[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109618334A - Control method and relevant device - Google Patents

Control method and relevant device Download PDF

Info

Publication number
CN109618334A
CN109618334A CN201811391443.2A CN201811391443A CN109618334A CN 109618334 A CN109618334 A CN 109618334A CN 201811391443 A CN201811391443 A CN 201811391443A CN 109618334 A CN109618334 A CN 109618334A
Authority
CN
China
Prior art keywords
equipment end
key
transmission
control terminal
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811391443.2A
Other languages
Chinese (zh)
Other versions
CN109618334B (en
Inventor
靳松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huada Zhibao Electronic System Co Ltd
Original Assignee
Beijing Huada Zhibao Electronic System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huada Zhibao Electronic System Co Ltd filed Critical Beijing Huada Zhibao Electronic System Co Ltd
Priority to CN201811391443.2A priority Critical patent/CN109618334B/en
Publication of CN109618334A publication Critical patent/CN109618334A/en
Application granted granted Critical
Publication of CN109618334B publication Critical patent/CN109618334B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The present invention provides a kind of control method, comprising: when control terminal receives control instruction, sends director data transmission request to equipment end, triggers the equipment end and carry out authentication to the control terminal;When authentication of the control terminal by the equipment end;Control terminal authenticates the identity of the equipment end, and when the authentication of the equipment end passes through, the determining transmission key carried out data transmission with the equipment end encrypts director data according to the transmission key;The equipment end is decrypted according to the transmission key, and the data command obtained according to decryption executes corresponding control operation;Using control method provided by the invention, when control terminal and equipment end carry out director data transmission, the identity of other side is authenticated, after identity is by certification, the director data to be transmitted is subjected to encrypted transmission and decryption according to the transmission key determined;Which thereby enhance safety when data information transfer.

