[go: up one dir, main page]

CN109005028A - Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system - Google Patents

Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system Download PDF

Info

Publication number
CN109005028A
CN109005028A CN201811303412.7A CN201811303412A CN109005028A CN 109005028 A CN109005028 A CN 109005028A CN 201811303412 A CN201811303412 A CN 201811303412A CN 109005028 A CN109005028 A CN 109005028A
Authority
CN
China
Prior art keywords
key
random number
equipment
cloud server
key negotiation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811303412.7A
Other languages
Chinese (zh)
Inventor
杨宏杰
刘复鑫
王攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Midea Group Co Ltd
Original Assignee
Midea Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Midea Group Co Ltd filed Critical Midea Group Co Ltd
Priority to CN201811303412.7A priority Critical patent/CN109005028A/en
Publication of CN109005028A publication Critical patent/CN109005028A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of cryptographic key negotiation methods, comprising the following steps: Cloud Server according to the key negotiation request Receive message and saves the first random number after the key negotiation request message for receiving equipment transmission;The Cloud Server generates the second random number, and according to the second generating random number first key check value;Key negotiation response message is generated according to the first key check value, the key negotiation response message is back to the equipment;Session key according to second random number and first generating random number between Cloud Server and the equipment.The invention also discloses a kind of Cloud Server, equipment, computer readable storage medium and key agreement systems.The present invention improves the safety of session key between Cloud Server and equipment, and then enhances the safety of Cloud Server and communication between devices.

