[go: up one dir, main page]

CN107947927B - Method and system for processing identification cipher key - Google Patents

Method and system for processing identification cipher key Download PDF

Info

Publication number
CN107947927B
CN107947927B CN201711284215.0A CN201711284215A CN107947927B CN 107947927 B CN107947927 B CN 107947927B CN 201711284215 A CN201711284215 A CN 201711284215A CN 107947927 B CN107947927 B CN 107947927B
Authority
CN
China
Prior art keywords
intelligent
information
equipment
communication
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711284215.0A
Other languages
Chinese (zh)
Other versions
CN107947927A (en
Inventor
程虹
文松
王敏
徐德刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiangyang Honghao Information Technology Co ltd
Original Assignee
Hubei University of Arts and Science
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Arts and Science filed Critical Hubei University of Arts and Science
Priority to CN201711284215.0A priority Critical patent/CN107947927B/en
Publication of CN107947927A publication Critical patent/CN107947927A/en
Application granted granted Critical
Publication of CN107947927B publication Critical patent/CN107947927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

本发明实施例提供了一种标识密码密钥处理方法及系统,该方法包括:移动设备为各智能设备建立对应的唯一标识符,将多个唯一标识符发送至处理终端及各智能设备,以使处理终端根据唯一标识符生成对应的私钥;移动设备接收处理终端返回的多个私钥,并将各私钥发送至对应的智能设备;多个智能设备中任意一个智能设备与其他智能设备建立通信连接,根据其他智能设备的唯一标识符得到加密信息,并将其发送至其他智能设备,以使其他智能设备根据存储的私钥对接收到的加密信息进行解密以获得解密信息。该标识密码密钥处理方案中,各智能设备可预先获得多个唯一标识符并存储,避免在通信时需向CA获取通信的智能设备的唯一标识符的弊端,减少了系统消耗。

Figure 201711284215

Embodiments of the present invention provide a method and system for processing an identification cipher key. The method includes: a mobile device establishes a corresponding unique identifier for each smart device, and sends a plurality of unique identifiers to the processing terminal and each smart device, so as to Make the processing terminal generate the corresponding private key according to the unique identifier; the mobile device receives multiple private keys returned by the processing terminal, and sends each private key to the corresponding smart device; any one of the multiple smart devices and other smart devices Establish a communication connection, obtain encrypted information according to the unique identifier of other smart devices, and send it to other smart devices, so that other smart devices can decrypt the received encrypted information according to the stored private key to obtain decrypted information. In this identification cipher key processing scheme, each smart device can obtain and store multiple unique identifiers in advance, avoiding the disadvantage of obtaining the unique identifier of the communicating smart device from the CA during communication, and reducing system consumption.