Description

Control method and relevant device
Technical field
The present invention relates to data information security fields, more particularly to a kind of control method and relevant device.
Background technique
With the fast development of science and technology, smart machine applies the every aspect in we live, and can pass through Long-range internet connection is also or local area network is connected with the bluetooth near field, NFC, by the plaintext transmission of data, realizes remote Process control smart machine, realizes smart home life, keeps our life more convenient.
Inventor pass through the prior art the study found that digital information during transmission be easy stolen by criminal, Safety is low, therefore needs to encrypt the data of transmission, protects the data information to be transmitted, improves the peace of data information Quan Xing.
Summary of the invention
Technical problem to be solved by the invention is to provide a kind of control method, can digital information transmission process The middle safety for improving digital information, reduces a possibility that information is stolen, the safety of improve data transfer.
The present invention also provides a kind of control devices, to guarantee the realization and application of the above method in practice.
A kind of control method, comprising:
When receiving control instruction, director data transmission request is sent to equipment end, triggers the equipment end to described Control terminal carries out authentication;
When authentication of the control terminal by the equipment end, the facility information of the equipment end is obtained, and according to According to the facility information, authentication is carried out to the equipment end;
When through authentication to the equipment end, the transmission that the determining and equipment end carries out data transmission is close Key;
By preset cipher mode, the transmission key is encrypted, and according to the transmission key to be transmitted Director data is encrypted;
The transmission key for passing through encryption and described instruction data are transmitted to the equipment end, so that the equipment end After obtaining described instruction data, control operation corresponding with described instruction data is executed.
Above-mentioned method, optionally, the triggering equipment end carry out authentication to the control terminal, comprising:
It triggers the equipment end and sends identification strings and random string to the control terminal;
When receiving the identification strings, preset certification root key is called to carry out the identification strings Disperse operation, obtains the first authentication key;
The random string is encrypted according to first authentication key, obtains certification ciphertext;
The certification ciphertext is sent to the equipment end, so that the certification ciphertext is decrypted in the equipment end, The random string for including in the certification ciphertext is obtained, and authenticates the random string for including in ciphertext by described and is sent to The random string of the control terminal is matched, and when matching consistent, passes through the authentication to the control terminal.
Above-mentioned method, optionally, the facility information for obtaining the equipment end, and according to the facility information, it is right The equipment end carries out authentication, comprising:
The public key of the signature value and single channel encryption cipher key pair that include in the equipment end is obtained, the signature value is preparatory Signature value of the private key of the production cipher key pair of setting to the public key of preset single channel encryption cipher key pair;
The public key for calling preset production cipher key pair, carries out verifying signature operation to the signature value, works as verifying When signing successfully, confirm that the public key of the single channel encryption cipher key pair in the equipment end is legal public key, by the equipment The authentication at end.
Above-mentioned method, optionally, the transmission key that the determination carries out data transmission with the equipment end, comprising:
Pre-set random digit generation method is called, the transmission key is generated.
Above-mentioned method, it is optionally, described to press preset cipher mode, the transmission key is encrypted, comprising:
Using the public key of the single channel encryption cipher key pair obtained from the equipment end, the transmission key is encrypted.
A kind of control device is applied to control terminal, comprising:
Transmission unit, for sending director data transmission to equipment end and instructing, described in triggering when receiving control instruction Equipment end carries out authentication to the control terminal;
Acquiring unit, for obtaining the equipment end when authentication of the control terminal by the equipment end Facility information, and according to the facility information, authentication is carried out to the equipment end;
Determination unit, it is determining to carry out data with the equipment end for when through authentication to the equipment end The transmission key of transmission;
Encryption unit encrypts the transmission key, and close according to the transmission for pressing preset cipher mode Key encrypts director data to be transmitted;
First control unit, for the transmission key and described instruction data of passing through encryption to be transmitted to the equipment End, so as to execute control operation corresponding with described instruction data after the equipment end obtains described instruction data.
A kind of control method is applied to equipment end, comprising:
When the transmission key by encryption and the director data by encrypting for receiving control terminal transmission, according to default Manner of decryption, to it is described by encryption transmission key be decrypted, obtain the transmission key;
The director data by encryption is decrypted using the transmission key, obtains described instruction data;
The equipment end is controlled according to described instruction data.
The above method, it is optionally, described according to preset cipher mode, the transmission key by encryption is solved It is close, comprising:
Using the private key of preset single channel encryption cipher key pair, the transmission key by encryption is solved It is close.
A kind of control device, application apparatus end, comprising:
First decryption unit, for when the transmission key by encryption and the finger by encryption for receiving control terminal transmission When enabling data, according to preset manner of decryption, the transmission key by encryption is decrypted, it is close to obtain the transmission Key;
Second decryption unit is decrypted the director data by encryption for the application transmission key, obtains Obtain described instruction data;
Second control unit, for controlling according to described instruction data the equipment end.
A kind of control system, comprising:
Control terminal and equipment end;
Wherein:
The control terminal, for executing the above-mentioned control method applied to control terminal;
The equipment end, for executing the above-mentioned control method applied to equipment end.
Compared with prior art, the present invention includes the following advantages:
The present invention provides a kind of control methods, comprising: when control terminal receives control instruction, refers to equipment end transmission Data transfer request is enabled, the equipment end is triggered and authentication is carried out to the control terminal;When the control terminal is set by described When the authentication at standby end, the relevant device information of the equipment end is obtained, authentication is carried out to the equipment end;When passing through When to the authentication of the equipment end, the determining transmission key carried out data transmission with the equipment is close according to the transmission Key encrypts director data, is sent to the equipment end;The equipment end is decrypted according to the transmission key, foundation It decrypts obtained data command and executes corresponding control operation;Using control method provided by the invention, in control terminal and equipment end When carrying out data command transmission, the identity of other side is authenticated, after identity is by certification, the number that will be transmitted Encrypted transmission and decryption are carried out according to the transmission key determined according to instruction;Safety when data information transfer is which thereby enhanced, Reduce a possibility that data information is stolen by criminal.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of control method flow chart provided by the invention;