Description

Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
Technical field
The present invention relates to field of information security technology more particularly to a kind of cryptographic key negotiation method, Cloud Server, equipment, meters Calculation machine readable storage medium storing program for executing and key agreement system.
Background technique
With the continuous development of information technology, smart machine is widely used in life, for example user passes through terminal to intelligence Energy equipment sends instruction, to realize the control to smart machine.Existing equipment and Cloud Server generally pass through fixed key It is communicated, but this mode safety is lower, for example key, once revealing, entire security system is collapsed.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of cryptographic key negotiation method, Cloud Server, equipment, computer-readable storages Medium and key agreement system, it is intended to improve the safety of session key between Cloud Server and equipment, and then enhance cloud The safety of server and communication between devices.
To achieve the above object, the present invention provides a kind of cryptographic key negotiation method, and the cryptographic key negotiation method includes following step It is rapid:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message It obtains and saves the first random number;
The Cloud Server generates the second random number, and according to the second generating random number first key check value;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is returned To the equipment, so that the equipment is when receiving the key negotiation response message, according to the key negotiation response report Text obtains second random number, and according to second keycheck value of the second generating random number, in second key school Test value it is consistent with the first key check value when, then save second random number;
According to second random number and first generating random number between Cloud Server and the equipment Session key.
Preferably, described to include: according to the key negotiation request Receive message and the step of saving the first random number
The Cloud Server passes through Cloud Server private key according to the first ciphertext of key negotiation request Receive message data The first ciphertext data are decrypted, obtain and save first random number, wherein it is random that the equipment generates described first Number, obtains the first ciphertext data by the first random number described in Cloud Server public key encryption, and according to first ciphertext Data generate the key negotiation request message and are sent to the Cloud Server.
Preferably, the Cloud Server according to the step of the first ciphertext of key negotiation request Receive message data it Before, further includes:
The Cloud Server then generates third random number when receiving the RANDOM NUMBER request that the equipment is sent, and will The third random number is back to the equipment, wherein the equipment utilizes equipment private when receiving the third random number Key encrypts the third random number to obtain signed data, and according to the signed data, equipment public key and described One ciphertext data generate key negotiation request message and are sent to the Cloud Server;
The Cloud Server obtains the equipment public key and the signed data from the key negotiation request message, And the signed data is decrypted to obtain the 4th random number using the equipment public key;
When the 4th random number is consistent with the third random number, then the Cloud Server is executed according to the key Message of negotiation request obtains the step of the first ciphertext data.
Preferably, described to include: according to the step of the second generating random number first key check value
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Preferably, described the step of generating key negotiation response message according to the first key check value, includes:
Second random number is encrypted using equipment public key to obtain the second ciphertext data;
The key negotiation response message is generated according to the second ciphertext data and the first key check value.
Preferably, the Cloud Server according to second random number and first generating random number with it is described The step of session key between equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Preferably, the Cloud Server according to second random number and first generating random number with it is described After the step of session key between equipment, further includes:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
To achieve the above object, the present invention also provides a kind of cryptographic key negotiation method, the cryptographic key negotiation method includes following Step:
Equipment sends key negotiation request message to Cloud Server, so that the Cloud Server is receiving the key association After quotient's request message, according to the key negotiation request Receive message and the first random number is saved, and generate the second random number, root According to the second generating random number first key check value, key negotiation response report is generated according to the first key check value The key negotiation response message is back to the equipment by text;
The equipment is when receiving the key negotiation response message, according to the key negotiation response Receive message institute The second random number is stated, and according to second keycheck value of the second generating random number, in second keycheck value and institute State first key check value it is consistent when, then save second random number, according to second random number and described first with Machine number generates the session key between the Cloud Server and the equipment.
Preferably, described equipment transmission key negotiation request message to the step of Cloud Server, includes:
The equipment generates first random number, obtains first by the first random number described in Cloud Server public key encryption Ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, In, the Cloud Server first ciphertext data according to the key negotiation request Receive message pass through Cloud Server private key The first ciphertext data are decrypted, obtain and save first random number.
Preferably, before the step of equipment transmission key negotiation request message to Cloud Server, further includes:
The equipment initiates RANDOM NUMBER request to the Cloud Server, and in the third for receiving the Cloud Server return When random number, the third random number is encrypted to obtain signed data using device private, according to the signed data, is set Standby public key and the first ciphertext data generate the key negotiation request message, wherein the Cloud Server is receiving When the RANDOM NUMBER request that the equipment is sent, then the third random number is generated, and the third random number is back to described Equipment.
Preferably, described to include: according to the step of second keycheck value of the second generating random number
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Preferably, the step of second random number according to the key negotiation response Receive message includes:
According to the second ciphertext of key negotiation response Receive message data, wherein the Cloud Server is public using equipment Key is encrypted to obtain the second ciphertext data to second random number, and according to the second ciphertext data and described First key check value generates the key negotiation response message;
The second ciphertext data, which are decrypted, using device private obtains second random number.
Preferably, the Cloud Server according to second random number and first generating random number with it is described The step of session key between equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Preferably, the Cloud Server according to second random number and first generating random number with it is described After the step of session key between equipment, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in institute When stating in decrypted result comprising the preset field, then key agreement confirmation message is sent to the equipment.
To achieve the above object, the present invention also provides a kind of Cloud Server, the Cloud Server includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of equipment, the equipment includes:
Memory, processor and it is stored in the key agreement journey that can be run on the memory and on the processor The step of sequence, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by the processor.
To achieve the above object, the present invention also provides a kind of computer readable storage medium, the computer-readable storages Key Agreement procedure is stored on medium, the Key Agreement procedure realizes above-mentioned cryptographic key negotiation method when being executed by processor Step.
To achieve the above object, the present invention also provides a kind of key agreement systems, and the key agreement system includes above-mentioned Cloud Server and above equipment.
Cryptographic key negotiation method, Cloud Server, equipment, computer readable storage medium and key agreement provided by the invention System, key negotiation request Receive message that Cloud Server is sent according to equipment simultaneously save the first random number, it is random to generate second Number, and according to the second generating random number first key check value, key negotiation response message is generated according to first key check value, Key negotiation response message is back to equipment, so that equipment is when receiving key negotiation response message, according to key agreement Response message obtains the second random number, and according to second the second keycheck value of generating random number, the second keycheck value with When first key check value is consistent, then the second random number is saved, and take according to the second random number and the first generating random number cloud The session key being engaged between device and equipment.The present invention improves the safety of session key between Cloud Server and equipment, in turn Enhance the safety of Cloud Server and communication between devices.
Detailed description of the invention
Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key negotiation method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key negotiation method second embodiment of the present invention;
Fig. 4 is the flow diagram of cryptographic key negotiation method 3rd embodiment of the present invention;
Fig. 5 is the flow diagram of cryptographic key negotiation method fourth embodiment of the present invention;
Fig. 6 is the flow diagram of the 5th embodiment of cryptographic key negotiation method of the present invention;
Fig. 7 is the flow diagram of cryptographic key negotiation method sixth embodiment of the present invention;
Fig. 8 is the flow diagram of the 7th embodiment of cryptographic key negotiation method of the present invention;
Fig. 9 is the flow diagram of the 8th embodiment of cryptographic key negotiation method of the present invention;
Figure 10 is the flow diagram of the 9th embodiment of cryptographic key negotiation method of the present invention;
Figure 11 is the flow diagram of the tenth embodiment of cryptographic key negotiation method of the present invention;
Figure 12 is the flow diagram of the 11st embodiment of cryptographic key negotiation method of the present invention;
Figure 13 is the flow diagram of the 12nd embodiment of cryptographic key negotiation method of the present invention;
Figure 14 is the flow diagram of the 13rd embodiment of cryptographic key negotiation method of the present invention;
Figure 15 is the flow diagram of the 14th embodiment of cryptographic key negotiation method of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of cryptographic key negotiation method, improves the safety of session key between Cloud Server and equipment, And then enhance the safety of Cloud Server and communication between devices.
As shown in Figure 1, Fig. 1 is the hardware running environment schematic diagram for the terminal that the embodiment of the present invention is related to
The terminal of that embodiment of the invention can be server, be also possible to equipment, such as air conditioner, air regulator, electric meal Pot, intelligent door lock etc..
As shown in Figure 1, the server may include: processor 1001, such as CPU, memory 1002, communication bus 1003.Wherein, communication bus 1003 is for realizing the connection communication between each building block in the server.Memory 1002 can To be high speed RAM memory, it is also possible to stable memory (non-volatile memory), such as magnetic disk storage.It deposits Reservoir 1002 optionally can also be the storage device independently of aforementioned processor 1001.
As shown in Figure 1, as may include Key Agreement procedure in a kind of memory 1002 of computer storage medium.
In server shown in Fig. 1, processor 1001 can be used for calling the key agreement stored in memory 1002 Program, and execute following operation:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request message It obtains and saves the first random number;
The Cloud Server generates the second random number, and according to the second generating random number first key check value;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is returned To the equipment, so that the equipment is when receiving the key negotiation response message, according to the key negotiation response report Text obtains second random number, and according to second keycheck value of the second generating random number, in second key school Test value it is consistent with the first key check value when, then save second random number;
According to second random number and first generating random number between Cloud Server and the equipment Session key.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
The Cloud Server passes through Cloud Server private key according to the first ciphertext of key negotiation request Receive message data The first ciphertext data are decrypted, obtain and save first random number, wherein it is random that the equipment generates described first Number, obtains the first ciphertext data by the first random number described in Cloud Server public key encryption, and according to first ciphertext Data generate the key negotiation request message and are sent to the Cloud Server.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
The Cloud Server then generates third random number when receiving the RANDOM NUMBER request that the equipment is sent, and will The third random number is back to the equipment, wherein the equipment utilizes equipment private when receiving the third random number Key encrypts the third random number to obtain signed data, and according to the signed data, equipment public key and described One ciphertext data generate key negotiation request message and are sent to the Cloud Server;
The Cloud Server obtains the equipment public key and the signed data from the key negotiation request message, And the signed data is decrypted to obtain the 4th random number using the equipment public key;
When the 4th random number is consistent with the third random number, then the Cloud Server is executed according to the key Message of negotiation request obtains the step of the first ciphertext data.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Second random number is encrypted using equipment public key to obtain the second ciphertext data;
