the client 101-1.

506: The client 101-1 uses the service protection code T to encrypt the key S in response to the received key acquisition request.

508: The client 101-1 sends the key S encrypted by the service protection code T to the client 101-m.

510: After receiving the key S encrypted by the service protection code T, the client 101-m requests the user to input the service protection code T.

512: The client 101-m uses the service protection code T to decrypt the received encrypted key S, and then encrypts and stores the decrypted key S.

As mentioned above, when the user logs in to the server 102 using the client 101-1 to activate the smart home device 103-1, the server 102 can set the service protection code. Fig. 6 shows a schematic flow chart of setting a service protection code according to some embodiments of the present application. Specifically, as shown in Figure 6, the process of the equipment service protection code T is as follows:

602: The client 101-1 logs in to the server 102 through an account, and establishes a connection with the server. For example, a communication connection can be established through technologies such as WiFi, Bluetooth, and NFC.

604: The client 101-1 sends a request for setting a service protection code to the server 102.

606: After receiving the above request, the server 102 queries whether a service protection code has been assigned to the logged-in account. If it is found out that the server 102 has not assigned a service protection code to the logged-in account, enter 608; otherwise, an error message that the service protection code cannot be sent is returned.

608: The server 102 sends the protection code cipher text of the initial service protection code and the protection code verification information to the client 101-1. For example, in some embodiments, the session key negotiated between the server 102 and the client 101-1 is used to encrypt the initial service protection code to obtain the protection code cipher text of the initial service protection code, and the message verification code algorithm is used to generate the initial service protection The protection code verification information of the code. For example, the session key is used as the input key of the HMAC algorithm, and the protection code cipher text of the initial service protection code is converted to obtain the protection code verification information of the initial service protection code.

610: The client 101-1 verifies the received initial service protection code based on the protection code verification information to determine the integrity of the initial service protection code sent by the server 102. If the verification is passed, enter 612; otherwise, return an error message to the server 102.

Specifically, the verification can be performed in the following manner: after the client 101-1 receives the verification information of the service protection code, it uses the same message verification code algorithm to calculate the verification information of the service protection code, and if the calculated service protection code is verified If the information is the same as the received service protection code verification information, it means that the verification passed.

For example, in some embodiments, the client 101-1 may use the session key negotiated between the server 102 and the client 101-1 to decrypt the received protection code ciphertext of the initial service protection code. In addition, the client 101-1 may use the negotiated session key as the input key of the HMAC algorithm to convert the protection code cipher text of the initial service protection code to generate protection code verification information of the initial service protection code. The generated protection code check information of the initial service protection code is compared with the received protection code check information of the initial service protection code. If the two are the same, it means that the check has passed.

612: The client 101-1 prompts the user to modify the received initial service protection code to obtain the service protection code T0.

614: After detecting that the service protection code modified by the user complies with the predetermined rule, the client 101-1 encrypts and stores the service protection code T0 modified by the user, and prompts the user to record the service protection code T0. It can be understood that the service protection code T in the foregoing embodiment may be T0, or may be another service protection code after T0 is updated.

The predetermined rule for the service protection code may be the requirement for the character type and the number of characters of the service protection code, for example, the requirement must be 8 digits, and must contain numbers, upper and lower case letters, special symbols, etc.

616: The client 101-1 sends the set protection code cipher text of the service protection code T and the protection code verification information of the service protection code T to the server 102.

For example, in some embodiments, the client 101-1 may encrypt the service protection code T with the session key negotiated by the server 102 and the client 101-1 to obtain the protection code ciphertext, and the client 101-1 may also use the server 102 The session key negotiated with the client 101-1 is used as the input key of the HMAC algorithm, and the service protection code T is converted to obtain the protection code verification information Vt1.

618: The server 102 receives the protection code cipher text of the service protection code T and the protection code verification information Vt1, and then verifies whether the received protection code cipher text of the service protection code T is the same as the client 101- 1 The ciphertext of the protection code of the set service protection code T is the same. If they are the same, it is determined that the service protection code is set successfully.