Fig. 2 is a kind of another flow chart of control method provided by the invention;
Fig. 3 is a kind of another flow chart of control method provided by the invention;
Fig. 4 is a kind of another flow chart of control method provided by the invention;
Fig. 5 is a kind of another flow chart of control method provided by the invention;
Fig. 6 is a kind of structural schematic diagram of control device provided by the invention;
Fig. 7 is a kind of another structural schematic diagram of control device provided by the invention;
Fig. 8 is a kind of structural schematic diagram of control system provided by the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
In this application, relational terms such as first and second and the like be used merely to by an entity or operation with Another entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this realities The relationship on border perhaps sequence the terms "include", "comprise" or any other variant thereof is intended to cover non-exclusive inclusion, from And to include the process, method, article or equipments of a series of elements not only to include those elements, but also including not bright The other element really listed, or further include for elements inherent to such a process, method, article, or device.Do not having In the case where more limitations, the element that is limited by sentence "including a ...", it is not excluded that include the element process, There is also other identical elements in method, article or equipment.
The present invention can be used in numerous general or specialized network equipment environment or configuration.Such as: personal computer, server Computer, internet device, intelligent door lock, intelligent air condition, electronic product including any of the above device or intelligence etc..
The embodiment of the invention provides a kind of control method, this method can be applied in a variety of smart electronics products, Its executing subject can be the server or smart electronics product main body of smart electronics product, such as personal computer, put down Plate computer, smart phone etc., the flow chart of the method is as shown in Figure 1, specifically include:
S101: when receiving control instruction, director data transmission request is sent to equipment end, triggers the equipment end pair The control terminal carries out authentication;
In method provided in an embodiment of the present invention, when control terminal receives the control that user needs to operate equipment end When instruction, control terminal sends the data transfer request of control instruction to equipment end, thus triggers the equipment end to the control The authentication process at end processed;
It should be noted that the control terminal and equipment end can be the smart machine end with wireless connecting function, than If control terminal and equipment end can be carried out the connection of internet, local area network, bluetooth or NFC, can by electronic channel into Row Data transmitting and receiving, control terminal can be smart phone, tablet computer etc., and equipment end, which can be, can carry out bluetooth connection Or air-conditioning, refrigerator, the intelligent door lock etc. of internet connection.
S102: when authentication of the control terminal by the equipment end, obtaining the facility information of the equipment end, And according to the facility information, authentication is carried out to the equipment end;
It is described in authentication of the control terminal by the equipment end in method provided in an embodiment of the present invention Control terminal needs to carry out authentication to the equipment end, the facility information of the equipment end is obtained by calling interface, to institute It states equipment end and carries out authentication;
It should be noted that the interface by calling the equipment end, obtains the facility information of the equipment end, it is described to set Standby information can be the random string that the unique identifying number for being previously written equipment end, sequence SN or equipment end itself generate.
S103: when through authentication to the equipment end, the determining biography carried out data transmission with the equipment end Defeated key;
In method provided in an embodiment of the present invention, when the identity of both sides passes through certification, determination is counted with equipment end According to the transmission key of transmission, the transmission key is obtained by a series of cryptographic calculation, is added for control terminal to data Close, equipment end is decrypted;It should be noted that determining that transmission key is to carry out at encryption to the data to be transmitted Reason reduces a possibility that data are stolen with leakage, the safety of improve data transfer.
S104: preset cipher mode is pressed, the transmission key is encrypted, and according to the transmission key to be passed Defeated director data is encrypted;
In method provided in an embodiment of the present invention, after determining transmission key, need to encrypt transmission key, It is sent to the equipment end, carrying out encryption to transmission key prevents transmission key from revealing, and reduces the data command of subsequent transmission Safety index, so equipment end is sent to after wanting transmission key to be encrypted, in order to which equipment end is according to the transmission key Operation is decrypted.
S105: the transmission key for passing through encryption and described instruction data are transmitted to the equipment end, so that described After equipment end obtains described instruction data, control operation corresponding with described instruction data is executed;
In method provided in an embodiment of the present invention, the control terminal is by the transmission key of encryption and the director data of encryption It is sent to the equipment end, the transmission key of encryption is decrypted in the information that the equipment end application is set in advance in itself, Transmission key is obtained, the director data of the encryption is decrypted according to transmission key, according to obtained director data Execute corresponding control operation.
In method provided in an embodiment of the present invention, is authenticated by the both-end legitimacy of control terminal and equipment end, improve number It is believed that the transmission key of encryption is sent to equipment after the identity of both sides is each other by verifying by safety when breath transmission End, because of a possibility that transmission key by encryption avoids transmission key leakage and the secrecy for ensuring subsequent instructions data Property, it will be sent to the equipment end by the director data of transmission key encryption, the equipment end is close using the transmission received Operation is decrypted to encrypted cipher text in key, obtains director data, executes corresponding operation according to described instruction data;Using this hair The method that bright embodiment provides improves safety of the director data when sending, and encryption provided in an embodiment of the present invention Method is real-time, effectively reduces the Replay Attack of attacker, improves safety of the data command in transmission.
In method provided in an embodiment of the present invention, when control terminal, which sends director data to equipment end, requests, equipment end is needed The identity of control terminal authenticated, judge whether the identity of the control terminal is legal, so as to improve the safety of data transmission Property, to the detailed process that the identity of the control terminal is authenticated, as shown in Fig. 2, specifically including:
S201: the equipment end is triggered to the control terminal and sends identification strings and random string;