The key negotiation response message is generated according to the second ciphertext data and the first key check value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
The Cloud Server utilizes the session key when receiving the key agreement confirmation message that the equipment returns It decrypts the key agreement confirmation message and obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Equipment sends key negotiation request message to Cloud Server, so that the Cloud Server is receiving the key association After quotient's request message, according to the key negotiation request Receive message and the first random number is saved, and generate the second random number, root According to the second generating random number first key check value, key negotiation response report is generated according to the first key check value The key negotiation response message is back to the equipment by text;
The equipment is when receiving the key negotiation response message, according to the key negotiation response Receive message institute The second random number is stated, and according to second keycheck value of the second generating random number, in second keycheck value and institute State first key check value it is consistent when, then save second random number, according to second random number and described first with Machine number generates the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
The equipment generates first random number, obtains first by the first random number described in Cloud Server public key encryption Ciphertext data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, In, the Cloud Server first ciphertext data according to the key negotiation request Receive message pass through Cloud Server private key The first ciphertext data are decrypted, obtain and save first random number.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
The equipment initiates RANDOM NUMBER request to the Cloud Server, and in the third for receiving the Cloud Server return When random number, the third random number is encrypted to obtain signed data using device private, according to the signed data, is set Standby public key and the first ciphertext data generate the key negotiation request message, wherein the Cloud Server is receiving When the RANDOM NUMBER request that the equipment is sent, then the third random number is generated, and the third random number is back to described Equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
According to the second ciphertext of key negotiation response Receive message data, wherein the Cloud Server is public using equipment Key is encrypted to obtain the second ciphertext data to second random number, and according to the second ciphertext data and described First key check value generates the key negotiation response message;
The second ciphertext data, which are decrypted, using device private obtains second random number.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
Further, processor 1001 can call the Key Agreement procedure stored in memory 1002, also execute following Operation:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, for the Cloud Server receive it is described When key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in institute When stating in decrypted result comprising the preset field, then key agreement confirmation message is sent to the equipment.
Referring to Fig. 2, in the first embodiment, the cryptographic key negotiation method includes:
Step S10, Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key agreement Request message obtains and saves the first random number;
In the present embodiment, executing subject is Cloud Server.It is a variety of that equipment can be air conditioner, washing machine, intelligent door lock etc. Smart machine can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be referred to It enables, to control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
When Cloud Server and equipment carry out key agreement, key negotiation request message that Cloud Server is sent according to equipment Obtain the first random number, wherein the first random number is equipment generation, and equipment is obtained by the first random number of Cloud Server public key encryption To the first ciphertext data, and key negotiation request message is generated according to the first ciphertext data and is sent to Cloud Server.
Step S11, the described Cloud Server generates the second random number, and according to the second generating random number first key school Test value;
Cloud Server generates the second random number, according to preset algorithm to the splicing result of the second random number and the first random number It carries out encryption and generates first key check value, also, Cloud Server is encrypted to obtain using equipment public key to the second random number Second ciphertext data.Encrypted to obtain the second ciphertext data to the second random number using equipment public key, equipment public key can be with It is that equipment generates, can also be extracted from equipment public key certificate, wherein equipment public key certificate can be by decrypts predetermined server It obtains.Cloud Server in equipment public key certificate signature result carry out sign test, when sign test passes through, by root public key index come Public key in extract equipment public key certificate.This kind of mode increases the randomness of certificate, wherein predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash, When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with And session key validity period mark etc..Wherein, equipment generates the first random number, and random by Cloud Server public key encryption first Number obtains the first ciphertext data, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee that the safety of the first random number passes It is defeated.
Step S12, key negotiation response message is generated according to the first key check value, by the key negotiation response Message is back to the equipment, so that the equipment is when receiving the key negotiation response message, is assisted according to the key Quotient's response message obtains second random number, and according to second keycheck value of the second generating random number, described the When two keycheck values are consistent with the first key check value, then second random number is saved;
It should be noted that first key check value and the second keycheck value are for verifying session key.With first For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second random number and the first random number and generates first The step of keycheck value, which may is that, adds predetermined bite according to the splicing result of the second random number and the first random number It is close, encrypted result is obtained, and using the preset byte of encrypted result as first key check value.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than Such as, Cloud Server according to splicing result of the SHA256 algorithm to the second random number and the first random number carries out operation and obtains first plucking Information is wanted, equipment obtains second to the splicing result progress operation of the second random number and the first random number according to SHA256 algorithm and plucks Information is wanted, when the second summary info is consistent with the first summary info, then equipment saves the second random number, and random according to second The several and session key between the first generating random number Cloud Server and equipment.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit It is fixed.
Step S13, the Cloud Server according to second random number and first generating random number is set with described Session key between standby.
Second ciphertext data and first key check value are back to equipment by Cloud Server, so that equipment utilization equipment is private Key decrypts the second ciphertext data to obtain the second random number, and the spelling according to preset algorithm to the second random number and the first random number Binding fruit encrypts to obtain the second keycheck value, when the second keycheck value is consistent with first key check value, saves second Random number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number with And the first session key between generating random number Cloud Server and equipment.Preferably, according to the second random number and first with Machine number, which generates the step of session key, may is that and splices the second random number and the first random number, using splicing result as Session key.Certainly, other way can also be had according to the second random number and the first generating random number session key, the present invention It is not specifically limited.
In the first embodiment, Cloud Server is sent according to equipment key negotiation request Receive message and save first with Machine number generates the second random number, and according to the second generating random number first key check value, is generated according to first key check value Key negotiation response message is back to equipment by key negotiation response message, so that equipment is receiving key negotiation response report Wen Shi, according to the second random number of key negotiation response Receive message, and according to second the second keycheck value of generating random number, When second keycheck value is consistent with first key check value, then the second random number is saved, and according to the second random number and Session key between one generating random number Cloud Server and equipment.It is close that the present invention improves session between Cloud Server and equipment The safety of key, and then enhance the safety of Cloud Server and communication between devices.
In a second embodiment, described according to the key as shown in figure 3, on the basis of above-mentioned embodiment shown in Fig. 2 Message of negotiation request obtains and includes: the step of saving the first random number
Step S101, the described Cloud Server passes through cloud according to the first ciphertext of key negotiation request Receive message data Privacy key decrypts the first ciphertext data, obtains and saves first random number, wherein described in the equipment generates First random number obtains the first ciphertext data by the first random number described in Cloud Server public key encryption, and according to described First ciphertext data generate the key negotiation request message and are sent to the Cloud Server.
In the present embodiment, when Cloud Server and equipment carry out key agreement, key that Cloud Server is sent according to equipment Message of negotiation request obtains the first random number, wherein the first random number is equipment generation, and equipment passes through Cloud Server public key encryption First random number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to cloud service Device.
In a second embodiment, Cloud Server is according to key negotiation request Receive message the first ciphertext data, and to first Ciphertext data deciphering obtains the first random number, this way it is ensured that the safe transmission of the first random number.
In the third embodiment, described as shown in figure 4, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 3 Cloud Server is according to before the step of the first ciphertext of key negotiation request Receive message data, further includes:
Step S102, the described Cloud Server when receiving the RANDOM NUMBER request that the equipment is sent, then generate third with Machine number, and the third random number is back to the equipment, wherein the equipment when receiving the third random number, The third random number is encrypted using device private to obtain signed data, and according to the signed data, equipment public key And the first ciphertext data generate key negotiation request message and are sent to the Cloud Server;
Step S103, the described Cloud Server obtains the equipment public key and described from the key negotiation request message Signed data, and the signed data is decrypted to obtain the 4th random number using the equipment public key;
Step S104, judge whether the 4th random number and the third random number are consistent;
Step S105, when the 4th random number is consistent with the third random number, then the Cloud Server root is executed The step of according to the first ciphertext of key negotiation request Receive message data.
Before Cloud Server and equipment carry out key agreement, Cloud Server carries out sign test to the legitimacy of equipment.Firstly, Equipment initiates random number application to Cloud Server, and expression will carry out key agreement, wherein includes random in random number application message Number validity period mark, validity period mark indicate the life cycle of random number.Cloud Server is receiving random number application message When, third random number is generated, and third random number is back to equipment.It wherein, include return state in random number returned packet Code, random number validity period mark and third random number.Equipment receive Cloud Server transmission random number returned packet when, Third random number is obtained, and is signed using device private to third random number, signed data is generated.According to signed data with And equipment public key generates key negotiation request message, and key negotiation request message is sent to Cloud Server.
It should be noted that equipment public key can be equipment generation, can also be extracted from equipment public key certificate, wherein Equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server carries out the signature result in equipment public key certificate Sign test, when sign test passes through, by root public key index come the public key in extract equipment public key certificate.This kind of mode increases certificate Randomness, wherein predetermined server can be License server.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with And session key validity period mark etc..
In the present embodiment, equipment obtains third random number when receiving the random number returned packet of Cloud Server transmission, And signature is carried out to third random number using device private and generates signed data, therefore Cloud Server can be using equipment public key to signature Data are decrypted.Cloud Server decrypted signature data obtain the 4th random number, and by the 4th random number and third random number into Row compares, and when the 4th random number is consistent with third random number, then determines that equipment is legal, and Cloud Server and equipment carry out key association Quotient.
It should be noted that determining equipment, whether legal method is not limited to the above, can carry out according to the actual situation Setting.For example equipment carries out Hash operation to third random number and encrypts to obtain the 4th cryptographic Hash, and passes through the first preset-key pair 4th cryptographic Hash is signed to obtain Hash ciphertext, Hash ciphertext and the 4th cryptographic Hash is back to Cloud Server, cloud service Device is decrypted operation to Hash ciphertext by the second preset-key and obtains the 5th cryptographic Hash, in the 5th cryptographic Hash and the 4th Hash When being worth consistent, then determine that equipment is legal, Cloud Server and equipment carry out key agreement.Wherein, hash algorithm can be SHA256 Algorithm or MD5 algorithm.Wherein, the first preset-key can be device private, and the second preset-key can be equipment public key.