For example, the server 102 may use the same algorithm as the client 101-1 to generate the protection code verification information of the service protection code T, generate the received verification information Vt2 of the service protection code T, and then verify the generated protection code information Vt2 is compared with the received protection code verification information Vt1, and if Vt1 and Vt2 are the same, it is determined that the received service protection code T is the same as the service protection code set by the client 101-1. For example, in some embodiments, the server 102 uses the aforementioned negotiated session key as the input key of the HMAC algorithm to convert the received protection code cipher text to obtain the protection code verification information Vt2.

After passing the verification, the server 102 may also use the negotiated session key to decrypt the ciphertext of the protection code to obtain the service protection code T.

It can be understood that, in some embodiments, the service protection code may also be directly the service protection code sent by the server 102 to the client 101-1 without modification by the user.

In addition, in some embodiments, the client 101-1 may also update the service protection code T through the server 102. FIG. 7 shows a schematic flow chart of updating the service protection code according to some embodiments. Specifically, as shown in FIG. 7, the process for the client 101-1 to update the service protection code T is as follows:

702: The client 101-1 logs in to the server 102 through an account, and establishes a connection with the server.

704: The client 101-1 receives a request from the user to update the service protection code. For example, the user can click the button to update the service protection code in the application software for managing the smart home device 103-1 to send the request.

In addition, in some embodiments, the client 101-1 may set an update period to periodically send a service protection code update request to the server.

In addition, in some embodiments, the server 102 may also periodically send a service protection code update request to the client 101-1, for example, once a month or once a week to improve the security of the service protection code.

706: The client 101-1 requests the user to input the updated service protection code T', and generates protection code verification information Vt1' based on the service protection code T'. For example, the HMAC algorithm can be used, the original service protection code T is used as the input key, and the updated service protection code T'is transformed to generate the verification information Vt1' of T'.

708: The client 101-1 sends a service protection code update request to the server 102, where the service protection code update request includes the updated service protection code T′ input by the user and the protection code verification information Vt1′ of the service protection code T′ .

710: After receiving the service protection code update request, the server 102 uses the protection code verification information Vt1' to verify the service protection code T'.

For example, the server 102 can use the same algorithm as the client 101-1 to generate the verification information Vt1', use the original service protection code T stored on the server 102 as a key, and transform the received service protection code T'to generate verification Information Vt2', and compare the generated verification information Vt2 with the verification information Vt1' of the received service protection code T'. If the comparison shows that the two are the same, it means that the verification is passed and enter 712; if they are different, it means that the verification is not passed, and an update failure message is sent to the client 101-1.

712: The server 102 sends a protection code update notification to clients other than the client 101-1 under the account used by the client 101-1 to log in to the server 102, so that the user can enter the updated service protection when using these clients Code T'.

714: The server sends a message indicating that the service protection code has been successfully updated to the client 101-1.

In some embodiments, the client 101-1 may update the service protection code in other ways, for example, directly sending the original application to all clients and smart home devices 103-1 under the account used by the client 101-1 to log in to the server 102. The updated service protection code T'encrypted by the service protection code T, so that these devices can obtain the updated service protection code T'after receiving the T'encrypted by T.

In order to improve security, in some embodiments, the key needs to be updated regularly or irregularly. Figure 8 shows a schematic diagram of a process for updating a key. Specifically, as shown in FIG. 8, the process for the client 101-1 to update the key S includes:

802: The client 101-1 logs in to the server 102 through an account, and establishes a connection with the server 102.

804: The client 101-1 randomly generates a random code (RN code) used to update the key S, and uses the RN code, the key S and the service protection code T to calculate and generate a new key S1', and generates the key S1 'The key verification information Vs1.

Specifically, in some embodiments, the new key S1' can be calculated in the following manner:

Use the original key S as a key, and use the aforementioned block encryption algorithm to encrypt the RN code and the service protection code T to obtain a new key S1'. For example, AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, SM4 algorithm, SIMON algorithm, SPECK code algorithm, etc. can be used

It can be understood that in each embodiment of the present application, the key S1' can also be calculated in other ways, for example, the service protection code T is used as the key, and the aforementioned block encryption algorithm is used to encrypt the RN code and the original key S to obtain a new Key S1', or use the original key S as a key, use the aforementioned block encryption algorithm to encrypt the RN code, and then add a service protection code to the end of the encrypted RN code to obtain a new key S1'. That is, as long as the information (such as service protection code and original key S) possessed by the smart home device 130-1 or other related clients (such as client 101-m) is used as the key of the block encryption algorithm to generate a new key S1' is fine.