In method provided in an embodiment of the present invention, when needing to carry out authentication to the control terminal, the control terminal The instruction for obtaining identification strings and random string is sent to the equipment end;The equipment end receives acquisition instruction, to The control terminal feedback indicator character string and random string, the identification strings can be the unique identifying number of equipment end, It is also possible to the coordinates datas such as sequence number SN;It should be noted that the unique identifying number of the equipment end is that equipment end is producing When be previously written unique, unduplicated identification number character string;The random string is 8 bytes that equipment end generates at random Random string, generate random string be also possible to 16 bytes, 32 bytes etc., it is not limited to 8 bytes it is random Character string;It should be noted that can be sent simultaneously when equipment end sends identification strings and random string to control terminal, It can also successively send.
S202: when receiving the identification strings, call preset certification root key to the mark character String carries out dispersion operation, obtains the first authentication key;
In method provided in an embodiment of the present invention, when receiving the identification strings of the equipment end feedback, the control End processed calls preset certification root key to carry out dispersion operation to the identification strings, obtains the first authentication key;
It should be noted that the preset certification root key is the symmetric key of 16 bytes, root key pair is authenticated Unique identification number carries out dispersion operation, obtains unique authentication key, the authentication key of each equipment end is all different;Recognize Card key is used to authenticate external accessed node, such as the identity of certification control terminal.
S203: encrypting the random string according to first authentication key, obtains certification ciphertext;
In method provided in an embodiment of the present invention, when the certification root key carries out dispersion fortune to the identification strings It calculates, after obtaining the first authentication key, carries out cryptographic calculation according to random string of first authentication key to acquisition, obtain To certification ciphertext.
S204: the certification ciphertext is sent to the equipment end, so that the equipment end carries out the certification ciphertext Decryption, obtain it is described certification ciphertext in include random string, and by it is described certification ciphertext in include random string with The random string for being sent to the control terminal is matched, and when matching consistent, passes through the authentication to the control terminal;
In method provided in an embodiment of the present invention, when the equipment end receives the certification ciphertext of control terminal transmission, use Operation is decrypted to the certification ciphertext in the authentication key for being set in advance in equipment end, obtains the identification strings, works as institute State random string it is consistent with the random string of the equipment end when, then the identity of the control terminal is legal, i.e. control terminal Authentication passes through.
It should be noted that when equipment end sent to control terminal be the unique identifying number for being previously written equipment end when, if Standby termination receives the certification ciphertext encrypted by control terminal, equipment end use the authentication key of the production system write-in in production into Row decryption oprerations;The authentication key, which is production system, carries out dispersion fortune to the unique identifying number of equipment end using certification root key It calculates, obtains corresponding authentication key;
It should be noted that be set in advance in equipment end authentication key be equipment end in process of production, by certification root Its unique identification number of key pair carries out dispersion operation, obtains unique authentication key, and unique authentication key is write Enter in equipment end, the equipment end can be intelligent door lock, intelligent air condition or intelligent water heater etc..
In method provided in an embodiment of the present invention, when sending data command to equipment end, equipment end is first to control terminal Identity is authenticated, and a possibility that equipment end is attacked by criminal is reduced, and improves the safety of data transmission;? After the certification that control terminal passes through equipment end, control terminal is also required to authenticate equipment end, avoids data transmission from occurring with this Mistake, the safety and correctness of improve data transfer, the encrypting and decrypting mathematical algorithm used in this embodiment can be state Border general-purpose algorithm 3DES, the close SM4 algorithm of state and equivalent symmetric key algorithm.
In method provided in an embodiment of the present invention, by carrying out body to the label name-value pair equipment end for being set in advance in equipment end Part certification, so as to improve the safety of data transmission, the authentication process to equipment end is as shown in figure 3, particular content is as follows:
S301: the public key of the signature value and single channel encryption cipher key pair that include in the equipment end, the signature value are obtained It is the preset private key for producing cipher key pair to the signature value of preset single channel encryption cipher key pair public key;
In method provided in an embodiment of the present invention, when the control terminal will authenticate the identity of the equipment end, Control terminal sends acquisition instruction to equipment end, and equipment end response is instructed the public key in the signature value and single channel encryption key It is sent to control terminal;The signature value is to produce the private key of cipher key pair to preset single channel encryption cipher key pair public key Signature value, equipment end production system in production use the private key of production cipher key pair to preset single channel encryption key pair Middle public key carries out hash signature, signature result is arranged in the classified document in equipment end memory, the read/write authority of this document Plaintext reading/administrator's control is set as to write, and do not allow to be updated during equipment end use.
S302: calling the public key of preset production cipher key pair, carry out verifying signature operation to the signature value, when When verifying is signed successfully, confirm that the public key of the single channel encryption cipher key pair in the equipment end is legal public key, by described The authentication of equipment end;
In method provided in an embodiment of the present invention, after getting the signature value, control terminal is by calling setting to exist The public key of the production cipher key pair of itself carries out sign test to the signature value, the process of the sign test i.e. to the signature value into The process of row decryption, when the signing messages that decryption obtains is consistent with the signing messages of acquisition, then signature verification passes through;It ought test The success of signed certificate name can then confirm that the public key of the single channel encryption cipher key pair in equipment end is legal public key, i.e., the described equipment identities are recognized Card passes through;
In method provided in an embodiment of the present invention, according to the signature value information obtained, the public key in production key, to obtaining Signature value verification operation is decrypted, when signature authentication passes through, then the single channel encryption key pair public key in equipment end be close Method, that is, pass through the authentication to the equipment end;Single channel encryption key pair public key in the equipment end is RSA public key, By preset RSA cryptographic algorithms, the public key of single channel encryption key pair is obtained.
In method provided in an embodiment of the present invention, by carrying out sign test to the signature value being set in advance in equipment end, recognize It whether legal demonstrate,proves the equipment end, when the equipment end is legal, then carries out data transmission, thus avoid data and be transmitted to mistake Equipment end accidentally, leads to leaking data;Which thereby enhance the safety of data transmission.
In method provided in an embodiment of the present invention, when the identity of both-end is mutually authenticated successfully, need to transmit director data, It when transmitting director data, needs that director data is encrypted, to prevent leaking data or be stolen, right Director data be encrypted before needs to determine a transmission key between the two parties, with this come to data carry out encryption with Decryption oprerations determine the flow chart to the transmission key of director data progress encrypting and decrypting as shown in figure 4, detailed process is as follows;
