CN114465835A - Household appliance equipment, application terminal, Bluetooth network distribution method and system - Google Patents
Household appliance equipment, application terminal, Bluetooth network distribution method and system Download PDFInfo
- Publication number
- CN114465835A CN114465835A CN202011136002.5A CN202011136002A CN114465835A CN 114465835 A CN114465835 A CN 114465835A CN 202011136002 A CN202011136002 A CN 202011136002A CN 114465835 A CN114465835 A CN 114465835A
- Authority
- CN
- China
- Prior art keywords
- broadcast data
- bluetooth
- encryption
- application terminal
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Automation & Control Theory (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
技术领域technical field
本发明实施例涉及智能家居技术领域,尤其涉及一种家电设备、应用终端、蓝牙配网方法及系统。Embodiments of the present invention relate to the field of smart home technology, and in particular, to a home appliance device, an application terminal, and a method and system for Bluetooth network distribution.
背景技术Background technique
随着互联网技术的发展,智能家居设备得到普及,越来越多的家庭有可以接入路由器的智能家居设备,而智能家居设备要路由器接入时,需要获取路由器的SSID(ServiceSet Identifier,服务集标识)和密码(PASSWORD),来实现配网。在智能家居设备的配网方法中,一种常用的家电设备的配网方法为蓝牙配网。With the development of Internet technology and the popularization of smart home devices, more and more families have smart home devices that can be connected to routers. When smart home devices need to be connected to the router, they need to obtain the SSID (ServiceSet Identifier, Service Set Identifier) of the router. ID) and password (PASSWORD) to realize the distribution network. In the network distribution method of smart home equipment, a commonly used method for network distribution of household appliances is Bluetooth network distribution.
而在目前的家电设备的蓝牙配网方式中,由于蓝牙广播的可见性,导致一些不法分子进行安全性破坏。在蓝牙配网过程中,一方面存在有不法分子利用恶意终端连入用户的家电设备进行配网风险,导致不法分子可对用户家电设备控制,造成安全性问题。基于对家电设备在蓝牙配网过程中所存在的恶意终端所造成的安全性的考虑,对家电设备的蓝牙配网方式的安全性提高显得尤为重要。However, in the current bluetooth distribution network mode of home appliances, due to the visibility of bluetooth broadcast, some lawbreakers carry out security damage. In the process of Bluetooth distribution network, on the one hand, there is the risk of criminals using malicious terminals to connect to the user's home appliances for network distribution, which leads to the possibility that criminals can control the user's home appliances and cause security problems. Based on the consideration of the security caused by malicious terminals existing in the bluetooth distribution network of household appliances, it is particularly important to improve the security of the Bluetooth distribution network of household appliances.
因此,需要提供一种解决方案,用于解决家电设备中蓝牙配网所导致的安全性低的问题。Therefore, there is a need to provide a solution for solving the problem of low security caused by Bluetooth distribution network in home appliances.
发明内容SUMMARY OF THE INVENTION
本发明实施例提供一种家电设备、应用终端、系统及装置,用以解决家电设备中蓝牙配网所导致的安全性低的问题。Embodiments of the present invention provide a household appliance, an application terminal, a system, and an apparatus, which are used to solve the problem of low security caused by a Bluetooth distribution network in the household appliance.
第一方面,本发明实施例提供一种家电设备,包括:In a first aspect, an embodiment of the present invention provides a household appliance, including:
蓝牙模组,用于发送蓝牙广播数据,所述蓝牙广播数据包括第一加密指令;所述第一加密指令用于指示按照第一加密规则加密所述蓝牙广播数据;接收应用终端发送的第一加密广播数据;A Bluetooth module for sending Bluetooth broadcast data, where the Bluetooth broadcast data includes a first encryption instruction; the first encryption instruction is used to instruct to encrypt the Bluetooth broadcast data according to a first encryption rule; encrypted broadcast data;
MCU,用于使用所述第一加密规则对所述蓝牙广播数据进行加密,得到第二加密广播数据;确定所述第一加密广播数据和所述第二加密广播数据不一致后,断开与所述应用终端的蓝牙连接。The MCU is configured to encrypt the Bluetooth broadcast data by using the first encryption rule to obtain second encrypted broadcast data; after determining that the first encrypted broadcast data and the second encrypted broadcast data are inconsistent, disconnect the the Bluetooth connection of the application terminal.
通过上述方式,利用可发出具有加密指令的蓝牙广播数据,避免了在配网过程中,非法人员利用恶意终端来连入用户的家电设备,干扰用户对家电设备的配网,保证了家电设备的蓝牙配网安全性。Through the above method, the use of Bluetooth broadcast data with encrypted instructions can be used to prevent illegal personnel from using malicious terminals to connect to the user's home appliance equipment during the network distribution process, interfering with the user's distribution network for the home appliance equipment, ensuring the home appliance equipment. Bluetooth distribution network security.
在本申请某些实施例中,所述蓝牙广播数据还包括第二加密指令;In some embodiments of the present application, the Bluetooth broadcast data further includes a second encryption instruction;
所述MCU,还用于确定所述第一加密广播数据和所述第二加密广播数据一致,则根据所述第二加密指令指示的第二加密规则,加密所述第二加密广播数据,得到第三加密广播数据;The MCU is further configured to determine that the first encrypted broadcast data is consistent with the second encrypted broadcast data, and then encrypt the second encrypted broadcast data according to the second encryption rule indicated by the second encryption instruction to obtain the third encrypted broadcast data;
所述蓝牙模组,还用于将所述第三加密广播数据发送至所述应用终端;所述第三加密广播数据用于所述应用终端确定所述家电设备是否为合法。The Bluetooth module is further configured to send the third encrypted broadcast data to the application terminal; the third encrypted broadcast data is used by the application terminal to determine whether the home appliance is legal.
通过上述方式,通过家电设备侧的认证通过,可确认该应用终端为合法应用终端;进一步的家电设备根据第二加密指令的加密规则二次加密第二加密广播数据,得到第三加密广播数据,用于应用终端判断该家电设备是否合法,解决了不法分子通过冒用设备伪造用户家电设备的蓝牙广播,破坏用户连入用户家电设备的情况。Through the above method, the application terminal can be confirmed as a legitimate application terminal through the authentication on the home appliance side; further, the home appliance device encrypts the second encrypted broadcast data twice according to the encryption rule of the second encryption instruction to obtain the third encrypted broadcast data, It is used for the application terminal to judge whether the household electrical appliance is legal, and solves the situation that the criminals forge the Bluetooth broadcast of the household electrical appliance of the user by using the equipment fraudulently to destroy the user's connection to the household electrical appliance of the user.
在本申请某些实施例中,还包括WIFI模组,In some embodiments of the present application, a WIFI module is also included,
所述蓝牙模组,还用于将所述第三加密广播数据发送至所述应用终端之后,通过蓝牙连接,接收所述应用终端发送的路由器配置信息;所述路由器配置信息是所述应用终端确定所述家电设备合法后发送的;The Bluetooth module is further configured to receive the router configuration information sent by the application terminal through a Bluetooth connection after the third encrypted broadcast data is sent to the application terminal; the router configuration information is the application terminal Sent after confirming that the household appliance is legal;
所述WIFI模组,用于根据所述路由器配置信息,接入路由器从而完成蓝牙配网。The WIFI module is used to access the router according to the router configuration information to complete the Bluetooth network distribution.
第二方面,本发明实施例提供一种应用终端,包括:In a second aspect, an embodiment of the present invention provides an application terminal, including:
蓝牙模组,用于接收家电设备发送的蓝牙广播数据,所述蓝牙广播数据包括第一加密指令;a Bluetooth module for receiving Bluetooth broadcast data sent by home appliances, where the Bluetooth broadcast data includes a first encryption instruction;
MCU,用于获取所述第一加密指令指示的第一加密规则;使用所述第一加密规则加密所述蓝牙广播数据,得到第一加密广播数据;an MCU, configured to acquire the first encryption rule indicated by the first encryption instruction; encrypt the Bluetooth broadcast data by using the first encryption rule to obtain the first encrypted broadcast data;
所述蓝牙模组,还用于发送所述第一加密广播数据至所述家电设备;所述第一加密广播数据用于所述家电设备确定所述应用终端是否合法;The Bluetooth module is further configured to send the first encrypted broadcast data to the home appliance; the first encrypted broadcast data is used by the home appliance to determine whether the application terminal is legal;
所述蓝牙模组,还用于基于所述家电设备的断开蓝牙连接的操作,断开与所述家电设备的蓝牙连接;所述断开蓝牙连接的操作是所述家电设备基于所述第一加密广播数据与自身生成的第二加密广播数据不一致时确定所述应用终端不合法时进行的。The bluetooth module is further configured to disconnect the bluetooth connection with the household appliance based on the operation of disconnecting the bluetooth connection of the household appliance; the operation of disconnecting the bluetooth connection is the operation of the household appliance based on the first It is performed when it is determined that the application terminal is illegal when the first encrypted broadcast data is inconsistent with the second encrypted broadcast data generated by itself.