In the third embodiment, it is random then to generate third when receiving the RANDOM NUMBER request of equipment transmission for Cloud Server Third random number is back to equipment by number, and when receiving the key negotiation request message of equipment transmission, according to key agreement Request message obtains the 4th random number, and when the 4th random number is consistent with third random number, then Cloud Server and equipment carry out Key agreement.In this way, when Cloud Server and equipment carry out key agreement, it is first determined the legitimacy of equipment, to strengthen The safety of cipher key agreement process.
In the fourth embodiment, described as shown in figure 5, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 4 Include: according to the step of the second generating random number first key check value
Step S111, predetermined bite is encrypted according to second random number and first random number, is obtained Encrypted result;
Step S112, using the preset byte of the encrypted result as the first key check value.
In the present embodiment, first key check value is for verifying session key.According to preset algorithm to the second random number with The splicing result of first random number, which carries out the step of encryption generates first key check value, may is that according to the second random number and the The splicing result of one random number encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as First key check value.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the fourth embodiment, predetermined bite is encrypted according to the second random number and the first random number, is added It is close as a result, and using the preset byte of encrypted result as first key check value.In this way, improving between Cloud Server and equipment The safety of session key.
In the 5th embodiment, described as shown in fig. 6, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 5 Include: according to the step of first key check value generation key negotiation response message
Step S121, second random number is encrypted using equipment public key to obtain the second ciphertext data;
Step S122, the key agreement is generated according to the second ciphertext data and the first key check value to ring Answer message.
In the present embodiment, equipment public key can be equipment generation, can also extract from equipment public key certificate, wherein set Standby public key certificate is generated in predetermined server, and equipment can be obtained by decrypting predetermined server, it should be noted that preset service Device can be License server.Terminal carries out sign test to the signature result in equipment public key certificate, when sign test passes through, leads to Cross the public key that root public key index comes in extract equipment public key certificate.This kind of mode increases the randomness of certificate.
Before extract equipment public key in equipment public key certificate, terminal verifies equipment public key certificate.Specifically, In equipment public key certificate include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment public key, Signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to the first Hash What value was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, presupposed information Including certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Terminal obtains third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate, When third cryptographic Hash is consistent with the first cryptographic Hash, terminal carries out Hash operation to the presupposed information in device certificate and obtains the second Kazakhstan Uncommon value, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then extract equipment is public from device certificate Key.
In the 5th embodiment, terminal is extracted from equipment public key certificate and is set after passing through to equipment public key certificate sign test Standby public key, and the second random number of equipment public key encryption is utilized, in this way, improving the peace of session key between Cloud Server and equipment Quan Xing.
In the sixth embodiment, described as shown in fig. 7, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 6 Session key according to second random number and first generating random number between Cloud Server and the equipment The step of include:
Step S131, second random number and first random number are spliced, obtains splicing result;
Step S132, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second random number and the first generating random number session key by Two random numbers are spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and One generating random number session key can also have other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit It is fixed.
In the sixth embodiment, the second random number and the first random number are spliced, and is taken splicing result as cloud The session key being engaged between device and equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
In the seventh embodiment, described as shown in figure 8, on the basis of the embodiment shown in above-mentioned Fig. 2 to any one of Fig. 7 Session key according to second random number and first generating random number between Cloud Server and the equipment The step of after, further includes:
Step S14, the described Cloud Server is when receiving the key agreement confirmation message that the equipment returns, using described Session key decrypts the key agreement confirmation message and obtains decrypted result;
Step S15, it when in the decrypted result including preset field, then sends key agreement confirmation message and is set to described It is standby.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value The second ciphertext data are decrypted to obtain the second random number, and the splicing according to preset algorithm to the second random number and the first random number As a result encryption obtain the second keycheck value, when the second keycheck value is consistent with first key check value, preservation second with Machine number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and Session key between first generating random number Cloud Server and equipment.Preferably, random according to the second random number and first The step of number generation session key, which may is that, splices the second random number and the first random number, using splicing result as meeting Talk about key.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result, When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the seventh embodiment, Cloud Server is when receiving the key agreement confirmation message of equipment return, decruption key Negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation message To equipment.In this way, realizing the key agreement between Cloud Server and equipment.
The present invention also provides a kind of cryptographic key negotiation methods, referring to Fig. 9, in the eighth embodiment, the cryptographic key negotiation method The following steps are included:
Step S20, equipment sends key negotiation request message to Cloud Server, so that the Cloud Server is receiving After stating key negotiation request message, according to the key negotiation request Receive message and the first random number is saved, and generate second Random number generates key association according to the first key check value according to the second generating random number first key check value The key negotiation response message is back to the equipment by quotient's response message;
Step S21, the described equipment is when receiving the key negotiation response message, according to the key negotiation response report Text obtains second random number, and according to second keycheck value of the second generating random number, in second key school Test value it is consistent with the first key check value when, then second random number is saved, according to second random number and institute State the session key between Cloud Server described in the first generating random number and the equipment.
In the present embodiment, executing subject is equipment.Equipment can be a variety of intelligence such as air conditioner, washing machine, intelligent door lock Equipment can be communicated by Cloud Server with the APP in mobile terminal, i.e., user can be sent by APP and be instructed, with Control smart machine.Before Cloud Server and equipment carry out safe transmission, need to carry out key agreement.
When Cloud Server and equipment carry out key agreement, key negotiation request message that Cloud Server is sent according to equipment Obtain the first random number, wherein the first random number is equipment generation, and equipment is obtained by the first random number of Cloud Server public key encryption To the first ciphertext data, and key negotiation request message is generated according to the first ciphertext data and is sent to Cloud Server.
Cloud Server generates the second random number, according to preset algorithm to the splicing result of the second random number and the first random number It carries out encryption and generates first key check value, also, Cloud Server is encrypted to obtain using equipment public key to the second random number Second ciphertext data.Encrypted to obtain the second ciphertext data to the second random number using equipment public key, equipment public key can be with It is that equipment generates, can also be extracted from equipment public key certificate, wherein equipment public key certificate can be by decrypts predetermined server It obtains.Cloud Server in equipment public key certificate signature result carry out sign test, when sign test passes through, by root public key index come Public key in extract equipment public key certificate.This kind of mode increases the randomness of certificate, wherein predetermined server can be License server.
Before extract equipment public key in equipment public key certificate, Cloud Server verifies equipment public key certificate.Tool Body, it include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment in equipment public key certificate Public key, signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to first What cryptographic Hash was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, is preset Information includes certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.Cloud service Device obtains third cryptographic Hash, in third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate When consistent with the first cryptographic Hash, Cloud Server carries out Hash operation to the presupposed information in device certificate and obtains the second cryptographic Hash, When the second cryptographic Hash is consistent with the first cryptographic Hash, then determine that certificate is legal, then the extract equipment public key from device certificate.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with And session key validity period mark etc..Wherein, equipment generates the first random number, and random by Cloud Server public key encryption first Number obtains the first ciphertext data, and the first ciphertext data are sent to Cloud Server by equipment, to guarantee that the safety of the first random number passes It is defeated.
It should be noted that first key check value and the second keycheck value are for verifying session key.With first For keycheck value, encryption is carried out according to splicing result of the preset algorithm to the second random number and the first random number and generates first The step of keycheck value, which may is that, adds predetermined bite according to the splicing result of the second random number and the first random number It is close, encrypted result is obtained, and using the preset byte of encrypted result as first key check value.
It is verified it should be noted that session key also can use other way, the present invention is not specifically limited.Than Such as, Cloud Server according to splicing result of the SHA256 algorithm to the second random number and the first random number carries out operation and obtains first plucking Information is wanted, equipment obtains second to the splicing result progress operation of the second random number and the first random number according to SHA256 algorithm and plucks Information is wanted, when the second summary info is consistent with the first summary info, then equipment saves the second random number, and random according to second The several and session key between the first generating random number Cloud Server and equipment.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit It is fixed.
Second ciphertext data and first key check value are back to equipment by Cloud Server, so that equipment utilization equipment is private Key decrypts the second ciphertext data to obtain the second random number, and the spelling according to preset algorithm to the second random number and the first random number Binding fruit encrypts to obtain the second keycheck value, when the second keycheck value is consistent with first key check value, saves second Random number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number with And the first session key between generating random number Cloud Server and equipment.Preferably, according to the second random number and first with Machine number, which generates the step of session key, may is that and splices the second random number and the first random number, using splicing result as Session key.Certainly, other way can also be had according to the second random number and the first generating random number session key, the present invention It is not specifically limited.
In the eighth embodiment, Cloud Server is sent according to equipment key negotiation request Receive message and save first with Machine number generates the second random number, and according to the second generating random number first key check value, is generated according to first key check value Key negotiation response message is back to equipment by key negotiation response message, so that equipment is receiving key negotiation response report Wen Shi, according to the second random number of key negotiation response Receive message, and according to second the second keycheck value of generating random number, When second keycheck value is consistent with first key check value, then the second random number is saved, and according to the second random number and Session key between one generating random number Cloud Server and equipment.It is close that the present invention improves session between Cloud Server and equipment The safety of key, and then enhance the safety of Cloud Server and communication between devices.
In the 9th embodiment, as shown in Figure 10, on the basis of above-mentioned embodiment shown in Fig. 9, the equipment sends close Key message of negotiation request to the step of Cloud Server includes:
Step S201, the described equipment generates first random number, random by described in Cloud Server public key encryption first Number obtains the first ciphertext data, and generates the key negotiation request message according to the first ciphertext data and be sent to the cloud Server, wherein the Cloud Server first ciphertext data according to the key negotiation request Receive message are taken by cloud Business device private key decrypts the first ciphertext data, obtains and saves first random number.