In some embodiments, the key verification information Vs1 can be calculated in the following manner:

Using the HMAC algorithm, using the service protection code T as the key, the RN code is transformed to generate the MAC value, which is the key verification information Vs1.

It can be understood that, in the embodiments of the present application, the key verification information Vs1 can also be calculated in other ways. For example, using the HMAC algorithm, using the original key S as the key, the RN code is transformed to generate the MAC value, and the MAC value is the key verification information Vs1. Or, using the service protection code T or the original key S as the key, the new key S1' is converted to generate the MAC value, which is the key verification information Vs1. That is, as long as the information (such as the service protection code and the original key S) possessed by the smart home device 130-1 or other related clients (such as the client 101-m) is used as the key.

As mentioned above, other key-based message verification codes can also be used to generate the key verification information Vs1, which is not limited here.

806: The client 101-1 sends a key update request to the server 102. The key update request may include the RN code and key verification information Vs1.

808: The server 102 determines the smart home devices and other clients under the account used by the client 101-1 to log in to the server 102. For example, it is determined that the account has a smart home device 103-1 and a client 101-m.

810: The server 102 establishes a connection with the determined smart home devices and clients, and forwards the RN code and key verification information Vs1 in the key update request to these smart home devices and clients, for example, to the smart home Device 103-1 and client 101-m.

812: After the smart home device 103-1 and the client 101-m receive the RN code and key verification information Vs1, they use the received RN code, the service protection code T and the original key S stored by themselves, and the client 101-1 The method of generating a new key S1', generating a new key S2'.

Specifically, in some embodiments, the smart home device 103-1 and the client 101-m may calculate the new key S2' in the following manner:

Use the original key S stored by itself as the key, and use the aforementioned block encryption algorithm to encrypt the RN code and the service protection code T to obtain a new key S2'. For example, AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, SM 4 algorithm, SIMON algorithm, SPECK code algorithm, etc. can be used

It can be understood that in the embodiments of the present application, the key S2' can also be calculated in other ways, for example, using the service protection code T stored in itself as the key, and using the aforementioned block encryption algorithm to encrypt the RN code and the original key S, Obtain the new key S2', or use the original key S as the key, use the aforementioned block encryption algorithm to encrypt the RN code, and then add the service protection code to the end of the encrypted RN code to obtain the new key S2'. That is, as long as the information (such as service protection code and original key S) possessed by the smart home device 130-1 or other related clients (such as client 101-m) is used as the key of the block encryption algorithm to generate a new key S1' is fine.

814: The smart home device 103-1 and the client 101-m use the received key verification information Vs1 to verify whether the generated new key S2' is the same as the key S1' generated by the client 101-1.

Specifically, the smart home device 103-1 and the client 101-m can use the client 101-1 to generate the same message code authentication algorithm and key as the key verification information Vs1, generate the key verification information Vs2, and determine the generation Is Vs2 the same as Vs1? If the two are the same, it is determined that the generated new key S2' is the same as the key S1' generated by the client 101-1, and enters 816; otherwise, it is determined that the generated new key S2' is generated by the client 101-1 The keys S1' of are not the same, and a message that the update has failed is sent to the server 102.

In some embodiments, the key verification information Vs2 can be calculated in the following manner:

Using the HMAC algorithm, using its own storage service protection code T as a key, the received RN code is transformed to generate a MAC value, which is the key verification information Vs2.

It can be understood that, in the embodiments of the present application, the key verification information Vs2 can also be calculated in other ways. For example, using the HMAC algorithm and using the original key S as the key, the received RN code is transformed to generate a MAC value, which is the key verification information Vs2. Or, using the service protection code T or the original key S as the key, the new key S2' is converted to generate the MAC value, and the MAC value is the key verification information Vs2. That is, as long as the information (such as the service protection code and the original key S) possessed by the smart home device 130-1 or other related clients (such as the client 101-m) is used as the key.

As mentioned above, other key-based message verification codes can also be used to generate the key verification information Vs2, which is not limited here.

816: The newly generated key S2' is encrypted and stored.

It can be understood that in other embodiments, the key S may also be updated in other ways. For example, the client 101-1 directly generates a new key different from the key S, and generates a new key based on the RN code, which is not limited here.

It can be understood that, in other embodiments, the client 101-1 may also directly send the random code and key verification information to the smart home device 103-1 and the client 101-m, instead of sending it through the server 102. The other verification process and the process of generating a new key are the same as those described in FIG. 8, and will not be repeated here.

FIG. 9 shows a schematic diagram of the structure of the electronic device 900.

The electronic device 900 may be any one of a client, a smart home device, and a server in the aforementioned Internet of Things system 100. Specifically, as shown in FIG. 9, the electronic device 900 includes a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, and a power management module 141, Battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, earphone jack 170D, sensor module 180, buttons 190, motor 191, indicator 192, Camera 193, display screen 194, subscriber identification module (SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light Sensor 180L, bone conduction sensor 180M, etc.

It can be understood that the structure illustrated in the embodiment of the present invention does not constitute a specific limitation on the electronic device 900. In other embodiments of the present application, the electronic device 900 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components. The illustrated components can be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units. For example, the processor 110 may include an application processor (AP), a modem processor, a graphics processing unit (GPU), and an image signal processor. (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (NPU), etc. Among them, the different processing units may be independent devices or integrated in one or more processors. In some embodiments, the processor 110 may be used to generate control instruction ciphertext, ciphertext verification information, protection code verification information, key verification information, etc., to implement the control instructions shown in Figures 2-8 of this application. The method of smart home equipment.

The controller can generate operation control signals according to the instruction operation code and timing signals to complete the control of fetching instructions and executing instructions.

A memory may also be provided in the processor 110 to store instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory can store instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to use the instruction or data again, it can be directly called from the memory. Repeated accesses are avoided, the waiting time of the processor 110 is reduced, and the efficiency of the system is improved.

In some embodiments, the processor 110 may include one or more interfaces.

The charging management module 140 is used to receive charging input from the charger. Among them, the charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive the charging input of the wired charger through the USB interface 130. In some embodiments of wireless charging, the charging management module 140 may receive the wireless charging input through the wireless charging coil of the electronic device 900. While the charging management module 140 charges the battery 142, it can also supply power to the electronic device through the power management module 141.

The wireless communication function of the electronic device 900 can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modem processor, and the baseband processor.

The antenna 1 and the antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in the electronic device 900 can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example: Antenna 1 can be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna can be used in combination with a tuning switch.

The mobile communication module 150 may provide a wireless communication solution including 2G/3G/4G/5G and the like applied to the electronic device 900. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a low noise amplifier (LNA), and the like. The mobile communication module 150 can receive electromagnetic waves by the antenna 1, and perform processing such as filtering, amplifying and transmitting the received electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modem processor, and convert it into electromagnetic waves for radiation via the antenna 1. In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110. In some embodiments, at least part of the functional modules of the mobile communication module 150 and at least part of the modules of the processor 110 may be provided in the same device.

The wireless communication module 160 can provide applications on the electronic device 900 including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), bluetooth (BT), and global navigation satellites. System (global navigation satellite system, GNSS), frequency modulation (FM), near field communication (NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be sent from the processor 110, perform frequency modulation, amplify, and convert it into electromagnetic waves to radiate through the antenna 2.

In some embodiments, the antenna 1 of the electronic device 900 is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the electronic device 900 can communicate with the network and other devices through wireless communication technology.

The electronic device 900 implements a display function through a GPU, a display screen 194, an application processor, and the like. The GPU is an image processing microprocessor, which is connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations and is used for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or change display information.

The display screen 194 is used to display images, videos, and the like. The display screen 194 includes a display panel.

The electronic device 900 can realize a shooting function through an ISP, a camera 193, a video codec, a GPU, a display screen 194, and an application processor.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, so as to expand the storage capacity of the electronic device 900. The external memory card communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example, save music, video and other files in an external memory card.