Figure 201711284215

Description

Method and system for processing identification cipher key
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for processing an identification cipher key.
Background
In smart factories, smart devices such as cameras, manipulators, etc. are increasingly used, and each part on a production line can be programmed on site or remotely. Information transmission is carried out among a large number of intelligent devices, and the problems of controllability and information safety of the devices are particularly important. In order to avoid information leakage, a cryptographic technology is required to be used for information encryption, so that a cryptographic algorithm needs to be operated in the intelligent device and a secret key needs to be stored. In the prior art, there are mainly symmetric cryptographic schemes and public key cryptographic schemes. The symmetric cipher scheme has high information encryption and decryption speed and low requirement on a processor, but when the number of intelligent devices is more and the cipher scale is exponentially increased, the difficulty of key management is sharply increased. The public key cryptography has a low information encryption and decryption speed and high requirements on a processor. When the number of the intelligent devices is large, the key management is convenient. However, each communication between the intelligent devices needs to obtain the public key of the other party from the authentication center, so that the communication consumption is high, and the real-time response capability is reduced.
Disclosure of Invention
In view of the above, the present invention provides a method and system for processing an identification cryptographic key to solve the above problem.
The preferred embodiment of the present invention provides an identification cipher key processing method, which is applied to an identification cipher key processing system, wherein the identification cipher key processing system comprises a mobile device and a plurality of intelligent devices, which are in communication connection, and the mobile device is also in communication connection with a processing terminal, and the method comprises the following steps:
the mobile equipment establishes corresponding unique identifiers for the intelligent equipment;
the mobile equipment sends the established unique identifiers to the processing terminal and the intelligent equipment, so that the processing terminal generates private keys corresponding to the unique identifiers according to the unique identifiers, and the generated private keys are returned to the mobile equipment;
the mobile equipment receives a plurality of private keys returned by the processing terminal and sends each private key in the received private keys to corresponding intelligent equipment;
any one intelligent device in the intelligent devices establishes communication connection with other intelligent devices, obtains encrypted information according to the unique identifiers of the other intelligent devices establishing communication connection, and sends the encrypted information to the other intelligent devices establishing communication connection, so that the other intelligent devices decrypt the received encrypted information according to the stored private key to obtain decrypted information.
Optionally, in the method, the step of establishing, by the mobile device, a corresponding unique identifier for each of the smart devices includes:
the mobile equipment detects whether the mobile equipment is in a preset communication safety range of each intelligent equipment, and if so, equipment information of each intelligent equipment is collected;
and generating unique identifiers corresponding to the intelligent devices according to the acquired device information of the intelligent devices.
Optionally, in the method, the step of sending each of the received multiple private keys to a corresponding smart device includes:
and when the mobile device detects that the mobile device is within the preset communication safety range of each intelligent device, writing each received private key in the plurality of private keys into the corresponding intelligent device in an infrared communication mode, a Bluetooth communication mode or a wired communication mode.
Optionally, in the method, the step of obtaining the encryption information according to the unique identifier of the other intelligent device that establishes the communication connection includes:
and acquiring the unique identifier of other intelligent equipment for establishing communication connection, and encrypting the information to be sent by using the acquired unique identifier as a public key to obtain encrypted information.
Optionally, in the above method, after the step of the mobile device sending the established plurality of unique identifiers to the processing terminal and the plurality of smart devices, the method further includes:
the mobile equipment establishes a one-to-one correspondence relationship between the collected multiple pieces of equipment information and the established multiple unique identifiers;
and sending the corresponding relation and the plurality of pieces of equipment information to each intelligent equipment.
Optionally, in the method, the device information is a device image, a device identification code, or device location information, and the unique identifier is a device number, a device name, or device location information.
Another preferred embodiment of the present invention further provides an identifier cryptographic key processing system, where the identifier cryptographic key processing system includes a mobile device and a plurality of intelligent devices that are in communication connection, the mobile device is also in communication connection with a processing terminal, the mobile device includes an establishing module, a first sending module, a receiving module, and a second sending module, and the intelligent device includes a communication establishing module, an encrypting module, and a decrypting module;
the establishing module is used for establishing a corresponding unique identifier for each intelligent device;
the first sending module is used for sending the established unique identifiers to the processing terminal and the intelligent devices so that the processing terminal can generate private keys corresponding to the unique identifiers according to the unique identifiers;
the receiving module is used for receiving a plurality of private keys returned by the processing terminal;
the second sending module is used for sending each received private key of the multiple private keys to the corresponding intelligent device;
the communication establishing module is used for establishing communication connection with other intelligent equipment and sending the encrypted information to the other intelligent equipment establishing communication connection;
the encryption module is used for obtaining encryption information according to the unique identifiers of other intelligent equipment establishing communication connection;
the decryption module is used for decrypting the received encrypted information according to the stored private key to obtain decrypted information.
Optionally, in the system, the establishing module includes a detecting unit, an equipment information acquiring unit, and a unique identifier generating unit;