S401: calling pre-set random digit generation method, generates the transmission key;
In method provided in an embodiment of the present invention, pre-set random digit generation method is called, generates random number, it is described Pre-set method can be set in advance in control terminal, be also possible to be set in advance in equipment end, when needing using random number When generating transmission key, by calling pre-set method to produce random number, transmitted according to the generating random number close Key;
Optionally, random number is subjected to carry out cover, random number is to form transmission key;Optionally, to random number into Row algorithm operation, to generate transmission key.
It should be noted that the random number generated is different from the random string described in the part Fig. 2 herein, generate herein Pre-set generation method is called when random number, preset method, which can be, to be set in advance in equipment end or controlling End generates random number, and the random number that its method generates is for generating transmission key by calling preset method; And random string described in Fig. 2 is that equipment end generates, and is authenticated for the identity to control terminal.
S402: cryptographic calculation is carried out to the transmission key, is sent to the equipment end;
In method provided in an embodiment of the present invention, cryptographic calculation is carried out to obtained transmission key, to avoid transmission key Leakage;The transmission key is encrypted, optionally, the operation of PKCS#1_v1.5 cover is carried out to the transmission key, is obtained Data after cover;Then according to the public key of the single channel encryption cipher key pair obtained from the equipment end, to the cover operation Data afterwards are encrypted, and form encrypted cipher text, which is sent to equipment end;Equipment end using corresponding private key into Row is decrypted and verifies data format, obtains transmission key after verifying successfully;It should be noted that the private key that equipment end is decrypted It is the private key of pre-set transmission key pair, the private key of the transmission key pair is that equipment end is preparatory in production It sets;It should be noted that cover operation herein is not equal with the cover of random number in step S401, in step S401 What is obtained after random number cover is transmission key, and is that the operation of PKCS#1_v1.5 cover is carried out to transmission key herein, is mended Data after bit arithmetic, after the data after cover are decrypted encrypted cover data for equipment end, verification format is It is no correct.
S403: described instruction data are encrypted using the transmission key, and are sent to the equipment end;
In method provided in an embodiment of the present invention, when receiving the director data of encryption, the decryption stream of equipment end is triggered Journey, equipment end are decrypted the director data of encryption using the transmission key that decryption obtains, according to obtained instruction execution pair The instruction operation answered.
In method provided in an embodiment of the present invention, when the identity of equipment end and control terminal both sides are each other by certification, really The transmission key of fixed data transmission, in order to which both sides carry out the operation of encrypting and decrypting, when determining transmission key, according to Machine number carries out cryptographic calculation, obtains transmission key;By the way that transmission key is arranged, the data command to be transmitted is carried out at encryption Reason, during determining transmission key, has used symmetry algorithm, has reduced equipment end to a certain extent in the energy of control terminal Consumption, extends service life, improves the safety of data transmission.
In method provided in an embodiment of the present invention, after both sides have determined transmission key, equipment end is needed to encryption Director data is decrypted, the decryption shown in detailed process is as follows for equipment end:
When the transmission key by encryption and the director data by encrypting for receiving control terminal transmission, according to default Manner of decryption, to it is described by encryption transmission key be decrypted, obtain the transmission key;
The director data by encryption is decrypted using the transmission key, obtains described instruction data;
The equipment end is controlled according to described instruction data.
In method provided in an embodiment of the present invention, when equipment end receives the transmission key by encryption of control terminal transmission And when the director data by encrypting, the transmission of the private key pair encryption according to the transmission key pair for being set in advance in equipment end Operation is decrypted in key, obtains transmission key, and place is decrypted using director data of the transmission key to the encryption Reason, according to the obtained corresponding control operation of instruction execution.
It in method provided in an embodiment of the present invention, is decrypted, is obtained pair by the transmission key of encryption for sending control terminal The key that the director data of encryption is decrypted, by determine decryption key, the director data for avoiding transmission be intercepted or It is to be cracked, improves the safety of data transmission, ensure that the safety of data transmission;In side provided in an embodiment of the present invention In method, the method provided in order to further illustrate the present invention carries out more detailed discussion in the examples below.
In a kind of control method provided in an embodiment of the present invention, it is applied to a kind of control system, the control system includes Control terminal and transmitting terminal send data transfer request to equipment end, trigger the equipment when control terminal receives control instruction Both sides' authentication process at end and control terminal, is that equipment end authenticates the identity of control terminal first, by obtaining equipment The identification strings sent and random string are held, using preset operation process, generates authentication key, it is close using authenticating Key encrypts random string, is sent to equipment end, and then triggers equipment end to the decryption process of certification ciphertext, specifically Verification process is as described below;
The control terminal sends acquisition instruction to equipment end, and acquisition instruction is to obtain identification strings and random string Instruction sends instruction transmission request to equipment end in control terminal and contains the acquisition identification strings instruction and random string Instruction, in method provided in an embodiment of the present invention, preferred scheme is that random string is 8 bytes;Equipment end receives Acquisition instruction, response acquisition instruction return to identification strings and random string to equipment end;When control terminal receives identifier word When symbol string, the identification strings are to be set in advance in the coordinates datas such as unique identifying number or the sequence number SN of equipment end, fortune The unique identifying number is calculated with pre-set certification root key, obtains the first authentication key, according to the first certification Key pair random string carries out cryptographic calculation, obtains ciphertext data D1, and control terminal is sent to equipment end for ciphertext is authenticated;Equipment End is decrypted ciphertext data D1 using the authentication key for being set in advance in equipment end, obtains authentication data D2, equipment end into The random string that row obtains decryption is compared with the random string for being sent to the control terminal, compares consistent then equipment End passes through the authentication of control terminal;
