WO2022048125A1

WO2022048125A1 - Information processing method and apparatus, device and storage medium

Info

Publication number: WO2022048125A1
Application number: PCT/CN2021/079365
Authority: WO
Inventors: 罗朝明; 茹昭
Original assignee: Oppo广东移动通信有限公司
Priority date: 2020-09-06
Filing date: 2021-03-05
Publication date: 2022-03-10
Also published as: CN115769542A; CN114157413A

Abstract

Embodiments of the present application relate to the technical field of communications, and provide an information processing method and apparatus, a device and a storage medium. The method comprises: a device that is to access a network broadcasts a beacon of a first access point, the beacon comprising a key calculation parameter and/or a device identifier of said device, and the key calculation parameter being used for determining an access key for performing identity authentication between said device and a distribution network device; and the distribution network device receives the beacon of the first access point. According to the embodiments of the present application, a key calculation parameter is added to the beacon of the access point started by the device that is to access a network, and the key calculation parameter is used for determining an access key for performing identity authentication between said device and a distribution network device, thereby providing a basis for performing the identity authentication between said device and the distribution network device, and facilitating the implementation of the identity authentication between said device and the distribution network device.

Description

Information processing method, apparatus, equipment and storage medium

This application claims the priority of the Chinese patent application with the application number 202010925363.1 and the invention title "Information Processing Method, Apparatus, Equipment and Storage Medium" filed on September 6, 2020, the entire contents of which are incorporated into this application by reference .

technical field

The embodiments of the present application relate to the field of communication technologies, and in particular, to an information processing method, apparatus, device, and storage medium.

Background technique

Intelligent devices include devices, instruments, and machines with computing and processing capabilities. Usually, in the case of using a smart device for the first time or in the usage scenario of replacing the smart device (such as replacing the smart device from one network environment to another network environment), it is necessary to configure the network for the smart device. The smart device is connected to the network, and then the smart device is controlled through the network.

The related art provides a variety of methods for configuring smart devices to access the network, mainly including: soft AP (Access Point, access point) distribution network (hereinafter referred to as "soft AP distribution network") and scanning code distribution network. The main process of soft AP distribution network is as follows: the smart device turns on the soft AP and broadcasts the soft AP's beacon; the distribution network device joins the soft AP after scanning the soft AP's beacon; The network device can send the network configuration information of the AP to be accessed to the smart device. After that, the smart device closes the soft AP and accesses the AP according to the network configuration information, thereby completing the network configuration process. The main process of scanning the code to configure the network is as follows: the network configuration device displays the network configuration information of the AP that needs to be connected in the form of a QR code; the smart device scans the QR code displayed by the network configuration device to obtain the network configuration information, and then according to The network configuration information is connected to the AP to complete the network configuration process.

However, the above-mentioned network configuration process does not involve the identity authentication of the smart device, so it is very likely that a counterfeit smart device can obtain the network configuration information of the AP, which will lead to the leakage of the network configuration information of the AP, which will greatly affect the security of the AP. threat. Therefore, how to realize the identity authentication of the smart device to improve the security of the AP needs further discussion and research.

SUMMARY OF THE INVENTION

Embodiments of the present application provide an information processing method, apparatus, device, and storage medium. The technical solution is as follows:

On the one hand, an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:

Broadcast the beacon of the first access point, the beacon includes key calculation parameters and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the network distribution device The access key to perform authentication between.

On the other hand, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:

Receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device The access key to perform authentication.

In another aspect, an embodiment of the present application provides an information processing method, which is applied to a device to be connected to a network, and the method includes:

A first graphic code is displayed, and the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, and the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information from the network configuration device, the network configuration information is used to configure the device to be connected to the network to access the second access point.

In another aspect, an embodiment of the present application provides an information processing method, which is applied to a distribution network device, and the method includes:

Scan the first graphic code of the device to be connected to the network, the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, the information The encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

Scan the third graphic code displayed by the distribution network device, where the third graphic code includes the network configuration information and key calculation parameters encrypted with the information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.

Displaying a third graphic code, the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.

First information from the distribution network device is received, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

Send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

In another aspect, an embodiment of the present application provides an information processing apparatus, which is set in a device to be connected to a network, and the apparatus includes:

A beacon broadcasting module, configured to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.

In another aspect, an embodiment of the present application provides an information processing apparatus, which is set in a distribution network device, and the apparatus includes:

A beacon receiving module, configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device identifier of the device to be accessed. The access key for performing identity authentication between the distribution network devices.

a first display module, configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key, The information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

The second scanning module is used to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

a third scanning module, configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

a third display module, configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

The first receiving module is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

The first sending module is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

In another aspect, an embodiment of the present application provides a device to be connected to a network, where the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:

The transceiver is used to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.

In another aspect, an embodiment of the present application provides a network distribution device, where the network distribution device includes: a processor, and a transceiver connected to the processor; wherein:

The transceiver is configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device ID of the device to be connected to the network. The access key for performing identity authentication between the distribution network devices.

In another aspect, an embodiment of the present application provides a device to be connected to a network, and the device to be connected to a network includes: a processor, and a transceiver connected to the processor; wherein:

The processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key, The information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

The processor is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

The processor is configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

the processor, configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

The transceiver is configured to receive first information from a distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

The transceiver is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

In another aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a device to be connected to the network, so as to implement the device to be connected to the network as described above. side information processing methods.

In another aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a network distribution device, so as to realize the above-mentioned network distribution device side information processing methods.

In another aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on the device to be connected to the network, it is used to implement the above-mentioned device to be connected to the network side. Information processing method.

On the other hand, an embodiment of the present application provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a distribution network device, it is used to implement the above-mentioned configuration on the distribution network device side. Information processing method.

In another aspect, an embodiment of the present application provides a computer program product, which is used to implement the above-mentioned information processing method on the device to be connected to the network when the computer program product runs on the device to be connected to the network.

In another aspect, an embodiment of the present application provides a computer program product, which is used to implement the information processing method on the side of the distribution network device as described above when the computer program product runs on the distribution network device.

Description of drawings

In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings that are used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.

1 is a schematic diagram of a distribution network system provided by an embodiment of the present application;

Fig. 2 is the flow chart of soft AP distribution network provided by an embodiment of the present application;

3 is a flowchart of a scanning code distribution network provided by an embodiment of the present application;

FIG. 4 is a flowchart of security authentication provided by an embodiment of the present application;

5 is a flowchart of an information processing method provided by an embodiment of the present application;

6 is a flowchart of a method for determining an access key provided by an embodiment of the present application;

7 is a flowchart of an information processing method provided by another embodiment of the present application;

8 is a flowchart of an information processing method provided by another embodiment of the present application;

9 is a flowchart of a method for determining an information decryption key and an information encryption key provided by an embodiment of the present application;

10 is a flowchart of an information processing method coupled with a network distribution process provided by an embodiment of the present application;

11 is a flowchart of an information processing method decoupled from a distribution network process provided by an embodiment of the present application;

12 is a flowchart of an information processing method decoupled from a distribution network process provided by another embodiment of the present application;

13 is a flowchart of an information processing method provided by another embodiment of the present application;

14 is a flowchart of a method for determining an information decryption key and an information encryption key provided by another embodiment of the present application;

15 is a flowchart of an information processing method provided by yet another embodiment of the present application;

16 is a flowchart of an information processing method provided by yet another embodiment of the present application;

17 is a flowchart of a method for determining an information decryption key and an information encryption key provided by yet another embodiment of the present application;

18 is a flowchart of an information processing method provided by yet another embodiment of the present application;

19 is a block diagram of an information processing apparatus provided by an embodiment of the present application;

20 is a block diagram of an information processing apparatus provided by another embodiment of the present application;

21 is a block diagram of an information processing apparatus provided by another embodiment of the present application;

22 is a block diagram of an information processing apparatus provided by another embodiment of the present application;

23 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

24 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

25 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

FIG. 26 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

27 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

28 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

FIG. 29 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

30 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

31 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

32 is a block diagram of an information processing apparatus provided by another embodiment of the present application;

33 is a block diagram of an information processing apparatus provided by another embodiment of the present application;

34 is a block diagram of an information processing apparatus provided by still another embodiment of the present application;

35 is a schematic structural diagram of a device to be connected to a network provided by an embodiment of the present application;

FIG. 36 is a schematic structural diagram of a distribution network device provided by an embodiment of the present application.

detailed description

In order to make the objectives, technical solutions and advantages of the present application clearer, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.

Please refer to FIG. 1 , which shows a schematic diagram of a network distribution system provided by an embodiment of the present application. The network distribution system may include: a device to be connected to a network 110 and a network distribution device 120 .

The device 110 to be connected to the network refers to a device with network access capability, for example, a device with WiFi (Wireless Fidelity, wireless fidelity) access capability. Optionally, the device 110 to be connected to the network is a smart device (such as VR (Virtual Reality, virtual reality) glasses, a smart wearable device, etc.), a terminal device, or other device with network access capability, which is not made in this embodiment of the present application. limited. In an example, as shown in FIG. 1 , when the distribution network system is applied to smart home life, the device 110 to be connected to the network may be a smart TV, a smart speaker, a smart air conditioner, a smart lamp, a smart door and window, a smart curtain, and a smart socket. and other smart home devices. Optionally, there is one device 110 to be connected to the network, or there are multiple devices 110 to be connected to the network, which is not limited in this embodiment of the present application. Determine the maximum number of devices that can be managed, etc.

The network distribution device 120 refers to a device capable of configuring network access. Optionally, the network distribution device 120 may be a server, terminal device, router, terminal device, mobile phone, tablet computer, wearable device, or other devices capable of configuring network access. , this embodiment of the present application does not limit this. In practical applications, the implementation form of the distribution network device 120 may be determined in combination with the application scenario of the distribution network system. In an example, as shown in FIG. 1 , when the distribution network system is applied to smart home life, considering that the home environment has the characteristics of small area and frequent activities, the use of distribution network equipment 120 that occupies a large space will affect the normal operation. For home life, the distribution network device 120 can be implemented as a router, a terminal device, a mobile phone, a tablet computer, a wearable device, and the like. Optionally, for a certain distribution network system, the number of distribution network devices corresponding to the distribution network system may be one or multiple, which is not limited in this embodiment of the present application. Generally, for the purpose of saving resources and the like, Consider that the number of distribution network devices corresponding to a distribution network system is one. Optionally, the network distribution devices corresponding to different distribution network systems are different, so that the device 110 to be connected to the network corresponding to a certain distribution network system is bound to the network distribution device 120 under the distribution network system. When the network system is implemented as a smart home life, taking the family as a unit, the devices to be connected to the network in a certain family are bound to the distribution network devices of the family.

In this embodiment of the present application, the network configuration device 120 can configure the device 110 to be connected to the network to access the AP, that is, configure the device to be connected to the network 110 to access the network. In the related art, there are mainly two ways to configure the network access device 110 to be connected to the network: soft AP network configuration and code scanning configuration network. In the following, the two network distribution methods are introduced and explained respectively.

Please refer to FIG. 2 , which shows a flowchart of a soft AP network configuration provided by an embodiment of the present application. As shown in Figure 2, the process of soft AP network configuration mainly includes the following steps:

Step 210, the device to be connected to the network starts the soft AP and broadcasts the beacon of the soft AP.

In the embodiment of the present application, the device to be connected to the network can start the soft AP when it enters the network distribution mode. After the device to be connected to the network starts the soft AP, it can broadcast the beacon of the soft AP. Optionally, the beacon of the soft AP includes at least one of the following contents: the device ID (Identifier, identification) of the device to be connected to the network, a user-defined network name , the protocol name of the application protocol, etc. The device ID may be the MAC (Media Access Control Address, media access control) address of the device to be connected to the network. Optionally, the beacon of the soft AP includes at least one of the following fields: a BSSID (Basic Service Set Identifier, basic service set identifier) field, an SSID (Service Set Identifier, service set identifier) field, and a vendor specific (Vendor Specific) field.

Step 220, when the network configuration device scans the beacon of the soft AP, it joins the soft AP.

The distribution network device can scan the beacons broadcast by other devices on different channels. When the distribution network device scans the beacon of the soft AP on the channel where the device to be connected broadcasts the beacon of the soft AP, it can join the soft AP. Optionally, after scanning the beacon of the soft AP, the network configuration device confirms whether the SSID field in the beacon conforms to the preset format, and adds it to the soft AP if the SSID field conforms to the preset format.

Step 230: Establish a communication connection between the network distribution device and the device to be connected to the network.

After connecting to the soft AP, the network distribution device can establish a communication connection with the device to be connected through the soft AP. Optionally, the communication between the network distribution equipment and the equipment to be connected to the network satisfies the TCP (Transmission Control Protocol, Transmission Control Protocol) protocol, and thus, the communication connection between the network distribution equipment and the equipment to be connected to the network can also be referred to as a TCP connection; or , the communication between the network distribution device and the device to be connected to the network satisfies the UDP (User Datagram Protocol) protocol, so the communication connection between the distribution network device and the device to be connected to the network can also be called a UDP connection.

Step 240: The network distribution device sends an information acquisition request to the device to be connected to the network.

The information acquisition request is used to request to acquire information about APs that can be accessed by the device to be connected to the network. Optionally, the information acquisition request is used to request to acquire the SSID field of the AP that the device to access can access and/or the signal strength of the AP that can be accessed. . In this embodiment of the present application, after entering the network distribution mode, the device to be connected may scan the AP's beacon according to a certain period (for example, 10 seconds), and determine whether it can access the AP according to the SSID field in the beacon.

In step 250, the device to be connected to the network sends the information of the accessible AP to the network distribution device.

After receiving the information acquisition request, the device to be connected to the network, in response to the information acquisition request, sends information about APs that can be accessed by the device to be connected to the network to the network distribution device, so as to access the AP information. Optionally, the accessible AP information includes at least one of the following: the SSID field of the accessible AP, and the signal strength of the accessible AP.

Step 260: The network configuration device sends network configuration information to the device to be connected to the network.

After receiving the accessible AP information sent by the device to be connected to the network, the network distribution device can select the AP to be accessed by the device to be connected to the network according to the information of the accessible APs. This embodiment of the present application does not limit the manner in which the network configuration device selects the AP to be accessed by the network access device. Optionally, the network configuration device determines the AP with the highest signal strength indicated by the accessible AP information as the AP to be accessed by the network access device. . After the network configuration device selects the AP to be accessed by the device to be connected to the network, it can send network configuration information to the device to be connected to the network to configure the device to be connected to the selected AP. Optionally, the network configuration information includes at least one of the following: the SSID field of the AP to be accessed by the device to be connected to the network, and the authentication information of the AP to be accessed by the device to be connected to the network. Optionally, the authentication information of the AP to be accessed by the device to be connected to the network includes the password of the AP to be accessed by the device to be connected to the network.

Step 270: The device to be connected to the network sends a configuration response message to the network configuration device.

The configuration response message is used to respond to the network configuration information sent by the network configuration device, so as to indicate to the network configuration device whether the device to be connected to the network has received the network configuration information. Optionally, the network configuration device receives the network configuration information by default after sending the network configuration information to the device to be connected to the network. In the case that the device to be connected to the network successfully receives the network configuration information, it may not send the configuration information to the network configuration device. Response message; if the device to be connected to the network fails to receive the network configuration information successfully, such as the device to be connected to the network cannot parse the network configuration information, it can send a configuration response message to the network configuration device.

Step 280, the network configuration device cancels access to the soft AP.

After the network configuration device sends the network configuration information to the device to be connected to the network, it can disconnect the connection with the soft AP started by the device to be connected to the network, that is, cancel the access to the soft AP. Optionally, the distribution network device cancels access to the soft AP after sending the network configuration information; or, after receiving the configuration response message, the distribution network device cancels access to the soft AP, and the embodiment of the present application cancels access to the distribution network device. The timing of soft AP is not limited.

Step 290, the device to be connected to the network closes the soft AP.

Since the device to be connected to the network usually cannot access two APs at the same time, the device to be connected to the network needs to close the soft AP to access the AP indicated by the network configuration information. Optionally, after receiving the network configuration information, the device to be connected to the network closes the soft AP; or, the device to be connected to the network closes the soft AP after sending a configuration response message to the distribution network device; After entering the soft AP, the soft AP is closed. The embodiment of the present application does not limit the timing of closing the soft AP for the device to be connected to the network.

After the device to be connected to the network cancels access to the soft AP, it can access the AP indicated by the network configuration information according to the authentication information in the network configuration information. After the network distribution device cancels access to the soft AP, in order to continue to control and manage the device to be connected to the network, it can also access the AP indicated by the network configuration information. Therefore, the network distribution device and the device to be connected to the network establish a communication connection through the access AP.