the detection unit is used for detecting whether the intelligent equipment is in a preset communication safety range of each intelligent equipment;
the equipment information acquisition unit is used for acquiring the equipment information of each intelligent equipment when the equipment information acquisition unit is positioned in the preset communication safety range of each intelligent equipment;
the unique identifier generating unit is used for generating unique identifiers corresponding to the intelligent devices according to the collected device information of the intelligent devices.
Optionally, in the system, the second sending module is configured to, when it is detected that the secret key is within a preset communication security range of each of the smart devices, write each of the received secret keys into the corresponding smart device through infrared communication, bluetooth communication, or wired communication.
Optionally, in the system, the encryption module is configured to acquire unique identifiers of other intelligent devices that establish communication connection, and encrypt the information to be sent by using the acquired unique identifiers as a public key to obtain encrypted information.
According to the method and the system for processing the identification cipher key, the mobile device is used for establishing the corresponding unique identifier for each intelligent device, and the established unique identifiers are issued to each intelligent device. And the processing terminal calculates and obtains the corresponding private key according to the unique identifier, and writes each private key into the corresponding intelligent equipment through the mobile terminal. When each intelligent device communicates, the intelligent device can encrypt information to be sent according to the unique identifier of other intelligent devices communicating to obtain encrypted information, and the other intelligent devices decrypt the encrypted information by using the stored private key after receiving the encrypted information. According to the processing scheme of the identification cipher key provided by the invention, each intelligent device can obtain and store a plurality of unique identifiers in advance, so that the defect that the unique identifiers of the intelligent devices need to be obtained from a CA (certificate Authority) during communication is avoided, and the system consumption is reduced.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a block diagram of a system for processing an identification cryptographic key according to an embodiment of the present invention.
Fig. 2 is a block diagram of a mobile device according to an embodiment of the present invention.
Fig. 3 is a flowchart of a method for processing an identifier cryptographic key according to an embodiment of the present invention.
Fig. 4 is a flowchart of the substeps of step S103 in fig. 3.
Fig. 5 is another flowchart of a method for processing an id cryptographic key according to an embodiment of the present invention.
Fig. 6 is a flowchart of the substeps of step S104 in fig. 3.
Fig. 7 is a schematic diagram of interaction among a mobile device, an intelligent device, and a processing terminal according to an embodiment of the present invention.
Fig. 8 is a schematic diagram of interaction between a mobile device and an intelligent device according to an embodiment of the present invention.
Fig. 9 is a schematic diagram of interaction between intelligent devices according to an embodiment of the present invention.
Fig. 10 is a functional block diagram of an identification cryptographic key processing system according to an embodiment of the present invention.
Fig. 11 is a functional block diagram of a setup module according to an embodiment of the present invention.
Icon: 10-identify a cryptographic key processing system; 100-a mobile device; 110-a memory; 120-a processor; 130-a communication module; 140-a display; 150-establishing a module; 151-a detection unit; 152-a device information acquisition unit; 153-a unique identifier generation unit; 160-a first sending module; 170-a receiving module; 180-a second sending module; 200-a smart device; 210-a communication establishment module; 220-an encryption module; 230-decryption module.
Detailed Description
The inventor finds that, in the prior art, a symmetric encryption mode and a public key encryption mode are often adopted to encrypt and decrypt information so as to ensure the information security. The symmetric cipher scheme is that the key generating center calculates communication key for each pair of intelligent devices and distributes the key to the intelligent devices for storage. When the intelligent equipment communicates with each other, the sender finds out the secret key to encrypt the information and sends the information to the receiver, and the receiver also finds out the secret key to decrypt the information. When the key expires, the key generation center is required to recalculate the new communication key for the pair of devices and assign them to save.
Public key cryptography requires a public and private key pair to encrypt and decrypt information. Each device independently selects and stores a private key and reports the private key to a key generation center, the key generation center calculates a public key according to the private key, and the public keys of all the devices are stored in a Certification Authority (CA). When the intelligent equipment communicates, the sender firstly obtains the public key of the receiver from the CA, the public key is used for encrypting information and sending the information to the receiver, and the receiver decrypts the information by using the private key stored by the receiver after receiving the information.
The symmetric cipher scheme has high information encryption and decryption speed and low requirement on a processor, but when more and more intelligent devices are used and the cipher scale is increased exponentially, the difficulty of key management is increased sharply.
The public key cryptography scheme has the advantages of low information encryption and decryption speed, high requirements on a processor and convenience in key management when the number of intelligent devices is large. However, each time of communication between the intelligent devices needs to acquire the public key of the other party, which requires that the CA manages the secret key, and the public key of the other party needs to be acquired from the CA before each communication between the intelligent devices, thereby increasing communication consumption. The requirement on real-time performance is high in factory application, and consumption of a public key cryptography scheme in communication reduces real-time response capability of equipment.
In addition, both symmetric and public key cryptography suffer from the problem of key distribution, i.e., how secure a key is distributed to a smart device after the key generation authority has calculated the key. Theoretically, the key should be securely distributed to all participants, but in a communication system, each participant is often connected through a network, and there is a great risk of key distribution.
Based on the above research, the embodiment of the present invention provides a processing scheme for an identifier-password key, which guarantees the security of the unique identifier and the private key of the smart device by using the near field communication between the mobile device and the smart device, and reduces the communication burden by using the unique identifier as the public key.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The preferred embodiment of the present invention provides an identification cryptographic key processing system 10, as shown in fig. 1, the identification cryptographic key processing system 10 includes a mobile device 100 and a plurality of smart devices 200. The mobile device 100 and each smart device 200 can perform close-range communication to realize data communication or interaction. Communication connection can be established among the intelligent devices 200 to perform information interaction.
The mobile device 100 is a mobile intelligent device, such as a mobile robot, and the mobile device 100 may include a camera, a scanning device, an infrared device, a positioning device, and the like. The smart device 200 may be an image capture device, a manipulator, or other smart device.
In this embodiment, the mobile device 100 may further be communicatively coupled to a processing terminal to enable data communication or interaction. The processing terminal may be a Personal Computer (PC), a tablet PC, a smart phone, a Personal Digital Assistant (PDA), or the like, or may also be a server, such as a web server, a data server, or the like. In this regard, no particular limitation is imposed in the present embodiment.
Fig. 2 is a block diagram of a mobile device 100 according to a preferred embodiment of the present invention. The mobile device 100 includes a memory 110, a processor 120, a communication module 130, and a display 140. The memory 110, the processor 120, the communication module 130 and the display 140 are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The memory 110 may be used to store software programs and modules, and the processor 120 executes the software programs and modules stored in the memory 110 after receiving the execution instruction, so as to execute corresponding functional applications and information processing.
The processor 120 may be an integrated circuit chip having information processing capabilities. The Processor 120 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and so on. But may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor 120 may be any conventional processor or the like.
The communication module 130 is configured to establish a communication connection between the mobile device 100 and an external communication terminal through a network, where the external communication terminal includes the smart device 200 and the processing terminal according to an embodiment of the present invention.
The display 140 provides an interactive interface between the mobile device 100 and a user or for displaying image data. In this embodiment, the display 140 may be a liquid crystal display or a touch display.
It will be appreciated that the configuration shown in fig. 2 is merely illustrative and that mobile device 100 may include more or fewer components than shown in fig. 2 or may have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
It should be noted that the specific structure and connection manner of each component in the smart device 200 and other terminals disclosed in the embodiments of the present invention are the same as those of each corresponding component in the mobile device 100. For example, the smart device 200 stores corresponding software programs and modules, and the corresponding functional applications can be implemented by executing the software programs and modules. The processing terminal can also store corresponding software programs and modules, and corresponding functional applications can be realized by executing the software programs and modules.
Please refer to fig. 3, which is a flowchart illustrating a method for processing a cryptographic key according to a preferred embodiment of the present invention, wherein the method for processing a cryptographic key is applicable to the system 10 shown in fig. 1. The specific process and steps shown in fig. 3 will be described in detail below.
Step S101, the mobile device 100 establishes a corresponding unique identifier for each of the smart devices 200.
Optionally, referring to fig. 4, in the present embodiment, the step S101 may include three substeps, namely step S1011, step S1012 and step S1013.
In step S1011, the mobile device 100 detects whether the communication is within a preset communication security range of each of the smart devices 200, and if so, performs the following step S1012.
Step S1012, collecting device information of each of the smart devices 200.
In step S1013, a unique identifier corresponding to each smart device 200 is generated based on the acquired device information of each smart device 200.
In this embodiment, the mobile device 100 is utilized to communicate in close proximity with the smart devices 200 to establish a unique identifier for each smart device 200. In the present embodiment, the mobile device 100 is described by taking a mobile robot as an example. The mobile robot may automatically move within a designated range including a plurality of smart devices 200, and optionally, the mobile robot may include a camera, a scanning device, an infrared device, a positioning device, and the like, and may detect a distance between itself and the smart devices 200 by using the camera, the infrared device, or the positioning device during its movement.
For example, the mobile robot may turn on a camera in the moving process, collect surrounding image information by using the camera, and when the collected image information includes an image of the smart device 200, analyze the image information to determine whether the image information enters a preset communication security range of the smart device 200. Alternatively, the mobile robot may detect a distance to the surrounding smart device 200 by turning on the infrared device, and determine whether to enter a preset communication security range of the smart device 200 according to the detected distance. For another example, the mobile robot may pre-store the location information of each smart device 200, start its own location function during the moving process, and calculate the distance between its own location and the stored location of each smart device 200 through the location function to determine whether the mobile robot enters a preset communication security range of a certain smart device 200. In addition to the above determination methods, other determination methods may be commonly used, and the determination method is not particularly limited in this embodiment and may be set according to actual situations.
In this embodiment, if the mobile device 100 does not enter the preset communication security range of any one of the smart devices 200, the mobile device needs to travel in the designated area until the mobile device enters the preset communication security range of a certain smart device 200. After determining that the mobile device 100 enters a preset communication security range of a certain smart device 200, the mobile device 100 may acquire device information of the smart device 200 through a camera equipped in the mobile device, for example, the device information may be an overall device image of the smart device 200, or identification information that is distinguishable from other smart devices 200 on the smart device 200, for example, a device identification image. In the case that the location of the smart device 200 is relatively fixed, the mobile device 100 may also obtain the device information of the smart device 200 through a configured positioning device, where the obtained device information is the location information of the smart device 200.