在本申请某些实施例中,所述蓝牙广播数据还包括第二加密指令;In some embodiments of the present application, the Bluetooth broadcast data further includes a second encryption instruction;
所述蓝牙模组,还用于发送所述第一加密广播数据至所述家电设备之后,接收所述家电设备发送的第三加密广播数据;The Bluetooth module is further configured to receive the third encrypted broadcast data sent by the household appliance after sending the first encrypted broadcast data to the household appliance;
所述MCU,用于获取所述第二加密指令指示的第二加密规则,并使用所述第二加密规则加密所述第一加密广播数据,得到第四加密广播数据;确定所述第三加密广播数据与所述第四加密广播数据一致后,指示所述蓝牙模组向所述家电设备发送路由器配置信息;The MCU is configured to acquire the second encryption rule indicated by the second encryption instruction, and encrypt the first encrypted broadcast data by using the second encryption rule to obtain fourth encrypted broadcast data; determine the third encryption After the broadcast data is consistent with the fourth encrypted broadcast data, instruct the Bluetooth module to send router configuration information to the home appliance;
所述蓝牙模组,还用于向所述家电设备发送所述路由器配置信息从而完成蓝牙配网。The Bluetooth module is further configured to send the router configuration information to the home appliance device to complete the Bluetooth network distribution.
在本申请某些实施例中,所述MCU,所述MCU,还用于确定所述第三加密广播数据与所述第四加密广播数据不一致后,指示所述蓝牙模组断开与所述家电设备的蓝牙连接。In some embodiments of the present application, the MCU is further configured to instruct the Bluetooth module to disconnect from the Bluetooth module after determining that the third encrypted broadcast data is inconsistent with the fourth encrypted broadcast data Bluetooth connection for home appliances.
在本申请某些实施例中,所述蓝牙广播数据还包括家电设备的属性信息;In some embodiments of the present application, the Bluetooth broadcast data further includes attribute information of the home appliance;
所述MCU,还用于获取所述第一加密指令指示的所述第一加密规则之前,通过云端服务器确定所述家电设备的属性信息是否有效;在确定所述家电设备的属性信息有效后,指示所述蓝牙模组与所述家电设备建立蓝牙连接;The MCU is further configured to, before acquiring the first encryption rule indicated by the first encryption instruction, determine through the cloud server whether the attribute information of the household appliance is valid; after determining that the attribute information of the household appliance is valid, instructing the bluetooth module to establish a bluetooth connection with the household appliance;
所述MCU,具体用于从所述云端服务器获取所述第一加密指令对应的第一加密规则。The MCU is specifically configured to acquire the first encryption rule corresponding to the first encryption instruction from the cloud server.
第三方面,本发明实施例提供的一种蓝牙配网方法,包括:In a third aspect, a Bluetooth network distribution method provided by an embodiment of the present invention includes:
生成并发送蓝牙广播数据,所述蓝牙广播数据包括第一加密指令;所述第一加密指令用于指示按照第一加密规则加密所述蓝牙广播数据;generating and sending Bluetooth broadcast data, where the Bluetooth broadcast data includes a first encryption instruction; the first encryption instruction is used to instruct to encrypt the Bluetooth broadcast data according to a first encryption rule;
使用所述第一加密规则对所述蓝牙广播数据进行加密,得到第二加密广播数据;确定所述第一加密广播数据和从应用终端接收的所述第二加密广播数据不一致后,断开与所述应用终端的蓝牙连接。Use the first encryption rule to encrypt the Bluetooth broadcast data to obtain second encrypted broadcast data; after determining that the first encrypted broadcast data is inconsistent with the second encrypted broadcast data received from the application terminal, disconnect the Bluetooth connection of the application terminal.
在本申请某些实施例中,所述蓝牙广播数据还包括第二加密指令;还包括:In some embodiments of the present application, the Bluetooth broadcast data further includes a second encryption instruction; further includes:
确定所述第一加密广播数据和从应用终端接收的所述第二加密广播数据一致,则根据所述第二加密指令指示的第二加密规则,加密所述第二加密广播数据,得到第三加密广播数据;所述第三加密广播数据用于所述应用终端确定所述家电设备是否为合法。It is determined that the first encrypted broadcast data is consistent with the second encrypted broadcast data received from the application terminal, then the second encrypted broadcast data is encrypted according to the second encryption rule indicated by the second encryption instruction to obtain a third encrypted broadcast data. Encrypted broadcast data; the third encrypted broadcast data is used by the application terminal to determine whether the home appliance is legal.
在本申请某些实施例中,所述家电设备得到第三加密广播数据之后,还包括:In some embodiments of the present application, after the household appliance obtains the third encrypted broadcast data, the method further includes:
通过蓝牙连接,接收所述应用终端发送的路由器配置信息;所述路由器配置信息是所述应用终端确定所述家电设备合法后发送的;Receive router configuration information sent by the application terminal through a Bluetooth connection; the router configuration information is sent after the application terminal determines that the home appliance is legal;
根据所述路由器配置信息,接入路由器从而完成蓝牙配网。According to the router configuration information, the router is connected to complete the Bluetooth network configuration.
第四方面,本发明实施例提供的一种蓝牙配网方法,包括:In a fourth aspect, a Bluetooth network distribution method provided by an embodiment of the present invention includes:
获取第一加密指令指示的第一加密规则;使用所述第一加密规则加密所述蓝牙广播数据,得到第一加密广播数据;所述第一加密指令是携带在家电设备发送的蓝牙广播数据中;所述第一加密广播数据用于所述家电设备确定所述应用终端是否合法;Obtain the first encryption rule indicated by the first encryption instruction; encrypt the Bluetooth broadcast data by using the first encryption rule to obtain the first encryption broadcast data; the first encryption instruction is carried in the Bluetooth broadcast data sent by the home appliance device ; The first encrypted broadcast data is used by the household appliance to determine whether the application terminal is legal;
基于所述家电设备的断开蓝牙连接的操作,断开与所述家电设备的蓝牙连接;所述断开蓝牙连接的操作是所述家电设备基于所述第一加密广播数据与自身生成的第二加密广播数据不一致时确定所述应用终端不合法时进行的。Based on the operation of disconnecting the Bluetooth connection of the home appliance, the Bluetooth connection with the home appliance is disconnected; the operation of disconnecting the Bluetooth connection is the first encrypted broadcast data generated by the home appliance itself based on the first encrypted broadcast data. 2. When the encrypted broadcast data is inconsistent, it is determined that the application terminal is illegal.
在本申请某些实施例中,所述蓝牙广播数据还包括第二加密指令;In some embodiments of the present application, the Bluetooth broadcast data further includes a second encryption instruction;
生成第一加密广播数据之后,还包括:After generating the first encrypted broadcast data, the method further includes:
获取所述第二加密指令指示的第二加密规则,并使用所述第二加密规则加密所述第一加密广播数据,得到第四加密广播数据;obtaining the second encryption rule indicated by the second encryption instruction, and encrypting the first encrypted broadcast data using the second encryption rule to obtain fourth encrypted broadcast data;
确定所述家电设备发送的第三加密广播数据与所述第四加密广播数据一致后,向所述家电设备发送路由器配置信息,从而完成蓝牙配网。After it is determined that the third encrypted broadcast data sent by the household appliance is consistent with the fourth encrypted broadcast data, router configuration information is sent to the household appliance, thereby completing the Bluetooth network configuration.
在本申请某些实施例中,确定所述第三加密广播数据与所述第四加密广播数据不一致后,断开与所述家电设备的蓝牙连接。In some embodiments of the present application, after it is determined that the third encrypted broadcast data is inconsistent with the fourth encrypted broadcast data, the Bluetooth connection with the home appliance is disconnected.
在本申请某些实施例中,所述蓝牙广播数据还包括家电设备的属性信息;In some embodiments of the present application, the Bluetooth broadcast data further includes attribute information of the home appliance;
获取所述第一加密指令指示的第一加密规则之前,还包括:Before acquiring the first encryption rule indicated by the first encryption instruction, the method further includes:
通过云端服务器确定所述家电设备的属性信息是否有效;Determine whether the attribute information of the household appliance is valid through the cloud server;
在确定所述家电设备的属性信息有效后,与所述家电设备建立蓝牙连接;After determining that the attribute information of the household appliance is valid, establish a Bluetooth connection with the household appliance;
获取所述第一加密指令指示的第一加密规则,包括:Obtaining the first encryption rule indicated by the first encryption instruction includes:
从所述云端服务器获取所述第一加密指令对应的第一加密规则。Acquire the first encryption rule corresponding to the first encryption instruction from the cloud server.