In the present embodiment, when Cloud Server and equipment carry out key agreement, key that Cloud Server is sent according to equipment Message of negotiation request obtains the first random number, wherein the first random number is equipment generation, and equipment passes through Cloud Server public key encryption First random number obtains the first ciphertext data, and generates key negotiation request message according to the first ciphertext data and be sent to cloud service Device.
In the 9th embodiment, Cloud Server is according to key negotiation request Receive message the first ciphertext data, and to first Ciphertext data deciphering obtains the first random number, this way it is ensured that the safe transmission of the first random number.
In the tenth embodiment, as shown in figure 11, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 10, institute Before the step of stating equipment transmission key negotiation request message to Cloud Server, further includes:
Step S202, the described equipment initiates RANDOM NUMBER request to the Cloud Server, and is receiving the Cloud Server When the third random number of return, the third random number is encrypted to obtain signed data using device private, according to described Signed data, equipment public key and the first ciphertext data generate the key negotiation request message, wherein the cloud service Device then generates the third random number when receiving the RANDOM NUMBER request that the equipment is sent, and by the third random number It is back to the equipment.
Before Cloud Server and equipment carry out key agreement, Cloud Server carries out sign test to the legitimacy of equipment.Firstly, Equipment initiates random number application to Cloud Server, and expression will carry out key agreement, wherein includes random in random number application message Number validity period mark, validity period mark indicate the life cycle of random number.Cloud Server is receiving random number application message When, third random number is generated, and third random number is back to equipment.It wherein, include return state in random number returned packet Code, random number validity period mark and third random number.Equipment receive Cloud Server transmission random number returned packet when, Third random number is obtained, and is signed using device private to third random number, signed data is generated.According to signed data with And equipment public key generates key negotiation request message, and key negotiation request message is sent to Cloud Server.
It should be noted that equipment public key can be equipment generation, can also be extracted from equipment public key certificate, wherein Equipment public key certificate can be obtained by decrypting predetermined server.Cloud Server carries out the signature result in equipment public key certificate Sign test, when sign test passes through, by root public key index come the public key in extract equipment public key certificate.This kind of mode increases certificate Randomness, wherein predetermined server can be License server.
It specifically, may include equipment public key, signed data, the first ciphertext data and meeting in key negotiation request message Talk about key validity period mark etc., also may include root public key index, equipment public key certificate, signed data, the first ciphertext data with And session key validity period mark etc..
In the present embodiment, equipment obtains third random number when receiving the random number returned packet of Cloud Server transmission, And signature is carried out to third random number using device private and generates signed data, therefore Cloud Server can be using equipment public key to signature Data are decrypted.Cloud Server decrypted signature data obtain the 4th random number, and by the 4th random number and third random number into Row compares, and when the 4th random number is consistent with third random number, then determines that equipment is legal, and Cloud Server and equipment carry out key association Quotient.
It should be noted that determining equipment, whether legal method is not limited to the above, can carry out according to the actual situation Setting.For example equipment carries out Hash operation to third random number and encrypts to obtain the 4th cryptographic Hash, and passes through the first preset-key pair 4th cryptographic Hash is signed to obtain Hash ciphertext, Hash ciphertext and the 4th cryptographic Hash is back to Cloud Server, cloud service Device is decrypted operation to Hash ciphertext by the second preset-key and obtains the 5th cryptographic Hash, in the 5th cryptographic Hash and the 4th Hash When being worth consistent, then determine that equipment is legal, Cloud Server and equipment carry out key agreement.Wherein, hash algorithm can be SHA256 Algorithm or MD5 algorithm.Wherein, the first preset-key can be device private, and the second preset-key can be equipment public key.
In the tenth embodiment, it is random then to generate third when receiving the RANDOM NUMBER request of equipment transmission for Cloud Server Third random number is back to equipment by number, and when receiving the key negotiation request message of equipment transmission, according to key agreement Request message obtains the 4th random number, and when the 4th random number is consistent with third random number, then Cloud Server and equipment carry out Key agreement.In this way, when Cloud Server and equipment carry out key agreement, it is first determined the legitimacy of equipment, to strengthen The safety of cipher key agreement process.
In the 11st embodiment, as shown in figure 12, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 11, It is described to include: according to the step of second keycheck value of the second generating random number
Step S211, predetermined bite is encrypted according to second random number and first random number, is obtained Encrypted result;
Step S212, using the preset byte of the encrypted result as second keycheck value.
In the present embodiment, the second keycheck value is for verifying session key.According to preset algorithm to the second random number with The splicing result of first random number, which carries out the step of encryption generates the second keycheck value, may is that according to the second random number and the The splicing result of one random number encrypts predetermined bite, obtains encrypted result, and using the preset byte of encrypted result as Second keycheck value.
It should be noted that predetermined bite can be 16 bytes, preset byte can be first three byte.
In the 11st embodiment, predetermined bite is encrypted according to the second random number and the first random number, is obtained Encrypted result, and using the preset byte of encrypted result as first key check value.In this way, improve Cloud Server and equipment it Between session key safety.
In the 12nd embodiment, as shown in figure 13, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 12, The step of second random number according to the key negotiation response Receive message includes:
Step S213, according to the second ciphertext of key negotiation response Receive message data, wherein the Cloud Server benefit Second random number is encrypted with equipment public key to obtain the second ciphertext data, and according to the second ciphertext data And the first key check value generates the key negotiation response message;
Step S214, the second ciphertext data are decrypted using device private and obtains second random number.
In the present embodiment, equipment public key can be equipment generation, can also extract from equipment public key certificate, wherein set Standby public key certificate is generated in predetermined server, and equipment can be obtained by decrypting predetermined server, it should be noted that preset service Device can be License server.Terminal carries out sign test to the signature result in equipment public key certificate, when sign test passes through, leads to Cross the public key that root public key index comes in extract equipment public key certificate.This kind of mode increases the randomness of certificate.
Before extract equipment public key in equipment public key certificate, terminal verifies equipment public key certificate.Specifically, In equipment public key certificate include certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark, equipment public key, Signature result and the first cryptographic Hash, wherein signature result is that predetermined server utilizes predetermined server private key to the first Hash What value was signed, the first cryptographic Hash is that predetermined server obtains presupposed information progress Hash operation, presupposed information Including certificate format, certificate serial number, hash algorithm mark, equipment public key algorithm mark and equipment public key.
Terminal obtains third cryptographic Hash using the signature result in predetermined server public key decryptions equipment public key certificate, When third cryptographic Hash is consistent with the first cryptographic Hash, terminal carries out Hash operation to the presupposed information in device certificate and obtains the second Kazakhstan Uncommon value, when the second cryptographic Hash is consistent with the first cryptographic Hash, then determines that certificate is legal, then extract equipment is public from device certificate Key.
In the 12nd embodiment, terminal is extracted from equipment public key certificate after passing through to equipment public key certificate sign test Equipment public key, and the second random number of equipment public key encryption is utilized, in this way, improving session key between Cloud Server and equipment Safety.
In the 13rd embodiment, as shown in figure 14, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 13, The session according to second random number and first generating random number between Cloud Server and the equipment The step of key includes:
Step S215, second random number and first random number are spliced, obtains splicing result;
Step S216, using the splicing result as the session key between the Cloud Server and the equipment.
In the present embodiment, it may is that according to the step of the second random number and the first generating random number session key by Two random numbers are spliced with the first random number, using splicing result as session key.Certainly, according to the second random number and One generating random number session key can also have other way, and the present invention is not specifically limited.
It should be noted that the first random number and the second random number are also possible to key.For example equipment generating device is public Key and device private, Cloud Server generating device private key and equipment public key, equipment receive the cloud service that Cloud Server is sent Device public key, and the first session key is calculated to Cloud Server public key by preset algorithm using device private, similarly, cloud clothes The equipment public key that business device receiving device is sent, is calculated second to equipment public key by preset algorithm using Cloud Server private key Session key, using the first session key and the second session key as the session key between Cloud Server and equipment.It needs Illustrate, preset algorithm can be ECDH algorithm, ECC algorithm, RSA Algorithm, ECDSA algorithm etc., and the present invention does not do specific limit It is fixed.
In the 13rd embodiment, the second random number and the first random number are spliced, and using splicing result as cloud Session key between server and equipment, in this way, having ensured the secure communication between Cloud Server and equipment.
In the 14th embodiment, as shown in figure 15, on the basis of the embodiment shown in above-mentioned Fig. 9 to any one of Figure 14, The session according to second random number and first generating random number between Cloud Server and the equipment After the step of key, further includes:
Step S22, session key described in the described equipment utilization encrypts preset field, obtains key agreement confirmation letter Breath;
Step S23, the key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is connecing When receiving the key agreement confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decryption knot Fruit then sends key agreement confirmation message to the equipment when in the decrypted result comprising the preset field.
In the present embodiment, equipment utilizes device private when receiving the second ciphertext data and first key check value The second ciphertext data are decrypted to obtain the second random number, and the splicing according to preset algorithm to the second random number and the first random number As a result encryption obtain the second keycheck value, when the second keycheck value is consistent with first key check value, preservation second with Machine number, in this way, Cloud Server and equipment respectively possess the first random number and the second random number, and according to the second random number and Session key between first generating random number Cloud Server and equipment.Preferably, random according to the second random number and first The step of number generation session key, which may is that, splices the second random number and the first random number, using splicing result as meeting Talk about key.
Equipment utilization session key preset field is encrypted or equipment utilization session key to preset field and with Machine number is encrypted, and obtains key agreement confirmation message, and key agreement confirmation message is sent to Cloud Server, for cloud clothes Device be engaged in when receiving key agreement confirmation message, negotiates confirmation message using session key decruption key and obtains decrypted result, When including preset field in decrypted result, then key agreement confirmation message is sent to equipment.Wherein, preset field can be Characters such as " OK ".When not including preset field in decrypted result, then error code is returned to equipment.
In the 14th embodiment, Cloud Server is decrypted close when receiving the key agreement confirmation message of equipment return Key negotiate confirmation message obtain decrypted result, and in decrypted result include preset field when, then send key agreement confirmation report Text is to equipment.In this way, realizing the key agreement between Cloud Server and equipment.
In addition, the present invention also proposes that a kind of Cloud Server, the Cloud Server include memory, processor and be stored in On reservoir and the Key Agreement procedure that can run on a processor, it is executing subject that the processor, which executes above-mentioned Cloud Server such as, Under the cryptographic key negotiation method the step of.
In addition, the present invention also proposes that a kind of equipment, the equipment include memory, processor and stores on a memory simultaneously The Key Agreement procedure that can be run on a processor, it is the key under executing subject that the processor, which executes above equipment such as, The step of machinery of consultation.
In addition, the present invention also proposes that a kind of computer readable storage medium, the computer readable storage medium include close Key negotiation procedure, the Key Agreement procedure realize cryptographic key negotiation method as described above in Example when being executed by processor Step.
In addition, the present invention also proposes that a kind of key agreement system, the key agreement system include above-mentioned distribution net equipment, And above-mentioned non-distribution net equipment.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be TV Machine, mobile phone, computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (18)

1. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Cloud Server is after the key negotiation request message for receiving equipment transmission, according to the key negotiation request Receive message And save the first random number;
The Cloud Server generates the second random number, and according to the second generating random number first key check value;
Key negotiation response message is generated according to the first key check value, the key negotiation response message is back to institute Equipment is stated, so that the equipment is when receiving the key negotiation response message, is obtained according to the key negotiation response message Second random number is taken, and according to second keycheck value of the second generating random number, in second keycheck value When consistent with the first key check value, then second random number is saved;
Session according to second random number and first generating random number between Cloud Server and the equipment Key.
2. cryptographic key negotiation method as described in claim 1, which is characterized in that described to be obtained according to the key negotiation request message It takes and includes: the step of saving the first random number
The Cloud Server is decrypted according to the first ciphertext of key negotiation request Receive message data by Cloud Server private key The first ciphertext data obtain and save first random number, wherein the equipment generates first random number, leads to It crosses the first random number described in Cloud Server public key encryption and obtains the first ciphertext data, and is raw according to the first ciphertext data The Cloud Server is sent at the key negotiation request message.
3. cryptographic key negotiation method as claimed in claim 2, which is characterized in that the Cloud Server is asked according to the key agreement Before the step of seeking Receive message the first ciphertext data, further includes:
The Cloud Server then generates third random number when receiving the RANDOM NUMBER request that the equipment is sent, and will be described Third random number is back to the equipment, wherein the equipment utilizes device private pair when receiving the third random number The third random number is encrypted to obtain signed data, and according to the signed data, equipment public key and described first close Literary data generate key negotiation request message and are sent to the Cloud Server;
The Cloud Server obtains the equipment public key and the signed data, and benefit from the key negotiation request message The signed data is decrypted to obtain the 4th random number with the equipment public key;
When the 4th random number is consistent with the third random number, then the Cloud Server is executed according to the key agreement Request message obtains the step of the first ciphertext data.
4. cryptographic key negotiation method as described in claim 1, which is characterized in that described according to second generating random number first The step of keycheck value includes:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as the first key check value.
5. cryptographic key negotiation method as described in claim 1, which is characterized in that described to be generated according to the first key check value The step of key negotiation response message includes:
Second random number is encrypted using equipment public key to obtain the second ciphertext data;
The key negotiation response message is generated according to the second ciphertext data and the first key check value.
6. cryptographic key negotiation method as described in claim 1, which is characterized in that described according to second random number and described The step of session key between Cloud Server described in first generating random number and the equipment includes:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
7. cryptographic key negotiation method as described in claim 1, which is characterized in that described according to second random number and described After the step of session key between Cloud Server described in first generating random number and the equipment, further includes:
The Cloud Server is decrypted when receiving the key agreement confirmation message that the equipment returns using the session key The key agreement confirmation message obtains decrypted result;
When including preset field in the decrypted result, then key agreement confirmation message is sent to the equipment.
8. a kind of cryptographic key negotiation method, which is characterized in that the cryptographic key negotiation method the following steps are included:
Equipment sends key negotiation request message to Cloud Server, so that the Cloud Server is asked receiving the key agreement After seeking message, according to the key negotiation request Receive message and the first random number is saved, and generate the second random number, according to institute The second generating random number first key check value is stated, key negotiation response message is generated according to the first key check value, it will The key negotiation response message is back to the equipment;
The equipment is when receiving the key negotiation response message, according to the key negotiation response Receive message Two random numbers, and according to second keycheck value of the second generating random number, in second keycheck value and described the When one keycheck value is consistent, then second random number is saved, according to second random number and first random number Generate the session key between the Cloud Server and the equipment.
9. cryptographic key negotiation method as claimed in claim 8, which is characterized in that the equipment sends key negotiation request message extremely The step of Cloud Server includes:
The equipment generates first random number, obtains the first ciphertext by the first random number described in Cloud Server public key encryption Data, and generate the key negotiation request message according to the first ciphertext data and be sent to the Cloud Server, wherein institute Cloud Server first ciphertext data according to the key negotiation request Receive message are stated, institute is decrypted by Cloud Server private key The first ciphertext data are stated, obtain and save first random number.
10. cryptographic key negotiation method as claimed in claim 9, which is characterized in that the equipment sends key negotiation request message Before the step of to Cloud Server, further includes:
The equipment initiates RANDOM NUMBER request to the Cloud Server, and random receiving the third that the Cloud Server returns When number, the third random number is encrypted to obtain signed data using device private, it is public according to the signed data, equipment Key and the first ciphertext data generate the key negotiation request message, wherein the Cloud Server receive it is described When the RANDOM NUMBER request that equipment is sent, then the third random number is generated, and the third random number is back to the equipment.
11. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to second generating random number The step of two keycheck values includes:
Predetermined bite is encrypted according to second random number and first random number, obtains encrypted result;
Using the preset byte of the encrypted result as second keycheck value.
12. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to the key negotiation response message The step of obtaining second random number include:
According to the second ciphertext of key negotiation response Receive message data, wherein the Cloud Server utilizes equipment public key pair Second random number is encrypted to obtain the second ciphertext data, and according to the second ciphertext data and described first Keycheck value generates the key negotiation response message;
The second ciphertext data, which are decrypted, using device private obtains second random number.
13. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to second random number and institute The step of stating the session key between Cloud Server described in the first generating random number and the equipment include:
Second random number and first random number are spliced, splicing result is obtained;
Using the splicing result as the session key between the Cloud Server and the equipment.
14. cryptographic key negotiation method as claimed in claim 8, which is characterized in that described according to second random number and institute After the step of stating the session key between Cloud Server described in the first generating random number and the equipment, further includes:
Session key described in the equipment utilization encrypts preset field, obtains key agreement confirmation message;
The key agreement confirmation message is sent to the Cloud Server, so that the Cloud Server is receiving the key When negotiating confirmation message, the key agreement confirmation message is decrypted using the session key and obtains decrypted result, in the solution When in close result including the preset field, then key agreement confirmation message is sent to the equipment.
15. a kind of Cloud Server, which is characterized in that the Cloud Server includes memory, processor and is stored in the storage It is real when the Key Agreement procedure is executed by the processor on device and the Key Agreement procedure that can run on the processor Now the step of cryptographic key negotiation method as described in any one of claims 1 to 7.
16. a kind of equipment, which is characterized in that the equipment includes memory, processor and is stored on the memory and can The Key Agreement procedure run on the processor realizes such as right when the Key Agreement procedure is executed by the processor It is required that the step of cryptographic key negotiation method described in any one of 8 to 14.
17. a kind of computer readable storage medium, which is characterized in that be stored with key association on the computer readable storage medium Quotient's program realizes the key association as described in any one of claims 1 to 14 when the Key Agreement procedure is executed by processor The step of quotient's method.
18. a kind of key agreement system, which is characterized in that the key agreement system includes cloud as described in claim 15 Server and equipment as described in claim 16.
CN201811303412.7A 2018-11-02 2018-11-02 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system Pending CN109005028A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811303412.7A CN109005028A (en) 2018-11-02 2018-11-02 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811303412.7A CN109005028A (en) 2018-11-02 2018-11-02 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Publications (1)