Optionally, in this embodiment, the mobile device 100 generates a unique identifier corresponding to each smart device 200 according to the device information of each smart device 200 that is used. The unique identifier may be a device number, a device name, device location information, or the like, and this is not particularly limited in this embodiment as long as each smart device 200 can be uniquely represented.
Step S102, the mobile device 100 sends the created plurality of unique identifiers to the processing terminal and the plurality of smart devices 200, so that the processing terminal generates a private key corresponding to each of the unique identifiers according to the plurality of unique identifiers.
In step S103, the mobile device 100 receives a plurality of private keys returned by the processing terminal, and sends each of the received private keys to the corresponding smart device 200.
In this embodiment, the mobile device 100 sends the established plurality of unique identifiers to the processing terminal. And the established plurality of unique identifiers are respectively sent to the intelligent devices 200, that is, the unique identifiers of all the intelligent devices 200 participating in communication are stored in each intelligent device 200.
Optionally, after receiving the plurality of unique identifiers, the processing terminal generates a corresponding private key according to each unique identifier by using a related identification cryptographic algorithm, and sends the generated private key of each smart device 200 to the mobile device 100. It should be noted that the identifier-password algorithm adopted in this embodiment is a conventional algorithm in the prior art, and is not described in detail in this embodiment.
Optionally, after receiving the multiple private keys returned by the processing terminal, the intelligent device 200 may send each of the received multiple private keys to the corresponding intelligent device 200. Optionally, the mobile device 100 may send the received plurality of private keys to the corresponding smart devices 200 by:
when detecting that the mobile device 100 is within the preset communication security range of each of the smart devices 200, the mobile device 100 writes each of the received plurality of private keys into the corresponding smart device 200 through radio frequency communication, bluetooth communication, or wired communication.
Optionally, in this embodiment, the mobile device 100 may include a radio frequency module, and may perform short-range communication with each smart device 200 through the radio frequency module. The mobile device 100 travels within a designated range including the plurality of smart devices 200, and when detecting that the mobile device is within a preset communication security range of a certain smart device 200, may start the radio frequency module, and transmit each of the received plurality of private keys to the corresponding smart device 200 by performing radio frequency communication with the smart device 200.
Optionally, in this embodiment, the mobile device 100 may further include a bluetooth module, and may perform bluetooth communication with each of the smart devices 200 through the bluetooth module, and send the private key to the smart device 200 through a bluetooth communication mode.
Further, the mobile device 100 may further include a wired communication module 130, and a wired connection may be established with each smart device 200 through the wired communication module 130, so as to send the private key to the corresponding smart device 200 through the wired communication connection. In this embodiment, the communication method between the mobile device 100 and the smart device 200 is not limited, and may be set according to actual situations.
Optionally, referring to fig. 5, in this embodiment, the method further includes the following steps:
step S201, the mobile device 100 establishes a one-to-one correspondence relationship between the collected multiple pieces of device information and the established multiple unique identifiers.
Step S202, sending the correspondence and the plurality of pieces of device information to each of the smart devices 200.
Optionally, in this embodiment, after the mobile device 100 publishes the plurality of established unique identifiers to each of the smart devices 200, a one-to-one correspondence relationship may be further established between the collected plurality of device information and the plurality of established unique identifiers, and the correspondence relationship and the plurality of device information are sent to each of the smart devices 200. In this way, when each smart device 200 subsequently establishes a communication connection with another smart device 200, the unique identifier of the corresponding device can be obtained according to the device information of the smart device 200 that establishes the connection.
Step S104, establishing a communication connection between any one of the plurality of intelligent devices 200 and another intelligent device 200, obtaining encrypted information according to the unique identifier of the other intelligent device 200 establishing the communication connection, and sending the encrypted information to the other intelligent device 200 establishing the communication connection, so that the other intelligent device 200 decrypts the received encrypted information according to the stored private key to obtain decrypted information.
Referring to fig. 6, in this embodiment, the step of obtaining the encryption information according to the unique identifier of the other smart device 200 that establishes the communication connection may include the following sub-steps:
in step S1041, the unique identifier of the other smart device 200 that establishes the communication connection is acquired.
Step S1042, the obtained unique identifier is used as a public key to encrypt the information to be sent, so as to obtain encrypted information.
In this embodiment, each smart device 200 may establish a communication connection with another smart device 200 to perform information interaction with another smart device 200. Optionally, any one of the plurality of smart devices 200 may establish a communication connection with one or more other smart devices 200.
Optionally, in this embodiment, after establishing a communication connection with another smart device 200, any one smart device 200 may obtain the unique identifier of the other smart device 200 that establishes the communication connection according to the stored device information of the smart device 200 and the correspondence between the unique identifier and the device information. And the obtained unique identifier is used as a public key, and the public key is used for encrypting the information to be sent to obtain the encrypted information. It should be understood that the original information to be sent is consistent, the unique identifiers of the smart devices 200 used for encryption are different, and therefore the form of the information encrypted by using the different unique identifiers as the public key is different, and the required decryption information is also different.
The smart device 200 transmits the information encrypted with the unique identifier of the different smart device 200 to the corresponding other smart device 200. After receiving the encrypted information, the other smart devices 200 may decrypt the received encrypted information using their own stored private keys to obtain decrypted information.
In order to make those skilled in the art more clearly understand the scheme for processing the identification cipher key provided by the present invention, the interaction flow among the smart device 200, the mobile device 100, and the processing terminal is described in this embodiment, please refer to fig. 7 to fig. 9.
The mobile device 100 moves to a preset communication security range of each of the intelligent devices 200, collects device information of each of the intelligent devices 200, and establishes a corresponding unique identifier for each of the intelligent devices 200 according to the device information. The mobile device 100 sends the created unique identifier to the processing terminal and issues a plurality of unique identifiers to each smart device 200. The processing terminal calculates a private key corresponding to each smart device 200 according to the received unique identifier, and sends the calculated private key to the mobile device 100.
The mobile device 100 moves to the preset communication security range of each smart device 200 again, and writes each private key into the corresponding smart device 200 in the near field communication manner. In communication between the smart devices 200, taking the smart Device 200Device1 and the smart Device 200Device2 as examples, the Device1 establishes a communication connection with the Device 2. The Device1 encrypts the information to be transmitted with the Device2 unique identifier (e.g., Device2) as a public key to obtain encrypted information, and transmits the encrypted information to the Device 2. The Device2, after receiving the encrypted information, decrypts the encrypted information by using its own stored private key to obtain decrypted information.
In another preferred embodiment of the present invention, there is provided an identification cryptographic key processing system 10, as shown in fig. 10, wherein the identification cryptographic key processing system 10 includes a mobile device 100 and a plurality of smart devices 200, which are communicatively connected. The mobile device 100 is further in communication connection with a processing terminal, the mobile device 100 includes an establishing module 150, a first sending module 160, a receiving module 170, and a second sending module 180, and the smart device 200 includes a communication establishing module 210, an encrypting module 220, and a decrypting module 230.
The establishing module 150 is configured to establish a corresponding unique identifier for each of the smart devices 200. The establishing module 150 may be configured to execute step S101 shown in fig. 3, and the detailed description of step S101 may be referred to for a specific operation method.
The first sending module 160 is configured to send the created plurality of unique identifiers to the processing terminal and the plurality of smart devices 200, so that the processing terminal generates a private key corresponding to each of the unique identifiers according to the plurality of unique identifiers. The first sending module 160 can be used to execute step S102 shown in fig. 3, and the detailed description of step S102 can be referred to for a specific operation method.
The receiving module 170 is configured to receive multiple private keys returned by the processing terminal. The second sending module 180 is configured to send each of the received multiple private keys to the corresponding smart device 200. The receiving module 170 and the second sending module 180 may be configured to perform step S103 shown in fig. 3, and a detailed description of the step S103 may be referred to for a specific operation method.
The communication establishing module 210 is configured to establish a communication connection with another smart device 200, and send the encrypted information to the other smart device 200 that establishes the communication connection. The encryption module 220 is configured to obtain encryption information according to the unique identifier of the other smart device 200 that establishes the communication connection. The decryption module 230 is configured to decrypt the received encrypted information according to the stored private key to obtain decrypted information. The communication establishing module 210, the encrypting module 220 and the decrypting module 230 can be used to execute step S104 shown in fig. 3, and the detailed description of step S104 can be referred to for a specific operation method.
Optionally, referring to fig. 11, in this embodiment, the establishing module 150 includes a detecting unit 151, an apparatus information collecting unit 152, and a unique identifier generating unit 153.
The detecting unit 151 is configured to detect whether the current communication is within a preset communication security range of each of the smart devices 200. The detection unit 151 may be configured to perform step S1031 shown in fig. 4, and a detailed operation method may refer to a detailed description of step S1031.
The device information acquiring unit 152 is configured to acquire device information of each of the smart devices 200 when the device information is within a preset communication security range of each of the smart devices 200. The device information collecting unit 152 may be configured to perform step S1032 shown in fig. 4, and the detailed description of the step S1032 may be referred to for a specific operation method.
The unique identifier generating unit 153 is configured to generate a unique identifier corresponding to each smart device 200 according to the collected device information of each smart device 200. The unique identifier generating unit 153 can be used to execute step S1033 shown in fig. 4, and the detailed description of step S1033 can be referred to for a specific operation method.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
In summary, the method and system for processing the identification cipher key provided by the embodiment of the present invention generate the unique identifier corresponding to each smart device 200 by using the mobile device 100 to collect the device information of the smart device 200 on the spot in a short distance, so as to avoid the attack of forging the identity. And the processing terminal is used for calculating the corresponding private key according to the unique identifier of each intelligent device 200, so that the mathematical security of the cryptographic technology is ensured. And the mobile device 100 is used to write the corresponding private key into each intelligent device 200 in a short distance again, so that the key leakage risk caused by remote private key distribution is avoided. When each intelligent device 200 communicates, the unique identifier is used as a public key to encrypt information to be transmitted, and the defect that the traditional public key password needs to acquire the public key of a communication counterpart through CA to cause communication loss is overcome.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (8)

1. A method for processing an identification cipher key is applied to an identification cipher key processing system, the identification cipher key processing system comprises a mobile device and a plurality of intelligent devices which are in communication connection, the mobile device is also in communication connection with a processing terminal, and the method comprises the following steps:
the mobile equipment detects whether the mobile equipment is in a preset communication safety range of each intelligent equipment, and if so, equipment information of each intelligent equipment is collected;
generating unique identifiers corresponding to the intelligent devices according to the acquired device information of the intelligent devices;
the mobile device sends the established unique identifiers to the processing terminal and the intelligent devices, so that the processing terminal generates private keys corresponding to the unique identifiers according to the unique identifiers;
the mobile equipment receives a plurality of private keys returned by the processing terminal and sends each private key in the received private keys to corresponding intelligent equipment;
any one intelligent device in the intelligent devices establishes communication connection with other intelligent devices, obtains encrypted information according to the unique identifiers of the other intelligent devices establishing communication connection, and sends the encrypted information to the other intelligent devices establishing communication connection, so that the other intelligent devices decrypt the received encrypted information according to the stored private key to obtain decrypted information.
2. The method of claim 1, wherein the step of sending each of the received plurality of private keys to a corresponding smart device comprises:
and when the mobile device detects that the mobile device is within the preset communication safety range of each intelligent device, writing each received private key in the plurality of private keys into the corresponding intelligent device in an infrared communication mode, a Bluetooth communication mode or a wired communication mode.
3. The method of claim 1, wherein the step of obtaining encryption information based on the unique identifier of the other smart device that established the communication connection comprises:
and acquiring the unique identifier of other intelligent equipment for establishing communication connection, and encrypting the information to be sent by using the acquired unique identifier as a public key to obtain encrypted information.
4. The identity cryptographic key processing method of claim 1, wherein after the step of the mobile device sending the established plurality of unique identifiers to the processing terminal and the plurality of smart devices, the method further comprises:
the mobile equipment establishes a one-to-one correspondence relationship between the collected multiple pieces of equipment information and the established multiple unique identifiers;
and sending the corresponding relation and the plurality of pieces of equipment information to each intelligent equipment.
5. The identification cryptographic key processing method of claim 1, wherein the device information is a device image, a device identification code, or device location information, and the unique identifier is a device number, a device name, or device location information.
6. The system for processing the identification cipher key is characterized by comprising mobile equipment and a plurality of intelligent equipment which are in communication connection, wherein the mobile equipment is also in communication connection with a processing terminal, the mobile equipment comprises an establishing module, a first sending module, a receiving module and a second sending module, and the intelligent equipment comprises a communication establishing module, an encrypting module and a decrypting module;
the establishing module comprises a detection unit, an equipment information acquisition unit and a unique identifier generation unit;
the detection unit is used for detecting whether the intelligent equipment is in a preset communication safety range of each intelligent equipment;
the equipment information acquisition unit is used for acquiring the equipment information of each intelligent equipment when the equipment information acquisition unit is positioned in the preset communication safety range of each intelligent equipment;
the unique identifier generating unit is used for generating unique identifiers corresponding to the intelligent devices according to the acquired device information of the intelligent devices;
the first sending module is used for sending the established unique identifiers to the processing terminal and the intelligent devices so that the processing terminal can generate private keys corresponding to the unique identifiers according to the unique identifiers;
the receiving module is used for receiving a plurality of private keys returned by the processing terminal;
the second sending module is used for sending each received private key of the multiple private keys to the corresponding intelligent device;
the communication establishing module is used for establishing communication connection with other intelligent equipment and sending the encrypted information to the other intelligent equipment establishing communication connection;
the encryption module is used for obtaining encryption information according to the unique identifiers of other intelligent equipment establishing communication connection;
the decryption module is used for decrypting the received encrypted information according to the stored private key to obtain decrypted information.
7. The system for identity cryptographic key processing of claim 6, wherein the second sending module is configured to write each of the received plurality of private keys to the corresponding smart device through infrared communication, bluetooth communication, or wired communication when it is detected that the received plurality of private keys are within a preset communication security range of each of the smart devices.
8. The system for identity-based cryptographic key processing according to claim 6, wherein the encryption module is configured to obtain unique identifiers of other smart devices that establish communication connection, and encrypt the information to be transmitted using the obtained unique identifiers as a public key to obtain encrypted information.
CN201711284215.0A 2017-12-07 2017-12-07 Method and system for processing identification cipher key Active CN107947927B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711284215.0A CN107947927B (en) 2017-12-07 2017-12-07 Method and system for processing identification cipher key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711284215.0A CN107947927B (en) 2017-12-07 2017-12-07 Method and system for processing identification cipher key

Publications (2)

Publication Number Publication Date
CN107947927A CN107947927A (en) 2018-04-20
CN107947927B true CN107947927B (en) 2021-02-19

Family

ID=61946057

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711284215.0A Active CN107947927B (en) 2017-12-07 2017-12-07 Method and system for processing identification cipher key

Country Status (1)

Country Link
CN (1) CN107947927B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108877916A (en) * 2018-06-12 2018-11-23 湖北文理学院 Information security store method and device
CN110278080B (en) * 2019-07-11 2020-10-02 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
CN113132944B (en) * 2021-04-22 2023-10-20 上海银基信息安全技术股份有限公司 Multi-path secure communication method, device, vehicle end, equipment end and medium
CN115277053B (en) * 2022-06-08 2024-04-23 深圳蜂鸟创新科技服务有限公司 Data processing method and system based on SaaS and Pass platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616142A (en) * 2008-06-24 2009-12-30 香港城市大学 Method and system for realizing information encryption transmission
CN104202170A (en) * 2014-09-22 2014-12-10 上海众人科技有限公司 An identity-based identity authentication system and method
CN104408519A (en) * 2014-10-29 2015-03-11 广州艾若博机器人科技有限公司 Method for backing up and learning knowledge learned by robot
CN107395366A (en) * 2017-08-08 2017-11-24 沈阳东青科技有限公司 A kind of Efficient Remote method of proof towards industry control credible calculating platform

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409061B2 (en) * 2000-11-29 2008-08-05 Noatak Software Llc Method and system for secure distribution of subscription-based game software

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616142A (en) * 2008-06-24 2009-12-30 香港城市大学 Method and system for realizing information encryption transmission
CN104202170A (en) * 2014-09-22 2014-12-10 上海众人科技有限公司 An identity-based identity authentication system and method
CN104408519A (en) * 2014-10-29 2015-03-11 广州艾若博机器人科技有限公司 Method for backing up and learning knowledge learned by robot
CN107395366A (en) * 2017-08-08 2017-11-24 沈阳东青科技有限公司 A kind of Efficient Remote method of proof towards industry control credible calculating platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
数字家庭智能设备可信认证协议;王怀柱;《宁夏工程技术 》;20160915(第3期);全文 *

Also Published As

Publication number Publication date
CN107947927A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
CN107947927B (en) Method and system for processing identification cipher key
US10616739B2 (en) Method and apparatus for local data monitoring and actuator control in an internet of things network
US10771244B2 (en) Method for communication between devices and devices thereof
KR101693130B1 (en) Information interaction method and device
EP3602997B1 (en) Mutual authentication system
KR20200022538A (en) Method and apparatus for facilitating electronic payments using a wearable device
CN106603226B (en) Message transmission encryption and authentication method, sender device and receiver device
CN104955031A (en) Information transmission method and device
CN109274500B (en) A key downloading method, client, cryptographic device and terminal device
CN104853341B (en) Device and method, non-transient computer readable storage medium and wireless communication system is arranged in information
US10772141B2 (en) System and method for peer-to-peer wireless communication
CN107947924A (en) Intelligent domestic system and information ciphering method and device, terminal
TW201712590A (en) A cloud encryption system and method
Suomalainen Smartphone assisted security pairings for the Internet of Things
CN104268039A (en) Method, device and system for obtaining maintenance data
US11856091B2 (en) Data distribution system, data processing device, and program
CN109660609B (en) equipment identification method and device and storage medium
KR20210006782A (en) An OTP configuration method of setting time seed with unique cycle by using active time offset window per each client
JP6192495B2 (en) Semiconductor device, information terminal, semiconductor element control method, and information terminal control method
JP6451965B2 (en) Communication apparatus, counterpart communication apparatus, and communication program
WO2024125263A1 (en) Vehicle unlocking method and apparatus, computer device, and storage medium
CN112487455B (en) A data processing method, device and data interaction system
CN114666154B (en) Device communication method, device, gateway, device, system, medium and product
KR101644168B1 (en) Message security system using social network service and method for processing it, and storage medium for storing computer program thereof
CN108632393B (en) Secure communication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230417

Address after: Room 607, Unit 1, Building A1, Jinxiu Tianchi Upper Courtyard, Dongfeng Automobile Avenue, High tech Zone, Xiangyang City, Hubei Province, 441100

Patentee after: Xiangyang Honghao Information Technology Co.,Ltd.

Address before: No. 296, Longzhong Road, Xiangcheng District, Xiangyang City, Hubei Province

Patentee before: HUBEI University OF ARTS AND SCIENCE

TR01 Transfer of patent right