Optionally, when equipment end receives acquisition instruction, equipment end response instruction sends mark character to control terminal String, control terminal use preset certification root key, carry out dispersion operation to the identification strings of acquisition, it is close to obtain the first certification root Key;The equipment end sends random string to control terminal again, control terminal using generation first authentication key to obtain with Machine character string carries out cryptographic calculation, and the certification ciphertext of encryption is sent to equipment end by the certification ciphertext encrypted;In order to set Standby end is decrypted using pre-set authentication key, and equipment end compares the random string and be sent to control that decryption obtains Whether the random string at end is consistent, if unanimously, the identity of control terminal passes through certification;It should be noted that equipment end is rung The control instruction for answering control terminal to send, when equipment end sends identification strings and random string to control terminal, the two can be same When send;It can also successively send, there is no successive point when successively sending.
The authentication key for being set in advance in equipment end is equipment end in production, and the certification root key in production system is to setting The unique identifying number at standby end carries out dispersion operation, forms authentication key corresponding with each identification number, and by the authentication key It is written in corresponding equipment end, the authentication key of each equipment end is different.
The control terminal identity by the certification of equipment end after, control terminal can be to setting before being transmitted for director data The identity at standby end is authenticated, and confirmation transmission key;Control terminal obtains the signature value for being set in advance in equipment end, the label Name value is to produce the private key of cipher key pair to the signature value of preset single channel encryption cipher key pair public key, passes through the label of acquisition Name information and production public key, carry out sign test to the signature value, thus the identity at authenticating device end, when the identity of equipment end is logical When crossing certification, Xiang Suoshu equipment end sends the transmission key by encryption, and equipment end uses obtained transmission after decryption The encrypted instruction data that key pair receives are decrypted, and obtain director data, execute corresponding finger according to described instruction data Control is enabled, detailed process is as shown in Figure 5;
Control terminal sends acquisition instruction to equipment end, and the acquisition instruction is " 8071000280 " and " 8071000180 ", Equipment end responds acquisition instruction, sends the public key of transmission cipher key pair and the private key of production cipher key pair to letter to control terminal The signature value of the public key of road transmission key centering;The signature value is carried out using the public key of signing messages, production public key centering Sign test, when passing through sign test, the public key of the single channel encryption cipher key pair in equipment end be it is legal, i.e. the identity of equipment end passes through Certification;
Control terminal carries out operation by calling random digit generation method, to random number, obtains transmission key, uses acquisition The public key of transmission key pair encrypts the transmission key, is sent to the equipment end, and the equipment end uses pre- Operation is decrypted in the private key for the transmission key pair being first arranged, and obtains transmission key, and control terminal will be added using transmission key The director data of close mistake is encrypted, and the equipment end is sent to, and the transmission key obtained using decryption is to encrypted instruction Data are decrypted, and obtained director data executes corresponding instruction control;
Such as intelligent door lock receives the director data by encryption of mobile phone remote transmission, intelligent door lock is by decrypting To transmission key to by encryption director data be decrypted, the director data decrypted be open intelligent door lock it is close Code, then intelligent door lock executes corresponding instruction and controls after encrypted director data is decrypted, i.e. opening door lock;May be used also To be intelligent air condition in the director data for receiving mobile phone transmission encryption, described instruction data are to open air-conditioning, and temperature setting exists 26 degrees Celsius;Operation is decrypted after the encrypted instruction for receiving mobile phone remote transmission in intelligent air condition, and by temperature setting At 26 degrees Celsius;
After the data transfer ends between control terminal and equipment end, i.e. the channel of control terminal and receiving end transmission data After interruption, when control terminal sends director data to equipment end again, the identity needs of both sides re-start certification, transmit close Key is also required to re-start determination.
In method provided in an embodiment of the present invention, is authenticated by the both-end legitimacy of control terminal and equipment end, improve number It is believed that the transmission key of encryption is sent to equipment after the identity of both sides is each other by verifying by safety when breath transmission End, because of a possibility that transmission key by encryption avoids transmission key leakage, by the instruction by transmission key encryption Data are sent to the equipment end, and the transmission key that the equipment end application receives is decrypted operation to encrypted cipher text, obtains To director data, corresponding operation is executed according to described instruction data;Using method provided in an embodiment of the present invention, number is improved According to safety of the instruction when sending, and encryption method provided in an embodiment of the present invention is real-time, effectively reduces and attacks The Replay Attack for the person of hitting improves safety of the data command in transmission.
The embodiment of the invention also provides a kind of control device, be applied to control terminal, structural schematic diagram as shown in fig. 6, It specifically includes:
Transmission unit 601, for sending director data transmission instruction, triggering to equipment end when receiving control instruction The equipment end carries out authentication to the control terminal;
Acquiring unit 602, for obtaining the equipment end when authentication of the control terminal by the equipment end Facility information authentication is carried out to the equipment end and according to the facility information;
Determination unit 603, for when through authentication to the equipment end, determination to be counted with the equipment end According to the transmission key of transmission;
Encryption unit 604 encrypts the transmission key, and for pressing preset cipher mode according to the biography Defeated key pair director data to be transmitted is encrypted;
First control unit 605, it is described for the transmission key and described instruction data of passing through encryption to be transmitted to Equipment end, so as to execute control operation corresponding with described instruction data after the equipment end obtains described instruction data.
The embodiment of the invention also provides a kind of control device, be applied to equipment end, structural schematic diagram as shown in fig. 7, It specifically includes:
First decryption unit 701, for when the transmission key for passing through encryption for receiving control terminal transmission and by encryption Director data when, according to preset manner of decryption, the transmission key by encryption is decrypted, the transmission is obtained Key;
Second decryption unit 702 is decrypted the director data by encryption for the application transmission key, Obtain described instruction data;
Second control unit 703, for controlling according to described instruction data the equipment end.
Control method provided in an embodiment of the present invention, using control method provided by the invention, in control terminal and equipment end When carrying out director data transmission, the identity of other side is authenticated, after identity is by certification, the finger that will be transmitted Data are enabled to carry out encrypted transmission and decryption according to the transmission key determined;Safety when data information transfer is which thereby enhanced, Reduce a possibility that data information is stolen by criminal.
The embodiment of the invention also provides a kind of control system, structural schematic diagram is as shown in figure 8, specifically include control terminal 801 and equipment end 802;