The internal memory 121 may be used to store computer executable program code, where the executable program code includes instructions. The internal memory 121 may include a storage program area and a storage data area.

The electronic device 900 can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the earphone interface 170D, and the application processor. For example, music playback, recording, etc.

The button 190 includes a power-on button, a volume button, and so on. The button 190 may be a mechanical button. It can also be a touch button. The electronic device 900 may receive key input, and generate key signal input related to user settings and function control of the electronic device 900. The motor 191 can generate vibration prompts. The indicator 192 may be an indicator light, which may be used to indicate the charging status, power change, or to indicate messages, missed calls, notifications, and so on. The SIM card interface 195 is used to connect to the SIM card.

Referring now to FIG. 10, shown is a block diagram of an electronic device 1000 according to an embodiment of the present application. The electronic device 1000 may be any one of a client, a smart home device, and a server in the aforementioned Internet of Things system 100. In one embodiment, the electronic device 1000 may include one or more processors 1004, a system control logic 1008 connected to at least one of the processors 1004, a system memory 1012 connected to the system control logic 1008, and a system control logic 1008 A non-volatile memory (NVM) 1016 is connected, and a network interface 1020 is connected to the system control logic 1008.

In some embodiments, the processor 1004 may include one or more single-core or multi-core processors. In some embodiments, the processor 1004 may include any combination of a general-purpose processor and a special-purpose processor (for example, a graphics processor, an application processor, a baseband processor, etc.). In an embodiment in which the electronic device 1000 adopts an eNB (Evolved Node B, enhanced base station) 101 or a RAN (Radio Access Network, radio access network) controller 102, the processor 1004 may be configured to execute various conforming embodiments , For example, one or more of the multiple embodiments shown in FIGS. 2-8.

In some embodiments, the system control logic 1008 may include any suitable interface controller to provide any suitable interface to at least one of the processors 1004 and/or any suitable device or component in communication with the system control logic 1008.

In some embodiments, the system control logic 1008 may include one or more memory controllers to provide an interface to the system memory 1012. The system memory 1012 can be used to load and store data and/or instructions. In some embodiments, the memory 1012 of the electronic device 1000 may include any suitable volatile memory, such as a suitable dynamic random access memory (DRAM).

The NVM/memory 1016 may include one or more tangible, non-transitory computer-readable media for storing data and/or instructions. In some embodiments, the NVM/memory 1016 may include any suitable non-volatile memory such as flash memory and/or any suitable non-volatile storage device, such as HDD (Hard Disk Drive, hard disk drive), CD (Compact Disc) , At least one of an optical disc drive and a DVD (Digital Versatile Disc, Digital Versatile Disc) drive.

The NVM/memory 1016 may include a part of the storage resources on the device where the electronic device 1000 is installed, or it may be accessed by the device, but not necessarily a part of the device. For example, the NVM/storage 1016 can be accessed through the network via the network interface 1020.

In particular, the system memory 1012 and the NVM/memory 1016 may respectively include: a temporary copy and a permanent copy of the instruction 1024. The instruction 1024 may include an instruction that, when executed by at least one of the processors 1004, causes the electronic device 1000 to implement the method shown in FIGS. 3-4. In some embodiments, the instructions 1024, hardware, firmware, and/or software components thereof may additionally/alternatively be placed in the system control logic 1008, the network interface 1020, and/or the processor 1004.

The network interface 1020 may include a transceiver for providing a radio interface for the electronic device 1000, and then communicate with any other suitable device (such as a front-end module, an antenna, etc.) through one or more networks. In some embodiments, the network interface 1020 may be integrated with other components of the electronic device 1000. For example, the network interface 1020 may be integrated with at least one of the processor 1004, the system memory 1012, the NVM/storage 1016, and the firmware device with instructions (not shown), when at least one of the processor 1004 executes the When instructed, the electronic device 1000 implements the method process shown in Figs. 2-8.

The network interface 1020 may further include any suitable hardware and/or firmware to provide a multiple input multiple output radio interface. For example, the network interface 1020 may be a network adapter, a wireless network adapter, a telephone modem and/or a wireless modem.

In one embodiment, at least one of the processors 1004 may be packaged with the logic of one or more controllers for the system control logic 1008 to form a system in package (SiP). In one embodiment, at least one of the processors 1004 may be integrated on the same die with the logic of one or more controllers used for the system control logic 1008 to form a system on chip (SoC).

The electronic device 1000 may further include: an input/output (I/O) device 1032. The I/O device 1032 may include a user interface to enable the user to interact with the electronic device 1000; the design of the peripheral component interface enables the peripheral components to also interact with the electronic device 1000. In some embodiments, the electronic device 1000 further includes a sensor for determining at least one of environmental conditions and location information related to the electronic device 1000.

In some embodiments, the user interface may include, but is not limited to, a display (e.g., liquid crystal display, touch screen display, etc.), speakers, microphones, one or more cameras (e.g., still image cameras and/or video cameras), flashlights (e.g., LED flash) and keyboard.

In some embodiments, the peripheral component interface may include, but is not limited to, a non-volatile memory port, an audio jack, and a power interface.

In some embodiments, the sensor may include, but is not limited to, a gyroscope sensor, an accelerometer, a proximity sensor, an ambient light sensor, and a positioning unit. The positioning unit may also be part of or interact with the network interface 1020 to communicate with components of the positioning network (eg, global positioning system (GPS) satellites).

FIG. 11 shows another electronic device 1100 according to an embodiment of the present application. The electronic device 1100 may be any one of a client, a smart home device, and a server in the aforementioned Internet of Things system 100. The electronic device 1100 includes at least one processor 1110, a memory 1120, and a transceiver 1130. The processor 1110 is coupled with the memory 1120 and the transceiver 1130. The coupling in the embodiment of the present application is a direct or indirect coupling or a communication connection between devices, units, or modules, and may be in electrical, mechanical, or other forms. Information exchange between devices, units or modules. The embodiment of the present application does not limit the connection medium between the foregoing transceiver 1130, the processor 1110, and the memory 1120. For example, according to some embodiments of the present application, the memory 1120, the processor 1110, and the transceiver 1130 may be connected by a bus, and the bus may be divided into an address bus, a data bus, a control bus, and the like.

The memory 1120 may be used to store program instructions. The transceiver 1130 can be used to receive or transmit data. The processor 1110 may be used to call program instructions stored in the memory 1120, so that the electronic device 1100 executes operations performed by any one of the client, smart home device, and server in FIGS. 2-8.

According to some embodiments of the present application, the processor 1110 may be a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component. Implement or execute the methods, operations, and logical block diagrams disclosed in the embodiments of the present application. The general-purpose processor may be a microprocessor or any conventional processor or the like. The operations combined with the methods disclosed in the embodiments of the present application may be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.

According to some embodiments of the present application, the memory 1120 may be a non-volatile memory or a volatile memory. The memory is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited to this. The memory in the embodiments of the present application may also be a circuit or any other device capable of realizing a storage function for storing program instructions and/or data.

The various embodiments of the mechanism disclosed in this application may be implemented in hardware, software, firmware, or a combination of these implementation methods. The embodiments of the present application can be implemented as a computer program or program code executed on a programmable system. The programmable system includes at least one processor and a storage system (including volatile and non-volatile memory and/or storage elements) , At least one input device and at least one output device.

Program codes can be applied to input instructions to perform the functions described in this application and generate output information. The output information can be applied to one or more output devices in a known manner. For the purposes of this application, a processing system includes any system having a processor such as, for example, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), or a microprocessor.

The program code can be implemented in a high-level programming language or an object-oriented programming language to communicate with the processing system. When needed, assembly language or machine language can also be used to implement the program code. In fact, the mechanism described in this application is not limited to the scope of any particular programming language. In either case, the language can be a compiled language or an interpreted language.

In some cases, the disclosed embodiments may be implemented in hardware, firmware, software, or any combination thereof. The disclosed embodiments can also be implemented as instructions carried by or stored on one or more transient or non-transitory machine-readable (eg, computer-readable) storage media, which can be executed by one or more processors Read and execute. For example, the instructions can be distributed through a network or through other computer-readable media. Therefore, a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (for example, a computer), including, but not limited to, floppy disks, optical disks, optical disks, read-only memories (CD-ROMs), magnetic Optical disk, read only memory (ROM), random access memory (RAM), erasable programmable read only memory (EPROM), electrically erasable programmable read only memory (EEPROM), magnetic or optical card, flash memory, or A tangible machine-readable memory used to transmit information (for example, carrier waves, infrared signals, digital signals, etc.) using the Internet with electric, optical, acoustic, or other forms of propagating signals. Therefore, a machine-readable medium includes any type of machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).