Please refer to FIG. 3 , which shows a flowchart of a scanning code distribution network provided by an embodiment of the present application. As shown in Figure 3, the process of scanning code distribution network mainly includes the following steps:

Step 310, the network distribution device scans the two-dimensional code of the device to be connected to the network.

If the device to be connected to the network has the screen display function, the device to be connected to the network can display the QR code on its screen; if the device to be connected to the network does not have the function of screen display, the device manufacturer of the device to be connected to the network can leave the factory of the device to be connected to the network , paste the QR code on the device to be connected to the network. In the embodiment of the present application, the two-dimensional code of the device to be connected to the network indicates the device information of the device to be connected to the network. Optionally, the device information includes at least one of the following: the device type of the device to be connected to the network, and the device public key. The network distribution device scans the QR code of the device to be connected to the network to obtain the device information of the device to be connected to the network.

Step 320, the network distribution device generates a two-dimensional code according to the network configuration information and displays the two-dimensional code.

The network configuration device can determine the AP to be accessed by the device to be connected to the network, and determine the network configuration information corresponding to the AP. Optionally, the network configuration information includes at least one of the following: the SSID field of the AP to be accessed by the device to be connected to the network, the device to be connected to the network. Authentication information of the access AP. Optionally, the authentication information of the AP to be accessed by the device to be connected to the network includes the password of the AP to be accessed by the device to be connected to the network. The network distribution device can encrypt the network configuration information according to the device public key of the device to be connected to the network obtained by scanning, and generate a two-dimensional code according to the encrypted network configuration information for the device to be connected to the network to scan.

Step 330, the device to be connected to the network scans the two-dimensional code provided by the network distribution device to obtain network configuration information.

The device to be connected to the network scans the QR code provided by the distribution device to obtain the network configuration information provided by the distribution device. Since the two-dimensional code provided by the network distribution device is generated by encrypting the network configuration information with the device public key of the device to be connected to the network, after the device to be connected to the network scans the two-dimensional code provided by the network distribution device, it obtains the encrypted network configuration information. It uses the device public key to decrypt to obtain the network configuration information.

Step 340, the device to be connected to the network accesses the AP.

The AP indicated by the network configuration information can be accessed according to the authentication information of the AP obtained by scanning. After the network access device accesses the AP, it can further access the cloud platform for authentication and so on.

It can be seen from the above network distribution process that the above network distribution process does not involve the identity authentication of the smart device, so it is very likely that a counterfeit smart device can obtain the network configuration information of the AP, resulting in the leakage of the network configuration information of the AP. AP security poses a great threat. In addition, for the soft AP distribution network, if it is necessary to verify the identity of the network access device during the soft AP network distribution process, the network distribution device needs to be used as a proxy service, that is, the network distribution device is connected to the network device to start. In the case of a soft AP, obtain the device certificate of the device to be connected to the network; after that, the network configuration device switches from the soft AP to the AP that the device to be connected to accesses to connect to the cloud service, and forwards the device certificate of the device to be connected to the cloud service. , after the cloud service verification is passed, the verification result is fed back to the distribution network device; then, the distribution network device needs to switch from the AP to be accessed by the device to be connected back to the soft AP, and then set the network configuration information of the AP to be accessed by the device to be connected to the network ( such as SSID and password, etc.). It can be seen that this process requires network distribution equipment to switch back and forth between different access points, which is cumbersome and inefficient.

Based on this, the embodiments of the present application provide an information processing method, which can be used to solve the above technical problems. Hereinafter, the technical solutions of the present application will be described with reference to several embodiments.

Before the technical solutions of the present application are introduced and explained, the security authentication process involved in the embodiments of the present application is introduced and explained. The embodiment of the present application adopts a 4-way handshake (Sample 4-way handshake) process for security authentication, wherein:

4-Way Handshake Message 1 (message 1 in the 4-way handshake): Authenticator (authentication party) sends EAPOL (Extensible Authentication Protocol, Extended Authentication Protocol)-Key carrying ANonce (random number generated by AP) to Supplicant (requester)-Key (key).

4-Way Handshake Message 2 (Message 2 in the 4-way handshake): The Supplicant sends the EAPOL-Key carrying the SNonce (a random number generated by the STA) and other information to the Authenticator. Among them, after receiving the ANonce, the Supplicant can calculate the PTK (Pairwise Transient Key, paired temporary key) according to the ANonce. The calculation formula of the PTK is as follows:

PTK=PRF-Length(PMK,"Pairwise key expansion",Min(AA,SPA)||Max(AA,SPA)||Min(ANonce,SNonce)||Max(ANonce,SNonce)).

After the Authenticator receives the SNonce, it can generate a PTK, and compare the received MIC with the MIC generated by itself for integrity verification. If the verification fails, the handshake fails.

4-Way Handshake Message 3 (Message 3 in the 4-way handshake): The Authenticator sends an EAPOL-Key carrying GTK (Group Transient Key, group temporary key) and MIC (Message Integrity Code, message integrity check code) to Supplicant.

4-Way Handshake Message 4 (message 4 in the 4-way handshake): Supplicant sends the EAPOL-Key for confirmation to the Authenticator. After receiving the 4-Way Handshake Message 3, the Supplicant can use the PTK generated by itself to decrypt the GTK, and verify the MIC at the same time. If there is no error, it will send an ACK (Acknowledge) to the Authenticator for confirmation.

After Authenticator and Supplicant complete the authentication, the control port of Authenticator will be opened, so that 802.11 data frames will be able to pass normally, and all unicast data frames will be protected by PTK, and all multicast data and broadcast data will be protected by PTK. GTK protection.

It can be seen from the above 4-way handshake process that the calculation parameters of PTK include PMK. If the PMKs of the two parties are inconsistent, the calculated PTKs are also inconsistent, and the two parties cannot correctly parse the data of the other party, and thus cannot complete the handshake, then Supplicant will not be able to. Access Authenticator. In addition, in the related art, the PMK is a common key (that is, the password of the Authenticator) predicted by the Supplicant and the Authenticator, and there is a great risk of leakage, which is not conducive to security protection.

Please refer to FIG. 5 , which shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 . The method may include the following steps:

Step 510, the device to be connected to the network broadcasts the beacon of the first access point, the beacon includes the key calculation parameter and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the connection between the device to be connected to the network and the network distribution device. The access key to perform authentication.

The device to be connected to the network can start the first access point when it enters the network distribution mode. Optionally, the device to be connected to the network automatically enters the network configuration mode when it is turned on for the first time, or the device to be connected to the network is operated by the user to passively trigger entering the distribution network. model. Optionally, the first access point is a soft AP started by the device to be connected to the network.

In the embodiment of the present application, after the device to be connected to the network starts the first access point, the beacon of the first access point may be broadcast, and the beacon includes the key calculation parameter and/or the device identifier of the device to be connected to the network. The device identifier of the device to be connected to the network includes the device ID of the device to be connected to the network, so as to uniquely identify the device to be connected to the network. The key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device. Optionally, the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the content of the key calculation parameter. Optionally, the key calculation parameter includes a predefined value; or, the key calculation parameter includes a random number. This embodiment of the present application does not limit the generation method of the key calculation parameter. Optionally, the key calculation parameter is pre-configured by the device cloud platform (the cloud platform corresponding to the device to be connected to the network); or, the key calculation parameter is generated by the device to be connected to the network. . In an example, in order to reduce the risk of leakage of the key calculation parameter and improve the security of the key calculation parameter, the key calculation parameter includes a random number generated by the device to be connected to the network. Optionally, the beacon of the first access point further includes a pre-shared verification identifier F, optionally, the pre-shared verification identifier occupies at least 1 bit.

In one example, the beacon of the first access point includes at least one of the following fields: a BSSID field, an SSID field, and a custom field (eg, a Vendor Specific field). Optionally, any one of the key calculation parameter and the device identification of the device to be connected to the network can be set in any of the above fields, that is, the BSSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, The SSID field includes key calculation parameters and/or the device identification of the device to be connected to the network; or, the custom field includes key calculation parameters and/or the device identification of the device to be connected to the network. For example, the key calculation parameter is set in the SSID field, and the device identifier of the device to be connected to the network is set in the BSSID field. Usually, due to permission restrictions, custom fields can sometimes not be acquired by other devices, and the compatibility is poor. Therefore, the key calculation parameters and the device ID of the device to be connected to the network can be in fields other than the custom fields to avoid configuring network devices. Not available.

In the embodiment of the present application, the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network. The device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the cloud platform of the device manufacturer (ie, the cloud platform corresponding to the device to be connected to the network).

For the calculation process of the access key (first access key) on the side of the device to be connected to the network, please refer to the following method embodiments, and details are not repeated here.

Step 520, the distribution network device receives the beacon of the first access point.

The distribution network device can scan the beacons broadcast by other devices on different channels, so that on the channel where the device to be connected broadcasts the beacon of the first access point, the distribution network device can scan the beacon of the first access point , that is, the distribution network device can receive the beacon of the first access point. Optionally, after receiving the beacon of the first access point, the network distribution device may further parse the beacon of the first access point to obtain the device identification and/or key calculation parameters of the device to be connected to the network. After that, the network distribution device can send the key calculation parameters and/or the device identification of the device to be connected to the network to the distribution cloud platform, and the distribution cloud platform and the device cloud platform calculate the access to perform identity authentication between the device to be connected to the network and the network distribution device. key.

For the calculation process of the access key (second access key) on the side of the distribution network device, please refer to the following method embodiments, and details are not repeated here.

To sum up, the technical solutions provided by the embodiments of this application add a key calculation parameter to the beacon of the access point activated by the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device. The access key for performing identity authentication between devices provides a basis for performing identity authentication between the device to be connected to the network and the device to be deployed on the network, which is helpful for the subsequent realization of identity authentication between the device to be connected to the network and the device to be connected to the network. In addition, in the embodiment of the present application, the identity authentication between the device to be accessed and the network distribution device is performed before the device to access the network obtains the network configuration information, that is, the device to be connected to the network can obtain the network configuration information only when the identity authentication is passed. , thereby reducing the risk of network configuration information leakage and improving the security of the access point. In addition, in this embodiment of the present application, it is only necessary to add a key calculation parameter to the beacon of the access point activated by the device to be connected to the network, and then the identity authentication of the device to be connected to the network and the network distribution device can be realized. The network device switches the access point back and forth to verify the identity of the device to be connected to the network. The embodiment of the present application simplifies the identity authentication process and improves the identity authentication efficiency.

The following describes the calculation process of the access key (first access key) on the side of the device to be connected to the network and the access key (second access key) on the side of the distribution device.

First, the calculation process of the access key (first access key) on the side of the device to be connected to the network is described.

In an example, as shown in Figure 6, the above method further includes the following steps:

Step 531, the device to be connected to the network determines the first access key based on the key calculation parameter and the first device key.

The first device key is the device key of the device to be connected to the network preset in the device to be connected to the network, that is, the above-mentioned key K. After the device to be connected to the network specifies the key calculation parameter and the first device key, the first access key can be calculated based on the key calculation parameter and the first device key.

In this embodiment of the present application, the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key. Optionally, the above step 531 includes: the device to be connected to the network uses the first key generation algorithm to The key calculation parameter and the first device key are processed to obtain the first encryption key; the first encryption key is processed by the first encoding method to obtain the first access key. Since the first encryption key obtained by the first key generation algorithm is usually binary data, in order to obtain the first access key in the form of a visible string, the first encryption key needs to be encoded. An encoding method encodes the first encryption key. Optionally, the first encoding manner includes: Base64 (representing binary data based on 64 printable characters). Optionally, the first key generation algorithm includes any item: AES (Advanced Encryption Standard, Advanced Encryption Standard) 128-CMAC (Cypher-Based Message Authentication Code, based on symmetric encryption to achieve message authentication), HKDF (HMAC (Hash) -based Message Authentication Code, hash operation message verification code)-based KDF (Key Derivation Function, key derivation function), HMAC-based key derivation function), PBKDF (Password-Based Key Derivation Function, password-based key Derivation function), SHA (Secure Hash Algorithm, secure hash algorithm), DES (Data Encryption Standard, data encryption standard) algorithm, 3DES (Triple DES, triple data encryption standard) algorithm.

Next, the calculation process of the access key (second access key) on the side of the distribution network device is introduced.

Step 532: The distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key.

In order to achieve the same access keys generated by the network distribution device and the device to be connected to the network, the calculation parameters of the second access key need to be the same as the calculation parameters of the first access key. The above-mentioned calculation parameters of the first access key include the key calculation parameters and the first device key. Therefore, the calculation parameters of the second access key should also include the key calculation parameters and the device key of the device to be connected to the network. Usually, in order to ensure the security of the device key of the device to be connected to the network, the device key of the device to be connected to the network is only held by the cloud platform (that is, the device cloud platform) of the device to be connected to the network and the device manufacturer of the device to be connected to the network. Second, the access key needs to be calculated by the device cloud platform.

After receiving the beacon of the first access point, the distribution network device can obtain the device identification and/or key calculation parameters of the device to be connected to the network from the beacon of the first access point, and then the distribution network device sends the data to the distribution network cloud. The platform sends the first acquisition request to request the acquisition of the second access key. This embodiment of the present application does not limit the content of the first acquisition request. Optionally, the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or, the first acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 6, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. First get request.

In the embodiment of the present application, in order to ensure the security of the device key of the device to be connected to the network, the device key of the device to be connected to the network is not held by the network configuration cloud platform. Therefore, after receiving the first acquisition request, the network configuration cloud platform , the second access key needs to be further obtained from the device cloud platform. That is, as shown in FIG. 6, after the above step 532, the following steps are further included:

Step 53A, the distribution network cloud platform determines the device cloud platform.

The distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network. Optionally, the first acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 53B, the distribution network cloud platform sends a third acquisition request to the device cloud platform, where the third acquisition request is used to request to acquire the second access key.

After determining the device cloud platform corresponding to the device to be connected to the network, the network configuration cloud platform may further send a third acquisition request to the device cloud platform to request the device cloud platform to calculate the second access key and request the device cloud platform to store the second access key. The key is sent to the distribution network cloud platform. This embodiment of the present application does not limit the content of the third acquisition request. Optionally, the third acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the third acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 6, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, then the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Three Get Requests.

Step 53C, the device cloud platform calculates the second access key.

Since the third acquisition request carries the key calculation parameters and/or the device identification of the device to be connected to the network, after receiving the third acquisition request, the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, The second device key is the device key of the device to be connected to the network stored in the device cloud platform, that is, the key K. In order to realize the consistency of the first access key and the second access key, the calculation method of the first access key and the calculation method of the second access key should also be consistent. An access key is used to calculate a second access key. Optionally, if the device to be connected to the network adopts the above step 531 to calculate the first access key, the process of calculating the second access key by the device cloud platform is as follows: the device cloud platform adopts the first key generation algorithm to calculate the parameters and the key calculation parameters. The second device key is processed to obtain the second encryption key; the second encryption key is processed by using the first encoding method to obtain the second access key. For an introduction and description of the first key generation algorithm and the first encoding manner, please refer to the foregoing method embodiments, and details are not repeated here.

Optionally, in order to disperse the computational overhead of the second access key, the process of encoding the second encryption key may also be implemented by a distribution network cloud platform or a distribution network device. That is, after the device cloud platform calculates the second encryption key based on the key calculation parameters and the second device key, the encoding process of the second encryption key can be performed by any of the device cloud platform, the distribution network cloud platform, and the distribution network device. one to implement.

Step 53D, the device cloud platform sends the access key information to the distribution network cloud platform.

It can be seen from the above introduction that the device cloud platform can directly calculate the second access key and send the second access key to the distribution network cloud platform, or it can first calculate the second encryption key and send the second encryption key to the cloud platform. Send it to the distribution network cloud platform. Therefore, the access key information sent by the device cloud platform to the distribution network cloud platform includes the second access key or the second encryption key.

Step 534: The distribution network cloud platform sends access key information to the distribution network device, where the access key information is used to determine the second access key.

Optionally, when the access key information includes the second access key, after receiving the access key information, the distribution network cloud platform may directly forward the access key information to the distribution network device. Optionally, when the access key information includes the second encryption key, the distribution network cloud platform can also directly forward the access key information to the distribution network device, and then the distribution network device encodes the second encryption key. Processing, that is, after the above step 534, it further includes: the distribution network device uses the first encoding method to process the second encryption key to obtain the second access key; or, the distribution network cloud platform may The encoding process is performed to obtain the second access key, and the second access key is sent to the distribution network device.

It should be noted that FIG. 6 only uses the device cloud platform to calculate the second access key and send the second access key to the distribution network cloud platform as an example for introduction and description, but this does not constitute the technical solution of the present application. In practical applications, the second encryption key may also be encoded by the distribution network cloud platform or the distribution network device.