Publication Number Publication Date
CN109005028A true CN109005028A (en) 2018-12-14

Family

ID=64590147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811303412.7A Pending CN109005028A (en) 2018-11-02 2018-11-02 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Country Status (1)

Country Link
CN (1) CN109005028A (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586906A (en) * 2018-12-29 2019-04-05 飞天诚信科技股份有限公司 A kind of communication device and its method and system with terminal arranging key
CN109861817A (en) * 2019-02-26 2019-06-07 数安时代科技股份有限公司 Generate method, apparatus, system, equipment and the medium of key
CN110049045A (en) * 2019-04-19 2019-07-23 中国南方电网有限责任公司 A kind of security certification system of power carrier
CN110138772A (en) * 2019-05-13 2019-08-16 上海英恒电子有限公司 A kind of communication means, device, system, equipment and storage medium
CN110289956A (en) * 2019-06-27 2019-09-27 飞天诚信科技股份有限公司 A kind of cloud speaker updates the method and system of configuration
CN110532927A (en) * 2019-08-23 2019-12-03 广东华芯微特集成电路有限公司 Fingerprint register method, fingerprint authentication method and device
CN110766114A (en) * 2019-10-24 2020-02-07 飞天诚信科技股份有限公司 Terminal and method for generating two-dimensional code online
CN111245601A (en) * 2019-12-18 2020-06-05 北京威努特技术有限公司 Communication negotiation method and device
CN111294203A (en) * 2020-01-22 2020-06-16 腾讯科技(深圳)有限公司 Information transmission method
CN111355684A (en) * 2018-12-20 2020-06-30 中移(杭州)信息技术有限公司 An Internet of Things data transmission method, device, system, electronic device and medium
CN111490878A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
CN111935712A (en) * 2020-07-31 2020-11-13 深圳市燃气集团股份有限公司 Data transmission method, system and medium based on NB-IoT communication
CN112187458A (en) * 2020-09-29 2021-01-05 京东数字科技控股股份有限公司 Method, device, system and medium for activating session between equipment end and platform end
CN112422275A (en) * 2020-10-26 2021-02-26 深圳Tcl新技术有限公司 Key agreement method, system, device and computer storage medium in UART communication
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN112585549A (en) * 2020-02-29 2021-03-30 华为技术有限公司 Fault diagnosis method and device and vehicle
CN112822015A (en) * 2020-12-30 2021-05-18 中国农业银行股份有限公司 Information transmission method and related device
CN112953725A (en) * 2021-02-23 2021-06-11 浙江大华技术股份有限公司 Method and device for determining private key of equipment, storage medium and electronic device
CN114120496A (en) * 2021-12-01 2022-03-01 中国建设银行股份有限公司 Method, server, encryption component and device for unlocking control
CN114297355A (en) * 2021-12-13 2022-04-08 合肥大唐存储科技有限公司 Method and system for establishing secure session, solid state disk and terminal equipment
CN114785537A (en) * 2022-03-01 2022-07-22 陕西天润科技股份有限公司 Dynamic encryption method for internet release of three-dimensional model data
CN114884659A (en) * 2022-07-08 2022-08-09 北京智芯微电子科技有限公司 Key agreement method, gateway, terminal device and storage medium
CN115276978A (en) * 2022-07-27 2022-11-01 中银金融科技有限公司 Data processing method and related device
CN115297475A (en) * 2022-09-28 2022-11-04 南京科信量子科技有限公司 Secret key distribution method for encrypted communication in rail transit
WO2023130980A1 (en) * 2022-01-05 2023-07-13 西安西电捷通无线网络通信股份有限公司 Secure channel sleep wake-up method, apparatus and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347838A (en) * 2011-08-29 2012-02-08 大连明江咨询服务有限公司 Telephone transaction method for automatic identity authentication device
US20120036363A1 (en) * 2010-08-05 2012-02-09 Motorola, Inc. Method for key identification using an internet security association and key management based protocol
CN106302415A (en) * 2016-08-03 2017-01-04 杭州晟元数据安全技术股份有限公司 A kind of method verifying equipment validity and distribution automatic to legitimate device
CN107040373A (en) * 2016-01-15 2017-08-11 富士通株式会社 Inter-authentication method and authenticating device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120036363A1 (en) * 2010-08-05 2012-02-09 Motorola, Inc. Method for key identification using an internet security association and key management based protocol
CN102347838A (en) * 2011-08-29 2012-02-08 大连明江咨询服务有限公司 Telephone transaction method for automatic identity authentication device
CN107040373A (en) * 2016-01-15 2017-08-11 富士通株式会社 Inter-authentication method and authenticating device
CN106302415A (en) * 2016-08-03 2017-01-04 杭州晟元数据安全技术股份有限公司 A kind of method verifying equipment validity and distribution automatic to legitimate device

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111355684A (en) * 2018-12-20 2020-06-30 中移(杭州)信息技术有限公司 An Internet of Things data transmission method, device, system, electronic device and medium
CN111355684B (en) * 2018-12-20 2022-06-28 中移(杭州)信息技术有限公司 Internet of things data transmission method, device and system, electronic equipment and medium
CN109586906B (en) * 2018-12-29 2021-07-20 飞天诚信科技股份有限公司 Communication device and method and system for negotiating key with terminal
CN109586906A (en) * 2018-12-29 2019-04-05 飞天诚信科技股份有限公司 A kind of communication device and its method and system with terminal arranging key
CN109861817A (en) * 2019-02-26 2019-06-07 数安时代科技股份有限公司 Generate method, apparatus, system, equipment and the medium of key
CN110049045A (en) * 2019-04-19 2019-07-23 中国南方电网有限责任公司 A kind of security certification system of power carrier
CN110138772A (en) * 2019-05-13 2019-08-16 上海英恒电子有限公司 A kind of communication means, device, system, equipment and storage medium
CN110289956B (en) * 2019-06-27 2021-12-28 飞天诚信科技股份有限公司 Method and system for updating configuration of cloud sound box
CN110289956A (en) * 2019-06-27 2019-09-27 飞天诚信科技股份有限公司 A kind of cloud speaker updates the method and system of configuration
CN110532927A (en) * 2019-08-23 2019-12-03 广东华芯微特集成电路有限公司 Fingerprint register method, fingerprint authentication method and device
CN110766114A (en) * 2019-10-24 2020-02-07 飞天诚信科技股份有限公司 Terminal and method for generating two-dimensional code online
CN110766114B (en) * 2019-10-24 2023-09-22 飞天诚信科技股份有限公司 Terminal and method for online generation of two-dimension code
CN111245601A (en) * 2019-12-18 2020-06-05 北京威努特技术有限公司 Communication negotiation method and device
CN111294203A (en) * 2020-01-22 2020-06-16 腾讯科技(深圳)有限公司 Information transmission method
CN112585549A (en) * 2020-02-29 2021-03-30 华为技术有限公司 Fault diagnosis method and device and vehicle
CN112585549B (en) * 2020-02-29 2022-05-31 华为技术有限公司 Fault diagnosis method and device and vehicle
CN111490878A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
CN111490878B (en) * 2020-04-09 2021-07-27 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
CN111935712A (en) * 2020-07-31 2020-11-13 深圳市燃气集团股份有限公司 Data transmission method, system and medium based on NB-IoT communication
WO2022021992A1 (en) * 2020-07-31 2022-02-03 深圳市燃气集团股份有限公司 Data transmission method and system based on nb-iot communication, and medium
CN112187458A (en) * 2020-09-29 2021-01-05 京东数字科技控股股份有限公司 Method, device, system and medium for activating session between equipment end and platform end
CN112187458B (en) * 2020-09-29 2024-05-24 京东科技控股股份有限公司 Method, device, system and medium for activating session between equipment end and platform end
CN112422275A (en) * 2020-10-26 2021-02-26 深圳Tcl新技术有限公司 Key agreement method, system, device and computer storage medium in UART communication
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN112487380B (en) * 2020-12-16 2024-04-05 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN112822015B (en) * 2020-12-30 2023-07-04 中国农业银行股份有限公司 Information transmission method and related device
CN112822015A (en) * 2020-12-30 2021-05-18 中国农业银行股份有限公司 Information transmission method and related device
CN112953725A (en) * 2021-02-23 2021-06-11 浙江大华技术股份有限公司 Method and device for determining private key of equipment, storage medium and electronic device
CN114120496A (en) * 2021-12-01 2022-03-01 中国建设银行股份有限公司 Method, server, encryption component and device for unlocking control
CN114297355A (en) * 2021-12-13 2022-04-08 合肥大唐存储科技有限公司 Method and system for establishing secure session, solid state disk and terminal equipment
WO2023130980A1 (en) * 2022-01-05 2023-07-13 西安西电捷通无线网络通信股份有限公司 Secure channel sleep wake-up method, apparatus and device
CN114785537A (en) * 2022-03-01 2022-07-22 陕西天润科技股份有限公司 Dynamic encryption method for internet release of three-dimensional model data
CN114884659B (en) * 2022-07-08 2022-10-25 北京智芯微电子科技有限公司 Key agreement method, gateway, terminal device and storage medium
CN114884659A (en) * 2022-07-08 2022-08-09 北京智芯微电子科技有限公司 Key agreement method, gateway, terminal device and storage medium
CN115276978A (en) * 2022-07-27 2022-11-01 中银金融科技有限公司 Data processing method and related device
CN115297475A (en) * 2022-09-28 2022-11-04 南京科信量子科技有限公司 Secret key distribution method for encrypted communication in rail transit

Similar Documents

Publication Publication Date Title
CN109005028A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109039628A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109120649A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109040149A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109039657A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN111027086B (en) Private data protection method and system
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
US10601801B2 (en) Identity authentication method and apparatus
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN109150526A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN109257170A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN110177354A (en) A kind of wireless control method and system of vehicle
CN105307165B (en) Communication means, server-side and client based on mobile application
CN113014539A (en) Internet of things equipment safety protection system and method
CN109257328B (en) A method and device for safe interaction of on-site operation and maintenance data
CN103795534A (en) Password-based authentication method and apparatus executing the method
CN109245885A (en) Cryptographic key negotiation method, equipment, storage medium and system
CN114710298B (en) Chameleon hash-based document batch signing method, device, equipment and medium
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN109474419A (en) A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN105847000A (en) Token generation method and communication system based on same
CN109005184A (en) File encrypting method and device, storage medium, terminal
CN109039627A (en) Cryptographic key negotiation method, equipment, storage medium and system
CN109245886A (en) Cryptographic key negotiation method, equipment, storage medium and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214

RJ01 Rejection of invention patent application after publication