In the drawings, some structural or method features may be shown in a specific arrangement and/or order. However, it should be understood that such a specific arrangement and/or ordering may not be required. Rather, in some embodiments, these features may be arranged in a different manner and/or order than shown in the illustrative drawings. In addition, the inclusion of structural or method features in a particular figure does not imply that such features are required in all embodiments, and in some embodiments, these features may not be included or may be combined with other features.

It should be noted that each unit/module mentioned in each device embodiment of this application is a logical unit/module. Physically, a logical unit/module can be a physical unit/module or a physical unit/ A part of the module can also be realized by a combination of multiple physical units/modules. The physical realization of these logical units/modules is not the most important. The combination of the functions implemented by these logical units/modules is the solution to this application. The key to the technical question raised. In addition, in order to highlight the innovative part of this application, the above-mentioned device embodiments of this application do not introduce units/modules that are not closely related to solving the technical problems proposed by this application. This does not mean that the above-mentioned device embodiments do not exist. Other units/modules.

It should be noted that in the examples and specification of this patent, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply There is any such actual relationship or sequence between these entities or operations. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, but also includes those that are not explicitly listed Other elements of, or also include elements inherent to this process, method, article or equipment. If there are no more restrictions, the element defined by the phrase "including one" does not exclude the existence of other same elements in the process, method, article, or equipment that includes the element.

Although the present application has been illustrated and described by referring to certain preferred embodiments of the present application, those of ordinary skill in the art should understand that various changes can be made in form and details without departing from the present application. The spirit and scope of the application.

Claims (20)

1. A control method for smart home equipment, which is characterized in that it comprises:

   The first client uses the first key to encrypt the control instruction for controlling the smart home device, generates the control instruction ciphertext, and generates the first ciphertext verification information based on the service protection code, wherein the control instruction ciphertext It can be decrypted by the smart home device using the first key stored by itself, and the first cipher text verification information can be used by the smart home device to verify the control command password received by the smart home device. Whether the text is the same as the control instruction cipher text generated by the first client;

   The first client sends the generated control instruction ciphertext and the first ciphertext check information.
2. The method according to claim 1, wherein said sending the generated control instruction ciphertext and first ciphertext check information comprises:

   The first client sends an instruction forwarding request to the server, where the instruction forwarding request includes the device ID of the smart home device, the control instruction ciphertext, and the first ciphertext verification information, and the instruction forwarding The request is used to request the server to forward the control instruction ciphertext and the first ciphertext verification information to the smart home device identified by the device ID.
3. The method according to claim 1, wherein said sending the generated control instruction ciphertext and first ciphertext check information comprises:

   The first client sends the control instruction ciphertext and the first ciphertext verification information to the smart home device.
4. The method according to any one of claims 1 to 3, further comprising:

   The first client sends a service protection code setting request to the server;

   The first client receives an initial service protection code from the server, where the initial service protection code is sent by the server in response to the service protection code setting request;

   The first client prompts the user to modify the initial service protection code to obtain the first service protection code;

   The first client stores the first service protection code, and prompts the user to record the first service protection code.
5. The method of claim 4, further comprising:

   The first client requests the user to input a second service protection code to update the first service protection code, where the first service protection code is different from the second service protection code;

   The first client sends a service protection code update request to the server, where the service protection code update request is used to request the server to send a service protection code update notification to the second client,

   Wherein, the service protection code update notification is used to notify the second client to obtain the second service protection code from the user to update the first service protection code on the second client, the first client and The account used by the second client to log in to the server is the same.
6. The method according to any one of claims 1 to 5, further comprising:

   The first client generates a random code, and generates a second key for updating the first key based on the random code, wherein the first key is different from the second key.
7. 7. The method of claim 6, wherein said generating a second key for updating said first key based on said random code comprises:

   Encrypting the random code and the service protection code by using the first key to generate the second key.
8. The method of claim 7, further comprising:

   The first client generates first key verification information based on the service protection code and the random code, where the first key verification information can be used by the smart home device to verify whether the received random code is The same as the random code generated by the first client.
9. The method according to claim 8, wherein the first client generating first key verification information based on the service protection code and random code comprises:

   The first client uses a key-based message authentication code algorithm, uses the service protection code as an input key, and transforms the random code to generate the first key verification information.
10. The method according to claim 8 or 9, further comprising:

    The first client sends a key update request to the server, where the key update request includes the random code and the first key verification information, and is used to request the server to send the key to the smart home The device forwards the random code and the first key verification information.
11. The method according to claim 1, wherein said generating the first ciphertext verification information based on the service protection code comprises:

    The first client uses the service protection code as an input key, and transforms the control instruction ciphertext through a key-based message authentication code algorithm to obtain the first ciphertext verification information.
12. The method of claim 1, further comprising:

    The first client sends the key encrypted by the service protection code to the second client, where the first client and the second client log in to the server through the same account.
13. A control method for smart home equipment, which is characterized in that it comprises:

    The smart home device receives the control instruction ciphertext and the first ciphertext verification information;

    The smart home device checks whether the received control instruction ciphertext is the same as the control instruction ciphertext generated by the client according to the business protection code it has and the first ciphertext verification information;

    When the smart home device verifies that the received control instruction ciphertext is the same as the control instruction ciphertext generated by the client, the smart home device decrypts the control instruction ciphertext with its own first key to obtain the control instruction;

    The smart home device executes the control instruction.
14. The method according to claim 13, wherein the smart home device checks whether the received control instruction ciphertext is consistent with the client based on the service protection code it has and the first ciphertext verification information. The control instruction ciphertext generated by the terminal includes:

    The smart home device uses the service protection code it has as an input key, and transforms the received control instruction ciphertext through a key-based message authentication code algorithm to obtain second ciphertext verification information;

    When the smart home device determines that the second cipher text verification information is the same as the received first cipher text verification information, the smart home device verifies that the received control instruction cipher text is generated by the client The ciphertext of the control command is the same.
15. The method according to claim 13 or 14, further comprising:

    The smart home device receives the random code and the first key verification information sent by the server;

    The smart home device verifies whether the received random code is the same as the random code generated by the client according to the first key verification information;

    When the smart home device verifies that the received random code is the same as the random code generated by the client, the second key is generated based on the random code to update the first key in the smart home device.
16. The method of claim 15, wherein the smart home device checking whether the received random code is the same as the random code generated by the client according to the first key verification information comprises:

    The smart home device uses the service protection code as an input key, and transforms the received random code through a key-based message authentication code algorithm to generate second key verification information;

    Determining, by the smart home device, whether the generated second key verification information is the same as the received first key verification information;

    When the smart home device verifies that the first key verification information is the same as the second key verification information, it determines that the received random code is the same as the random code generated by the client.
17. The method of claim 15, wherein the generating a second key based on the random code comprises:

    The smart home device uses the first key to encrypt the service protection code and the received random code to generate the second key.
18. A control method for smart home equipment, which is characterized in that it comprises:

    The server receives an instruction forwarding request from the first client, where the instruction forwarding request includes the device ID of the smart home device, the control instruction ciphertext, and the first ciphertext verification information, wherein the control instruction ciphertext can be The smart home device uses the first key stored in itself to decrypt, and the first cipher text verification information can be used by the smart home device to verify whether the cipher text of the control instruction received by the smart home device is consistent with The control instruction ciphertexts generated by the first client are the same;

    The server forwards the control instruction ciphertext and the first ciphertext verification information to the smart home device identified by the device ID.
19. A computer-readable medium, characterized in that instructions are stored on the computer-readable medium, and when the instructions are executed on a machine, the machine executes the smart home device according to any one of claims 1 to 18. Control Method.
20. A terminal including:

    One or more processors; and

    The memory is used to store instructions; when the instructions are executed by the one or more processors, the terminal is made to execute the control method for smart home devices according to any one of claims 1 to 18.

Images