In an example, the above method further includes: the device to be connected to the network and the device for network distribution perform identity authentication based on the first access key and the second access key, respectively.

When the device to be connected to the network calculates the first access key and the device to be connected to the network obtains the second access key, the device to be connected to the network and the device to be connected to the network can perform identity authentication based on the first access key and the second access key. Optionally, in this embodiment of the present application, the above-mentioned 4-way handshake process is used for identity authentication, and the device to be connected to the network is equivalent to the Supplicant in the above-mentioned 4-way handshake process, and the network distribution device is equivalent to the Authenticator in the above-mentioned 4-way handshake process. The key is equivalent to the PMK on the Supplicant side in the above-mentioned 4-way handshake process, and the second access key is equivalent to the PMK on the Authenticator side in the above-mentioned 4-way handshake process. Then, if the first access key and the second access key determined by the distribution network device are consistent, the identity authentication can pass; if the first access key and the second access key determined by the distribution network device are inconsistent, Identity authentication cannot be passed. For the specific process of identity authentication performed by the device to be accessed and the network distribution device, please refer to the above-mentioned 4-way handshake process, which will not be repeated here.

In an example, the above method further includes: in the case that the identity authentication is passed, the network distribution device accesses the first access point. After the identity authentication is passed, the network configuration device can access the first access point activated by the device to be connected to the network. Optionally, after the network configuration device accesses the first access point, the network configuration device sends the network configuration to the device to be connected to the network. information, the network configuration information is used to configure the device to be connected to the network to access the second access point.

It should be noted that the embodiments of the present application only take the calculation of the access key based on the key calculation parameter and the device key of the device to be connected to the network as an example. It is easy to think of using other calculation parameters to calculate the access key, such as calculating the access key by using the key calculation parameter, the device key of the device to be connected to the network, and the device identifier of the device to be connected to the network, these should all belong to the protection scope of this application. Inside.

To sum up, in the technical solutions provided by the embodiments of the present application, the device to be connected to the network and the network distribution device respectively obtain the access key according to the key calculation parameter, and perform identity authentication according to the separately obtained access key, so that the device to be connected to the network and the network distribution device can perform identity authentication. Before the device is connected to the network, or before the device to be connected to the network obtains the network configuration information, the identity of the device to be connected to the network is authenticated, so as to avoid leakage of the network configuration information and improve the security of the access point. In addition, in the embodiment of the present application, in order to fully ensure the security of the device key of the device to be connected to the network, the access key on the side of the distribution device is calculated by the cloud platform corresponding to the device to be connected to the network, so as to avoid leaking the device key of the device to be connected to the network. , which improves the effectiveness of identity authentication.

The technical solution of the present application is described below by taking the first access point as a soft AP and the second access point as a home WiFi network as an example. As shown in FIG. 7 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 700, the device to be connected to the network broadcasts the beacon of the soft AP. The beacon includes a key calculation parameter and/or a device identity of the device to be connected to the network, and the key calculation parameter is used to determine an access key for performing identity authentication between the device to be connected to the network and the network distribution device.

Step 710, the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identification and/or key calculation parameters of the device to be connected to the network.

Step 720, the device to be connected to the network determines the first access key based on the key calculation parameter and the first device key. The device to be connected to the network uses the first key generation algorithm to process the key calculation parameter and the first device key to obtain the first encryption key; uses the first encoding method to process the first encryption key to obtain the first access key. key.

Step 730: The distribution network device sends a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key. The first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network. Optionally, as shown in Figure 7, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. First get request.

Step 740, the configuration network cloud platform determines the device cloud platform. The distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 750: The distribution network cloud platform sends a third acquisition request to the device cloud platform, where the third acquisition request is used to request to acquire the second access key. Optionally, as shown in Figure 7, if no secure connection is established between the distribution network cloud platform and the device cloud platform, then the distribution network cloud platform needs to first establish a secure connection with the device cloud platform, and then send the first message to the device cloud platform. Three Get Requests.

Step 760, the device cloud platform calculates the second access key. After receiving the third acquisition request, the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the first key generation algorithm to process the key calculation parameters and the second device key to obtain the second encryption key; uses the first encoding method to process the second encryption key to obtain the second encryption key. access key.

Step 770, the device cloud platform sends the second access key to the distribution network cloud platform.

Step 780: The distribution network cloud platform sends the second access key to the distribution network device.

In step 790, the device to be connected to the network and the network distribution device perform identity authentication based on the first access key and the second access key, respectively. In the case that the first access key and the second access key are consistent, the identity authentication is passed, and the network configuration device can access the soft AP, and send the network configuration information of the home WiFi network to the device to be connected to the network.

It should be noted that the embodiment of the present application does not limit the execution sequence of the above steps, and the above steps can be combined in any execution order on the premise of satisfying the implementation logic. For example, the above-mentioned step 720 may also be performed before the above-mentioned step 710 , or the above-mentioned step 720 may also be performed after the above-mentioned step 780 . These should all fall within the protection scope of the present application.

Please refer to FIG. 8 , which shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 . The method may include the following steps:

Step 810: The network distribution device sends first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

After connecting to the first access point started by the device to be connected to the network, the network distribution device establishes a communication connection with the device to be connected to the network. Optionally, the communication connection between the network configuration device and the device to be connected to the network is a TCP connection or a UDP connection. After the communication connection is established, data transmission can be performed between the network distribution device and the device to be connected to the network. In the embodiment of the present application, the network distribution device sends first information to the device to be connected to the network, where the first information includes a key calculation parameter. The device to be connected to the network can use the key calculation parameter to determine the first information key, and the first information key can be used to decrypt the second information encrypted with the second information key or the network configuration information encrypted with the second information key, It can also be used to encrypt the first reference information. In the case where the first information key and the second information key are the same, the device to be connected to the network can successfully parse the network configuration information or the second information encrypted by the second information key, and then the device to be connected to the network passes the identity authentication; When the first information key and the second information key are the same, and the first reference information and the second reference information are the same, the first reference information encrypted with the first encryption key and the first reference information encrypted with the second encryption key are the same. The two reference information can be consistent, and then the device to be connected to the network can pass the identity authentication.

This embodiment of the present application does not limit the content of the key calculation parameter. Optionally, the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value. Optionally, the key calculation parameter is generated by the device cloud platform (the cloud platform corresponding to the device to be connected to the network). Optionally, the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the timing for determining the key calculation parameter. Optionally, the device cloud platform generates the key calculation parameter after receiving the request for obtaining the second information key or for obtaining the fourth reference information; Alternatively, the device cloud platform has pre-generated key calculation parameters, and subsequently receives a request for obtaining the second information key or for obtaining the fourth reference information, and directly calculates the parameters according to the key and the device key of the device to be connected to the network. The second information key can be calculated using the key.

The embodiment of the present application proposes two methods for the identity authentication under the soft AP distribution network, one way is that the identity authentication process is coupled with the network distribution process, and the other way is the decoupling of the identity authentication process and the network distribution process. The following describes the two methods respectively.

First, the method of coupling the identity authentication process and the network distribution process is introduced.

In an example, the above-mentioned first information further includes network configuration information encrypted with the second information key; the above-mentioned method further includes: the distribution network cloud platform sends the key calculation parameter and the second information key to the distribution network device; the distribution network The device determines the first information based on the key calculation parameter, the second information key, and the network configuration information.

The network configuration information is used to configure the device to be connected to the network to access the second access point. During the process of configuring the device to be connected to the network to access the second access point, the network configuration device needs to send the network device corresponding to the second access point to the device to be connected to the network. configuration information, and the subsequent device to be connected to the network can access the second access point according to the network configuration information. In this embodiment of the present application, the network configuration device does not directly send the network configuration information to the device to be connected to the network, but uses the second information key to process the network configuration information, and then sends the encrypted network configuration information to the device to be connected to the network. If the device to be connected to the network can successfully decrypt the encrypted network configuration information, it can use the acquired network configuration information to access the second access point.

In order to ensure that the first information key calculated by the device to be connected to the network can be consistent with the second information key, the network distribution device also needs to send the key calculation parameters used in the calculation of the second information key to the device to be connected to the network, so that In subsequent steps, the device to be connected to the network determines the first information key according to the key calculation parameter and the device key of the device to be connected to the network. For the calculation process of the first information key and the second information key, please refer to the following method embodiments, and details are not repeated here.

It can be seen from the above description that the network distribution device needs to send at least the following information to the device to be connected to the network: network configuration information encrypted with the second information key, and key calculation parameters. Therefore, the network distribution device needs to first determine the network configuration information encrypted with the second information key according to the network configuration information and the second information key, and then send the network configuration information and key calculation parameters encrypted with the second information key to the The device to be connected to the network. Based on this, optionally, determining the first information based on the key calculation parameter, the second information key, and the network configuration information includes: using the fourth encryption algorithm and the second information key to process the network configuration information to obtain The network configuration information encrypted with the second information key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.

Optionally, the fourth encryption algorithm is a symmetric encryption algorithm. Optionally, the fourth encryption algorithm includes but is not limited to any one of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, and AES256-GCM.

After the network distribution device sends the first information to the device to be connected to the network, the device to be connected to the network first determines the first information key according to the key calculation parameter in the first information, and then uses the first information key to decrypt the first information using the second key. Information key encrypted network configuration information. In one example, the above method further includes: the device to be connected to the network uses the first information key to decrypt the network configuration information encrypted by the second information key; in the case that the first information key and the second information key are consistent, The identity authentication of the network access device can succeed, and then the network access device succeeds in obtaining network configuration information; in the case where the first information key and the second information key are inconsistent, the network access device identity authentication fails, and the network access device fails to obtain network configuration information. .

Secondly, the method of decoupling the identity authentication process and the distribution network process is introduced. The embodiment of the present application also proposes two methods for decoupling the identity authentication process from the network distribution process. One method is that the network distribution device performs identity identification according to the data encrypted by the first information key and the second information key respectively. Authentication, another way is that the network distribution device performs identity authentication according to the data from the device cloud platform and the device to be connected to the network. Below, these two methods are introduced and explained respectively.

method one:

In an example, the above method further includes: the device to be connected to the network obtains the first encrypted information according to the first information key and the first reference information; the device to be connected to the network sends the first encrypted information to the network distribution device.

The first reference information is used for the identity authentication process of the device to be connected to the network. Optionally, the device manufacturer of the device to be connected to the network uniquely allocates reference information for the device to be connected to the network, and preconfigures the reference information into the device to be connected to the network (the reference information preconfigured in the device to be connected to the network is referred to as "first reference information") . Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the reference information. The device manufacturer of the device to be connected to the network can upload the device identification and reference information of the device to be connected to the network to the device cloud platform (that is, the cloud platform corresponding to the device to be connected to the network) (the reference information stored in the device cloud platform is called "second reference". information"). Optionally, the reference information is a preconfigured value, or the reference information is a preconfigured random number, and the content of the reference information is not limited in this embodiment of the present application.

In order to ensure the security of the first reference information and the second reference information, the first reference information and the second reference information are respectively held by the device to be connected to the network and the device cloud platform (the cloud platform corresponding to the device to be connected to the network), so the network distribution device cannot directly The second reference information is acquired, but the acquired first reference information (ie, the second encrypted information) encrypted with the second information key. That is, the above method further includes: the distribution network cloud platform sends the second encrypted information to the distribution network device.

In this embodiment of the present application, the device cloud platform may calculate the second information key based on the key calculation parameter, and use the second information key to encrypt the second reference information to obtain the second encrypted information, and then combine the second encrypted information and the The key calculation parameters are sent to the distribution network cloud platform, and the distribution network cloud platform is further sent to the distribution network equipment. After the network distribution device establishes a communication connection with the device to be connected to the network, the key calculation parameter can be sent to the device to be connected to the network, so that the device to be connected to the network can use the key calculation parameter to calculate the first information key and encrypt it with the first information key. The first reference information is used to obtain the first encrypted information, and the first encrypted information is further sent to the distribution network device.

On the one hand, the network distribution device receives the first encrypted information from the device to be connected to the network; By comparison, if the two encrypted information are the same, the identity authentication of the device to be connected to the network has passed, and the network configuration device can further send network configuration information to the device to be connected to the network. Based on this, the above method further includes: when the first encrypted information and the second encrypted information are consistent, the network configuration device sends network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.

It should be noted that, in the embodiment of this application, when the first reference information and the second reference information are inconsistent, the identity authentication of the device to be connected to the network fails. In addition, the first information key determined by the device to be connected to the network and the device cloud If the second information key determined by the platform is inconsistent, the identity authentication of the device to be connected to the network will also fail. That is, only when the first information key and the second information key are consistent, and the first reference information and the second reference information are consistent, the identity authentication of the device to be connected to the network can be successful, and then the device to be connected to the network can be obtained. Network configuration information.

Method two:

In an example, the first information further includes second information encrypted with the second information key; the method further includes: decrypting the second information encrypted with the second information key using the first information key, to obtain the third information Reference information; send third reference information to the distribution network device.

The second information is used for the identity authentication process of the device to be connected to the network. The second information decrypted by the device to be connected to the network includes third reference information. Optionally, the third reference information is a preconfigured value, or, the third reference information is a preconfigured random number, and the content of the third reference information is not limited in this embodiment of the present application. In an example, in order to improve the validity of identity authentication, the second information decrypted by the device to be connected to the network may further include a predefined value, and the predefined value is only held by the device to be connected to the network and the device cloud platform.

In this embodiment of the present application, the device cloud platform may calculate the second information key based on the key calculation parameter, and use the second information key to encrypt the second information to obtain the encrypted second information (the device cloud platform encrypts the second information key) information, the reference information in the second information is called "fourth reference information"), and then the reference information, the encrypted second information and the key calculation parameters are sent to the distribution network cloud platform, and the distribution network cloud platform further sends to distribution network equipment. After the network distribution device establishes a communication connection with the device to be connected to the network, the key calculation parameter and the encrypted second information can be sent to the device to be connected to the network, so that the device to be connected to the network subsequently uses the key calculation parameter to calculate the first information key, and Use the first information key to decrypt the encrypted second information to obtain the reference information in the second information (the reference information in the second information decrypted by the device side to be accessed is called "third reference information"), and further The reference information is sent to the distribution network device.

On the one hand, the distribution network device receives the third reference information from the device to be connected to the network; By comparison, if the two reference information are the same, the identity authentication of the device to be connected to the network has passed, and the network configuration device can further send network configuration information to the device to be connected to the network. Based on this, the above method further includes: the device to be connected to the network sends third reference information to the distribution network device; the distribution network cloud platform sends fourth reference information to the distribution network device; In this case, network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.

It should be noted that, in the embodiment of this application, when the third reference information and the fourth reference information are inconsistent, the identity authentication of the device to be connected to the network fails. In addition, the first information key determined by the device to be connected to the network and the device cloud If the second information key determined by the platform is inconsistent, the identity authentication of the device to be connected to the network will also fail. That is, only when the first information key and the second information key are consistent, and the third reference information and the fourth reference information are consistent, the identity authentication of the device to be connected to the network can be successful, and then the device to be connected to the network can be obtained. Network configuration information.

To sum up, in the technical solutions provided by the embodiments of the present application, the key calculation parameters are sent to the device to be connected to the network through the network distribution device, and the key calculation parameters are used to calculate the information key, and the information key can be used for decryption using the device. The data encrypted by the information key calculated by the cloud platform or the network configuration information encrypted by the information key calculated by the device cloud platform can also be used to encrypt the reference information. Only when the information key calculated by the device to be connected to the network and the information key calculated by the device cloud platform are the same, the device to be connected can successfully parse the network configuration information or data encrypted with the information key calculated by the device cloud platform, and then the device to be connected to the network can successfully parse the network configuration information or data encrypted by the information key calculated by the device cloud platform. Through identity authentication, the network configuration information can be further obtained; or, in the case where the information key calculated by the device to be connected to the network is consistent with the information key calculated by the device cloud platform, the data obtained by encrypting the two information keys respectively can be used. Consistency is achieved, and then the device to be connected to the network passes identity authentication and further obtains network configuration information. Therefore, in the embodiment of the present application, the identity of the device to be accessed is authenticated before the device to access the wireless access point, so as to avoid leakage of network configuration information corresponding to the wireless access point, and improve the security of the wireless access point.

Moreover, in this embodiment of the present application, the identity authentication process of the device to be connected to the network can be coupled with the network distribution process, that is, the network distribution device directly encrypts the network configuration information with the information key calculated by the device cloud platform, and the information calculated by the device to be connected to the network is encrypted. When the key and the information key calculated by the device cloud platform are the same, the device to be connected to the network can directly obtain the network configuration information, which reduces the data exchange between the network distribution device and the device to be connected to the network, and reduces the number of distribution devices and the device to be connected to the network. processing overhead. In addition, in this embodiment of the present application, the identity authentication process of the device to be connected to the network can also be decoupled from the network distribution process, that is, after the identity authentication of the device to be connected to the network is passed, the network distribution device sends the network configuration information to the device to be connected to the network. The decoupling of the identity authentication process and the distribution network process can fully improve the security of network configuration information.

The following describes the calculation process of the first information key on the side of the device to be connected to the network and the second information key on the side of the network distribution device.

First, the calculation process of the first information key on the side of the device to be connected to the network is described.

In an example, as shown in Figure 9, the above method further includes the following steps:

Step 831, the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key.

In the embodiment of the present application, the device manufacturer of the device to be connected to the network may uniquely assign a key K to the device to be connected to the network, and preconfigure the key K to the device to be connected to the network. Since the device identifier of the device to be connected to the network is used to uniquely identify the device to be connected to the network, there is a one-to-one correspondence between the device identifier of the device to be connected to the network and the key K of the device to be connected to the network. The device manufacturer of the device to be connected to the network can upload the device identifier of the device to be connected to the network and the key K of the device to be connected to the network to the device cloud platform (ie, the cloud platform corresponding to the device to be connected to the network). The first device key is the device key of the device to be connected that is preset in the device to be connected to the network. After the device to be connected to the network specifies the key calculation parameter and the first device key, the first information key can be calculated based on the key calculation parameter and the first device key.

In this embodiment of the present application, the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key. Optionally, the above step 831 includes: the device to be connected to the network uses a fourth key generation algorithm to The key calculation parameter and the first device key are processed to obtain the first information key. Optionally, the fourth key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.

Next, the calculation process of the second information key on the side of the distribution network device is introduced. In the embodiment of the present application, the identity authentication process and the network distribution process of the device to be connected to the network can be either coupled or decoupled. The following describes the two situations respectively.

Case 1: The identity authentication process of the device to be connected to the network is coupled with the network distribution process:

Step 841: The network distribution device receives the beacon of the first access point activated by the device to be connected to the network, where the beacon includes the device identifier of the device to be connected to the network.

The device to be connected to the network can start the first access point when it enters the network distribution mode. Optionally, the device to be connected to the network automatically enters the network configuration mode when it is turned on for the first time, or the device to be connected to the network is operated by the user to passively trigger entering the distribution network. model. Optionally, the first access point is a soft AP started by the device to be connected to the network. After the device to be connected to the network enters the network distribution mode, the beacon of the first access point may be broadcast, and the beacon includes the device identifier of the device to be connected to the network. The device identifier of the device to be connected to the network includes the device ID of the device to be connected to the network, so as to uniquely identify the device to be connected to the network. Optionally, the beacon of the first access point includes at least one of the following fields: a BSSID field, an SSID field, and a custom field (such as a Vendor Specific field). Optionally, the device identifier of the device to be connected to the network is set in the BSSID field.

The distribution network device can scan the beacons broadcast by other devices on different channels, so that on the channel where the device to be connected broadcasts the beacon of the first access point, the distribution network device can scan the beacon of the first access point , that is, the distribution network device can receive the beacon of the first access point.

Step 842: The distribution network device sends a seventh acquisition request to the distribution network cloud platform, where the seventh acquisition request is used to request to acquire the second information key.

The seventh acquisition request is used for requesting to acquire the second information key. Since the second information key is calculated by the device cloud platform, when the distribution network device needs to obtain the second information key, it can send a seventh acquisition request to the distribution network cloud platform for further acquisition through the distribution network cloud platform The second information key. This embodiment of the present application does not limit the content of the seventh acquisition request. Optionally, the seventh acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 9, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Seventh Get Request.

Step 843, the configuration network cloud platform determines the device cloud platform.

The distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network. Optionally, the seventh acquisition request sent by the network configuration device to the network configuration cloud platform includes the device manufacturer name of the device to be connected to the network, and the network configuration cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 844, the distribution network cloud platform sends an eighth acquisition request to the device cloud platform, where the eighth acquisition request is used to request to acquire the second information key.

The eighth acquisition request is used to request the acquisition of the second information key. Based on this, after determining the device cloud platform corresponding to the device to be connected to the network, the distribution network cloud platform can further send an eighth acquisition request to the device cloud platform to request the device cloud platform. The platform calculates the second information key, and requests the device cloud platform to send the second information key to the distribution network cloud platform. This embodiment of the present application does not limit the content of the eighth acquisition request. Optionally, the eighth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 9, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Eight Get Requests.

Step 845, the device cloud platform calculates the second information key.

Since the eighth acquisition request carries the device identifier of the device to be connected to the network, after receiving the eighth acquisition request, the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K. In order to realize the consistency of the first information key and the second information key, the calculation method of the first information key and the calculation method of the second information key should also be consistent. A second information key is calculated by means of an information key. Optionally, if the device to be connected to the network adopts the above step 831 to calculate the first information key, the process of calculating the second information key by the device cloud platform is as follows: the device cloud platform adopts the fourth key generation algorithm to calculate the parameters of the key and The second device key is processed to obtain the second information key. For an introduction and description of the fourth key generation algorithm, please refer to the above method embodiments, and details are not repeated here.

Step 846, the device cloud platform sends the second information key and key calculation parameters to the distribution network cloud platform.

After calculating the second information key, the device cloud platform can send the second information key and key calculation parameters to the distribution network cloud platform.

Step 847: The distribution network cloud platform sends the second information key to the distribution network device.

After receiving the second information key, the distribution network cloud platform further sends the second information key and the key calculation parameter to the distribution network device, so as to respond to the seventh acquisition request of the distribution network device.

Scenario 2: The identity authentication process of the device to be connected to the network is decoupled from the network distribution process:

Step 851: The network distribution device receives the beacon of the first access point activated by the device to be connected to the network, and the beacon includes the device identifier of the device to be connected to the network.

For the description of step 851, please refer to the description of step 841, which is not repeated here.

Step 852: The distribution network device sends a ninth acquisition request to the distribution network cloud platform.

The ninth acquisition request is used to request to acquire the second reference information or the second information. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network (the second information also includes the reference information of the device to be connected to the network), the network distribution device needs to obtain the second reference information or the second information when Next, a ninth acquisition request may be sent to the distribution network cloud platform, so as to further acquire the second reference information or the second information through the distribution network cloud platform. This embodiment of the present application does not limit the content of the ninth acquisition request. Optionally, the ninth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 9, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.

Step 853, the configuration network cloud platform determines the device cloud platform.

For the description of step 853, please refer to the above-mentioned step 843, and details are not repeated here.

Step 854, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform.

The tenth acquisition request is used to request the acquisition of the second reference information or the second information. Based on this, after determining the device cloud platform corresponding to the device to be connected to the network, the network distribution cloud platform can further send the tenth acquisition request to the device cloud platform to obtain the information. The device cloud platform is requested to send the second reference information or the second information to the distribution network cloud platform. This embodiment of the present application does not limit the content of the tenth acquisition request. Optionally, the tenth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 9, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Ten get requests.

Step 855, the device cloud platform calculates the second information key.

Since the tenth acquisition request carries the device identification of the device to be connected to the network, after receiving the tenth acquisition request, the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K. In order to realize the consistency of the first information key and the second information key, the calculation method of the first information key and the calculation method of the second information key should also be consistent. A second information key is calculated by means of an information key. Optionally, if the device to be connected to the network adopts the above step 831 to calculate the first information key, the process of calculating the second information key by the device cloud platform is as follows: the device cloud platform adopts the fourth key generation algorithm to calculate the parameters of the key and The second device key is processed to obtain the second information key. For an introduction and description of the fourth key generation algorithm, please refer to the above method embodiments, and details are not repeated here.

Step 856, the device cloud platform encrypts the second reference information or the second information by using the second information key.

In order to ensure the security of the reference information of the device to be connected to the network, the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network. Therefore, after determining the second information key, the device cloud platform uses the second information key to encrypt the first 2. Reference information or second information, so as to avoid leaking the reference information of the device to be connected to the network.

Step 857: The device cloud platform sends the key calculation parameter and the second reference information or second information encrypted with the second information key to the distribution network cloud platform.

Step 858: The distribution network cloud platform sends the key calculation parameter and the second reference information or second information encrypted with the second information key to the distribution network device.

After receiving the key calculation parameter from the device cloud platform and the second reference information or second information encrypted with the second information key, the distribution network cloud platform further sends it to the distribution network device, in response to the first information of the distribution network device. Nine Get Requests.

It should be noted that the embodiment of the present application only uses the first information key and the second information key to be calculated based on the key calculation parameters and the device key of the device to be connected to the network for illustration. After applying for the technical solution, it is easy to think of using other calculation parameters to calculate the information key, such as calculating the first information key and The second information key, all of which should fall within the protection scope of this application.

To sum up, in the technical solutions provided by the embodiments of the present application, when the identity authentication process of the device to be connected to the network is coupled with the network distribution process, the key calculation parameter is generated through the cloud platform corresponding to the device to be connected to the network, and the key is calculated according to the key. Calculate the parameters and the device key of the device to be connected to the network, determine the information key, and further send the information key and key calculation parameters to the network distribution device, so as to avoid leaking the device key of the device to be connected to the network and improve the effectiveness of identity authentication. sex. When the identity authentication process of the device to be connected to the network is decoupled from the network distribution process, the key calculation parameter is generated through the cloud platform corresponding to the device to be connected to the network, and the information encryption parameter is determined according to the key calculation parameter and the device key of the device to be connected to the network. Then use the information key to further encrypt the reference information, so as to send the key calculation parameters and encrypted reference information to the distribution network device, so as to avoid leaking the device key and reference information of the device to be connected to the network, and improve the effectiveness of identity authentication. sex.

Taking the first access point as a soft AP and the second access point as a home WiFi network as an example, the following describes the identity authentication process coupled with the network distribution process. As shown in FIG. 10 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 1001, the device to be connected to the network broadcasts the beacon of the soft AP. The beacon includes the device identifier of the device to be connected to the network.

Step 1002, the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.

Step 1003, the distribution network device sends a seventh acquisition request to the distribution network cloud platform, where the seventh acquisition request is used to request to acquire the second information key. The seventh acquisition request includes the device identifier of the device to be connected to the network. Optionally, as shown in Figure 10, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Seventh Get Request.

Step 1004, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 1005, the distribution network cloud platform sends an eighth acquisition request to the device cloud platform. The eighth acquisition request is used to request to acquire the second information key. Optionally, as shown in Figure 10, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Eight Get Requests.

Step 1006, the device cloud platform calculates the second information key. After receiving the eighth acquisition request, the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.

Step 1007, the device cloud platform sends the second information key and key calculation parameters to the distribution network cloud platform.

Step 1008, the distribution network cloud platform sends the second information key and the key calculation parameter to the distribution network device.

Step 1009: The distribution network device determines the first information based on the second information key, the key calculation parameter and the network configuration information. Optionally, the network configuration device uses the third encryption algorithm and the information encryption key to process the network configuration information, and obtains the network configuration information encrypted with the information encryption key; configuration information, and determine the first information.

Step 1010: The network distribution device sends the first information to the device to be connected to the network.

Step 1011, the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key. The device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information. The first device key is processed to obtain the first information key.

Step 1012, the device to be connected to the network uses the first information key to decrypt the network configuration information encrypted by the second information key.

If the information decryption key and the information encryption key are the same, the device to be connected to the network succeeds in acquiring the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.

Taking the first access point as a soft AP and the second access point as a home WiFi network as an example, the following describes an identity authentication process that is decoupled from the network distribution process. As shown in FIG. 11 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 1101, the device to be connected to the network broadcasts the beacon of the soft AP. The beacon includes the device identifier of the device to be connected to the network.

Step 1102, the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.

Step 1103: The distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth acquisition request is used to request to acquire the second reference information. The ninth acquisition request includes the device identifier of the device to be connected to the network. Optionally, as shown in Figure 11, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.

Step 1104, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 1105, the distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth acquisition request is used to request to acquire the second reference information. Optionally, as shown in Figure 11, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Ten get requests.

Step 1106, the device cloud platform calculates the second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.

Step 1107, the device cloud platform encrypts the second reference information with the second information key to obtain the second encrypted information. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network, in order to avoid leakage of the reference information of the device to be connected to the network, the device cloud platform needs to encrypt the second reference information.

Step 1108, the device cloud platform sends the key calculation parameter and the second encryption information to the distribution network cloud platform.

Step 1109, the distribution network cloud platform sends the key calculation parameter and the second encryption information to the distribution network device.

Step 1110: The network distribution device sends the key calculation parameter to the device to be connected to the network.

Step 1111, the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key. The device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information. The first device key is processed to obtain the first information key.

Step 1112, the device to be connected to the network encrypts the first reference information by using the first information key to obtain the first encrypted information. The reference information of the device to be connected to the network is preconfigured in the device to be connected to the network by the device manufacturer of the device to be connected to the network. After the device to be connected to the network calculates the first information key, the first information key can be used to encrypt the first reference information. Optionally, the device to be connected to the network uses the first reference information and the third encryption algorithm to process the first reference information to obtain the first encrypted information.

Step 1113, the device to be connected to the network sends the first encrypted information to the network distribution device.

Step 1114: In the case that the first encrypted information and the second encrypted information are consistent, the network configuration device sends network configuration information to the device to be connected to the network. On the one hand, the distribution network device receives the second encrypted information from the distribution network cloud platform, and on the other hand, it receives the first encrypted information from the device to be connected to the network, and then compares the first encrypted information with the second encrypted information. When the first encrypted information and the second encrypted information are consistent, it is confirmed that the device to be connected to the network has passed identity authentication, and network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the home WiFi network. After the network access device receives the network configuration information, it can join the home WiFi network according to the network configuration information.

Taking the first access point as a soft AP and the second access point as a home WiFi network as an example, the following describes another identity authentication process that is decoupled from the network configuration process. As shown in FIG. 12 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 1201, the device to be connected to the network broadcasts the beacon of the soft AP. The beacon includes the device identifier of the device to be connected to the network.

Step 1202, the distribution network device receives the beacon of the soft AP. After receiving the beacon of the soft AP, the distribution network device can further analyze the beacon of the soft AP to obtain the device identity of the device to be connected to the network.

Step 1203: The distribution network device sends a ninth acquisition request to the distribution network cloud platform. The ninth acquisition request is used to request to acquire the second information. The ninth acquisition request includes the device identifier of the device to be connected to the network. Optionally, as shown in Figure 12, if no secure connection is established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Ninth Acquisition Request.

Step 1204, the distribution network cloud platform determines the device cloud platform. The distribution network cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 1205: The distribution network cloud platform sends a tenth acquisition request to the device cloud platform. The tenth acquisition request is used to request to acquire the second information. Optionally, as shown in Figure 12, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Ten get requests.

Step 1206, the device cloud platform calculates the second information key. After receiving the tenth acquisition request, the device cloud platform may determine the second device key according to the device identifier of the device to be connected to the network. After that, the device cloud platform uses the fourth key generation algorithm to process the key calculation parameter and the second device key to obtain the second information key.

Step 1207, the device cloud platform encrypts the second information by using the second information key. Since the reference information of the device to be connected to the network is held by the device cloud platform and the device to be connected to the network, in order to avoid leakage of the reference information of the device to be connected to the network, the device cloud platform needs to encrypt the reference information, and then obtain the second information encryption key. Encrypted second information, where the second information includes reference information of the device to be connected to the network.

Step 1208, the device cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network cloud platform.

Step 1209: The distribution network cloud platform sends the key calculation parameter, the second information and the fourth reference information to the distribution network device.

Step 1210: The network distribution device sends the key calculation parameter and the second information to the device to be connected to the network.

Step 1211, the device to be connected to the network determines the first information key based on the key calculation parameter and the first device key. The device to be connected to the network determines the first information key according to the first device key stored by itself and the key calculation parameter in the first information. The first device key is processed to obtain the first information key.

Step 1212, the device to be connected to the network uses the first information key to decrypt the second information to obtain third reference information. The device to be connected to the network decrypts the second information, and can obtain the reference information of the device to be connected to the network in the second information, that is, the third reference information.

Step 1213: The device to be connected to the network sends third reference information to the network distribution device.

Step 1214: In the case that the third reference information and the fourth reference information are consistent, the network distribution device sends network configuration information to the device to be connected to the network. On the one hand, the network distribution device receives the fourth reference information from the distribution network cloud platform, and on the other hand, receives the third reference information from the device to be connected to the network, and then compares the fourth reference information with the third reference information. If the fourth reference information is consistent with the third reference information, it is confirmed that the device to be connected to the network has passed identity authentication, and network configuration information is sent to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the home WiFi network. After the network access device receives the network configuration information, it can join the home WiFi network according to the network configuration information.

Please refer to FIG. 13 , which shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 . The method may include the following steps:

Step 1310, the device to be connected to the network displays a first graphic code, the first graphic code includes the key calculation parameter and/or the device identifier of the device to be connected to the network, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used for decryption The network configuration information from the network distribution device is used to configure the device to be connected to the network to access the second access point.

For a device to be connected to a network with a scanning function or a camera function, it can also access the network by scanning and configuring the network. For the scanning distribution network, the embodiment of the present application also provides an identity authentication method.

The device to be connected to the network first displays the first graphic code. Optionally, when the device to be connected to the network has a screen display function, the first graphic code is displayed on the screen of the device to be connected to the network; In this case, the first image code may be pasted on the device surface of the device to be connected to the network by the device manufacturer of the device to be connected to the network, or pasted on the packaging box of the device to be connected to the network, which is not limited in this embodiment of the present application. Optionally, the first graphic code is represented as a two-dimensional code, a barcode, or the like. In this embodiment of the present application, the first graphic code includes a key calculation parameter and/or a device identifier of a device to be connected to the network. Optionally, the first graphic code further includes the device manufacturer name of the device to be connected to the network, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, and the like.

The key calculation parameter is used to determine the information decryption key for decrypting the network configuration information. Optionally, the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the method for determining the key calculation parameter. Optionally, the key calculation parameter is preconfigured by the device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network. If the device to be connected to the network does not have the screen display function, the key calculation parameters can be pre-configured by the device cloud platform corresponding to the device to be connected to the network; if the device to be connected to the network has the screen display function, the key calculation parameters The device generates itself. This embodiment of the present application does not limit the content of the key calculation parameter. Optionally, the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value.

Step 1320, the network distribution device scans the first graphic code of the device to be connected to the network, the first graphic code includes the key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, and the information encryption key is The key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

The network distribution device scans the first graphic code of the device to be connected to the network to obtain the key calculation parameter and/or the device identifier of the device to be connected to the network. For the device to be connected to the network, the key calculation parameter is used to determine the information decryption key for decrypting the network configuration information; for the network configuration device, the key calculation parameter is used to determine the information encryption key for encrypting the network configuration information.

Because the network distribution device configures the network for the device to be connected by scanning the code to configure the network, after obtaining the information encryption key, the network distribution device needs to further display the second graphic code for the device to scan to obtain the network configuration information. . Optionally, the above method further includes: the network distribution device determines the second graphic code according to the network configuration information and the information encryption key; and displays the second graphic code. The information encryption key is used to encrypt the network configuration information, that is, the network configuration device can use the first encryption algorithm and the information encryption key to process the network configuration information, obtain the encrypted network configuration information, and then generate the encrypted network configuration information according to the encrypted network configuration information. The second graphic code. Optionally, the first encryption algorithm is a symmetric encryption algorithm. Optionally, the first encryption algorithm includes but is not limited to any of the following: AES128-CMAC, AES128-CBC (Cipher Block Chaining, cipher block chaining), AES128-GCM (Galois/Counter Mode), AES256-CMAC, AES256 -CBC, AES256-GCM.

In one example, the above method further includes: the device to be connected to the network scans a second graphic code displayed by the network configuration device, where the second graphic code includes network configuration information encrypted with an information encryption key. The device to be connected to the network scans the second image code to obtain the network configuration information encrypted with the information encryption key. Since the device to be connected to the network determines the information decryption key based on the key calculation parameter, the device to be connected to the network uses the information decryption key to decrypt the information. Network configuration information. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. fail.

To sum up, in the technical solutions provided by the embodiments of the present application, by adding a key calculation parameter to the graphic code of the device to be connected to the network, the device to be connected to the network can use the key calculation parameter to determine the information decryption key, and the network distribution device uses the key calculation parameter to determine the decryption key. The key calculation parameters can obtain the information encryption key, and then the device to be connected to the network can use the information decryption key to decrypt the network configuration information encrypted by the distribution device using the information encryption key. Only when the information encryption key and the information decryption key are the same In this way, only the device to be connected to the network can obtain the network configuration information, which realizes the authentication of the identity of the device to be connected to the network, and avoids the leakage of the network configuration information.

The following describes the calculation process of the information decryption key on the side of the network access device and the information encryption key on the side of the distribution device.

First, the calculation process of the information decryption key on the side of the device to be connected to the network is described.

In an example, as shown in Figure 14, the above method further includes the following steps:

Step 1331, the device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key.

The first device key is the device key of the device to be connected to the network preset in the device to be connected to the network, that is, the above-mentioned key K. After specifying the key calculation parameters and the first device key, the device to be connected to the network can calculate the information decryption key based on the key calculation parameters and the first device key.

In this embodiment of the present application, the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key. Optionally, the above step 1331 includes: the device to be connected to the network uses the second key generation algorithm to The key calculation parameter and the first device key are processed to obtain the information decryption key. Optionally, the second key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.

Secondly, the calculation process of the information encryption key on the side of the distribution network device is introduced.

Step 1332: The distribution network device sends a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key.

In order to make the information encryption key generated by the distribution network device consistent with the information decryption key generated by the device to be connected to the network, the calculation parameters of the information encryption key and the calculation parameters of the information decryption key need to be the same. The above calculation parameters of the information decryption key include the key calculation parameter and the first device key. Therefore, the calculation parameters of the information encryption key should also include the key calculation parameter and the device key of the device to be connected to the network. Usually, in order to ensure the security of the device key of the device to be connected to the network, the device key of the device to be connected to the network is only held by the cloud platform (that is, the device cloud platform) of the device to be connected to the network and the device manufacturer of the device to be connected to the network. Therefore, the information The encryption key needs to be calculated by the device cloud platform.

The network distribution device scans the graphic code of the device to be connected to the network, and obtains the device identification and/or key calculation parameters of the device to be connected to the network, and then the distribution network device sends a second acquisition request to the distribution network cloud platform to request to obtain the information encryption key. . This embodiment of the present application does not limit the content of the second acquisition request. Optionally, the second acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the second acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 6, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. The second get request.

In this embodiment of the present application, in order to ensure the security of the device key of the device to be connected to the network, the device key of the device to be connected to the network is not held by the network configuration cloud platform. Therefore, after receiving the second acquisition request, the network configuration cloud platform , you need to further obtain the information encryption key from the device cloud platform. That is, as shown in Figure 14, after the above step 1332, the following steps are further included:

Step 133A, the distribution network cloud platform determines the device cloud platform.

The distribution network cloud platform needs to first determine the device cloud platform corresponding to the device to be connected to the network. Optionally, the second acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 133B: The distribution network cloud platform sends a fourth acquisition request to the device cloud platform, where the fourth acquisition request is used to request to acquire an information encryption key.

After determining the device cloud platform corresponding to the device to be connected to the network, the distribution network cloud platform may further send a fourth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key. To the distribution network cloud platform. This embodiment of the present application does not limit the content of the fourth acquisition request. Optionally, the fourth acquisition request includes key calculation parameters and/or the device identifier of the device to be connected to the network; or, the fourth acquisition request also includes the device to be connected to the network. The name of the device manufacturer, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 14, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Four Get Requests.

Step 133C, the device cloud platform calculates the information encryption key.

Since the fourth acquisition request carries the key calculation parameters and/or the device identification of the device to be connected to the network, after receiving the fourth acquisition request, the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, The second device key is the device key of the device to be connected to the network stored in the device cloud platform, that is, the key K. In order to realize the consistency of the information decryption key and the information encryption key, the calculation method of the information decryption key and the calculation method of the information encryption key should also be consistent. way to calculate the message encryption key. Optionally, if the device to be connected to the network adopts the above step 1331 to calculate the information decryption key, the process of calculating the information encryption key by the device cloud platform is as follows: the device cloud platform adopts the second key generation algorithm to calculate the parameters of the key and the second key The device key is processed to obtain the information encryption key. For an introduction and description of the second key generation algorithm, please refer to the above method embodiments, and details are not repeated here.

Step 133D, the device cloud platform sends the information encryption key to the distribution network cloud platform.

After the device cloud platform calculates the information encryption key, it can send the information encryption key to the distribution network cloud platform.

Step 1334, the distribution network cloud platform sends the information encryption key to the distribution network device.

After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key to the distribution network device in response to the second acquisition request of the distribution network device.

It should be noted that the embodiment of the present application only uses the information encryption key and the information decryption key to calculate based on the key calculation parameter and the device key of the device to be connected to the network for illustration. After the technical solution, it is easy to think of using other calculation parameters to calculate the access key. key, all of which should fall within the scope of protection of this application.

To sum up, in the technical solutions provided by the embodiments of the present application, the information decryption key and the information encryption key are obtained by the device to be connected to the network and the network distribution device respectively according to the key calculation parameters, and the subsequent network distribution device uses the information encryption key to encrypt the network. Configuration information, the device to be connected to the network uses the information decryption key to decrypt the network configuration information encrypted with the information encryption key. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information. Before the network access device obtains the network configuration information, the identity of the network access device is authenticated, so as to avoid leakage of the network configuration information and improve the security of the access point. In addition, in the embodiment of the present application, in order to fully ensure the security of the device key of the device to be connected to the network, the information encryption key on the side of the distribution device is calculated by the cloud platform corresponding to the device to be connected to the network, so as to avoid leaking the device key of the device to be connected to the network. key, which improves the effectiveness of identity authentication.

The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in FIG. 15 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 1500, the network distribution device scans the first graphic code of the device to be connected to the network, the first graphic code includes the key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, and the information encryption key is used to determine the information encryption key. The key is used to encrypt the network configuration information, and the network configuration information is used to configure the device to be connected to the home WiFi network. The network distribution device scans the first graphic code of the device to be connected to the network to obtain the key calculation parameter and/or the device identifier of the device to be connected to the network.

Step 1510: The network distribution device sends a second acquisition request to the distribution network cloud platform. The second acquisition request is used for requesting to acquire the information encryption key. The second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network. Optionally, as shown in Figure 15, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. The second get request.

Step 1520, the configuration network cloud platform determines the device cloud platform. The second acquisition request sent by the network distribution device to the network distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the network distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 1530: The distribution network cloud platform sends a fourth acquisition request to the device cloud platform, where the fourth acquisition request is used to request to acquire an information encryption key. The fourth acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network. Optionally, as shown in Figure 15, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Four Get Requests.

Step 1540, the device cloud platform calculates the information encryption key. After receiving the fourth acquisition request, the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, where the second device key is the device key of the device to be connected to the network stored by the device cloud platform. After that, the device cloud platform uses the second key generation algorithm to process the key calculation parameter and the second device key to obtain the information encryption key.

Step 1550, the device cloud platform sends the information encryption key to the distribution network cloud platform.

Step 1560, the distribution network cloud platform sends the information encryption key to the distribution network device.

Step 1570: The network configuration device uses the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information; generate a second graphic code according to the encrypted network configuration information, and display the second graphic code .

Step 1580, the device to be connected to the network calculates the information decryption key. The device to be connected to the network uses the second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

Step 1590, the device to be connected to the network scans the second graphic code. The device to be connected to the network scans the second image code to obtain the network configuration information encrypted with the information encryption key. Since the device to be connected to the network determines the information decryption key based on the key calculation parameter, the device to be connected to the network uses the information decryption key to decrypt the information. Network configuration information. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. fail.

It should be noted that the embodiment of the present application does not limit the execution sequence of the above steps, and the above steps can be combined in any execution order on the premise of satisfying the implementation logic. For example, the above step 1580 can also be executed before the above step 1500, or the above step 1580 can also be executed after the above step 1540. These should all fall within the protection scope of the present application.

Please refer to FIG. 16 , which shows a flowchart of an information processing method provided by an embodiment of the present application, and the method can be applied to the distribution network system shown in FIG. 1 . The method may include the following steps:

Step 1610, the network configuration device displays a third graphic code, and the third graphic code includes the network configuration information encrypted by the information encryption key and the key calculation parameter; wherein, the network configuration information is used to configure the device to be connected to the network to access the second access The key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key.

For the scanning distribution network, the embodiment of the present application further provides an information processing method. The distribution network device first displays a third graphic code, optionally, the third graphic code is represented as a two-dimensional code, a barcode, or the like. In the embodiment of the present application, the third graphic code includes the network configuration information encrypted by the information encryption key, and the key calculation parameter. For the network distribution device side, the key calculation parameter is used to determine the information encryption key; for the device to be connected to the network, the key calculation parameter is used to determine the information decryption key. For the determination process of the information encryption key and the information decryption key, please refer to the following method embodiments, and details are not repeated here.

This embodiment of the present application does not limit the content of the key calculation parameter. Optionally, the key calculation parameter includes a random number; or, the key calculation parameter includes a preconfigured value. Optionally, the key calculation parameter is generated by the device cloud platform (the cloud platform corresponding to the device to be connected to the network). Optionally, the length of the key calculation parameter is greater than or equal to one byte. This embodiment of the present application does not limit the timing of determining the key calculation parameters. Optionally, the device cloud platform generates the key calculation parameters after receiving the request for obtaining the information encryption key; or, the device cloud platform pre-generates the encryption key After receiving the request for obtaining the information encryption key, the information encryption key can be calculated directly according to the key calculation parameter and the device key of the device to be connected to the network.

In order to avoid leaking the device key of the device to be connected to the network, the information encryption key with the device key of the device to be connected to the network as the calculation parameter is calculated by the device cloud platform, and then the device cloud platform further passes the network configuration cloud platform to encrypt the information encryption key and The key calculation parameters are sent to the distribution network device. After receiving the information encryption key and the key calculation parameter, the network distribution device needs to generate a third graphic code based on the information encryption key and the key calculation parameter for the device to be connected to the network to scan. Therefore, in an example, the above method further includes: the distribution network device receives the information encryption key, the key calculation parameter and the network configuration information from the distribution network cloud platform; based on the information encryption key, the key calculation parameter and the network configuration information to determine the third graphic code.

Optionally, the above-mentioned determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information includes: using the second encryption algorithm and the information encryption key to process the network configuration information, and obtaining the information encryption key using the information encryption key. key-encrypted network configuration information; generate a third graphic code according to the network configuration information encrypted with the information encryption key and key calculation parameters. Since the key calculation parameters are not encrypted by the information encryption key, that is, the key calculation parameters are in plaintext, the device to be connected to the network can obtain the key calculation parameters by scanning the third graphic code. Optionally, the second encryption algorithm is a symmetric encryption algorithm. Optionally, the second encryption algorithm includes but is not limited to any one of the following: AES128-CMAC, AES128-CBC, AES128-GCM, AES256-CMAC, AES256-CBC, and AES256-GCM.

Step 1620, the device to be connected to the network scans the third graphic code displayed by the network distribution device.

The device to be connected to the network scans the third graphic code displayed by the network distribution device to obtain the key calculation parameters in plaintext and the network configuration information encrypted with the information encryption key. After that, the device to be connected to the network needs to further determine the information decryption key based on the key calculation parameter, so as to decrypt the network configuration information encrypted by the information encryption key. For the process of determining the information decryption key by the device to be connected to the network, please refer to the following method embodiments, and details are not repeated here. In this embodiment of the present application, if the information decryption key and the information encryption key are the same, the device to be connected to the network succeeds in obtaining the network configuration information; if the information decryption key and the information encryption key are inconsistent, the device to be connected to the network obtains the network configuration information. Configuration information failed.

To sum up, the technical solutions provided by the embodiments of the present application add key calculation parameters and network configuration information encrypted by the information encryption key to the graphic code displayed by the network distribution device, and then the device to be connected to the network scans the graphic code, that is, The key calculation parameter can be obtained, so that the information decryption key can be determined according to the key calculation parameter. Only when the information encryption key and the information decryption key are the same, the device to be connected to the network can obtain the network configuration information, thus realizing the need to access the network. The identity of the device is authenticated to avoid leakage of network configuration information. In addition, in the embodiment of the present application, especially for the method of scanning the code to configure the network, it is proposed to generate the key calculation parameter by the device cloud platform, and further add the key calculation parameter to the displayed graphic code through the network configuration device, so as to facilitate the network access. Compared with the fact that the graphic code containing the key calculation parameter is pasted on the device to be connected to the network in the form of a sticker, the technical solution provided by the embodiment of the present application can further improve the security of the key calculation parameter.

In an example, as shown in Figure 17, the above method further includes the following steps:

Step 1631, the device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key.

In this embodiment of the present application, the device to be connected to the network may use a key generation algorithm to process the key calculation parameter and the first device key. Optionally, the above step 1631 includes: the device to be connected to the network uses a third key generation algorithm to The key calculation parameter and the first device key are processed to obtain the information decryption key. Optionally, the third key generation algorithm includes any one of: AES128-CMAC, HKDF-based KDF, PBKDF, SHA, DES algorithm, and 3DES algorithm.

Step 1632: The network configuration device scans the fourth graphic code of the device to be connected to the network, where the fourth graphic code includes the device identifier of the device to be connected to the network.

The device to be connected to the network can display a fourth graphic code. Optionally, when the device to be connected to the network has a screen display function, the fourth graphic code is displayed on the screen of the device to be connected to the network; In this case, the fourth image code may be pasted on the device surface of the device to be connected to the network by the device manufacturer of the device to be connected to the network, or pasted on the packaging box of the device to be connected to the network, which is not limited in this embodiment of the present application. Optionally, the fourth graphic code is represented as a two-dimensional code, a barcode, or the like. In the embodiment of the present application, the fourth graphic code includes the device identification of the device to be connected to the network. Optionally, the fourth graphic code further includes the device manufacturer name of the device to be connected to the network, the device name of the device to be connected to the network, the product serial number of the device to be connected to the network, and the like. The network distribution device can obtain the device identification of the device to be connected to the network by scanning the fourth graphic code.

Step 1633: The distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire an information encryption key.

Since the information encryption key is calculated by the device cloud platform, when the distribution network device needs to obtain the information encryption key, it can send a fifth acquisition request to the distribution network cloud platform to further obtain the information encryption through the distribution network cloud platform. key. This embodiment of the present application does not limit the content of the fifth acquisition request. Optionally, the fifth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 17, if no secure connection is established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Fifth get request.

Step 1634, the distribution network cloud platform determines the device cloud platform.

Step 1635: The distribution network cloud platform sends a sixth acquisition request to the device cloud platform, where the sixth acquisition request is used to request to acquire an information encryption key.

After determining the device cloud platform corresponding to the device to be connected to the network, the distribution network cloud platform may further send a sixth acquisition request to the device cloud platform to request the device cloud platform to calculate the information encryption key, and request the device cloud platform to send the information encryption key. To the distribution network cloud platform. This embodiment of the present application does not limit the content of the sixth acquisition request. Optionally, the sixth acquisition request includes the device identifier of the device to be connected to the network; The device name of the device, the product serial number of the device to be connected to the network, etc. Optionally, as shown in Figure 17, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the network distribution cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Six Get Requests.

Step 1636, the device cloud platform calculates the information encryption key.

Since the sixth acquisition request carries the device identification of the device to be connected to the network, after receiving the sixth acquisition request, the device cloud platform can determine the second device key according to the device identification of the device to be connected to the network, and the second device key is The device key of the device to be connected to the network stored in the device cloud platform, that is, the key K. In order to realize the consistency of the information decryption key and the information encryption key, the calculation method of the information decryption key and the calculation method of the information encryption key should also be consistent. way to calculate the message encryption key. Optionally, if the device to be connected to the network adopts the above step 1631 to calculate the information decryption key, the process of calculating the information encryption key by the device cloud platform is as follows: the device cloud platform adopts the third key generation algorithm to calculate the parameters of the key and the second key The device key is processed to obtain the information encryption key. For an introduction and description of the third key generation algorithm, please refer to the above method embodiments, and details are not repeated here.

Step 1637: The device cloud platform sends the information encryption key and key calculation parameters to the distribution network cloud platform.

After calculating the information encryption key, the device cloud platform can send the information encryption key and key calculation parameters to the distribution network cloud platform.

Step 1638, the distribution network cloud platform sends the information encryption key to the distribution network device.

After receiving the information encryption key, the distribution network cloud platform further sends the information encryption key and the key calculation parameter to the distribution network device, so as to respond to the fifth acquisition request of the distribution network device.

To sum up, the technical solutions provided by the embodiments of the present application generate key calculation parameters through the cloud platform corresponding to the device to be connected to the network, and determine the information encryption key according to the key calculation parameters and the device key of the device to be connected to the network, In order to further send the information encryption key and key calculation parameters to the distribution network device, so as to avoid leaking the device key of the device to be connected to the network, and improve the effectiveness of identity authentication.

The technical solution of the present application is described below by taking the second access point as a home WiFi network as an example. As shown in FIG. 18 , the information processing method provided by the embodiment of the present application includes the following steps:

Step 1801, the network configuration device scans the fourth graphic code of the device to be connected to the network. The fourth graphic code includes the device identification of the device to be connected to the network. The network distribution device scans the fourth graphic code of the device to be connected to the network to obtain the device identification of the device to be connected to the network.

Step 1802: The distribution network device sends a fifth acquisition request to the distribution network cloud platform, where the fifth acquisition request is used to request to acquire an information encryption key. The fifth acquisition request includes the device identifier of the device to be connected to the network. Optionally, as shown in Figure 18, if there is no secure connection established between the distribution network device and the distribution network cloud platform, the network distribution device needs to first establish a secure connection with the distribution network cloud platform, and then send the data to the distribution network cloud platform. Fifth get request.

Step 1803, the distribution network cloud platform determines the device cloud platform. The fifth acquisition request sent by the distribution device to the distribution cloud platform includes the device manufacturer name of the device to be connected to the network, and the distribution cloud platform can determine the corresponding device cloud platform according to the device manufacturer name of the device to be connected to the network.

Step 1804, the distribution network cloud platform sends a sixth acquisition request to the device cloud platform, where the sixth acquisition request is used to request to acquire an information encryption key. The sixth acquisition request includes the device identifier of the device to be connected to the network. Optionally, as shown in Figure 18, if there is no secure connection established between the distribution network cloud platform and the device cloud platform, the distribution network cloud platform needs to establish a secure connection with the device cloud platform first, and then send the first message to the device cloud platform. Six Get Requests.

Step 1805, the device cloud platform calculates the information encryption key. After receiving the sixth acquisition request, the device cloud platform can determine the second device key according to the device identifier of the device to be connected to the network, where the second device key is the device key of the device to be connected to the network stored by the device cloud platform. After that, the device cloud platform uses the third key generation algorithm to process the key calculation parameter and the second device key to obtain the information encryption key.

Step 1806, the device cloud platform sends the information encryption key and key calculation parameters to the distribution network cloud platform.

Step 1807: The distribution network cloud platform sends the information encryption key and key calculation parameters to the distribution network device.

Step 1808, the network configuration device uses the second encryption algorithm and the information encryption key to process the network configuration information, and obtains the network configuration information encrypted with the information encryption key; according to the network configuration information encrypted with the information encryption key and the key calculation The parameter generates the third graphic code and displays the third graphic code.

Step 1809, the device to be connected to the network scans the third graphic code. When the device to be connected to the network scans the third image code, the network configuration information and key calculation parameters encrypted with the information encryption key can be obtained.

Step 1810, the device to be connected to the network calculates the information decryption key. The device to be connected to the network determines the information decryption key based on the key calculation parameter and the first device key. Optionally, the device to be connected to the network uses the third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

Step 1811, the device to be connected to the network acquires network configuration information. The device to be connected to the network can use the calculated information decryption key to decrypt the previously obtained network configuration information encrypted with the information encryption key. If the information decryption key and the information encryption key are the same, the device to be connected to the network successfully obtains the network configuration information. ; When the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.

It should be noted that the embodiments of the present application describe the information processing methods provided by the embodiments of the present application from the perspective of interaction among devices to be connected to the network, network distribution devices, network distribution cloud platforms, and device cloud platforms. The above-mentioned steps performed by the device to be connected to the network can be independently implemented as an information processing method on the side of the device to be connected to the network; the above-mentioned steps performed by the network distribution device can be independently implemented as an information processing method on the network distribution device side.

The following are apparatus embodiments of the present application, which can be used to execute the method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.

Please refer to FIG. 19 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware. The device may be the device to be connected to the network described above, or may be set in the device to be connected to the network. As shown in FIG. 19 , the apparatus 1900 may include: a beacon broadcasting module 1910 .

The beacon broadcasting module 1910 is used to broadcast the beacon of the first access point, the beacon includes key calculation parameters and/or the device identification of the device to be connected to the network, and the key calculation parameters are used to determine the The access key for performing identity authentication between the device to be accessed and the network distribution device is described.

In an example, as shown in FIG. 20 , the apparatus 1900 further includes: a first key determination module 1920, configured to determine a first access key based on the key calculation parameter and the first device key.

In an example, as shown in FIG. 20 , the first key determination module 1920 is configured to: use a first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key; the first encryption key is processed in a first encoding manner to obtain the first access key.

In an example, as shown in FIG. 20 , the apparatus 1900 further includes: an identity authentication module 1930, configured to perform the identity authentication with the distribution network device based on the first access key; wherein, If the first access key and the second access key determined by the distribution network device are consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device If the access keys are inconsistent, the identity authentication fails.

In one example, the beacon includes at least one of the following fields: a BSSID field, an SSID field, and a custom field; the BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network; or, The SSID field includes the key calculation parameter and/or the device identification of the device to be connected to the network; or, the custom field includes the key calculation parameter and/or the device identification of the device to be connected to the network.

In one example, the key calculation parameter includes a random number.

In one example, the length of the key calculation parameter is greater than or equal to one byte.

In an example, as shown in FIG. 20, the apparatus 1900 further includes: a configuration information receiving module 1940, configured to receive the network configuration information from the distribution network device when the identity authentication is passed, so The network configuration information is used to configure the device to be connected to the network to access the second access point.

Please refer to FIG. 21 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware. The device may be the distribution network equipment described above, or may be set in the distribution network equipment. As shown in FIG. 21 , the apparatus 2100 may include: a beacon receiving module 2110 .

A beacon receiving module 2110, configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network An access key for performing identity authentication with the distribution network device.

In an example, as shown in FIG. 22 , the apparatus 2100 further includes: a first request sending module 2120, configured to send a first obtaining request to the distribution network cloud platform, where the first obtaining request is used to request to obtain the second Access key; the key information receiving module 2130 is configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.

In one example, the access key information includes the second access key.

In an example, the access key information includes a second encryption key; as shown in FIG. 22 , the apparatus 2100 further includes: a second key determination module 2140, configured to use the first encoding method to encrypt the second encryption key. The second encryption key is processed to obtain the second access key.

In an example, the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.

In an example, as shown in FIG. 22, the apparatus 2100 further includes: an identity authentication module 2150, configured to perform the identity authentication with the device to be connected to the network based on the second access key; wherein, If the second access key is consistent with the first access key determined by the device to be connected to the network, the identity authentication is passed; if the second access key and the first access key determined by the device to be connected are the same If the access keys are inconsistent, the identity authentication fails.

In one example, the key calculation parameter includes a random number.

In an example, as shown in FIG. 22 , the apparatus 2100 further includes: an access module 2160, configured to access the first access point when the identity authentication is passed.

In an example, as shown in FIG. 22, the apparatus 2100 further includes: a configuration information sending module 2170, configured to send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network Access the second access point.

Please refer to FIG. 23 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware. The device may be the device to be connected to the network described above, or may be set in the device to be connected to the network. As shown in FIG. 23 , the apparatus 2300 may include: a first receiving module 2310 .

The first receiving module 2310 is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

In an example, as shown in FIG. 24 , the apparatus 2300 further includes: a first key determination module 2320, configured to determine the first information based on the key calculation parameter and the first device key key.

In an example, as shown in FIG. 24 , the first key determination module 2320 is configured to: use a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the first information key.

In an example, the first information further includes network configuration information encrypted with a second information key, where the network configuration information is used to configure the device to be connected to the network to access the second access point; as shown in FIG. 24 , the apparatus 2300 further includes: a first decryption module 2330, configured to use the first information key to decrypt the network configuration information encrypted with the second information key; If the second information key is the same, the device to be connected to the network successfully obtains the network configuration information; if the first information key and the second information key are inconsistent, the device to be connected to the network obtains the network configuration information. The network configuration information failed.

In an example, as shown in FIG. 24, the apparatus 2300 further includes: a first encryption module 2340, configured to obtain the first encrypted information according to the first information key and the first reference information; send the first information Module 2350, configured to send the first encrypted information to the network distribution device.

In an example, as shown in FIG. 24 , the first encryption module 2340 is configured to: use a third encryption algorithm and the first information key to process the first reference information to obtain the first reference information Encrypted information.

In an example, the first information further includes second information encrypted with a second information key; as shown in FIG. 24 , the apparatus 2300 further includes: a second decryption module 2360, configured to use the first decryption module 2360 The information key decrypts the second information encrypted with the second information key to obtain third reference information; a third information sending module 2370 is configured to send the third reference information to the distribution network device.

In one example, the key calculation parameter includes a random number.

Please refer to FIG. 25 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware. The device may be the distribution network equipment described above, or may be set in the distribution network equipment. As shown in FIG. 25 , the apparatus 2500 may include: a first sending module 2510 .

The first sending module 2510 is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.

In an example, the first information further includes network configuration information encrypted with a second information key, where the network configuration information is used to configure the device to be connected to the network to access the second access point; as shown in FIG. 26 . , the apparatus 2500 further includes: a first receiving module 2520 for receiving the key calculation parameter and the second information key from the distribution network cloud platform; a second determining module 2530 for The key calculation parameter, the second information key, and the network configuration information determine the first information.

In an example, as shown in FIG. 26 , the second determining module 2530 is configured to: use the fourth encryption algorithm and the second information key to process the network configuration information, and obtain the network configuration information encrypted with an information key; the first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.

In an example, as shown in FIG. 26 , the apparatus 2500 further includes: a first information receiving module 2540, configured to receive first encrypted information from the device to be connected to the network, where the first encrypted information includes using the The first reference information encrypted by the first information key; the second information receiving module 2550 is used to receive the second encrypted information from the distribution network cloud platform, and the second encrypted information includes the encrypted information encrypted with the second information key. Second reference information; a configuration information sending module 2560, configured to send network configuration information to the device to be connected to the network when the first encrypted information and the second encrypted information are consistent, where the network configuration information is used for Configure the device to be connected to the network to access the second access point.

In an example, as shown in FIG. 26 , the apparatus 2500 further includes: a third information receiving module 2570, configured to receive the third reference information from the distribution network device; a fourth information receiving module 2580, It is used to receive the fourth reference information from the distribution network cloud platform; the configuration information sending module 2560 is used to send the network to the device to be connected to the network when the third reference information and the fourth reference information are consistent Configuration information, where the network configuration information is used to configure the device to be connected to the network to access the second access point.

In one example, the key calculation parameter includes a random number.

Please refer to FIG. 27 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware. The device may be the device to be connected to the network described above, or may be set in the device to be connected to the network. As shown in FIG. 27 , the apparatus 2700 may include: a first display module 2710 .

The first display module 2710 is used to display a first graphic code, where the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, and the key calculation parameter is used to determine the information decryption key , the information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

In an example, as shown in FIG. 28 , the apparatus 2700 further includes: a decryption key determination module 2720, configured to determine the information decryption key based on the key calculation parameter and the first device key.

In an example, as shown in FIG. 28 , the decryption key determination module 2720 is configured to: use the second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

In an example, as shown in FIG. 28 , the apparatus 2700 further includes: a first scanning module 2730, configured to scan a second graphic code displayed by the network distribution device, where the second graphic code includes using an information encryption password The network configuration information encrypted with the key; wherein, in the case that the information decryption key and the information encryption key are consistent, the device to be connected to the network successfully obtains the network configuration information; When the information encryption key is inconsistent with the information encryption key, the device to be connected to the network fails to acquire the network configuration information.

In one example, the key calculation parameter includes a random number.

In an example, the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.

To sum up, in the technical solutions provided by the embodiments of the present application, by adding a key calculation parameter to the graphic code of the device to be connected to the network, the device to be connected to the network can use the key calculation parameter to determine the information decryption key, and the network distribution device uses the key calculation parameter to determine the decryption key. The key calculation parameter can obtain the information encryption key, and then the device to be connected to the network can use the information decryption key to decrypt the network configuration information encrypted by the distribution device using the information encryption key. Only when the information encryption key and the information decryption key are the same In this way, only the device to be connected to the network can obtain the network configuration information, which realizes the authentication of the identity of the device to be connected to the network, and avoids the leakage of the network configuration information.

Please refer to FIG. 29 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware. The device may be the distribution network equipment described above, or may be set in the distribution network equipment. As shown in FIG. 29 , the apparatus 2900 may include: a second scanning module 2910 .

The second scanning module 2910 is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine An information encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

In an example, as shown in FIG. 30 , the apparatus 2900 further includes: a second request sending module 2920, configured to send a second obtaining request to the distribution network cloud platform, where the second obtaining request is used to request to obtain the Information encryption key; encryption key receiving module 2930, configured to receive the information encryption key from the distribution network cloud platform.

In an example, the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.

In an example, as shown in FIG. 30, the apparatus 2900 further includes: a graphic code determination module 2940, configured to determine a second graphic code based on the network configuration information and the information encryption key; a second display module 2950, for displaying the second graphic code.

In an example, as shown in FIG. 30 , the graphic code determination module 2940 is configured to: use the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information ; Generate the second graphic code according to the encrypted network configuration information.

In one example, the key calculation parameter includes a random number.

Please refer to FIG. 31 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the above-mentioned method example on the device side to be connected to the network, and the function may be implemented by hardware or by executing corresponding software in hardware. The device may be the device to be connected to the network described above, or may be set in the device to be connected to the network. As shown in FIG. 31 , the apparatus 3100 may include: a third scanning module 3110 .

The third scanning module 3110 is configured to scan the third graphic code displayed by the network distribution device, where the third graphic code includes the network configuration information and key calculation parameters encrypted by the information encryption key; In order to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key. .

In an example, as shown in FIG. 32 , the apparatus 3100 further includes: a decryption key determination module 3120, configured to determine the information decryption key based on the key calculation parameter and the first device key.

In an example, as shown in FIG. 32 , the decryption key determination module 3120 is configured to: use a third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

In an example, when the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; If the keys are inconsistent, the device to be connected to the network fails to acquire the network configuration information.

In one example, the key calculation parameter includes a random number.

Please refer to FIG. 33 , which shows a block diagram of an information processing apparatus provided by an embodiment of the present application. The apparatus has the function of implementing the method example on the side of the distribution network device, and the function may be implemented by hardware, or by executing corresponding software in hardware. The device may be the distribution network equipment described above, or may be set in the distribution network equipment. As shown in FIG. 33 , the apparatus 3300 may include: a third display module 3310 .

The third display module 3310 is configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key; wherein the network configuration information is used to configure the device to be connected to the network The second access point is accessed, and the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the network configuration information encrypted with the information encryption key.

In an example, as shown in FIG. 34, the apparatus 3300 further includes: an information receiving module 3320, configured to receive the information encryption key, the key calculation parameter and the network from the distribution network cloud platform Configuration information; a graphic code determination module 3330, configured to determine the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.

In an example, as shown in FIG. 34 , the graphic code determination module 3330 is configured to: use the second encryption algorithm and the information encryption key to process the network configuration information, and obtain the information encryption key using the information encryption key. key-encrypted network configuration information; the third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.

In one example, the key calculation parameter includes a random number.

It should be noted that, when the device provided in the above embodiment realizes its functions, only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be allocated to different functional modules according to actual needs. That is, the content structure of the device is divided into different functional modules to complete all or part of the functions described above.

Regarding the apparatus in the above-mentioned embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment of the method, and will not be described in detail here.

Please refer to FIG. 35 , which shows a schematic structural diagram of a device to be connected to a network 350 provided by an embodiment of the present application. For example, the device to be connected to a network can be used to execute the above-mentioned method for processing information of a device to be connected to a network. Specifically, the device 350 to be connected to the network may include: a processor 351, and a transceiver 352 connected to the processor 351; wherein:

The processor 351 includes one or more processing cores, and the processor 351 executes various functional applications and information processing by running software programs and modules.

Transceiver 352 includes a receiver and a transmitter. Optionally, transceiver 352 is a communication chip.

In an example, the device 350 to be connected to the network further includes: a memory and a bus. The memory is connected to the processor through a bus. The memory can be used to store a computer program, and the processor is used to execute the computer program, so as to implement each step performed by the device to be connected to the network in the foregoing method embodiments.

In addition, the memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof. Volatile or non-volatile storage devices include but are not limited to: RAM (Random-Access Memory, random access memory) and ROM (Read-Only Memory), EPROM (Erasable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory) ), flash memory or other solid-state storage technology, CD-ROM (Compact Disc Read-Only Memory), DVD (Digital Video Disc, high-density digital video disc) or other optical storage, tape cassettes, tapes, disk storage or other magnetic storage devices. in:

In a possible implementation manner, the transceiver 352 is configured to broadcast the beacon of the first access point, and the beacon includes key calculation parameters and/or the device identifier of the device to be connected to the network, so The key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device.

In one example, the processor 351 is configured to: determine the first access key based on the key calculation parameter and the first device key.

In an example, the processor 351 is configured to: use a first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key; use a first encoding The first encryption key is processed in a manner to obtain the first access key.

In an example, the processor 351 is configured to: perform the identity authentication with the distribution network device based on the first access key; wherein, between the first access key and the If the second access key determined by the distribution network device is consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device are inconsistent, the identity authentication Authentication failed.

In one example, the key calculation parameter includes a random number.

In an example, the transceiver 352 is configured to: when the identity authentication is passed, receive network configuration information from the network configuration device, where the network configuration information is used to configure the device to be connected to the network Access the second access point.

In another possible implementation manner, the processor 351 is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, the password The key calculation parameter is used to determine the information decryption key, the information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point .

In an example, the processor 351 is configured to: determine the information decryption key based on the key calculation parameter and the first device key.

In an example, the processor 351 is configured to: use a second key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

In an example, the processor 351 is configured to: scan a second graphic code displayed by the network configuration device, where the second graphic code includes the network configuration information encrypted with an information encryption key; wherein, in When the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; when the information decryption key and the information encryption key are inconsistent, The device to be connected to the network fails to acquire the network configuration information.

In one example, the key calculation parameter includes a random number.

In another possible implementation manner, the processor 351 is configured to scan a third graphic code displayed by the network configuration device, where the third graphic code includes the network configuration information encrypted by the information encryption key and the key calculation parameters; wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the Network configuration information encrypted with an information encryption key.

In an example, the processor 351 is further configured to: determine the information decryption key based on the key calculation parameter and the first device key.

In an example, the processor 351 is further configured to: use a third key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

In one example, the key calculation parameter includes a random number.

In one example, the length of the key calculation parameter is greater than or equal to one byte. In another possible implementation manner, the transceiver 352 is configured to receive first information from a distribution network device, where the first information includes key calculation parameters and second information encrypted with an information encryption key , the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the second information encrypted with the information encryption key.

In an example, the processor 351 is configured to: use a fourth key generation algorithm to process the key calculation parameter and the first device key to obtain the information decryption key.

In an example, the second information includes first reference information; the processor 351 is configured to use the information decryption key to decrypt the second information encrypted with the information encryption key to obtain the first reference information. reference information; the transceiver 352 is configured to receive network configuration information from the distribution network device when the first reference information and the second reference information are consistent, where the network configuration information is used to configure all The device to be connected to the network accesses the second access point.

In an example, the second information includes network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point; between the information encryption key and the information decryption key If they are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; if the information encryption key and the information decryption key are inconsistent, the device to be connected to the network fails to obtain the network configuration information.

In one example, the key calculation parameter includes a random number.

Please refer to FIG. 36 , which shows a schematic structural diagram of a distribution network device 360 provided by an embodiment of the present application. For example, the distribution network device can be used to execute the above-mentioned method for processing information on the distribution network device side. Specifically, the network distribution device 360 may include: a processor 361, and a transceiver 362 connected to the processor 361; wherein:

The processor 361 includes one or more processing cores, and the processor 361 executes various functional applications and information processing by running software programs and modules.

Transceiver 362 includes a receiver and a transmitter. Optionally, transceiver 362 is a communication chip.

In one example, the distribution network device 360 further includes: a memory and a bus. The memory is connected to the processor through a bus. The memory can be used to store a computer program, and the processor is used to execute the computer program, so as to implement each step performed by the distribution network device in the above method embodiments.

Furthermore, the memory may be implemented by any type or combination of volatile or non-volatile storage devices including, but not limited to: RAM and ROM, EPROM, EEPROM, flash memory or other Solid-state storage technology, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices. in:

In a possible implementation manner, the transceiver 362 is configured to receive a beacon of the first access point, where the beacon includes a key calculation parameter and/or a device identifier of a device to be connected to the network, the key The key calculation parameter is used to determine the access key for performing identity authentication between the device to be connected to the network and the network distribution device.

In an example, the transceiver 362 is configured to: send a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key; receive data from the distribution network cloud platform access key information, the access key information is used to determine the second access key.

In one example, the access key information includes the second access key.

In an example, the processor 361 is configured to: process the second encryption key in a first encoding manner to obtain the second access key.

In an example, the processor 361 is configured to: perform the identity authentication with the device to be networked based on the second access key; wherein, between the second access key and the If the first access key determined by the device to be connected is consistent, the identity authentication is passed; if the second access key and the first access key determined by the device to be connected are inconsistent, the identity authentication Authentication failed.

In one example, the key calculation parameter includes a random number.

In an example, the processor 361 is configured to: access the first access point when the identity authentication is passed.

In an example, the transceiver 362 is configured to: send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.

In another possible implementation manner, the processor 361 is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or the device identifier of the device to be connected to the network , the key calculation parameter is used to determine an information encryption key, and the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.

In an example, the transceiver 362 is configured to: send a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key; receive data from the distribution network cloud The information encryption key of the platform.

In an example, the processor 361 is configured to: determine a second graphic code based on the network configuration information and the information encryption key; and display the second graphic code.

In an example, the processor 361 is configured to: use the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information; The configuration information generates the second graphic code.

In one example, the key calculation parameter includes a random number.

In another possible implementation manner, the processor 361 is configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key; The network configuration information is used to configure the device to be connected to the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the encrypted data using the information encryption key. Network configuration information.

In an example, the processor 361 is further configured to: receive the information encryption key, the key calculation parameter and the network configuration information from the distribution network cloud platform; encrypt the key based on the information , the key calculation parameter and the network configuration information to determine the third graphic code.

In an example, the processor 361 is further configured to: use the second encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key; The third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.

In one example, the key calculation parameter includes a random number.

In another possible implementation manner, the transceiver 362 is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter and second information encrypted with an information encryption key, where The key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the second information encrypted with the information encryption key.

In an example, the second information includes first reference information; the method further includes: the transceiver 362, configured to receive the key calculation parameter and the encryption of the adopted information from the distribution network cloud platform second information encrypted with a key; the processor 361 is configured to determine the first information based on the key calculation parameter and the second information encrypted with an information encryption key.

In an example, the second information includes network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point; the transceiver 362 is configured to receive information from the distribution network cloud the key calculation parameter and the information encryption key of the platform; the processor 361 is configured to determine the first key calculation parameter based on the key calculation parameter, the information encryption key and the network configuration information information.

In an example, the processor 361 is configured to: use a third encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key; The key calculation parameter and the network configuration information encrypted with the information encryption key determine the first information.

In one example, the key calculation parameter includes a random number.

Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by the processor of the device to be connected to the network, so as to realize the information processing on the device to be connected to the network as described above. method.

Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a distribution network device, so as to realize the above-mentioned information processing on the network distribution device side method.

An embodiment of the present application further provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on the device to be connected to the network, it is used to implement the above-mentioned method for processing information on the device to be connected to the network.

An embodiment of the present application further provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a distribution network device, it is used to implement the above-mentioned method for processing information on the distribution network device side.

The embodiment of the present application further provides a computer program product, which is used to implement the above-mentioned method for processing information on the device to be connected to the network when the computer program product runs on the device to be connected to the network.

The embodiment of the present application also provides a computer program product, which is used to implement the above-mentioned method for processing information on the distribution network device side when the computer program product runs on the distribution network device.

Those skilled in the art should realize that, in one or more of the above examples, the functions described in the embodiments of the present application may be implemented by hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.

The above are only exemplary embodiments of the present application and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the protection of the present application. within the range.

Claims

An information processing method, characterized in that it is applied to a device to be connected to a network, the method comprising:

Broadcast the beacon of the first access point, the beacon includes key calculation parameters and/or the device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the network distribution device The access key to perform authentication between.
The method according to claim 1, wherein the method further comprises:

Based on the key calculation parameters and the first device key, a first access key is determined.
The method according to claim 2, wherein the determining the first access key based on the key calculation parameter and the first device key comprises:

Using the first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key;

The first encryption key is processed in the first encoding manner to obtain the first access key.
The method according to claim 2 or 3, wherein after determining the first access key based on the key calculation parameter and the first device key, the method further comprises:

Based on the first access key, perform the identity authentication with the distribution network device;

Wherein, if the first access key and the second access key determined by the distribution network device are consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device are consistent If the second access keys are inconsistent, the identity authentication fails.
The method according to any one of claims 1 to 4, wherein the beacon includes at least one of the following fields: a basic service set identifier BSSID field, a service set identifier SSID field, and a custom field;

The BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the SSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the custom field includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The method according to any one of claims 1 to 5, wherein the key calculation parameter includes a random number.
The method according to any one of claims 1 to 6, wherein the length of the key calculation parameter is greater than or equal to one byte.
The method according to any one of claims 1 to 7, wherein the method further comprises:

In the case that the identity authentication is passed, network configuration information from the network distribution device is received, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
An information processing method, characterized in that, applied to a distribution network device, the method comprising:

Receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the relationship between the device to be connected to the network and the network distribution device The access key to perform authentication.
The method according to claim 9, wherein the method further comprises:

sending a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key;

Receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
11. The method of claim 10, wherein the access key information includes the second access key.
The method according to claim 10, wherein the access key information includes a second encryption key; after receiving the access key information from the distribution network cloud platform, the method further includes:

The second encryption key is processed in the first encoding manner to obtain the second access key.
The method according to any one of claims 10 to 12, wherein the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The method according to any one of claims 10 to 13, wherein after receiving the access key information from the distribution network cloud platform, the method further comprises:

Based on the second access key, perform the identity authentication with the device to be connected to the network;

Wherein, if the second access key is consistent with the first access key determined by the device to be connected to the network, the identity authentication is passed; if the second access key and the device to be connected to the network are determined If the first access keys are inconsistent, the identity authentication fails.
The method according to any one of claims 9 to 14, wherein the beacon includes at least one of the following fields: a basic service set identification BSSID field, a service set identification SSID field, and a custom field;

The BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the SSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the custom field includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The method according to any one of claims 9 to 15, wherein the key calculation parameter comprises a random number.
The method according to any one of claims 9 to 16, wherein the length of the key calculation parameter is greater than or equal to one byte.
The method according to any one of claims 9 to 17, wherein the method further comprises:

In the case that the identity authentication is passed, the first access point is accessed.
The method according to claim 18, wherein after the accessing the first access point, the method further comprises:

Sending network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
An information processing method, characterized in that it is applied to a device to be connected to a network, the method comprising:

A first graphic code is displayed, and the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, and the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the network configuration information from the network configuration device, the network configuration information is used to configure the device to be connected to the network to access the second access point.
The method of claim 20, wherein the method further comprises:

The information decryption key is determined based on the key calculation parameter and the first device key.
The method according to claim 21, wherein the determining an information decryption key based on the key calculation parameter and the first device key comprises:

The key calculation parameter and the first device key are processed by using the second key generation algorithm to obtain the information decryption key.
The method according to any one of claims 20 to 22, wherein the method further comprises:

scanning the second graphic code displayed by the network distribution device, where the second graphic code includes the network configuration information encrypted with an information encryption key;

Wherein, if the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; if the information decryption key and the information encryption key are inconsistent In this case, the device to be connected to the network fails to acquire the network configuration information.
The method according to any one of claims 20 to 23, wherein the key calculation parameter includes a random number.
The method according to any one of claims 20 to 24, wherein the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
The method according to any one of claims 20 to 25, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing method, characterized in that, applied to a distribution network device, the method comprising:

Scan the first graphic code of the device to be connected to the network, the first graphic code includes a key calculation parameter and/or the device identification of the device to be connected to the network, the key calculation parameter is used to determine the information encryption key, the information The encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
The method of claim 27, wherein the method further comprises:

sending a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key;

Receive the information encryption key from the distribution network cloud platform.
The method according to claim 28, wherein the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The method according to any one of claims 27 to 29, wherein the method further comprises:

determining a second graphic code based on the network configuration information and the information encryption key;

The second graphic code is displayed.
The method according to claim 30, wherein the determining the second graphic code based on the network configuration information and the information encryption key comprises:

Using the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information;

The second graphic code is generated according to the encrypted network configuration information.
The method according to any one of claims 27 to 31, wherein the key calculation parameter comprises a random number.
The method according to any one of claims 27 to 32, wherein the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
The method according to any one of claims 27 to 33, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing method, characterized in that it is applied to a device to be connected to a network, the method comprising:

Scan the third graphic code displayed by the distribution network device, where the third graphic code includes the network configuration information and key calculation parameters encrypted with the information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
The method according to claim 35, wherein after scanning the third graphic code displayed by the distribution network device, the method further comprises:

The information decryption key is determined based on the key calculation parameter and the first device key.
The method according to claim 36, wherein the determining the information decryption key based on the key calculation parameter and the first device key comprises:

A third key generation algorithm is used to process the key calculation parameter and the first device key to obtain the information decryption key.
The method according to any one of claims 35 to 37, wherein,

In the case that the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information;

In the case that the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
The method according to any one of claims 35 to 38, wherein the key calculation parameter includes a random number.
The method according to any one of claims 35 to 39, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing method, characterized in that, applied to a distribution network device, the method comprising:

Displaying a third graphic code, the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
The method of claim 41, wherein the method further comprises:

Receive the information encryption key and the key calculation parameter from the distribution network cloud platform;

The third graphic code is determined based on the information encryption key, the key calculation parameter and the network configuration information.
The method according to claim 42, wherein the determining the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information comprises:

Use the second encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key;

The third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.
The method according to any one of claims 41 to 43, wherein the key calculation parameter comprises a random number.
The method according to any one of claims 41 to 44, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing method, characterized in that it is applied to a device to be connected to a network, the method comprising:

First information from the distribution network device is received, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
The method according to claim 46, wherein after receiving the first information from the distribution network device, the method further comprises:

The first information key is determined based on the key calculation parameter and the first device key.
The method according to claim 47, wherein the determining the first information key based on the key calculation parameter and the first device key comprises:

A fourth key generation algorithm is used to process the key calculation parameter and the first device key to obtain the first information key.
The method according to any one of claims 46 to 48, wherein the first information further comprises network configuration information encrypted with a second information key, the network configuration information being used to configure the device to be connected to the network Accessing the second access point; after receiving the first information from the distribution network device, the method further includes:

Use the first information key to decrypt the network configuration information encrypted with the second information key;

Wherein, in the case that the first information key and the second information key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; When the keys are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
The method according to any one of claims 46 to 48, wherein after receiving the first information from the distribution network device, the method further comprises:

obtaining first encrypted information based on the first information key and the first reference information;

Send the first encrypted information to the network distribution device.
The method according to claim 50, wherein the obtaining the first encrypted information based on the first information key and the first reference information comprises:

The first reference information is processed by using a third encryption algorithm and the first information key to obtain the first encrypted information.
The method according to any one of claims 46 to 48, wherein the first information further comprises second information encrypted with a second information key; after receiving the first information from the distribution network device ,Also includes:

Decrypt the second information encrypted with the second information key using the first information key to obtain third reference information;

Send the third reference information to the network distribution device.
The method according to any one of claims 46 to 52, wherein the key calculation parameter comprises a random number.
The method according to any one of claims 46 to 53, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing method, characterized in that, applied to a distribution network device, the method comprising:

Send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
The method according to claim 55, wherein the first information further comprises network configuration information encrypted with a second information key, the network configuration information being used to configure the device to be connected to the network to access the second connection In point; the method also includes:

receiving the key calculation parameter and the second information key from the distribution network cloud platform;

The first information is determined based on the key calculation parameter, the second information key, and the network configuration information.
The method according to claim 56, wherein the determining the first information based on the key calculation parameter, the second information key and the network configuration information comprises:

Using the fourth encryption algorithm and the second information key to process the network configuration information to obtain the network configuration information encrypted with the second information key;

The first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.
The method according to any one of claims 55 to 57, wherein the method further comprises:

receiving first encrypted information from the device to be connected to the network, where the first encrypted information includes first reference information encrypted with the first information key;

receiving second encrypted information from the distribution network cloud platform, where the second encrypted information includes second reference information encrypted with a second information key;

In the case that the first encryption information and the second encryption information are consistent, send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point .
The method according to any one of claims 55 to 57, wherein the method further comprises:

receiving the third reference information from the device to be connected to the network;

Receive the fourth reference information from the distribution network cloud platform;

In the case that the third reference information and the fourth reference information are consistent, send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point .
The method according to any one of claims 55 to 59, wherein the key calculation parameter comprises a random number.
The method according to any one of claims 55 to 60, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a device to be connected to a network, and the device comprises:

A beacon broadcasting module, configured to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.
The apparatus of claim 62, wherein the apparatus further comprises:

A first key determination module, configured to determine a first access key based on the key calculation parameter and the first device key.
The device according to claim 63, wherein the first key determination module is configured to:

Using the first key generation algorithm to process the key calculation parameter and the first device key to obtain a first encryption key;

The first encryption key is processed in the first encoding manner to obtain the first access key.
The device according to claim 63 or 64, wherein the device further comprises:

an identity authentication module, configured to perform the identity authentication with the distribution network device based on the first access key;

Wherein, if the first access key and the second access key determined by the distribution network device are consistent, the identity authentication is passed; if the first access key and the second access key determined by the distribution network device are consistent If the second access keys are inconsistent, the identity authentication fails.
The apparatus according to any one of claims 62 to 65, wherein the beacon comprises at least one of the following fields: a basic service set identification BSSID field, a service set identification SSID field, and a custom field;

The BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the SSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the custom field includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The apparatus according to any one of claims 62 to 66, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 62 to 67, wherein the length of the key calculation parameter is greater than or equal to one byte.
The device according to any one of claims 62 to 68, wherein the device further comprises:

A configuration information receiving module, configured to receive network configuration information from the network distribution device when the identity authentication is passed, where the network configuration information is used to configure the to-be-networked device to access the second access point .
An information processing device, characterized in that it is arranged in a distribution network equipment, and the device comprises:

A beacon receiving module, configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device identifier of the device to be accessed. The access key for performing identity authentication between the distribution network devices.
The apparatus of claim 70, wherein the apparatus further comprises:

a first request sending module, configured to send a first acquisition request to the distribution network cloud platform, where the first acquisition request is used to request to acquire a second access key;

The key information receiving module is configured to receive access key information from the distribution network cloud platform, where the access key information is used to determine the second access key.
71. The apparatus of claim 71, wherein the access key information comprises the second access key.
The apparatus of claim 71, wherein the access key information comprises a second encryption key; the apparatus further comprises:

A second key determination module, configured to process the second encryption key in the first encoding manner to obtain the second access key.
The apparatus according to any one of claims 71 to 73, wherein the first acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The device according to any one of claims 71 to 74, wherein the device further comprises:

an identity authentication module, configured to perform the identity authentication with the device to be networked based on the second access key;

Wherein, if the second access key is consistent with the first access key determined by the device to be connected to the network, the identity authentication is passed; if the second access key and the device to be connected to the network are determined If the first access keys are inconsistent, the identity authentication fails.
The apparatus according to any one of claims 70 to 75, wherein the beacon includes at least one of the following fields: a basic service set identification BSSID field, a service set identification SSID field, and a custom field;

The BSSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the SSID field includes the key calculation parameter and/or the device identifier of the device to be connected to the network;

Alternatively, the custom field includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The apparatus according to any one of claims 70 to 76, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 70 to 77, wherein the length of the key calculation parameter is greater than or equal to one byte.
The device according to any one of claims 70 to 78, wherein the device further comprises:

An access module, configured to access the first access point when the identity authentication is passed.
The apparatus of claim 79, wherein the apparatus further comprises:

The configuration information sending module is configured to send network configuration information to the device to be connected to the network, where the network configuration information is used to configure the device to be connected to the network to access the second access point.
An information processing device, characterized in that it is arranged in a device to be connected to a network, and the device comprises:

a first display module, configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key, The information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
The apparatus of claim 81, wherein the apparatus further comprises:

A decryption key determination module, configured to determine the information decryption key based on the key calculation parameter and the first device key.
The device according to claim 82, wherein the decryption key determination module is used for:

The key calculation parameter and the first device key are processed by using the second key generation algorithm to obtain the information decryption key.
The device according to any one of claims 81 to 83, wherein the device further comprises:

a first scanning module, configured to scan a second graphic code displayed by the network distribution device, where the second graphic code includes the network configuration information encrypted with an information encryption key;

Wherein, if the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; if the information decryption key and the information encryption key are inconsistent In this case, the device to be connected to the network fails to acquire the network configuration information.
The apparatus according to any one of claims 81 to 84, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 81 to 85, wherein the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
The apparatus according to any one of claims 81 to 86, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a distribution network equipment, and the device comprises:

The second scanning module is used to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
The apparatus of claim 88, wherein the apparatus further comprises:

A second request sending module, configured to send a second acquisition request to the distribution network cloud platform, where the second acquisition request is used to request to acquire the information encryption key;

An encryption key receiving module, configured to receive the information encryption key from the distribution network cloud platform.
The apparatus according to claim 89, wherein the second acquisition request includes the key calculation parameter and/or the device identifier of the device to be connected to the network.
The device according to any one of claims 88 to 90, wherein the device further comprises:

a graphic code determination module, configured to determine a second graphic code based on the network configuration information and the information encryption key;

The second display module is used for displaying the second graphic code.
The device according to claim 91, wherein the graphic code determination module is used for:

Using the first encryption algorithm and the information encryption key to process the network configuration information to obtain encrypted network configuration information;

The second graphic code is generated according to the encrypted network configuration information.
The apparatus according to any one of claims 88 to 92, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 88 to 93, wherein the key calculation parameter is preconfigured by a device cloud platform; or, the key calculation parameter is generated by the device to be connected to the network.
The apparatus according to any one of claims 88 to 94, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a device to be connected to a network, and the device comprises:

a third scanning module, configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
The apparatus of claim 96, wherein the apparatus further comprises:

A decryption key determination module, configured to determine the information decryption key based on the key calculation parameter and the first device key.
The device according to claim 97, wherein the decryption key determination module is used for:

A third key generation algorithm is used to process the key calculation parameter and the first device key to obtain the information decryption key.
The device according to any one of claims 96 to 98, characterized in that,

In the case that the information decryption key and the information encryption key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information;

In the case that the information decryption key and the information encryption key are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
The apparatus according to any one of claims 96 to 99, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 96 to 100, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a distribution network equipment, and the device comprises:

a third display module, configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
The apparatus of claim 102, wherein the apparatus further comprises:

an information receiving module for receiving the information encryption key and the key calculation parameter from the distribution network cloud platform;

A graphic code determination module, configured to determine the third graphic code based on the information encryption key, the key calculation parameter and the network configuration information.
The apparatus according to claim 103, wherein the graphic code determination module is configured to:

Use the second encryption algorithm and the information encryption key to process the network configuration information to obtain the network configuration information encrypted with the information encryption key;

The third graphic code is generated based on the network configuration information encrypted with the information encryption key and the key calculation parameter.
The apparatus according to any one of claims 102 to 104, wherein the key calculation parameter includes a random number.
The apparatus according to any one of claims 102 to 105, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a device to be connected to a network, and the device comprises:

The first receiving module is configured to receive first information from the distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
The apparatus of claim 107, wherein the apparatus further comprises:

A first key determination module, configured to determine the first information key based on the key calculation parameter and the first device key.
The apparatus according to claim 108, wherein the first key determination module is configured to:

A fourth key generation algorithm is used to process the key calculation parameter and the first device key to obtain the first information key.
The apparatus according to any one of claims 107 to 109, wherein the first information further comprises network configuration information encrypted with a second information key, and the network configuration information is used to configure the device to be connected to the network accessing a second access point; the apparatus further includes:

a first decryption module, configured to decrypt the network configuration information encrypted with the second information key by using the first information key;

Wherein, in the case that the first information key and the second information key are consistent, the device to be connected to the network succeeds in acquiring the network configuration information; When the keys are inconsistent, the device to be connected to the network fails to acquire the network configuration information.
The device according to any one of claims 107 to 109, wherein the device further comprises:

a first encryption module, configured to obtain first encryption information based on the first information key and the first reference information;

A first information sending module, configured to send the first encrypted information to the network distribution device.
The device according to claim 111, wherein the first encryption module is configured to:

The first reference information is processed by using a third encryption algorithm and the first information key to obtain the first encrypted information.
The apparatus according to any one of claims 107 to 109, wherein the first information further includes second information encrypted with a second information key; the apparatus further includes:

a second decryption module, configured to decrypt the second information encrypted with the second information key by using the first information key to obtain third reference information;

A third information sending module, configured to send the third reference information to the network distribution device.
The apparatus according to any one of claims 107 to 113, wherein the key calculation parameter comprises a random number.
The apparatus according to any one of claims 107 to 114, wherein the length of the key calculation parameter is greater than or equal to one byte.
An information processing device, characterized in that it is arranged in a distribution network equipment, and the device comprises:

The first sending module is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
The apparatus according to claim 116, wherein the first information further comprises network configuration information encrypted with a second information key, and the network configuration information is used to configure the device to be connected to the network to access the second connection. an entry point; the apparatus further includes:

a first receiving module, configured to receive the key calculation parameter and the second information key from the distribution network cloud platform;

A second determining module, configured to determine the first information based on the key calculation parameter, the second information key and the network configuration information.
The apparatus according to claim 117, wherein the second determining module is configured to:

Using the fourth encryption algorithm and the second information key to process the network configuration information to obtain the network configuration information encrypted with the second information key;

The first information is determined based on the key calculation parameter and the network configuration information encrypted with the second information key.
The device according to any one of claims 116 to 118, wherein the device further comprises:

a first information receiving module, configured to receive first encrypted information from the device to be connected to the network, where the first encrypted information includes first reference information encrypted with the first information key;

a second information receiving module, configured to receive second encrypted information from the distribution network cloud platform, where the second encrypted information includes second reference information encrypted with a second information key;

A configuration information sending module, configured to send network configuration information to the device to be connected to the network when the first encrypted information and the second encrypted information are consistent, where the network configuration information is used to configure the device to be connected to the network Access the second access point.
The device according to any one of claims 116 to 118, wherein the device further comprises:

a third information receiving module, configured to receive the third reference information from the device to be connected to the network;

a fourth information receiving module, configured to receive fourth reference information from the distribution network cloud platform;

A configuration information sending module, configured to send network configuration information to the device to be connected to the network when the third reference information is consistent with the fourth reference information, where the network configuration information is used to configure the device to be connected to the network Access the second access point.
The apparatus according to any one of claims 116 to 120, wherein the key calculation parameter comprises a random number.
The apparatus according to any one of claims 116 to 121, wherein the length of the key calculation parameter is greater than or equal to one byte.
A device to be connected to a network, characterized in that the device to be connected to a network comprises: a processor, and a transceiver connected to the processor; wherein:

The transceiver is used to broadcast a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the The access key for performing identity authentication between the device to be connected to the network and the device to be deployed on the network.
A distribution network device, characterized in that the distribution network device comprises: a processor, and a transceiver connected to the processor; wherein:

The transceiver is configured to receive a beacon of the first access point, the beacon includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine the device to be connected to the network and the device ID of the device to be connected to the network. The access key for performing identity authentication between the distribution network devices.
A device to be connected to a network, characterized in that the device to be connected to a network comprises: a processor, and a transceiver connected to the processor; wherein:

The processor is configured to display a first graphic code, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine an information decryption key, The information decryption key is used to decrypt the network configuration information from the network configuration device, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
A distribution network device, characterized in that the distribution network device comprises: a processor, and a transceiver connected to the processor; wherein:

The processor is configured to scan the first graphic code of the device to be connected to the network, where the first graphic code includes a key calculation parameter and/or a device identifier of the device to be connected to the network, and the key calculation parameter is used to determine information An encryption key, where the information encryption key is used to encrypt network configuration information, and the network configuration information is used to configure the device to be connected to the network to access the second access point.
A device to be connected to a network, characterized in that the device to be connected to a network comprises: a processor, and a transceiver connected to the processor; wherein:

The processor is configured to scan a third graphic code displayed by the network distribution device, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine an information decryption key, and the information decryption key is used to decrypt the adoption information Encryption key encrypted network configuration information.
A distribution network device, characterized in that the distribution network device comprises: a processor, and a transceiver connected to the processor; wherein:

the processor, configured to display a third graphic code, where the third graphic code includes network configuration information and key calculation parameters encrypted with an information encryption key;

Wherein, the network configuration information is used to configure the device to be connected to the network to access the second access point, the key calculation parameter is used to determine the information decryption key, and the information decryption key is used to decrypt the information encryption key using the information encryption key. key-encrypted network configuration information.
A device to be connected to a network, characterized in that the device to be connected to a network comprises: a processor, and a transceiver connected to the processor; wherein:

The transceiver is configured to receive first information from a distribution network device, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
A distribution network device, characterized in that the distribution network device comprises: a processor, and a transceiver connected to the processor; wherein:

The transceiver is configured to send first information to the device to be connected to the network, where the first information includes a key calculation parameter, and the key calculation parameter is used to determine the first information key.
A computer-readable storage medium, characterized in that, a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a device to be connected to a network, so as to realize any one of claims 1 to 8. The information processing method of the The information processing method described in one item.
A computer-readable storage medium, characterized in that, a computer program is stored in the storage medium, and the computer program is used to be executed by a processor of a network configuration device, so as to realize any one of claims 9 to 19. The information processing method of the The information processing method described in one item.