The control terminal 801 is performed the following operation with equipment end 802:
When receiving control instruction, director data transmission request is sent to equipment end, triggers the equipment end to described Control terminal carries out authentication;When authentication of the control terminal by the equipment end, setting for the equipment end is obtained Standby information, and according to the facility information, authentication is carried out to the equipment end;Recognize when by the identity to the equipment end When card, the determining transmission key carried out data transmission with the equipment end;By preset cipher mode, to the transmission key into Row encryption, and director data to be transmitted is encrypted according to the transmission key;By the transmission key by encryption And described instruction data are transmitted to the equipment end, so as to be executed and the finger after the equipment end obtains described instruction data Enable the corresponding control operation of data.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight Point explanation is the difference from other embodiments, same and similar part cross-reference between each embodiment. For type of device, since it is basically similar to the method embodiment, so being described relatively simple, related place is referring to side The part of method embodiment illustrates.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system or For system embodiment, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to method The part of embodiment illustrates.System and system embodiment described above is only schematical, wherein the conduct The unit of separate part description may or may not be physically separated, component shown as a unit can be or Person may not be physical unit, it can and it is in one place, or may be distributed over multiple network units.It can root According to actual need that some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment.Ordinary skill Personnel can understand and implement without creative efforts.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of control method, which is characterized in that the method is applied to control terminal, comprising:
When receiving control instruction, director data transmission request is sent to equipment end, triggers the equipment end to the control End carries out authentication;
When authentication of the control terminal by the equipment end, the facility information of the equipment end is obtained, and according to institute Facility information is stated, authentication is carried out to the equipment end;
When through authentication to the equipment end, the determining transmission key carried out data transmission with the equipment end;
By preset cipher mode, the transmission key is encrypted, and according to the transmission key to instruction to be transmitted Data are encrypted;
The transmission key for passing through encryption and described instruction data are transmitted to the equipment end, so that the equipment end obtains After described instruction data, control operation corresponding with described instruction data is executed.
2. the method according to claim 1, wherein the triggering equipment end carries out body to the control terminal Part certification, comprising:
It triggers the equipment end and sends identification strings and random string to the control terminal;
When receiving the identification strings, preset certification root key is called to disperse the identification strings Operation obtains the first authentication key;
The random string is encrypted according to first authentication key, obtains certification ciphertext;
The certification ciphertext is sent to the equipment end, so that the certification ciphertext is decrypted in the equipment end, is obtained The random string for including in the certification ciphertext, and by the random string for including in the certification ciphertext and be sent to described The random string of control terminal is matched, and when matching consistent, passes through the authentication to the control terminal.
3. the method according to claim 1, wherein the facility information for obtaining the equipment end, and foundation The facility information carries out authentication to the equipment end, comprising:
The public key of the signature value and single channel encryption cipher key pair that include in the equipment end is obtained, the signature value is to preset Production cipher key pair private key to the signature value of the public key of preset single channel encryption cipher key pair;
The public key for calling preset production cipher key pair, carries out verifying signature operation to the signature value, when verifying is signed When success, confirm that the public key of the single channel encryption cipher key pair in the equipment end is legal public key, by the equipment end Authentication.
4. the method according to claim 1, wherein the biography that the determination and the equipment end carry out data transmission Defeated key, comprising:
Pre-set random digit generation method is called, the transmission key is generated.
5. according to the method described in claim 3, it is characterized in that, described press preset cipher mode, to the transmission key It is encrypted, comprising:
Using the public key of the single channel encryption cipher key pair obtained from the equipment end, the transmission key is encrypted.
6. a kind of control device, which is characterized in that be applied to control terminal, comprising:
Transmission unit, for sending director data transmission request to equipment end, triggering the equipment when receiving control instruction End carries out authentication to the control terminal;
Acquiring unit, the equipment for obtaining the equipment end when authentication of the control terminal by the equipment end Information, and according to the facility information, authentication is carried out to the equipment end;
Determination unit, for when through authentication to the equipment end, determination to carry out data transmission with the equipment end Transmission key;
Encryption unit encrypts the transmission key, and for pressing preset cipher mode according to the transmission key pair Director data to be transmitted is encrypted;
First control unit, for the transmission key and described instruction data of passing through encryption to be transmitted to the equipment end, So as to execute control operation corresponding with described instruction data after the equipment end obtains described instruction data.
7. a kind of control method, which is characterized in that the method is applied to equipment end, comprising:
When the transmission key by encryption and the director data by encrypting for receiving control terminal transmission, according to preset solution Close mode is decrypted the transmission key by encryption, obtains the transmission key;
The director data by encryption is decrypted using the transmission key, obtains described instruction data;
The equipment end is controlled according to described instruction data.
8. the method according to the description of claim 7 is characterized in that described according to preset cipher mode, to it is described by plus Close transmission key is decrypted, comprising:
Using the private key of preset single channel encryption cipher key pair, the transmission key by encryption is decrypted.
9. a kind of control device, which is characterized in that be applied to equipment end, comprising:
First decryption unit, for when the transmission key by encryption and the instruction number by encryption for receiving control terminal transmission According to when, according to preset manner of decryption, the transmission key by encryption is decrypted, the transmission key is obtained;
Second decryption unit is decrypted the director data by encryption for the application transmission key, obtains institute State director data;
Second control unit, for controlling according to described instruction data the equipment end.
10. a kind of control system characterized by comprising
Control terminal and equipment end;
Wherein:
The control terminal, for control method described in 1~5 any one of perform claim;
The equipment end requires control method described in 7 or 8 any one for perform claim.
CN201811391443.2A 2018-11-21 2018-11-21 Control method and related equipment Active CN109618334B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811391443.2A CN109618334B (en) 2018-11-21 2018-11-21 Control method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811391443.2A CN109618334B (en) 2018-11-21 2018-11-21 Control method and related equipment