第五方面,本发明实施例还提供一种蓝牙配网系统,包括如第一方面所述的家电设备和如第二方面所述的应用终端。In a fifth aspect, an embodiment of the present invention further provides a Bluetooth network distribution system, including the home appliance device as described in the first aspect and the application terminal as described in the second aspect.
第六方面,本发明实施例还提供一种计算设备,包括:存储器,用于存储计算机程序;处理器,用于调用所述存储器中存储的计算机程序,按照获得的程序执行如第三方面和第四方面的各种可能的设计中所述的方法。In a sixth aspect, an embodiment of the present invention further provides a computing device, comprising: a memory for storing a computer program; a processor for calling the computer program stored in the memory, and executing the third aspect and the method according to the obtained program. The method described in various possible designs of the fourth aspect.
第九方面,本发明实施例还提供一种计算机可读非易失性存储介质,包括计算机可读程序,当计算机读取并执行所述计算机可读程序时,使得计算机执行如第三方面和第四方面的各种可能的设计中所述的方法。In a ninth aspect, an embodiment of the present invention further provides a computer-readable non-volatile storage medium, including a computer-readable program, when the computer reads and executes the computer-readable program, the computer is made to execute the third aspect and The method described in various possible designs of the fourth aspect.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本发明实施例中提供的一种系统构架的示意图;FIG. 1 is a schematic diagram of a system architecture provided in an embodiment of the present invention;
图2为本发明实施例中提供的一种无加密的家电设备与应用终端进行蓝牙配网时的交互流程图;FIG. 2 is an interaction flow diagram of a non-encrypted home appliance device and an application terminal during Bluetooth network configuration provided in an embodiment of the present invention;
图3为本发明实施例中提供的一种家电设备与应用终端进行蓝牙配网时的交互流程图。FIG. 3 is an interaction flow diagram when a home appliance device and an application terminal perform Bluetooth network distribution according to an embodiment of the present invention.
具体实施方式Detailed ways
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本申请保护的范围。In order to make the objectives, technical solutions and advantages of the present application clearer, the present application will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.
本发明实施例提供的蓝牙配网方法,应用于智能家居技术领域中的具有蓝牙模块的设备配网。图1为本发明实施例中提供的一种系统构架的示意图,如图1所示,所述系统中包括应用终端和家电设备、路由器以及云端服务器。The Bluetooth network distribution method provided by the embodiment of the present invention is applied to the network distribution of devices having a Bluetooth module in the technical field of smart home. FIG. 1 is a schematic diagram of a system architecture provided in an embodiment of the present invention. As shown in FIG. 1 , the system includes application terminals, home appliances, routers, and cloud servers.
其中,应用终端可以为安装了应用程序的手机、平板电脑、笔记本电脑等多种类型的移动终端,本发明对此不做具体限制。优选的,该应用终端能够扫描蓝牙,接收到家电设备的蓝牙广播;且可与远程服务器进行数据通信并和路由器连接。Wherein, the application terminal may be various types of mobile terminals such as mobile phones, tablet computers, and notebook computers installed with application programs, which are not specifically limited in the present invention. Preferably, the application terminal can scan bluetooth and receive bluetooth broadcasts of home appliances; and can perform data communication with a remote server and connect with a router.
家电设备可以为如智能电饭煲、音响、空调、摄像头、打印机等多种类型的智能家电设备。该家电设备中内置有蓝牙模块和WIFI模块,可选的,该蓝牙模块可以是家电设备出厂时就以硬件或软件的形式嵌入在设备中的,且不可拆卸,如此,一台家电设备与其内置的蓝牙模块一一对应,提高家电设备的蓝牙配网安全性。The home appliances can be various types of smart home appliances such as smart rice cookers, audio, air conditioners, cameras, printers, and the like. The home appliance has a built-in Bluetooth module and a WIFI module. Optionally, the Bluetooth module can be embedded in the appliance in the form of hardware or software when the appliance leaves the factory, and cannot be removed. One-to-one correspondence of the Bluetooth modules to improve the security of the Bluetooth distribution network of home appliances.
由于蓝牙通信设备所属厂家不同,相关的应用终端APP(应用程序)也不同,可选的,同一厂家生产的不同类型的家电设备对应于统一的应用终端APP,或应用终端APP对应于同一厂家生产的同一类型的家电设备,本申请不做限定。Due to the different manufacturers of the Bluetooth communication equipment, the related application terminal APPs (application programs) are also different. Optionally, different types of home appliances produced by the same manufacturer correspond to the unified application terminal APP, or the application terminal APP corresponds to the same manufacturer. This application does not limit the same type of home appliances.
在本申请某些实施例中,该家电设备为智能打印机,点击按钮1三秒进入蓝牙配网模式,向外300m范围发送蓝牙广播,用于应用终端连入;在蓝牙可见范围内,应用终端在蓝牙打开时,通过扫描蓝牙,接收该智能打印机的蓝牙广播,该应用终端用于打开相应智能打印机APP进行认证,认证通过则对该智能打印机进行配网,将路由器配置信息发送给该智能打印机,供该智能打印机连接该路由器,实现配网。In some embodiments of this application, the home appliance is a smart printer, click
图2提供了一种无加密的家电设备与应用终端进行蓝牙配网时的交互流程图;具体包括:Figure 2 provides a flow chart of the interaction between an unencrypted home appliance device and an application terminal during Bluetooth network distribution; specifically, it includes:
步骤201:家电设备发送蓝牙广播数据;Step 201: the home appliance device sends Bluetooth broadcast data;
步骤202:应用终端连接到家电设备的蓝牙上;Step 202: the application terminal is connected to the Bluetooth of the home appliance;
用户在配网过程中,使家电设备开机并进入蓝牙配网模式后,会执行步骤201,该家电设备会向周围发送蓝牙广播数据,此时,在该蓝牙广播数据可接收范围内的应用终端可通过家电设备的相应APP扫描蓝牙,接收到该蓝牙广播数据,并可执行步骤202,实现该应用终端连接到该家电设备的蓝牙上。In the process of network distribution, after the user turns on the home appliance and enters the Bluetooth distribution mode, step 201 will be executed, and the home appliance will send Bluetooth broadcast data to the surroundings. At this time, the application terminal within the range where the Bluetooth broadcast data can be received The bluetooth can be scanned through the corresponding APP of the household appliance, the bluetooth broadcast data can be received, and step 202 can be executed to realize that the application terminal is connected to the bluetooth of the household appliance.
步骤203:用户输入路由器密码;Step 203: the user inputs the router password;
步骤204:应用终端通过蓝牙发送路由器配置信息;Step 204: the application terminal sends the router configuration information through Bluetooth;
连入了该家电设备的应用终端,用户执行步骤203,手动输入路由器密码,该应用终端执行步骤204,通过蓝牙向该家电设备发送路由器配置信息,包括路由器的SSID和密码。For the application terminal connected to the home appliance, the user executes step 203, manually enters the router password, the application terminal executes step 204, and sends the router configuration information to the home appliance through Bluetooth, including the router's SSID and password.
步骤205:家电设备获取路由器配置信息,连接路由器;Step 205: the home appliance obtains the router configuration information and connects to the router;
该家电设备获取上述步骤204的路由器的SSID和密码,并连接该路由器,完成家电设备的配网。The home appliance obtains the SSID and password of the router in the above step 204, and connects to the router to complete the network distribution of the home appliance.
步骤206:家电设备发送已连接路由器的指示信息;Step 206: the home appliance device sends the indication information of the connected router;
步骤207:应用终端根据指示信息确定家电设备配网成功。Step 207: The application terminal determines that the home appliance is successfully distributed to the network according to the indication information.
通过上述步骤,由于蓝牙广播数据的可见性,因此,黑客等不法分子可通过伪造该家电设备的蓝牙广播数据,使得用户通过应用终端连入该条伪造蓝牙广播数据,而误连入其他冒用设备,导致无法连入用户的家电设备实现配网;另一方面,存在黑客等不法分子通过编写一可连入用户家电设备的恶意终端,通过接入该家电设备的蓝牙后,给该用户家电设备发送路由信息,实现配网,对用户家电设备实现非法控制。Through the above steps, due to the visibility of the bluetooth broadcast data, hackers and other criminals can forge the bluetooth broadcast data of the home appliance, so that the user can connect to the forged bluetooth broadcast data through the application terminal, and mistakenly connect to other fraudulent use On the other hand, there are criminals such as hackers who write a malicious terminal that can be connected to the user's home appliance, and then connect the home appliance's Bluetooth to the user's home appliance. The device sends routing information, realizes the distribution network, and illegally controls the user's home appliances.
针对上述家电设备配网过程中所导致的安全性问题,本发明实施例提供了一种家电设备,包括:蓝牙模组,用于发送蓝牙广播数据,该蓝牙广播数据包括第一加密指令;该第一加密指令用于指示按照第一加密规则加密所述蓝牙广播数据;接收应用终端发送的第一加密广播数据;Aiming at the security problems caused by the above-mentioned home appliance equipment network distribution process, an embodiment of the present invention provides a home appliance equipment, including: a Bluetooth module for sending Bluetooth broadcast data, where the Bluetooth broadcast data includes a first encryption instruction; the The first encryption instruction is used to instruct to encrypt the Bluetooth broadcast data according to the first encryption rule; receive the first encrypted broadcast data sent by the application terminal;
MCU,用于使用上述第一加密规则对该蓝牙广播数据进行加密,得到第二加密广播数据;确定上述第一加密广播数据和该第二加密广播数据不一致后,断开与所述应用终端的蓝牙连接。The MCU is configured to encrypt the Bluetooth broadcast data by using the above-mentioned first encryption rule to obtain second encrypted broadcast data; after determining that the above-mentioned first encrypted broadcast data and the second encrypted broadcast data are inconsistent, disconnect the communication with the application terminal. Bluetooth connection.
在具体实施过程中,该家电设备根据蓝牙模组所发送蓝牙广播数据中包括有加密指令,该加密指令所指示的加密规则可为加密算法或加密密钥,在实际的生产过程中,该家电设备的蓝牙广播数据中所包括的加密指令个数不做限定,只要所选指令数可根据相对应的加密规则来加密该蓝牙广播数据即可。且该家电设备在进行蓝牙配网时,所发送的蓝牙广播数据是按照一定规则来广播。例如,该家电设备按照表1规则发送蓝牙广播数据。In the specific implementation process, the household appliance includes an encryption instruction according to the Bluetooth broadcast data sent by the Bluetooth module, and the encryption rule indicated by the encryption instruction may be an encryption algorithm or an encryption key. In the actual production process, the household appliance The number of encrypted instructions included in the Bluetooth broadcast data of the device is not limited, as long as the selected number of instructions can encrypt the Bluetooth broadcast data according to the corresponding encryption rule. Moreover, when the home appliance device performs the Bluetooth distribution network, the transmitted Bluetooth broadcast data is broadcast according to certain rules. For example, the home appliance sends Bluetooth broadcast data according to the rules in Table 1.
表1Table 1
且在该家电设备被连接后,该家电设备会创建服务(server),例如该服务数据如表2。其中,授权服务(authorization serve)用于双向认证,即从该家电设备侧来认证所连入应用终端是否合法,从应用终端侧来认证连到的家电设备是否为合法设备;WIFI配置服务(wifi config serve)用于在双向认证通过后,进行家电设备的配网。And after the home appliance is connected, the home appliance will create a service (server). For example, the service data is shown in Table 2. Among them, the authorization service (authorization serve) is used for two-way authentication, that is, from the home appliance device side to authenticate whether the connected application terminal is legal, and from the application terminal side to verify whether the connected home appliance device is a legal device; WIFI configuration service (wifi config serve) is used for the distribution network of home appliances after the two-way authentication is passed.
表2Table 2
根据加密指令所指示的加密规则不同,如下提供两种加密该蓝牙广播数据方式,来进行第一加密广播数据和所述第二加密广播数据的认证。According to the different encryption rules indicated by the encryption instruction, two ways of encrypting the Bluetooth broadcast data are provided as follows to perform the authentication of the first encrypted broadcast data and the second encrypted broadcast data.
方式一,该第一加密指令所指示的第一加密规则为加密算法,在本申请某些实施例中该加密算法为AES算法。在该家电设备发送蓝牙广播数据到应用终端后,该应用终端根据该第一加密指令指示,从该自身的云端服务器获取第一加密规则,然而若该应用终端为恶意终端,则会发生该恶意终端获取的第一加密规则非AES算法,那么所加密后的第一加密广播数据一定是错误的加密广播数据。因此,该家电设备在接收的第一加密广播数据后,会利用MCU使用本地的第一加密规则来加密蓝牙广播数据,即利用AES算法来加密,得到第二加密广播数据,并通过该第二加密广播数据与上述的第一加密广播数据比较是否一致,若判断不一致,则断开与该应用终端的蓝牙连接,从而对该家电设备不进行配网。同时也表明该恶意终端并非该家电设备所对应的合法应用终端,并对恶意终端进行剔除。
需要说明的是,家电设备在生产中,可从加密指令池中随机获取加密指令,例如,该加密指令池中有100个加密指令,序号为1~100,从中随机取出5种加密指令,例如为加密指令5、10、15、20、22,在家电设备生产中,可从随机取出的5中加密指令中取出一条加密指令,具体的加密指令加密算法可为AES算法、DES算法等,不同加密指令不相同,本领域技术人员具体采用何种加密算法并不限制。It should be noted that during the production of home appliances, encrypted instructions can be randomly obtained from the encrypted instruction pool. For example, there are 100 encrypted instructions in the encrypted instruction pool, with serial numbers ranging from 1 to 100, and 5 encrypted instructions can be randomly extracted from them, such as In order to encrypt instructions 5, 10, 15, 20, and 22, in the production of home appliances, one encrypted instruction can be taken out of the 5 encrypted instructions randomly taken out. The specific encryption instruction encryption algorithm can be AES algorithm, DES algorithm, etc. The encryption instructions are not the same, and the specific encryption algorithm used by those skilled in the art is not limited.
方式二,该第一加密指令所指示的第一加密规则可为加密密钥,在该应用终端获取到第一指令所指示的第一加密规则为具体加密密钥后,可将该加密密钥作为第一加密广播数据发送至家电设备,若该应用终端为恶意终端时,则并不能够获悉该具体的加密密钥,因此在该家电设备通过MCU进行本地加密后的第二加密广播数据与该第一加密广播数据比较,可判断并不一致,断开蓝牙连接,剔除该恶意终端,从而不进行配网。Method 2: The first encryption rule indicated by the first encryption instruction may be an encryption key. After the application terminal obtains that the first encryption rule indicated by the first instruction is a specific encryption key, the encryption key may be used. As the first encrypted broadcast data sent to the home appliance, if the application terminal is a malicious terminal, it cannot learn the specific encryption key. Therefore, the second encrypted broadcast data after the home appliance is locally encrypted by the MCU and the By comparing the first encrypted broadcast data, it can be judged that they are inconsistent, the Bluetooth connection is disconnected, and the malicious terminal is eliminated, so that the network configuration is not performed.
利用可发出具有加密指令的蓝牙广播数据,避免了在配网过程中,非法人员利用恶意终端来连入用户的家电设备,干扰用户对家电设备的配网,保证了家电设备的配网安全性。The use of Bluetooth broadcast data with encrypted instructions can prevent illegal personnel from using malicious terminals to connect to the user's home appliance equipment during the network distribution process, interfering with the user's home appliance equipment distribution network, and ensuring the home appliance equipment distribution network security. .
更进一步的,该家电设备的蓝牙广播数据还包括第二加密指令;该家电设备的MCU,在确定上述第一加密广播数据和上述第二加密广播数据一致,则根据该第二加密指令指示的第二加密规则,加密该第二加密广播数据,进一步得到第三加密广播数据;并通过蓝牙模组将该第三加密广播数据发送至上述应用终端,使得该应用终端根据接收到的第三加密广播数据进行对该家电设备的合法校验。Further, the Bluetooth broadcast data of the household appliance also includes a second encryption instruction; the MCU of the household appliance, after determining that the first encryption broadcast data and the second encryption broadcast data are consistent, according to the second encryption instruction. The second encryption rule is to encrypt the second encrypted broadcast data, and further obtain the third encrypted broadcast data; and send the third encrypted broadcast data to the above-mentioned application terminal through the Bluetooth module, so that the application terminal can receive the third encrypted broadcast data according to the received third encryption broadcast data. The broadcast data is used for legal verification of the home appliance.
在本申请某些实施例中,该第二加密指令所指示的加密规则为DES算法,在通过第一加密广播数据和所述第二加密广播数据一致后,则表明该应用终端为合法的应用终端,进一步的,该家电设备根据该DES算法,对第二加密广播数据加密,得到第三加密广播数据,并将该第三加密广播数据发送至该应用终端,使得该应用终端根据接收到的第三加密广播数据,进行对该家电设备的认证,若在该应用终端侧进行的认证结果为通过,则表明该用户的家电设备为合法设备。并在认证通过后,配网之前,该应用终端APP向该家电设备保持周期性发送心跳,保持该家电设备与该应用终端的连接,若在预设时段内未收到心跳则断开连接。In some embodiments of the present application, the encryption rule indicated by the second encryption instruction is the DES algorithm. After the first encrypted broadcast data and the second encrypted broadcast data are consistent, it indicates that the application terminal is a legitimate application The terminal, further, the household appliance encrypts the second encrypted broadcast data according to the DES algorithm, obtains the third encrypted broadcast data, and sends the third encrypted broadcast data to the application terminal, so that the application terminal according to the received The third encrypted broadcast data is used to authenticate the home appliance, and if the authentication result performed on the application terminal side is passed, it indicates that the user's home appliance is a legitimate device. After the authentication is passed and before network distribution, the application terminal APP keeps periodically sending heartbeats to the home appliance device to maintain the connection between the home appliance device and the application terminal, and if the heartbeat is not received within a preset period, the connection is disconnected.
该家电设备的蓝牙模组将上述第三加密广播数据发送至应用终端后,进一步的,接收该应用终端通过蓝牙发送的路由器配置信息,并通过利用WIFI模组来根据该路由器配置信息,接入路由器从而完成蓝牙配网。After the Bluetooth module of the household appliance sends the third encrypted broadcast data to the application terminal, it further receives the router configuration information sent by the application terminal through Bluetooth, and uses the WIFI module to access the router configuration information according to the router configuration information. The router thus completes the Bluetooth distribution network.
通过上述方式,在家电设备侧的认证通过后,可确认该应用终端为合法APP;进一步的家电设备根据第二加密指令的加密规则二次加密第二加密广播数据,得到第三加密广播数据,用于应用终端判断该家电设备是否合法,避免了用户在进行家电设备的蓝牙配网过程中,连入冒用设备;通过对家电设备及应用终端的双向认证,保证了家电在配网过程中的安全性,并进一步的根据接收该应用终端发送的路由器配置信息,连入路由器,实现配网。Through the above method, after the authentication on the home appliance side is passed, it can be confirmed that the application terminal is a legitimate APP; further, the home appliance device encrypts the second encrypted broadcast data twice according to the encryption rule of the second encryption instruction to obtain the third encrypted broadcast data, It is used by the application terminal to judge whether the home appliance is legal, which prevents the user from connecting to the fraudulent device during the Bluetooth distribution network of the home appliance; through the two-way authentication of the home appliance and the application terminal, it ensures that the home appliance is in the process of distribution network. security, and further connect to the router according to the router configuration information sent by the application terminal to realize network distribution.
针对该应用终端来说,包括:蓝牙模组用于接收家电设备发送的蓝牙广播数据,且该蓝牙广播数据包括第一加密指令;MCU用于获取该第一加密指令指示的第一加密规则;并根据该第一加密规则来加密蓝牙广播数据,得到第一加密广播数据。For the application terminal, it includes: the Bluetooth module is used to receive the Bluetooth broadcast data sent by the household appliance, and the Bluetooth broadcast data includes a first encryption instruction; the MCU is used to obtain the first encryption rule indicated by the first encryption instruction; And encrypt the Bluetooth broadcast data according to the first encryption rule to obtain the first encrypted broadcast data.
该应用终端的蓝牙模组,还用于发送第一加密广播数据至该家电设备;来根据第一加密广播数据判断该家电设备确定所述应用终端是否合法;基于该家电设备的断开蓝牙连接的操作,断开与该家电设备的蓝牙连接;该断开蓝牙连接的操作是该家电设备基于第一加密广播数据与自身生成的第二加密广播数据不一致时确定所述应用终端不合法时进行的。The Bluetooth module of the application terminal is further configured to send the first encrypted broadcast data to the household appliance; to determine whether the application terminal is legal according to the first encrypted broadcast data to the household appliance; to disconnect the Bluetooth connection based on the household appliance The operation of disconnecting the Bluetooth connection with the household appliance is performed when the household appliance determines that the application terminal is illegal based on the inconsistency between the first encrypted broadcast data and the second encrypted broadcast data generated by itself. of.
在具体实施过程中,在该应用终端与该家电设备断开,可判断该应用终端通过第一加密规则加密蓝牙广播数据,并发送至该家电设备,在该家电设备利用本地的第一加密规则加密该蓝牙广播数据所得到的第二加密广播数据与第一广播数据不同,认证失败。因此可以看出,不论从哪个角度来看,对于恶意终端,本发明实施例均可使得恶意终端无法连入,提高了家电设备的配网安全。针对该家电设备侧认证通过,而在应用终端侧认证失败,如下提供从应用终端侧来进行说明。In the specific implementation process, when the application terminal is disconnected from the home appliance, it can be determined that the application terminal encrypts the Bluetooth broadcast data through the first encryption rule and sends it to the home appliance, where the home appliance uses the local first encryption rule The second encrypted broadcast data obtained by encrypting the Bluetooth broadcast data is different from the first broadcast data, and the authentication fails. Therefore, it can be seen that no matter from which perspective, for malicious terminals, the embodiments of the present invention can prevent malicious terminals from being connected, thereby improving the distribution network security of home appliances. As for the authentication on the home appliance side, but the authentication on the application terminal side fails, the following description is provided from the application terminal side.
该应用终端的蓝牙模组在发送第一加密广播数据至所述家电设备之后,接收所述家电设备发送的第三加密广播数据;且该应用终端的MCU获取第二加密指令指示的第二加密规则,并使用该第二加密规则加密上述第一加密广播数据,得到第四加密广播数据;并判断上述第三加密广播数据与该第四加密广播数据是否一致,若一致,即双向认证通过,则该应用终端指示蓝牙模组向该家电设备发送路由器配置信息,从而完成蓝牙配网。After sending the first encrypted broadcast data to the household appliance, the Bluetooth module of the application terminal receives the third encrypted broadcast data sent by the household appliance; and the MCU of the application terminal obtains the second encrypted broadcast data indicated by the second encryption instruction rule, and use the second encryption rule to encrypt the above-mentioned first encrypted broadcast data to obtain the fourth encrypted broadcast data; and judge whether the above-mentioned third encrypted broadcast data is consistent with the fourth encrypted broadcast data, if they are consistent, the two-way authentication is passed, Then the application terminal instructs the Bluetooth module to send router configuration information to the home appliance device, thereby completing the Bluetooth network configuration.
若判断上述第三加密广播数据与该第四加密广播数据不一致,则该应用终端指示蓝牙模组断开与所述家电设备的蓝牙连接。If it is determined that the third encrypted broadcast data is inconsistent with the fourth encrypted broadcast data, the application terminal instructs the Bluetooth module to disconnect the Bluetooth connection with the household appliance.
由于该应用终端在接收到该家电设备的蓝牙广播数据,例如表1所示的家电设备的属性信息,因此,该应用终端在进行从云端服务器获取加密规则之前,可根据该条蓝牙广播数据中的属性信息从云端服务器确定该属性信息是否有效,在确定该属性信息有效后,再与该家电设备建立蓝牙连接。Since the application terminal receives the Bluetooth broadcast data of the home appliance, such as the attribute information of the home appliance shown in Table 1, before the application terminal obtains the encryption rules from the cloud server, it can The attribute information of the device determines whether the attribute information is valid from the cloud server, and then establishes a Bluetooth connection with the home appliance after determining that the attribute information is valid.
在本申请某些实施例中,该应用终端根据该家电设备属性信息中的MAC地址以及Product ID从该应用终端的对应云端服务器初步判断该家电设备是否合法,合法则连到该家电设备的蓝牙上。In some embodiments of the present application, the application terminal preliminarily determines whether the household appliance is legal from the corresponding cloud server of the application terminal according to the MAC address and the Product ID in the attribute information of the household appliance, and then connects to the Bluetooth of the household appliance if it is legal. superior.
基于上述情况,图3为本发明实施例中提供的一种家电设备与应用终端进行蓝牙配网时的交互流程图;具体包括:Based on the above situation, FIG. 3 is a flowchart of interaction between a home appliance device and an application terminal during Bluetooth network configuration provided in an embodiment of the present invention; specifically, it includes:
步骤301:家电设备发送蓝牙广播数据;Step 301: the home appliance device sends Bluetooth broadcast data;
步骤302:应用终端连接到该家电设备的蓝牙上;Step 302: the application terminal is connected to the Bluetooth of the home appliance;
在用户进行家电设备配网时,首先会向周围范围内发送蓝牙广播数据,广播规则如表1所示具有蓝牙广播属性信息,执行步骤301,由于家电设备的蓝牙广播数据具有加密指令,且该加密指令与家电设备一一对应,保证了家电设备的安全性;在可接收范围内的应用终端,在应用终端APP扫描到蓝牙广播数据后,可首先根据该家电设备的蓝牙广播数据中的属性信息,例如根据MAC地址和Product ID来从云端判断该设备是够入库,初步判断通过,则该应用终端连接到该家电设备的蓝牙上。When the user configures the home appliance network, the Bluetooth broadcast data will first be sent to the surrounding range. The broadcast rule has the Bluetooth broadcast attribute information as shown in Table 1. Step 301 is executed. The encrypted instructions correspond to the home appliances one-to-one, which ensures the security of the home appliances; for the application terminal within the acceptable range, after the application terminal APP scans the Bluetooth broadcast data, it can firstly be based on the properties in the Bluetooth broadcast data of the home appliance. Information, for example, according to the MAC address and Product ID, it is judged from the cloud that the device is sufficient for storage. If the preliminary judgment is passed, the application terminal is connected to the Bluetooth of the home appliance.
在该家电设备确认被连接后,会创建服务,其中,授权服务用于双向认证,即从该家电设备侧来认证所连入应用终端是否合法,从应用终端侧来认证连到的家电设备是否为合法设备;WIFI配置服务用于在双向认证通过后,进行家电设备的配网。After the home appliance is confirmed to be connected, a service will be created. The authorization service is used for two-way authentication, that is, from the home appliance side to verify whether the connected application terminal is legal, and from the application terminal side to verify whether the connected home appliance It is a legal device; the WIFI configuration service is used for the distribution network of home appliances after the two-way authentication is passed.
步骤303:根据第一加密指令从云端服务器获取具体加密规则,并加密蓝牙广播数据,得到第一加密广播数据;Step 303: Acquire a specific encryption rule from the cloud server according to the first encryption instruction, and encrypt the Bluetooth broadcast data to obtain the first encrypted broadcast data;
该应用终端在通过步骤302,连入家电设备蓝牙后,执行步骤303,该应用终端从云端服务器,根据所获得的该家电设备的第一加密指令从云端获取具体的第一加密规则,并对加密广播数据进行加密,得到第一加密广播数据,并通过授权服务发送至该家电设备。After the application terminal is connected to the bluetooth of the home appliance through step 302, step 303 is executed. The application terminal obtains the specific first encryption rule from the cloud from the cloud server according to the obtained first encryption instruction of the home appliance, and applies The encrypted broadcast data is encrypted to obtain the first encrypted broadcast data, which is sent to the home appliance through the authorization service.
步骤304:校验收到的第一加密广播数据与本地计算的第二加密广播数据是否一致,一致则认证通过;Step 304: Check whether the received first encrypted broadcast data is consistent with the locally calculated second encrypted broadcast data, and if they are consistent, the authentication is passed;
该家电设备在接收到该第一加密广播数据后,会根据本地的第一加密指令所指示的第一加密规则来加密该蓝牙广播数据,得到第二加密广播数据,并判断该第一加密广播数据和第二加密广播数据是否一致,若一致,则表明从家电设备侧来认证该应用终端为合法应用终端,并执行步骤305;若不一致,则表明该应用终端为恶意终端,断开与其连接,并在同一家电设备对连入的应用终端多次认证均失败,在本申请某些实施例中5次认证该应用终端均失败,则将次应用终端拉入黑名单,禁止接入。After receiving the first encrypted broadcast data, the home appliance will encrypt the Bluetooth broadcast data according to the first encryption rule indicated by the local first encryption instruction, obtain second encrypted broadcast data, and determine the first encrypted broadcast data. Whether the data and the second encrypted broadcast data are consistent, if they are consistent, it means that the application terminal is authenticated from the home appliance side as a legitimate application terminal, and step 305 is executed; if they are inconsistent, it means that the application terminal is a malicious terminal, and the connection to it is disconnected , and the same home appliance fails to authenticate the connected application terminal multiple times. In some embodiments of the present application, if the application terminal fails to be authenticated 5 times, the secondary application terminal is pulled into the blacklist and access is prohibited.
步骤305:根据加密规则加密第二加密广播数据,得到第三加密广播数据;Step 305: Encrypt the second encrypted broadcast data according to the encryption rule to obtain the third encrypted broadcast data;
若执行步骤304后,第一加密广播数据和第二加密广播数据一致,则该家电设备根据本地的第二加密指令加密第二加密广播数据,得到第三加密广播数据,并发送至应用终端。If the first encrypted broadcast data is consistent with the second encrypted broadcast data after step 304 is executed, the household appliance encrypts the second encrypted broadcast data according to the local second encryption instruction to obtain third encrypted broadcast data and sends it to the application terminal.
步骤306:校验第三加密广播数据与本地计算的第四加密广播数据是否一致,一致则认证通过;Step 306: Check whether the third encrypted broadcast data is consistent with the locally calculated fourth encrypted broadcast data, and if they are consistent, the authentication is passed;
该应用终端在接收到上述第三加密广播指令后,根据从自身所对应的云端服务器获取的第二加密指令所指示的第二加密规则加密第一加密广播指令,得到第四加密广播指令,并判断该第三加密广播数据和第四加密广播数据是否一致,若一致,则双向认证通过,即家电设备和应用终端均合法,可进行家电设备的配网;若不一致,则表明从应用终端侧认证该家电设备为冒用设备,断开与该家电设备连接,从而不进行配网。After receiving the above-mentioned third encrypted broadcast instruction, the application terminal encrypts the first encrypted broadcast instruction according to the second encryption rule indicated by the second encryption instruction obtained from the corresponding cloud server to obtain the fourth encrypted broadcast instruction, and Determine whether the third encrypted broadcast data and the fourth encrypted broadcast data are consistent. If they are consistent, the two-way authentication is passed, that is, both the home appliance and the application terminal are legal, and the home appliance can be distributed to the network; if they are inconsistent, it means that the application terminal side It is certified that the home appliance is a fraudulent device, and the connection with the home appliance is disconnected, so that the distribution network is not performed.
步骤307~311(同步骤203~207);即在确定家电设备以及应用终端认证通过后,执行步骤307~311,通过WIFI配置服务,完成对该家电设备端配网。Steps 307 to 311 (same as steps 203 to 207 ); that is, after it is determined that the home appliance and the application terminal have passed the authentication, steps 307 to 311 are executed to configure the service through WIFI to complete the network distribution to the home appliance.
为了更进一步具体地介绍本发明实施例所提供的技术方案,本发明实施例提供以下两个具体实施例。应理解,以下具体实施例在此仅是举例,并不代表本发明实施例所公开的技术方案仅包含或仅适用于以下两种情况。In order to further specifically introduce the technical solutions provided by the embodiments of the present invention, the embodiments of the present invention provide the following two specific embodiments. It should be understood that the following specific embodiments are merely examples, and do not mean that the technical solutions disclosed in the embodiments of the present invention only include or are only applicable to the following two situations.
实施例一:Embodiment one:
用户甲的家电设备为某品牌I的智能电饭煲,且可知该智能电饭煲在进行蓝牙配网过程中,所发送的蓝牙广播数据A中具有两条加密指令,例如该两条加密指令分别为加密指令5和加密指令10,且加密指令5的加密规则为AES加密算法,加密指令10的加密规则为DES加密算法;该智能电饭煲按照表1规则发送蓝牙广播数据A。The household appliance of user A is the smart rice cooker of a certain brand I, and it can be known that this smart rice cooker has two encrypted commands in the bluetooth broadcast data A sent in the process of carrying out the bluetooth distribution network, such as these two encrypted commands are respectively encrypted commands 5 and encryption instruction 10, and the encryption rule of encryption instruction 5 is AES encryption algorithm, and the encryption rule of encryption instruction 10 is DES encryption algorithm; This intelligent rice cooker sends bluetooth broadcast data A according to table 1 rule.
黑客有一冒用设备K,可知该冒用设备K所发送的蓝牙广播数据本身不等于该智能电饭煲的蓝牙广播数据A,由于该黑客可根据蓝牙广播数据A对冒用设备K的蓝牙广播数据进行篡改,篡改后的蓝牙广播数据为X,且蓝牙广播数据X和蓝牙广播数据A属性信息相同,因此,X和A中的MAC地址,Product ID,加密指令5、加密指令10相同。The hacker has a fraudulent use device K, and it can be known that the Bluetooth broadcast data sent by the fraudulent use device K itself is not equal to the Bluetooth broadcast data A of the smart rice cooker, because the hacker can use the Bluetooth broadcast data A according to the Bluetooth broadcast data of the fraudulent use device K. Tampering, the tampered Bluetooth broadcast data is X, and the Bluetooth broadcast data X and the Bluetooth broadcast data A have the same attribute information. Therefore, the MAC address, Product ID, encryption command 5, and encryption command 10 in X and A are the same.
具体执行如下步骤:The specific steps are as follows:
(1)用户通过应用终端APP接收到冒用设备K所发出的蓝牙广播数据X;(1) The user receives the Bluetooth broadcast data X sent by the fraudulent use device K through the application terminal APP;
(2)根据X中MAC地址,Product ID从云端服务器初步判断为该品牌I的该智能电饭煲,则连接到该广播数据X的冒用设备K,进一步执行;(2) according to MAC address in X, Product ID is preliminarily judged to be this intelligent rice cooker of this brand I from cloud server, then is connected to the fraudulent use equipment K of this broadcast data X, and further executes;
(3)该用户的应用终端根据加密指令5和加密指令10从该品牌I的云端服务器获取具体加密规则,加密指令5的加密规则为AES加密算法,加密指令10的加密规则为DES加密算法;并根据加密指令5的AES加密算法对X加密为第一加密广播数据B,并通过authorizationserve发送给冒用设备K;(3) the application terminal of this user obtains concrete encryption rule from the cloud server of this
(4)冒用设备K可根据加密指令5所对应的加密方式对X加密,加密后的加密广播数据为第二加密广播数据C;由于该智能设备K并不知道该智能电饭煲的加密序列5的加密方式为AES加密算法,因此该第二加密广播数据C实际与第一加密广播数据B并不相同,由于是智能设备K自身认证,因此,智能设备K可自认为C与B相同,并继续利用加密序列10所对应的加密方式对C加密,由于该智能设备K并不知道该智能电饭煲的加密指令10的加密方式为DES加密算法,因此依据自身的加密方式加密得到第三加密广播数据D,并发送至用户的应用终端;(4) fraudulent use of equipment K can encrypt X according to the encryption method corresponding to encryption instruction 5, and the encrypted broadcast data after encryption is the second encrypted broadcast data C; Because this intelligent equipment K does not know the encryption sequence 5 of this intelligent electric cooker The encryption method is the AES encryption algorithm, so the second encrypted broadcast data C is actually not the same as the first encrypted broadcast data B. Since the smart device K authenticates itself, the smart device K can think that C and B are the same, and Continue to utilize the encryption method corresponding to the encryption sequence 10 to encrypt C, because the intelligent device K does not know that the encryption method of the encryption instruction 10 of the intelligent electric cooker is the DES encryption algorithm, so according to its own encryption method encryption obtains the third encrypted broadcast data D, and sent to the user's application terminal;
(5)该用户的应用终端APP通过从云端获取的加密指令10的DES加密算法对X加密为第四加密广播数据E,则可判断接收到的第三加密广播数据D与第四加密广播数据E不相同,因此,认证失败,不执行步骤307~311,配网失败。(5) The user's application terminal APP encrypts X to the fourth encrypted broadcast data E through the DES encryption algorithm of the encryption command 10 obtained from the cloud, and then it can be determined that the received third encrypted broadcast data D and the fourth encrypted broadcast data E is not the same, therefore, the authentication fails, steps 307 to 311 are not executed, and the network configuration fails.
通过上述流程,用户在进行家电设备蓝牙配网中,可以确保对冒用设备的区分,提升了家电设备在蓝牙配网过程中的安全性。Through the above process, the user can ensure the distinction of fraudulently used devices in the Bluetooth distribution network of home appliances, which improves the security of the home appliances in the Bluetooth distribution network.
实施例二:Embodiment 2:
用户甲的家电设备为某品牌I的智能电饭煲,且所发送的蓝牙广播数据A中具有两条加密指令,例如该两条加密指令分别为加密指令5和加密指令10,且加密指令5的加密规则为AES加密算法,加密序列10的加密规则为DES加密算法;该智能电饭煲按照表1规则发送蓝牙广播数据A;一黑客有一可连入该家电设备的恶意终端,那么该黑客利用该恶意终端进行如下步骤:The household appliance of user A is the smart rice cooker of a certain brand I, and there are two encrypted instructions in the bluetooth broadcast data A sent, such as these two encrypted instructions are respectively encrypted instructions 5 and encrypted instructions 10, and the encryption of encrypted instructions 5 The rule is the AES encryption algorithm, and the encryption rule of the encryption sequence 10 is the DES encryption algorithm; the smart rice cooker sends the Bluetooth broadcast data A according to the rules in Table 1; a hacker has a malicious terminal that can be connected to the household appliance, then the hacker uses the malicious terminal Proceed as follows:
(1)用户的智能电饭煲发送蓝牙广播数据A,该恶意终端接收蓝牙广播数据A,并连接到该智能电饭煲的蓝牙上,但该恶意终端并不知道加密序列5的具体加密规则,因此,该恶意终端根据加密序列5从自身所对应的云端服务器获取加密规则,获取到的加密序列5的加密方式并不是AES算法,并对这条加密广播数据A加密为第一加密广播数据b,并通过authorization serve发送至该智能电饭煲;(1) the intelligent electric cooker of the user sends the bluetooth broadcast data A, and the malicious terminal receives the bluetooth broadcast data A, and is connected to the bluetooth of the intelligent electric cooker, but the malicious terminal does not know the specific encryption rule of the encryption sequence 5, therefore, this The malicious terminal obtains the encryption rules from the cloud server corresponding to itself according to the encryption sequence 5. The encryption method of the obtained encryption sequence 5 is not the AES algorithm, and encrypts the encrypted broadcast data A into the first encrypted broadcast data b. send authorization serve to the smart rice cooker;
(2)该智能电饭煲根据本地加密指令5的加密规则AES算法,加密广播数据A加密为第二加密广播数据e,则可判断接收到的第一加密广播数据b与第二加密广播数据e不相同,因此,认证失败,直接断开该恶意终端,不执行步骤307~311,配网失败。(2) this smart rice cooker is encrypted according to the encryption rule AES algorithm of local encryption instruction 5, encrypted broadcast data A is encrypted as the second encrypted broadcast data e, then it can be judged that the first encrypted broadcast data b received and the second encrypted broadcast data e are not The same, therefore, if the authentication fails, the malicious terminal is directly disconnected, and steps 307 to 311 are not executed, and the network configuration fails.
通过上述流程,用户在进行家电设备的蓝牙配网过程中,避免了恶意终端通过接入用户的家电设备蓝牙后实现配网,而导致对用户的家电设备实现非法控制,因此,进一步的提高了家电设备在蓝牙配网过程中的安全性。Through the above process, in the process of configuring the bluetooth network of the home appliance, the user avoids the malicious terminal from connecting to the user's home appliance Bluetooth to realize the network distribution, which leads to the illegal control of the user's home appliance, thus further improving the The security of home appliances in the process of Bluetooth distribution network.
从上述内容可看出:家电设备的蓝牙模组,用于发送蓝牙广播数据,该蓝牙广播数据包括第一加密指令;该第一加密指令用于指示按照第一加密规则加密所述蓝牙广播数据;接收应用终端发送的第一加密广播数据;该家电设备MCU,用于使用上述第一加密规则对该蓝牙广播数据进行加密,得到第二加密广播数据;确定上述第一加密广播数据和该第二加密广播数据不一致后,断开与所述应用终端的蓝牙连接。利用可发出具有加密指令的蓝牙广播数据,避免了在配网过程中,非法人员利用恶意终端来连入用户的家电设备,干扰用户对家电设备的配网。另一方面,该应用终端的蓝牙模组发送第一加密广播数据至家电设备之后,且该家电设备在确认第一加密广播数据和第二加密广播数据一致后,该应用终端的蓝牙模组还用于接收该家电设备发送的第三加密广播数据;该应用终端的MCU用于确定该第三加密广播数据与本地计算得到的第四加密广播数据不一致后,断开与该家电设备的蓝牙连接。避免了用户在进行家电设备的配网过程中,连入冒用设备。It can be seen from the above content that the Bluetooth module of the household appliance is used to send Bluetooth broadcast data, and the Bluetooth broadcast data includes a first encryption command; the first encryption command is used to instruct to encrypt the Bluetooth broadcast data according to the first encryption rule ; Receive the first encrypted broadcast data sent by the application terminal; the home appliance MCU is used to encrypt the Bluetooth broadcast data using the above-mentioned first encryption rule to obtain second encrypted broadcast data; Determine the above-mentioned first encrypted broadcast data and the first encrypted broadcast data 2. After the encrypted broadcast data is inconsistent, the Bluetooth connection with the application terminal is disconnected. The use of Bluetooth broadcast data with encrypted instructions can prevent illegal personnel from using malicious terminals to connect to the user's home appliance equipment and interfere with the user's home appliance equipment distribution network during the network distribution process. On the other hand, after the Bluetooth module of the application terminal sends the first encrypted broadcast data to the home appliance, and the home appliance confirms that the first encrypted broadcast data and the second encrypted broadcast data are consistent, the Bluetooth module of the application terminal also sends the first encrypted broadcast data to the home appliance. for receiving the third encrypted broadcast data sent by the household appliance; the MCU of the application terminal is used to disconnect the Bluetooth connection with the household appliance after determining that the third encrypted broadcast data is inconsistent with the fourth encrypted broadcast data obtained by local calculation . This prevents users from connecting to fraudulently used equipment in the process of distributing home appliances.
基于同样的发明构思,本发明实施例还提供另一种计算机设备,该计算机设备具体可以为桌面计算机、便携式计算机、智能手机、平板电脑、个人数字助理(PersonalDigital Assistant,PDA)等。该计算机设备可以包括中央处理器(Center ProcessingUnit,CPU)、存储器、输入/输出设备等,输入设备可以包括键盘、鼠标、触摸屏等,输出设备可以包括显示设备,如液晶显示器(Liquid Crystal Display,LCD)、阴极射线管(CathodeRay Tube,CRT)等。Based on the same inventive concept, the embodiments of the present invention further provide another computer device, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The computer device may include a central processing unit (Central Processing Unit, CPU), a memory, an input/output device, etc. The input device may include a keyboard, a mouse, a touch screen, etc., and the output device may include a display device, such as a liquid crystal display (Liquid Crystal Display, LCD) ), CathodeRay Tube (CRT), etc.
存储器可以包括只读存储器(ROM)和随机存取存储器(RAM),并向处理器提供存储器中存储的程序指令和数据。在本发明实施例中,存储器可以用于存储上述家电设备的蓝牙配网方法的程序。The memory may include read only memory (ROM) and random access memory (RAM) and provide the processor with program instructions and data stored in the memory. In the embodiment of the present invention, the memory may be used to store the program of the above-mentioned Bluetooth network distribution method of the household appliance.
处理器通过调用存储器存储的程序指令,处理器用于按照获得的程序指令执行上述家电设备的蓝牙配网方法。The processor invokes the program instructions stored in the memory, and the processor is configured to execute the above-mentioned Bluetooth network distribution method for the household appliance according to the obtained program instructions.
基于同样的发明构思,本发明实施例提供了一种计算机存储介质,用于储存为上述计算机设备所用的计算机程序指令,其包含用于执行上述家电设备的蓝牙配网方法的程序。Based on the same inventive concept, an embodiment of the present invention provides a computer storage medium for storing computer program instructions for the above-mentioned computer equipment, which includes a program for executing the above-mentioned Bluetooth network distribution method for the household appliance equipment.
所述计算机存储介质可以是计算机能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器(例如软盘、硬盘、磁带、磁光盘(MO)等)、光学存储器(例如CD、DVD、BD、HVD等)、以及半导体存储器(例如ROM、EPROM、EEPROM、非易失性存储器(NAND FLASH)、固态硬盘(SSD))等。The computer storage medium can be any available medium or data storage device that can be accessed by a computer, including but not limited to magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg CD, DVD, BD, HVD, etc.), and semiconductor memory (eg, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state disk (SSD)), and the like.
显然,本领域的技术人员可以对本发明实施例进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本发明实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present invention without departing from the spirit and scope of the present application. Thus, if these modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136002.5A CN114465835A (en) | 2020-10-22 | 2020-10-22 | Household appliance equipment, application terminal, Bluetooth network distribution method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136002.5A CN114465835A (en) | 2020-10-22 | 2020-10-22 | Household appliance equipment, application terminal, Bluetooth network distribution method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114465835A true CN114465835A (en) | 2022-05-10 |
Family
ID=81404560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011136002.5A Pending CN114465835A (en) | 2020-10-22 | 2020-10-22 | Household appliance equipment, application terminal, Bluetooth network distribution method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465835A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116437328A (en) * | 2023-03-24 | 2023-07-14 | 深圳市正浩创新科技股份有限公司 | Device communication method and electronic device |
| WO2023246038A1 (en) * | 2022-06-21 | 2023-12-28 | 珠海格力电器股份有限公司 | Network configuration method for smart home device, and terminal device and processor |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104469761A (en) * | 2014-12-25 | 2015-03-25 | 北京深思数盾科技有限公司 | Bluetooth communication method |
| CN104702408A (en) * | 2014-04-11 | 2015-06-10 | 上海智向信息科技有限公司 | Method and system for authenticating connection on basis of iBeacon |
| CN105357666A (en) * | 2014-08-20 | 2016-02-24 | 中兴通讯股份有限公司 | WIFI (Wireless Fidelity) password sharing method and terminals |
| CN105933318A (en) * | 2016-05-26 | 2016-09-07 | 乐视控股(北京)有限公司 | Data secret-keeping method, device and system |
| CN207115538U (en) * | 2017-09-07 | 2018-03-16 | 北京洛克家智能科技有限责任公司 | Door-lock controller and system based on bluetooth interaction |
| CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
| CN109714743A (en) * | 2019-02-21 | 2019-05-03 | 广州技象科技有限公司 | A kind of Bluetooth encryption communication means and Bluetooth encryption communication system |
| CN110635901A (en) * | 2019-09-11 | 2019-12-31 | 北京方研矩行科技有限公司 | Local bluetooth dynamic authentication method and system for IoT devices |
| CN111510919A (en) * | 2019-01-31 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Network configuration method, device, equipment and system |
-
2020
- 2020-10-22 CN CN202011136002.5A patent/CN114465835A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104702408A (en) * | 2014-04-11 | 2015-06-10 | 上海智向信息科技有限公司 | Method and system for authenticating connection on basis of iBeacon |
| CN105357666A (en) * | 2014-08-20 | 2016-02-24 | 中兴通讯股份有限公司 | WIFI (Wireless Fidelity) password sharing method and terminals |
| CN104469761A (en) * | 2014-12-25 | 2015-03-25 | 北京深思数盾科技有限公司 | Bluetooth communication method |
| CN105933318A (en) * | 2016-05-26 | 2016-09-07 | 乐视控股(北京)有限公司 | Data secret-keeping method, device and system |
| CN207115538U (en) * | 2017-09-07 | 2018-03-16 | 北京洛克家智能科技有限责任公司 | Door-lock controller and system based on bluetooth interaction |
| CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
| CN111510919A (en) * | 2019-01-31 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Network configuration method, device, equipment and system |
| CN109714743A (en) * | 2019-02-21 | 2019-05-03 | 广州技象科技有限公司 | A kind of Bluetooth encryption communication means and Bluetooth encryption communication system |
| CN110635901A (en) * | 2019-09-11 | 2019-12-31 | 北京方研矩行科技有限公司 | Local bluetooth dynamic authentication method and system for IoT devices |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023246038A1 (en) * | 2022-06-21 | 2023-12-28 | 珠海格力电器股份有限公司 | Network configuration method for smart home device, and terminal device and processor |
| CN116437328A (en) * | 2023-03-24 | 2023-07-14 | 深圳市正浩创新科技股份有限公司 | Device communication method and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
| US12231565B2 (en) | Login authentication method, apparatus, and system | |
| JP5474969B2 (en) | Mobile device association | |
| JP2023166562A (en) | First factor contactless card authentication system and method | |
| US11765164B2 (en) | Server-based setup for connecting a device to a local area network | |
| CN102119391B (en) | Protocol for device to station association | |
| US20190087567A1 (en) | Authentication of a device | |
| US8904172B2 (en) | Communicating a device descriptor between two devices when registering onto a network | |
| EP3592017B1 (en) | Credential information processing method and apparatus for network connection, and application (app) | |
| TW201929482A (en) | Identity authentication method and system, and computing device | |
| US8185049B2 (en) | Multi-mode device registration | |
| CN108512846A (en) | Mutual authentication method and device between a kind of terminal and server | |
| US9154483B1 (en) | Secure device configuration | |
| WO2015062425A1 (en) | User identity verification method and system, password protection apparatus and storage medium | |
| CN105141584A (en) | Smart home system equipment authentication methods, and devices | |
| KR20040075293A (en) | Apparatus and method simplifying an encrypted network | |
| CN105472192A (en) | Intelligent equipment capable of realizing control safety authorization and sharing, terminal equipment and method | |
| TWI652592B (en) | Storage device and access control method thereof | |
| CN105245552A (en) | Intelligent equipment, terminal equipment and method for implementing safe control authorization | |
| CN112512048B (en) | Mobile network access system, method, storage medium and electronic device | |
| CN108390873A (en) | Authentication binding method, device and the system of smart machine | |
| CN104284331A (en) | Method and system for connecting with portable WLAN hotspot | |
| CN114465835A (en) | Household appliance equipment, application terminal, Bluetooth network distribution method and system | |
| CN106790036A (en) | An information tamper-proof method, device, server and terminal | |
| CN113489695A (en) | Private cloud networking method, device and system, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 266555, No. 218, Bay Road, Qingdao economic and Technological Development Zone, Shandong Applicant after: Hisense Group Holding Co.,Ltd. Address before: 218 Qianwangang Road, Qingdao Economic and Technological Development Zone, Shandong Province Applicant before: QINGDAO HISENSE ELECTRONIC INDUSTRY HOLDING Co.,Ltd. Country or region before: China |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220510 |