Publications (2)

Publication Number Publication Date
CN109618334A true CN109618334A (en) 2019-04-12
CN109618334B CN109618334B (en) 2022-03-22

Family

ID=66003780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811391443.2A Active CN109618334B (en) 2018-11-21 2018-11-21 Control method and related equipment

Country Status (1)

Country Link
CN (1) CN109618334B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
CN112218249A (en) * 2020-11-17 2021-01-12 深圳开立生物医疗科技股份有限公司 Data transmission method, data transmission device, data downloading method and related equipment
CN112987581A (en) * 2019-12-16 2021-06-18 华为技术有限公司 Control method for intelligent household equipment, medium and terminal thereof
CN114615012A (en) * 2022-01-28 2022-06-10 北京威尔文教科技有限责任公司 Device connection method and device, electronic device and readable storage medium
CN114650151A (en) * 2020-12-15 2022-06-21 宝能汽车集团有限公司 Data transmission method, device and system based on vehicle CAN bus and storage medium
CN115002770A (en) * 2022-05-24 2022-09-02 矩阵时光数字科技有限公司 Near field communication system based on quantum key
WO2024016486A1 (en) * 2022-07-21 2024-01-25 广州汽车集团股份有限公司 Data transmission method and apparatus, device, and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
US20120017088A1 (en) * 2009-04-08 2012-01-19 Zte Corporation Wireless local area network terminal pre-authentication method and wireless local area network system
CN105636037A (en) * 2015-06-29 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Authentication method and apparatus and electronic device
CN108809645A (en) * 2018-07-24 2018-11-13 南方电网科学研究院有限责任公司 Key negotiation method and device and power distribution automation system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120017088A1 (en) * 2009-04-08 2012-01-19 Zte Corporation Wireless local area network terminal pre-authentication method and wireless local area network system
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN105636037A (en) * 2015-06-29 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Authentication method and apparatus and electronic device
CN108809645A (en) * 2018-07-24 2018-11-13 南方电网科学研究院有限责任公司 Key negotiation method and device and power distribution automation system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
CN110278080B (en) * 2019-07-11 2020-10-02 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
CN112987581A (en) * 2019-12-16 2021-06-18 华为技术有限公司 Control method for intelligent household equipment, medium and terminal thereof
CN112218249A (en) * 2020-11-17 2021-01-12 深圳开立生物医疗科技股份有限公司 Data transmission method, data transmission device, data downloading method and related equipment
CN114650151A (en) * 2020-12-15 2022-06-21 宝能汽车集团有限公司 Data transmission method, device and system based on vehicle CAN bus and storage medium
CN114615012A (en) * 2022-01-28 2022-06-10 北京威尔文教科技有限责任公司 Device connection method and device, electronic device and readable storage medium
CN115002770A (en) * 2022-05-24 2022-09-02 矩阵时光数字科技有限公司 Near field communication system based on quantum key
WO2024016486A1 (en) * 2022-07-21 2024-01-25 广州汽车集团股份有限公司 Data transmission method and apparatus, device, and computer readable storage medium

Also Published As

Publication number Publication date
CN109618334B (en) 2022-03-22

Similar Documents

Publication Publication Date Title
CN106130982B (en) Intelligent household appliance remote control method based on PKI system
CN109618334A (en) Control method and relevant device
CN108881304B (en) Method and system for carrying out security management on Internet of things equipment
CN106656510B (en) A kind of encryption key acquisition methods and system
CN101828357B (en) Credential provisioning method and device
EP3324572B1 (en) Information transmission method and mobile device
CN109361508B (en) Data transmission method, electronic device and computer readable storage medium
CN105553951A (en) Data transmission method and data transmission device
CN108347419A (en) Data transmission method and device
CN105553666B (en) Intelligent power terminal safety authentication system and method
CN110198295A (en) Safety certifying method and device and storage medium
CN106850207B (en) CA-free identity authentication method and system
CN106027473B (en) Identity card card-reading terminal and cloud authentication platform data transmission method and system
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN105162808A (en) Safety login method based on domestic cryptographic algorithm
CN109150526A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN110113355A (en) The cut-in method and device in Internet of Things cloud
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
WO2015158228A1 (en) Server, user equipment, and method for user equipment to interact with server
CN110519052A (en) Data interactive method and device based on Internet of Things operating system
CN109547303A (en) Control method and relevant device
CN112487380A (en) Data interaction method, device, equipment and medium
CN108848503A (en) A kind of smart home dynamic encryption means of communication and system transmitted using merogenesis
CN115801287A (en) Signature authentication method and device
CN109922022A (en) Internet of Things communication means, platform, terminal and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant