CN119835648A - Bluetooth module pairing method and device, electronic equipment and readable storage medium - Google Patents
Bluetooth module pairing method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN119835648A CN119835648A CN202510261637.4A CN202510261637A CN119835648A CN 119835648 A CN119835648 A CN 119835648A CN 202510261637 A CN202510261637 A CN 202510261637A CN 119835648 A CN119835648 A CN 119835648A
- Authority
- CN
- China
- Prior art keywords
- electronic device
- certificate
- trusted service
- service management
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本申请公开了一种蓝牙模块配对方法、装置、电子设备和可读存储介质,属于电子设备技术领域。蓝牙模块配对方法包括:根据第一电子设备与可信服务管理的网络状态发送蓝牙配对广播;基于与蓝牙配对广播匹配的协商规则,与第二电子设备协商第一共享秘钥;基于第一共享秘钥与第二电子设备进行加密通信,得到蓝牙配对信息;根据蓝牙配对信息与第二电子设备建立蓝牙配对;其中,基于与蓝牙配对广播匹配的协商规则,与第二电子设备协商第一共享秘钥,包括:在网络状态为联网的情况下,经由可信服务管理,与第二电子设备协商第一共享秘钥;在网络状态为断网的情况下,基于第一证书和第二证书,与第二电子设备协商第一共享秘钥。
The present application discloses a Bluetooth module pairing method, device, electronic device and readable storage medium, belonging to the technical field of electronic devices. The Bluetooth module pairing method includes: sending a Bluetooth pairing broadcast according to the network status of a first electronic device and a trusted service management; negotiating a first shared key with a second electronic device based on a negotiation rule matching the Bluetooth pairing broadcast; performing encrypted communication with the second electronic device based on the first shared key to obtain Bluetooth pairing information; establishing Bluetooth pairing with the second electronic device according to the Bluetooth pairing information; wherein, based on the negotiation rule matching the Bluetooth pairing broadcast, negotiating the first shared key with the second electronic device, including: when the network status is connected, negotiating the first shared key with the second electronic device via the trusted service management; when the network status is disconnected, negotiating the first shared key with the second electronic device based on the first certificate and the second certificate.
Description
Technical Field
The application belongs to the technical field of electronic equipment, and particularly relates to a Bluetooth module pairing method and device, electronic equipment and a readable storage medium.
Background
The electronic equipment can carry out short-distance Bluetooth communication through the carried Bluetooth module. The bluetooth modules in the two electronic devices rely on bluetooth pairing to ensure encryption of data in the bluetooth Communication process, bluetooth pairing can be realized by adopting modes of manually inputting pairing codes by users, interacting pairing information through near field Communication (NEAR FIELD Communication) technology and the like, but the security of a bluetooth pairing method in the related technology needs to be further improved.
Disclosure of Invention
The embodiment of the application aims to provide a Bluetooth module pairing method, a Bluetooth module pairing device, electronic equipment and a readable storage medium, which can solve the problem of low safety of the Bluetooth module pairing method.
In a first aspect, an embodiment of the present application provides a bluetooth module pairing method, which is applied to a first electronic device, and the method includes:
Transmitting a Bluetooth pairing broadcast according to the network state managed by the first electronic equipment and the trusted service;
negotiating a first shared secret key with the second electronic device based on a negotiation rule matching the bluetooth pairing broadcast;
carrying out encryption communication with the second electronic equipment based on the first sharing secret key to obtain Bluetooth pairing information;
Establishing Bluetooth pairing with the second electronic equipment according to the Bluetooth pairing information;
Wherein negotiating a first shared key with the second electronic device based on a negotiation rule matching the bluetooth pairing broadcast, comprises:
negotiating, via trusted service management, a first shared key with a second electronic device in the case of networking in the network state;
And under the condition that the network state is off-line, negotiating a first shared secret key with the second electronic equipment based on a first certificate and a second certificate, wherein the first certificate is a digital certificate which is pre-signed to the first electronic equipment by the trusted service management, and the second certificate is a digital certificate which is pre-signed to the second electronic equipment by the trusted service management.
In a second aspect, an embodiment of the present application provides a bluetooth module pairing method, which is applied to a second electronic device, where the method includes:
receiving Bluetooth pairing broadcast sent by first electronic equipment, wherein the Bluetooth pairing broadcast is sent by the first electronic equipment according to the network state managed by the first electronic equipment and trusted service;
Negotiating a first shared secret key with the first electronic device based on a negotiation rule matching the bluetooth pairing broadcast;
Carrying out encryption communication with the first electronic equipment based on the first sharing secret key to obtain Bluetooth pairing information;
Establishing Bluetooth pairing with the first electronic equipment according to the Bluetooth pairing information;
wherein negotiating a first shared secret key with the first electronic device based on a negotiation rule matching the bluetooth pairing broadcast, comprises:
Negotiating, via trusted service management, a first shared key with the first electronic device if the network state is networked;
And negotiating a first shared secret key with the first electronic device based on a first certificate and a second certificate under the condition that the network state is off-network, wherein the first certificate is a digital certificate which is pre-signed to the first electronic device by the trusted service management, and the second certificate is a digital certificate which is pre-signed to the second electronic device by the trusted service management.
In a third aspect, an embodiment of the present application provides a bluetooth module pairing device, including:
The first broadcasting module is used for sending Bluetooth pairing broadcasting according to the network state managed by the first electronic equipment and the trusted service;
The first sharing module is used for negotiating a first sharing secret key with the second electronic equipment based on a negotiation rule matched with Bluetooth pairing broadcast;
The first communication module is used for carrying out encrypted communication with the second electronic equipment based on the first shared secret key to obtain Bluetooth pairing information;
the first pairing module is used for establishing Bluetooth pairing with the second electronic equipment according to the Bluetooth pairing information;
wherein, first sharing module includes:
a first sharing unit, configured to negotiate a first sharing key with a second electronic device via trusted service management in a case where the network state is networking;
the second sharing unit is used for negotiating a first sharing secret key with the second electronic equipment based on a first certificate and a second certificate under the condition that the network state is disconnected, wherein the first certificate is a digital certificate which is pre-signed to the first electronic equipment for trusted service management, and the second certificate is a digital certificate which is pre-signed to the second electronic equipment for trusted service management.
In a fourth aspect, an embodiment of the present application provides a bluetooth module pairing device, including:
The second receiving module is used for receiving Bluetooth pairing broadcast sent by the first electronic equipment, wherein the Bluetooth pairing broadcast is sent by the first electronic equipment according to the network state managed by the first electronic equipment and the trusted service;
The second sharing module is used for negotiating the first sharing secret key with the first electronic equipment based on a negotiation rule matched with the Bluetooth pairing broadcast;
the second communication module is used for carrying out encrypted communication with the first electronic equipment based on the first shared secret key to obtain Bluetooth pairing information
The second pairing module is used for establishing Bluetooth pairing with the first electronic equipment according to the Bluetooth pairing information;
Wherein the second sharing module includes:
A third sharing unit configured to negotiate a first sharing key with the first electronic device via trusted service management in a case where the network state is networking;
The fourth sharing unit is configured to negotiate a first sharing key with the first electronic device based on a first certificate and a second certificate when the network state is off-network, where the first certificate is a digital certificate pre-signed to the first electronic device for trusted service management, and the second certificate is a digital certificate pre-signed to the second electronic device for trusted service management.
In a fifth aspect, embodiments of the present application provide an electronic device comprising a processor and a memory storing a program or instructions executable on the processor, the program or instructions implementing the steps of the methods as in the first and second aspects when executed by the processor.
In a sixth aspect, embodiments of the present application provide a readable storage medium having stored thereon a program or instructions which when executed by a processor perform the steps of the methods as in the first and second aspects.
In a seventh aspect, embodiments of the present application provide a chip comprising a processor and a communication interface, the communication interface being coupled to the processor, the processor being configured to execute programs or instructions to implement the methods of the first and second aspects.
In an eighth aspect, embodiments of the present application provide a computer program product stored in a storage medium, the program product being executable by at least one processor to implement the methods as in the first and second aspects.
According to the embodiment of the application, the first shared secret key is negotiated with the second electronic equipment through trusted service management under the condition that the network state is networking to improve the security of the obtained first shared secret key, the first shared secret key is negotiated with the second electronic equipment based on the first certificate and the second certificate under the condition that the network state is off-network to improve the security of the obtained first shared secret key, the first electronic equipment and the second electronic equipment carry out encryption communication based on the first shared secret key, bluetooth pairing is established according to the obtained Bluetooth pairing information, so that the identity security of the first electronic equipment and the second electronic equipment is improved through the first shared secret key, the security of information transmission between the first electronic equipment and the second electronic equipment is improved, and the security of Bluetooth pairing establishment between the first electronic equipment and the second electronic equipment is improved.
Drawings
Fig. 1 is a flowchart of a bluetooth module pairing method according to an embodiment of the application;
FIG. 2 is a schematic diagram of a first electronic device and a second electronic device according to an embodiment of the present application;
Fig. 3 is a flowchart of a bluetooth module pairing method according to an embodiment of the application;
FIG. 4 is a second schematic diagram of a first electronic device and a second electronic device according to an embodiment of the present application;
FIG. 5 is a second flowchart of a Bluetooth module pairing method according to an embodiment of the application;
FIG. 6 is a third flowchart of a Bluetooth module pairing method according to an embodiment of the application;
FIG. 7 is a third schematic structural diagram of the first electronic device and the second electronic device according to an embodiment of the present application;
FIG. 8 is a flowchart of a Bluetooth module pairing method according to an embodiment of the application;
FIG. 9 is a fourth schematic diagram of the first electronic device and the second electronic device according to an embodiment of the present application;
FIG. 10 is a flowchart of a Bluetooth module pairing method according to an embodiment of the application;
Fig. 11 is a schematic structural diagram of a bluetooth module pairing device according to an embodiment of the application;
FIG. 12 is a schematic diagram of an electronic device according to an embodiment of the present application;
fig. 13 is a schematic hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions of the embodiments of the present application will be clearly described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which are obtained by a person skilled in the art based on the embodiments of the present application, fall within the scope of protection of the present application.
The terms first, second and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged, as appropriate, such that embodiments of the present application may be implemented in sequences other than those illustrated or described herein, and that the objects identified by "first," "second," etc. are generally of a type, and are not limited to the number of objects, such as the first object may be one or more. Furthermore, in the description and claims, "and/or" means at least one of the connected objects, and the character "/", generally means that the associated object is an "or" relationship.
The method, the device, the electronic equipment, the readable storage medium and the computer program product for pairing the Bluetooth modules provided by the embodiment of the application are described in detail below through specific embodiments and application scenes thereof with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present application provides a bluetooth module pairing method, which is applied to a first electronic device, and includes:
s100, sending Bluetooth pairing broadcast according to the network state managed by the first electronic equipment and the trusted service;
s200, negotiating a first shared secret key with the second electronic equipment based on negotiation rules matched with Bluetooth pairing broadcast;
s300, carrying out encryption communication with the second electronic equipment based on the first sharing secret key to obtain Bluetooth pairing information;
s400, establishing Bluetooth pairing with the second electronic equipment according to the Bluetooth pairing information;
Wherein S200 includes:
S210, negotiating a first shared secret key with a second electronic device via trusted service management under the condition that the network state is networking;
S220, negotiating a first shared secret key with the second electronic equipment based on a first certificate and a second certificate when the network state is off-network, wherein the first certificate is a digital certificate which is pre-signed by the trusted service management to the first electronic equipment, and the second certificate is a digital certificate which is pre-signed by the trusted service management to the second electronic equipment.
Trusted service management (Trusted SERVICE MANAGER, TSM) is an integrated platform that integrates management and services. The trusted service management can establish a secure channel with the trusted secure element, and data is transmitted through the secure channel to realize the management of the secure element. Data is transmitted based on a secure channel established with trusted service management to ensure the authenticity of the data.
The first electronic device includes a first bluetooth module and a first secure element communicatively coupled. The first bluetooth module may transmit a bluetooth pairing broadcast outwards. A secure channel is established between the trusted service manager and the first secure element. The second electronic device may refer to the first electronic device, the second electronic device comprising a communicatively connected second bluetooth module and a second secure element. A secure channel is established between the trusted service manager and the second secure element. The trusted service management may transmit data with the first secure element and the second secure element via the secure channel, respectively, to ensure authenticity of the data. The data may be interaction data of negotiating a first shared secret key between the first secure element and the second secure element, and the trusted service manager may serve as a relay to forward the interaction data sent by the first secure element to the second secure element, and forward the interaction data sent by the second secure element to the first secure element, so as to ensure security of the received interaction data. The data may also be interaction data required by the trusted service manager to issue digital certificates to the secure element.
Under the condition that the network state is networking, the first electronic equipment can directly communicate with the trusted service management through the established secure channel, and the first electronic equipment and the second electronic equipment forward data through the trusted service management, so that the first electronic equipment and the second electronic equipment negotiate a first shared secret key.
In the case where the network state is networking, the first electronic device cannot communicate with trusted service management, and thus cannot forward data to the second electronic device through trusted service management. The first electronic device may obtain the first shared secret key through negotiation by means of a first certificate pre-signed to the first electronic device by the trusted service management, and a second certificate pre-signed to the first electronic device by the second electronic device by the trusted service management, wherein the second certificate mutually confirms the identity and the security of the information sent between the two.
Under the condition that the first electronic equipment and the second electronic equipment both have the first shared secret key, the first electronic equipment and the second electronic equipment can realize encryption and decryption of direct transmission information between the first electronic equipment and the second electronic equipment based on the first shared secret key, for example, bluetooth pairing information is transmitted between the first electronic equipment and the second electronic equipment, so that the safety of the transmission information between the first electronic equipment and the second electronic equipment and the safety of identities of the first electronic equipment and the second electronic equipment are ensured, and the safety of the electronic equipment for realizing Bluetooth pairing is improved. The bluetooth pairing information may include a bluetooth pairing request, feedback information for the bluetooth pairing request, a pairing code, and the like. When the third electronic device without the first shared secret key receives the Bluetooth pairing information sent by the first electronic device, the third electronic device cannot establish Bluetooth pairing with the first electronic device because the third electronic device cannot decrypt the Bluetooth pairing information. When the third electronic device without the first shared secret key imitates the second electronic device to send the Bluetooth pairing information, the first electronic device can identify the third electronic device as the electronic device which is not trusted by the trusted service management because the third electronic device cannot encrypt the Bluetooth pairing information correctly.
According to the Bluetooth module pairing method, under the condition that a network state is networking, a first sharing secret key is negotiated with a second electronic device through trusted service management to improve the security of the obtained first sharing secret key, under the condition that the network state is off-line, the first sharing secret key is negotiated with the second electronic device based on a first certificate and a second certificate to improve the security of the obtained first sharing secret key, the first electronic device and the second electronic device conduct encryption communication based on the first sharing secret key, bluetooth pairing is established according to obtained Bluetooth pairing information, so that identity security of the first electronic device and the second electronic device is improved through the first sharing secret key, information transmission security between the first electronic device and the second electronic device is improved, and the security of Bluetooth pairing establishment between the first electronic device and the second electronic device is improved.
In some embodiments, S210 comprises:
S211, under the condition that the network state is networking, generating a first key pair, wherein the first key pair comprises a first public key and a first private key;
S222, sending the first public key to the trusted service management through a secure channel established with the trusted service management, so that the trusted service management forwards the first public key to the second electronic equipment;
S233, receiving a second public key sent by the trusted service manager through the secure channel, wherein the second public key is a secret key generated by the second electronic equipment according to the first public key and sent to the trusted service manager;
S234, receiving a second public key sent by the trusted service manager through the secure channel, wherein the second public key is a secret key generated by the second electronic device according to the first public key and sent to the trusted service manager.
In the present application, unless otherwise specified, the information transmitted between the first electronic device and the trusted service management, and the information transmitted between the second electronic device and the trusted service management are all transmitted through the established secure channel.
The first electronic device generates a first public key and a first private key through a preset encryption algorithm, and sends the first public key to the second electronic device through trusted service management so as to ensure the security of the first public key received by the second electronic device and the sending of the first public key to the second electronic device. The second electronic device generates a second public key and a second private key through a preset encryption algorithm, and sends the second public key to the first electronic device through trusted service management so as to ensure the security of the second public key received by the first electronic device and the sending of the second public key to the first electronic device. Because the first electronic device and the second electronic device adopt the same encryption algorithm, the first electronic device can calculate the first shared secret key through the generated first private key and the received second public key, and the second electronic device can calculate the first shared secret key through the generated second private key and the received first public key. Optionally, the preset encryption algorithm is a Diffie-Hellman (DH) algorithm.
In some embodiments, S100 comprises:
S110, under the condition that the network state is networking, bluetooth pairing broadcast is sent, and the Bluetooth pairing broadcast carries a first identity analysis secret key;
S300 includes:
S310, sending the first identity analysis secret key to the trusted service management through the secure channel so that the trusted service management forwards the first identity analysis secret key to the second electronic equipment;
s320, receiving a Bluetooth connection request sent by the second electronic equipment according to the first identity analysis secret key;
s330, establishing connection with the second electronic equipment according to the Bluetooth connection request;
s340, the first sharing secret key is adopted to carry out encryption communication with the second electronic equipment, and Bluetooth pairing information is obtained.
The first electronic device may broadcast the resolvable random address (Resolvable PRIVATEADDRESS, RPA) out so that an electronic device located in proximity to the first electronic device may scan to the resolvable random address RPA. The resolvable random address includes an identity resolution key (Identity Resolving Key, IRK) by which the identity of the device can be identified.
The first identity resolving secret key is forwarded to the second electronic equipment through trusted service management, so that the second electronic equipment can identify the resolvable random address broadcasted by the first electronic equipment in one or more resolvable random addresses obtained through scanning, and the Bluetooth connection request sent to the correct first electronic equipment can be sent. After the first electronic equipment and the second electronic equipment are connected, the first shared secret key is adopted for encryption communication, and Bluetooth pairing is achieved.
In some embodiments, in S300, the bluetooth pairing information transmitted between the first electronic device and the second electronic device is out-of-band pairing information.
The Out-Of-Band pairing information is Out-Of-Band (OOB) data, so that the security Of information transmission between the first electronic device and the second electronic device is improved. The out-of-band pairing information generated by the first electronic device is encrypted through the first shared secret key and then sent to the second electronic device, the out-of-band pairing information generated by the second electronic device is encrypted through the first shared secret key and then sent to the first electronic device, the first electronic device decrypts the received out-of-band pairing information through the first shared secret key, and the second electronic device decrypts the received out-of-band pairing information through the first shared secret key, so that Bluetooth pairing is established between the first electronic device and the second electronic device.
For example, referring to fig. 2 and 3, the first electronic device includes a first secure element 11 and a first bluetooth module 12, the second electronic device includes a second secure element 21 and a second bluetooth module 22, a secure channel is established between the first secure element 11 and the trusted service manager 3, and a secure channel is established between the second secure element 21 and the trusted service manager 3.
The first bluetooth module 12 broadcasts an external resolvable random address (RPA) comprising an identity resolution key IRK, and the first bluetooth module 12 sends the IRK to the first secure element 11. The first secure element 11 generates a first private key SK1 and a first public key PK1, the first secure element 11 transmits the first public keys PK1 and IRK to the trusted service manager 3 through a secure channel, the trusted service manager 3 forwards the first public keys PK1 and IRK to the second secure element 21, the second secure element 21 generates a pair of second private keys SK2 and a second public key PK2 after receiving the first public key PK1, the second secure element 21 transmits the second public key PK2 to the trusted service manager 3 through the secure channel, the trusted service manager 3 forwards the second public key PK2 to the first secure element 11, the first secure element 11 and the second secure element 21 both acquire the public key PK of the other party, and the first shared key CK is calculated through a DH algorithm.
The second secure element 21 sends the received IRK to the second bluetooth module 22, the second bluetooth module 22 scans the RPA broadcasted by the first bluetooth module 12 according to the IRK, and the second bluetooth module 22 establishes a bluetooth connection with the first bluetooth module 12 based on the scanned RPA with the identity resolution key IRK.
The first bluetooth module 12 generates the first out-of-band pairing information OOB1, encrypts the first out-of-band pairing information using the first shared key CK via the first secure element 11, and transmits the encrypted first out-of-band pairing information to the second bluetooth module 22 via the first bluetooth module 12. The encrypted first out-of-band pairing information OOB1 data is decrypted by the second secure element 21 to obtain the first out-of-band pairing information OOB1. The second bluetooth module 22 generates the second out-of-band pairing information OOB2, which is encrypted using the first shared key CK via the second secure element 21, and then transmitted to the first bluetooth module 12 through the second bluetooth module 22. The encrypted second out-of-band pairing information OOB2 is decrypted by the first secure element 11 to obtain the second out-of-band pairing information OOB2. The first bluetooth module 12 and the second bluetooth module 22 perform secure connection pairing based on the first out-of-band pairing information OOB1 and the second out-of-band pairing information OOB2.
The first electronic equipment and the second electronic equipment are managed at the same time in the trusted service management, namely the trusted service management respectively establishes a secure channel with the first electronic equipment and the second electronic equipment, and under the condition that the first electronic equipment and the second electronic equipment can normally communicate with the trusted service management when Bluetooth pairing is carried out, the first shared secret key can be obtained based on the exchange of the first public key and the second public key, and Bluetooth pairing is realized based on the first shared secret key.
In other embodiments, S220 includes:
S221, receiving a second certificate sent by the second electronic equipment under the condition that the network state is off-line;
S222, under the condition that the second certificate is successfully verified, resolving a first shared secret key based on a pre-stored third private key and a fourth public key in the second certificate;
S223, a first certificate is sent to the second electronic equipment, so that the second electronic equipment analyzes the first shared secret key based on a pre-stored fourth secret key and a third public key in the first certificate under the condition that the first certificate is successfully verified;
the first certificate is a device entity certificate issued by the trusted service management to the third public key, the third public key and the third private key are paired key pairs, the second certificate is a device entity certificate issued by the trusted service management to the fourth public key, and the fourth public key and the fourth private key are paired key pairs.
The first security element of the first electronic device generates a third public key and a third private key based on a preset encryption algorithm, the generated third public key and third private key are a key pair, and the second security element of the second electronic device generates a fourth public key and a fourth private key based on the preset encryption algorithm, and the generated fourth public key and fourth private key are a key pair. The predetermined encryption algorithm used by the first secure element is the same as the predetermined encryption algorithm used by the second secure element. Optionally, the preset encryption algorithm is a Diffie-Hellman (DH) algorithm.
The trusted service manager can sign the first public key through the root certificate and the intermediate certificate of the trusted service manager to obtain a device entity certificate. When the first electronic device establishes secure channel-based communication with the trusted service manager, the first electronic device sends the third public key to the trusted service manager, the trusted service manager issues a first certificate to the third public key, and the first electronic device stores the first certificate. The first certificate includes a third public key and a digital signature that is issued for trusted service management to prove the legitimacy of the first certificate.
When the second electronic device establishes secure channel-based communication with the trusted service manager, the second electronic device sends the fourth public key to the trusted service manager, the trusted service manager issues a second certificate to the fourth public key, and the second electronic device stores the second certificate. The second certificate includes a fourth public key and a digital signature that is signed by the trusted service manager to prove the legitimacy of the second certificate.
The first electronic device and/or the second electronic device may not have an active networking function, and the first electronic device and/or the second electronic device may establish a secure channel with the trusted service management in a wired or wireless manner during preparation, so as to obtain a device entity certificate. The first electronic device and/or the second electronic device may also have an active networking function, where the first electronic device and/or the second electronic device obtains a device entity certificate in a scenario in which the first electronic device and/or the second electronic device are in communication with trusted service management. Optionally, the network states of the first electronic device and the second electronic device are disconnected, and in a scenario that the first electronic device is disconnected from the trusted service management communication, the first electronic device and the second electronic device use the device entity certificate obtained in advance to realize bluetooth pairing.
Because the first certificate and the second certificate are both issued by the trusted service management, the first electronic device verifies the second certificate successfully, which indicates that the fourth public key carried in the second certificate is legal, and the second electronic device verifies the first certificate successfully, which indicates that the third public key carried in the first certificate is legal. Thus, in the scene that either one of the first electronic device and the second electronic device cannot communicate with the trusted service management, the first electronic device and the second electronic device can also prove that the first electronic device and the second electronic device are the trusted service management trusted electronic devices through the first certificate and the second certificate.
In some embodiments, prior to S100, comprising:
S500, generating a third private key, a third public key and a certificate signing request related to the third public key, and sending the certificate signing request to the trusted service management through a secure channel established with the trusted service management;
s600, receiving an intermediate certificate and a first certificate sent by the trusted service management according to a certificate signing request, wherein the intermediate certificate is a certificate issued by the trusted service management through a first certificate, and the first certificate is a certificate issued by the trusted service management to a third public key according to a private key of the intermediate certificate;
s222 includes:
And under the condition that the second certificate is successfully verified through the intermediate certificate, the first shared secret key is analyzed based on the third private key and the fourth public key, and the second certificate manages the certificate issued by the third public key according to the private key of the intermediate certificate for the trusted service.
The certificate signing Request (CERTIFICATE SIGNING Request, CSR) is a certificate Request file generated at the time of application of a digital certificate. A certificate associated with the third public key signs a request, i.e. requests the recipient to digitally sign the third public key, so that the digital signature can prove the authenticity of the third public key.
In a state that the second electronic device communicates with the trusted service management, the second electronic device may generate a fourth private key, a fourth public key, and a certificate signing request related to the fourth public key before or after receiving the first certificate, and the second electronic device sends the certificate signing request related to the fourth public key to the trusted service management, so as to obtain a second certificate issued to the fourth public key.
The trusted service manager has a first root certificate, which may be the pre-stored device OEM (Original Equipment Manufacturer) root certificates. The first root certificate issues an intermediate certificate that may be used to issue other device entity certificates. An intermediate certificate is issued using a first root certificate to establish a trusted path for a subsequent certificate issuing process.
After receiving the certificate signing request, the trusted service manager issues a first certificate related to the third public key by using the private key corresponding to the intermediate certificate. The trusted service manager issues the issued first certificate to the first electronic device along with the intermediate certificate. After the first electronic equipment receives the two certificates, the first certificate can be used for carrying out operations such as identity authentication and the like, and the intermediate certificate is used for verifying the validity of the first certificate, so that the trust relationship of the whole certificate system is ensured.
When the first electronic device receives the second certificate, the first electronic device may verify the authenticity of the second certificate through the intermediate certificate to determine whether the second certificate is issued for trusted service management. And if the second certificate is verified to be successful through the intermediate certificate, the second certificate is issued for trusted service management, and the fourth public key carried by the second certificate is the public key of trusted service management trust.
In this embodiment, when the first electronic device is not connected to the trusted service management for bluetooth pairing, the device entity certificate sent by the other party may be verified based on the respective self-held intermediate certificate, and the third public key and the fourth public key are exchanged through the respective self-held device entity certificate, so as to obtain the first shared secret key, and the bluetooth pairing information is transmitted by performing encryption communication based on the first shared secret key. The first electronic device can verify the authenticity of the second certificate through the intermediate certificate, and the second electronic device can verify the authenticity of the first certificate through the intermediate certificate, so that the first electronic device and the second electronic device can confirm legal identities based on the first certificate and the second certificate.
In some embodiments, the first electronic device has a second root certificate identical to the first root certificate, the second root certificate being a pre-stored device OEM root certificate, and after S600, further comprising:
in the case that the authentication of the intermediate certificate by the second root certificate is successful, the intermediate certificate and the first certificate are stored.
The first electronic device verifies the digital signature on the first certificate using the public key in the intermediate certificate. The digital signature is generated by the trusted service manager encrypting the associated content of the first certificate using a private key in the intermediate certificate. The first electronic device can acquire the content such as the information abstract contained in the signature by decrypting the digital signature, and compare the content with the information abstract obtained by recalculating the content in the first certificate. If the two are consistent, the first certificate is considered not tampered with in the transmission process and is issued by the trusted service manager with the right, thereby verifying the authenticity and integrity of the first certificate.
For the intermediate certificate itself, the first electronic device may check whether it is properly issued by the first root certificate. The first electronic device is pre-provided with a second root certificate, and the second root certificate can be pre-installed by a manufacturer of the second electronic device. The first electronic device uses the public key of the second root certificate to verify the digital signature on the intermediate certificate, and the process is similar to that of verifying the first certificate, and whether the intermediate certificate is real and complete is judged by comparing whether the decrypted information abstract and the recalculated information abstract are consistent.
The first electronic device starts from the first certificate, verifies that the issuer of the first electronic device is an intermediate certificate, verifies that the issuer of the intermediate certificate is the first root certificate, and forms a complete trust chain to ensure that the first certificate and the intermediate certificate form a complete and correct certificate chain.
In some embodiments, S100 comprises:
s120, generating a first random number under the condition that the network state is off, and generating first safety information according to first equipment identification information of the first electronic equipment and the first random number;
S130, encrypting the first security information through a second shared secret key to obtain a second identity analysis secret key, wherein the second shared secret key is a secret key issued by trusted service management;
And S140, broadcasting Bluetooth pairing broadcast carrying the second identity analysis key and the first random number, so that the second electronic equipment verifies the second identity analysis key according to the first equipment identification information, the received first random number and the pre-stored second shared key.
Different devices can be distinguished by device identification information, which can be generated by the electronic device itself or distributed by trusted service management. The first random number may be a randomly generated string. The first device identification information and the first random number can be spliced, inserted at intervals, and calculated based on a preset formula to obtain the first security information, so that after the first security information is received by other devices except the second electronic device, the first device identification information and the first random number cannot be directly obtained.
The trusted service manager may send the second shared key synchronously when issuing the first certificate. The second shared secret key is a global secret key generated by the trusted service management, that is, the trusted service management can synchronously send the second shared secret key to the second electronic device when issuing the second certificate.
The bluetooth pairing broadcast may be a resolvable random address (Resolvable PRIVATEADDRESS, RPA). The first electronic device may broadcast the resolvable random address RPA outward so that electronic devices located in the vicinity of the first electronic device may scan the resolvable random address RPA. The resolvable random address includes a second identity resolution key (Identity Resolving Key, IRK).
Prior to S221, comprising:
S224, receiving a Bluetooth connection request sent by the second electronic device according to the second identity analysis key which is successfully verified;
s225, establishing a second channel with the second electronic equipment according to the Bluetooth connection request.
S221, including:
And receiving a second certificate sent by the second electronic device through the second channel.
The user may input device identification information expectedID of the electronic device to which connection is desired to the second electronic device. When the second electronic device receives the resolvable random address RPA broadcasted by the first electronic device, the second electronic device may generate the first verification information according to the received expectedID and the first random number carried in the resolvable random address RPA and a preset rule adopted when the first electronic device generates the first security information. Because the first electronic device and the second electronic device trusted by the trusted service management have the second shared secret key stored in advance, the first verification information is decrypted through the second shared secret key, if the second verification information can be obtained through normal decryption, the second verification information is continuously used for verification with the second identity analysis secret key in the resolvable random address, and if the decryption and the verification are successful, the first electronic device is correctly searched. If the second electronic device can not normally decrypt the first verification information through the second shared secret key, and the second verification information obtained by decryption is different from the received second identity analysis secret key, the random address can be analyzed by rescanning until a Bluetooth connection request is sent to the correct first electronic device.
The second shared secret key issued by the trusted service management is pre-stored by the first electronic equipment and the second electronic equipment, so that the second electronic equipment can pre-screen Bluetooth pairing broadcast sent by the first electronic equipment in the scanned Bluetooth pairing broadcast, the first electronic equipment and the second electronic equipment are connected again, and the first certificate and the second certificate are transmitted through the established second channel, so that further identification and authentication are realized. And avoiding the second electronic equipment from establishing Bluetooth connection with the scanned electronic equipment for blind purpose and sending a second certificate.
In some embodiments, the trusted service manager sends the intermediate certificate to the first electronic device in accordance with the certificate signing request, together with the first certificate and the second shared secret key encrypted with the third public key. The trusted service manager sends an intermediate certificate to the second electronic device according to the certificate signing request, and sends the second certificate and the second shared secret key encrypted by the fourth public key to the second electronic device.
The first electronic device fails to verify the intermediate certificate and the first certificate through the second root certificate, and then the second shared secret key encrypted through the third public key is proved to be truly and falsely suspicious. If the encrypted second shared key cannot be decrypted by the third private key, the received information is indicated as erroneous. The other electronic devices than the first electronic device do not have the third private key such that the encrypted second shared key cannot be decrypted when the other electronic devices than the first electronic device receive the encrypted second shared key.
Under the condition that the first electronic equipment verifies the intermediate certificate and the first certificate through the second certificate, the encrypted second shared secret key is decrypted through the third private key to obtain the second shared secret key, the intermediate certificate, the second shared secret key and the first certificate can be stored, when Bluetooth pairing is realized with the second electronic equipment, the intermediate certificate, the second shared secret key and the first certificate are adopted to verify the identity of the second electronic equipment and the authenticity of the transmitted Bluetooth pairing information, and trusted service management participation is not needed, so that the Bluetooth pairing of the security is realized when the first electronic equipment and the second electronic equipment are arranged under the condition of unconnected trusted service management.
For example, referring to FIGS. 4 and 5, trusted service manager 3 issues an intermediate certificate DevOEM1. CAbert using a first root certificate and generates a globally unique second shared secret key EncKey, first secure element 11 generates a third public key SE1.PK and a third private key SE1.SK, first secure element 11 generates a certificate signing request CSR for the first public key SE1.PK and issues to trusted service manager 3, trusted service manager 3 issues a first certificate SE1.Cert using an intermediate certificate DevOEM1. SK1. Cert and issues the first certificate SE1.Cert and the intermediate certificate DevOEM1. CAbert to first secure element 11, trusted service manager 3 encrypts the second shared secret key 3225 using the third public key SE1.PK and issues to first secure element 11, first secure element 11 verifies the intermediate certificate SEDevOEM1. CART and the first certificate 1.Cert using a second root certificate, and the first secret key 37, and then the first secure element obtains the second shared secret key 35 after the first secret key 35 successfully decrypts the first shared secret key 11.
The second secure element generates a fourth public key se2.pk and a fourth private key se2.sk, the first secure element 11 generates a certificate signing request CSR for the fourth public key se2.pk and issues it to the trusted service manager 3, the trusted service manager 3 issues a second certificate se2.cert using the intermediate certificate devoem1.sk1 and issues the second certificate se2.cert and the intermediate certificate devoem1.cacert to the second secure element, the trusted service manager 3 encrypts the second shared secret key EncKey using the fourth public key se2.pk and issues it to the second secure element, and the second secure element verifies the intermediate certificate devoem1.cacert and the second certificate se2.cert, after successful, the second secure element decrypts the encrypted second shared secret key EncKey using the fourth private key se2.sk, obtaining a second shared secret key EncKey.
Referring to fig. 6 in combination, the first secure element 11 randomly generates a first random number Salt, connects the first device identification information ID with the first random number Salt, encrypts the first random number Salt with the second shared key EncKey to obtain a second identity resolution key tIRK, and the first secure element 11 sends the second identity resolution key tIRK, the first device identification information ID and the random number Salt to the first bluetooth module 12, wherein the first bluetooth module 12 uses the resolvable random address RPA including the second identity resolution key to broadcast, and the broadcast packet carries the first random number Salt.
The second secure element 21 of the second electronic device receives the device identification information expectedID of the desired connection input by the user, the second bluetooth module 22 starts bluetooth scanning, when bluetooth pairing broadcast is scanned, the first random number Salt and the resolvable random address RPA in the broadcast data packet are sent to the second secure element 21 for verification, the second secure element 21 connects the device identification information expectedID of the desired connection with the received first random number Salt and uses the first shared secret key EncKey for decryption, if the second identity resolution secret key tIRK can be obtained through normal decryption, the resolvable random address RPA is checked by using the second identity resolution secret key tIRK, and if both decryption and verification are successful, the first electronic device to be connected is correctly searched.
The second security element 21 sends the second certificate SE2.Cert to the second Bluetooth module 22, then to the first Bluetooth module 12 via the second Bluetooth module 22 and finally to the first security element 11, after the first security element 11 uses the intermediate certificate DevOEM1. CACCert to verify that the second certificate SE2.Cert is successful, the first certificate SE1.Cert is sent to the second Bluetooth module 22 via the first Bluetooth module 12 and then to the second security element 21 via the second Bluetooth module 22, and the second security element 21 uses the intermediate certificate DevOEM1. CACCert to verify that the first certificate SE1.Cert.
The first secure element 11 calculates the first shared key CK by DH algorithm using the third private key se1.sk and the fourth public key se2.pk in the verified second certificate se2.cert, and the second secure element 21 calculates the first shared key CK by DH algorithm using the fourth private key se2.sk and the third public key se1.pk in the verified first certificate se1.cert. The first bluetooth module 12 generates local bluetooth pairing information OOB1, encrypts the local bluetooth pairing information OOB1 by using the first shared key CK through the first secure element 11, and sends the encrypted data to the second bluetooth module 22 through the second channel, and the second bluetooth module 22 decrypts the encrypted data through the first secure element 11 to obtain bluetooth pairing information OOB1 of the other party. The second bluetooth module 22 also sends the bluetooth pairing information OOB2 to the first bluetooth module 12 in the same manner, and obtains the bluetooth pairing information OOB2 of the other party after decrypting the bluetooth pairing information by the first security element 11. The first bluetooth module 12 and the second bluetooth module 22 perform secure connection pairing based on the bluetooth pairing information OOB1 and the bluetooth pairing information OOB2.
In some embodiments, prior to S200, comprising:
S710, receiving third security information sent by the first trusted service manager, wherein the third security information comprises a fifth public key generated by the second trusted service manager, the first trusted service manager is used for managing the trusted service manager of the first electronic device, and the second trusted service manager is used for managing the trusted service manager of the second electronic device;
s720, generating a second random number, and encrypting the second random number through a fifth public key;
S730, sending the encrypted second random number to the second trusted service manager via the first trusted service manager;
s740, establishing a first secure channel with the second trusted service management based on the encrypted second random number.
In this embodiment, the first trusted service management trusted manages a first secure element in the first electronic device, a secure channel is provided between the first electronic device and the first trusted service management, and secure transmission of information can be achieved through the secure channel provided between the first electronic device and the first trusted service management. The second trusted service management trust management manages a second security element in the second electronic device, a security channel is arranged between the second electronic device and the second trusted service management, and the secure transmission of information can be realized through the security channel arranged between the second electronic device and the second trusted service management.
It is because the first electronic device and the second electronic device are managed by different trusted service management, respectively. In the pairing process of the first electronic device and the second electronic device, the first trusted service manages the forwarding of participation information, which results in the distrust of the second electronic device, and the second trusted service manages the forwarding of participation information, which results in the distrust of the first electronic device. And establishing a first security channel for the first electronic equipment and the second trusted service management through S710-S740, and realizing information transmission between the first electronic equipment and the second trusted service management through the first security channel, so that information forwarding between the first electronic equipment and the second electronic equipment which participate in Bluetooth pairing in the first trusted service management is omitted.
The second trusted service manager may generate a fifth public key and a fifth private key, the fifth public key and the fifth private key being a pair of keys. The fifth public key is transmitted to the first trusted service manager via a trusted transmission, for example, off-line via a storage medium such as a usb disk, an optical disk, etc. The second trusted service manager sends the fifth public key to the first trusted service manager so that the first trusted service manager can send third security information including the fifth public key to the first electronic device. The first electronic equipment generates a second random number, encrypts the second random number through a fifth public key, and sends the encrypted second random number to the first trusted service management, and the first trusted service management cannot decrypt and obtain the second random number because the first trusted service management does not have a fifth private key. The first trusted service manager sends the encrypted second random number to the second trusted service manager, the second trusted service manager decrypts the encrypted second random number through the fifth private key, and therefore the second random number is obtained, and the first electronic device and the second trusted service establish a first secure channel through the second random number.
In some embodiments, S210 comprises:
negotiating a first shared secret key with the second electronic device via a first secure channel established with the second trusted service management in case the network state is networked;
in other embodiments, S220 includes:
And under the condition that the network state is off-line, negotiating a first sharing secret key with the second electronic equipment based on a first certificate which is signed to the first electronic equipment through the first secure channel in advance by the second trusted service management and a second certificate which is signed to the second electronic equipment through the first secure channel in advance by the second trusted service management.
The method comprises the steps of establishing a first safety channel of first electronic equipment and second trusted service management in advance, when the first electronic equipment and the second electronic equipment are in Bluetooth pairing under the condition that the network state is networking, the first electronic equipment and the second electronic equipment both forward data by taking the second trusted service management as a transfer party, and can issue a first certificate and a second certificate by the second trusted service management in advance, when the first electronic equipment and the second electronic equipment are in Bluetooth pairing under the condition that the network state is off-network, the first electronic equipment and the second electronic equipment can carry out Bluetooth pairing through the first certificate and the second certificate issued by the second trusted service management. The trusted service management referred to in the foregoing S100 to S400 is the second trusted service management.
In some embodiments, the third security information further includes signature information of the third public key by the first trusted service manager, and S720 includes:
S721, generating a second random number, encrypting the second random number through a fifth public key and signing the encrypted second random number under the condition that the signature information of the third security information is verified successfully;
S730 includes:
S731, the signed second random number is sent to the first trusted service manager, so that the first trusted service manager forwards the signed second random number to the second trusted service manager, which decrypts the encrypted second random number by a fifth private key that matches the fifth public key if verifying the signed second random number is successful.
The first trusted service manager may sign the fifth public key with the root certificate private key of the device OEM and then send to the first secure element. The first secure element verifies the signature of the third secure information using the root certificate of the self-contained device OEM. And verifying the signature information of the third security information is successful, confirming that the received fifth public key is legal, and improving the security of the fifth public key transmitted between the first electronic equipment and the first trusted service management.
The first secure element randomly generates a second random number and encrypts it using a fifth public key and signs it using the private key of the self-contained digital certificate. The signed encrypted second random number and the digital certificate are sent to a first trusted service manager, which forwards the second trusted service manager. The second trusted service manager verifies the digital certificate by using the root certificate of the manufacturer of the first secure element, verifies whether the encrypted second random number is legal by using the digital certificate, and finally decrypts the encrypted second random number by using the fifth private key to obtain the second random number. By adding a signature to the encrypted second random number, the encrypted second random number can be verified, and the security of the received second random number is improved.
Referring to fig. 7 and 8, the first trusted service manager 3a illustratively manages the configuration of the first secure element 11 such that the first secure element 11 supports trusted pairings across different trusted service managers. The second trusted service manager 3b generates a fifth private key ap.sk and a fifth public key ap.pk, transmits the fifth public key ap.pk to the first trusted service manager 3a, the first trusted service manager 3a signs the fifth public key ap.pk using the root certificate private key of the device OEM2 and then transmits it to the first secure element 11, the first secure element 11 verifies the signature using the root certificate of the device OEM2, verifies that the fifth public key ap.pk is legitimate, the first secure element 11 generates a second random number RK and encrypts it using the fifth public key ap.pk and signs it using the private key of the digital certificate SE, transmits the second random number RK encrypted with the signature and the digital certificate SE to the second trusted service manager 3b via the first trusted service manager 3a, and the second trusted service manager 3b verifies whether the second random number RK encrypted with the digital certificate SE is legitimate using the root certificate SE of the producer of the first secure element 11, and decrypts it using the fifth private key ap.sk. A first secure channel can be established between the second trusted service manager 3b and the first secure element 11 on the basis of the second random number RK, which is not known to the first trusted service manager 3 a.
Optionally, the first electronic device and the second electronic device are devices produced by different manufacturers. The first electronic device is a vehicle, the second electronic device is a mobile phone, and Bluetooth pairing is established between the first electronic device and the second electronic device, so that the second electronic device can be used as a Bluetooth key to start the first electronic device.
The application also provides another Bluetooth module pairing method which is applied to the second electronic equipment, and the method comprises the following steps:
S10, receiving Bluetooth pairing broadcast sent by first electronic equipment, wherein the Bluetooth pairing broadcast is sent by the first electronic equipment according to the network state managed by the first electronic equipment and trusted service;
s20, negotiating a first shared secret key with the first electronic equipment based on a negotiation rule matched with Bluetooth pairing broadcast;
s30, carrying out encryption communication with the first electronic equipment based on the first sharing secret key to obtain Bluetooth pairing information;
s40, establishing Bluetooth pairing with the first electronic equipment according to the Bluetooth pairing information;
wherein S20 includes:
S21, negotiating a first shared secret key with the first electronic equipment through trusted service management under the condition that the network state is networking;
s22, negotiating a first shared secret key with the first electronic equipment based on a first certificate and a second certificate when the network state is off-network, wherein the first certificate is a digital certificate which is pre-signed by the trusted service management to the first electronic equipment, and the second certificate is a digital certificate which is pre-signed by the trusted service management to the second electronic equipment.
When the second electronic device executes S10-S40, the first electronic device can execute S100-S400 to realize Bluetooth pairing between the first electronic device and the second electronic device, and the beneficial effects of the first electronic device executing S100-S400 can be realized, which are not described herein.
In some embodiments, S21 comprises:
Generating a second key pair under the condition that a first public key sent by the trusted service management through the secure channel is received, wherein the second key pair comprises a second public key and a second private key, and the first public key is generated by the first electronic equipment;
transmitting the second public key to the trusted service manager through the secure channel, such that the trusted service manager forwards the second public key to the first electronic device;
and calculating to obtain a first shared secret key according to the second private key and the first public key.
In some embodiments, S30 comprises:
Receiving a first identity analysis key sent by the trusted service management through a secure channel, wherein the first identity analysis key is generated by first electronic equipment;
under the condition that the Bluetooth pairing broadcast is verified to be successful according to the first identity analysis secret key, a Bluetooth connection request is sent to the first electronic equipment, and the Bluetooth pairing broadcast carries the first identity analysis secret key;
establishing connection with the first electronic equipment according to the Bluetooth connection request;
And carrying out encrypted communication with the first electronic equipment by adopting the first sharing secret key to obtain Bluetooth pairing information.
In some embodiments, S22 comprises:
receiving a first certificate sent by first electronic equipment;
And under the condition that the first certificate is successfully verified, resolving a first shared secret key based on a pre-stored fourth private key and a third public key in the first certificate, wherein the first certificate is a device entity certificate issued by trusted service management on the third public key, the second certificate is a device entity certificate issued by trusted service management on the fourth public key, and the fourth public key and the fourth private key are paired key pairs.
In some embodiments, S10 comprises:
Receiving first equipment identification information input by a user, and scanning Bluetooth pairing broadcast sent by first electronic equipment, wherein the Bluetooth pairing broadcast comprises a second identity analysis secret key and a first random number, the second identity analysis secret key is first safety information encrypted by a second sharing secret key, the first safety information is generated according to the first equipment identification information and the first random number of the first electronic equipment, and the second sharing secret key is a secret key issued by trusted service management;
Verifying the second identity resolution key according to the first device identification information, the received first random number and the pre-stored second shared key;
under the condition that the verification of the second identity analysis secret key is successful, a Bluetooth connection request is sent to the first electronic equipment, and a second channel is established with the first electronic equipment;
and sending the second certificate to the first electronic device through the second channel.
In some embodiments, S22 is preceded by:
S51, sending the second security information and the first identity analysis secret key in the Bluetooth pairing broadcast to a second trusted service management, so that the second trusted service management is forwarded to the first trusted service management, wherein the first trusted service management is the trusted service management for managing the first electronic equipment, and the second trusted service management is the trusted service management for managing the second electronic equipment;
S52, receiving a signed sixth public key sent by the second trusted service manager, the signed sixth public key being a public key generated for the first trusted service manager and signed by the second trusted service manager,
S53, generating a fourth random number when the signed sixth public key is verified successfully, encrypting the fourth random number through the sixth public key, and signing the encrypted fourth random number;
S54, the signed fourth random number is sent to the second trusted service management, so that the second trusted service management forwards the signed fourth random number to the first trusted service management, and the first trusted service management decrypts the signed fourth random number through a sixth private key to obtain a fourth random number under the condition that verification of the signed fourth random number is successful, wherein the sixth private key and the sixth public key are paired key pairs;
S55, establishing a third secure channel with the first trusted service management based on the fourth random number.
The first trusted service management and the second trusted service management are different trusted service management. When the first electronic equipment is in a disconnected network and the second electronic equipment has the Bluetooth pairing requirement with the first electronic equipment, a third safety channel between the second electronic equipment and the first trusted service management can be established through S51-S55, and data transmission is realized through the third safety channel, so that Bluetooth pairing between the first electronic equipment and the second electronic equipment is realized.
The first electronic equipment acquires a first certificate issued by the first trusted service management in advance, and when Bluetooth pairing is carried out between the first electronic equipment and the second electronic equipment, the first electronic equipment can establish Bluetooth pairing with the second electronic equipment through the first certificate without connecting the first trusted service management. The second electronic device can establish a third secure channel with the second trusted service management through Bluetooth pairing broadcast, and further obtain a second certificate issued by the first trusted service management.
The Bluetooth pairing broadcast sent by the first electronic device carries a resolvable random address, and the resolvable random address comprises a third identity resolution key and a first random number. The first electronic device may send a bluetooth pairing broadcast with reference to S120-S140 and generate a third identity-resolving key with reference to the second identity-resolving key. The second electronic device scans the Bluetooth pairing broadcast sent by the first electronic device, sends the device identification information expectedID of the electronic device which is expected to be connected, the third identity analysis key and the first random number carried by the Bluetooth pairing broadcast to the second trusted service management, and the second trusted service management transmits the device identification information expectedID, the third identity analysis key and the first random number to the first trusted service management. The first trusted service manager generates first verification information according to a preset rule adopted when the first electronic device generates the first security information according to the received device identification information expectedID and the first random number carried in the resolvable random address RPA. Because the first trusted service manager generates and stores the second shared secret key, the first trusted service manager decrypts the first verification information through the second shared secret key, if the second verification information can be obtained through normal decryption, the second verification information is continuously used for verification with the third identity analysis secret key in the resolvable random address, if the decryption and the verification are successful, the second electronic device is correctly searched for the first electronic device, the first trusted service manager generates a sixth public key and a sixth private key, and the sixth public key is sent to the second trusted service pipe. The second trusted service manager may sign the sixth public key to increase the security of the sixth public key transmitted to the second electronic device.
The second secure element may generate a fourth random number, encrypt the fourth random number with the sixth public key, sign the encrypted fourth random number with the private key of the self-contained digital certificate, and send the encrypted and signed fourth random number and the digital certificate to the first trusted service management via the second trusted service management. After the first trusted authority verifies the root certificate of the equipment OEM using the second secure element, the second trusted authority decrypts the root certificate using the second private key to obtain a second random number. The second electronic device establishes a third secure channel with the first trusted service manager based on the fourth random number, and the second trusted service manager is unable to learn the fourth random number.
S23 includes:
and negotiating a first sharing secret key with the first electronic device based on the first certificate pre-signed to the first electronic device by the first trusted service management and the second certificate pre-signed to the second electronic device by the first trusted service management through the third secure channel under the condition that the network state is off-network.
After the second electronic device establishes a third secure channel with the first trusted service management based on the fourth random number, a second certificate issued by the first trusted service management can be obtained, and then the second electronic device negotiates with the first electronic device for the first shared secret key through the first certificate and the second certificate.
For example, referring to fig. 9 and 10, the first secure element 11 randomly generates a first random number Salt, connects the first identification information ID and the first random number Salt, uses the second shared key EncKey to encrypt the first random number Salt to obtain a third identity resolution key tIRK, uses the third identity resolution key tIRK to perform resolvable random address RPA broadcast, and carries the first random number Salt in the broadcast packet;
The second bluetooth module 22 starts scanning, and transmits the first random number Salt and the resolvable random address RPA to the second secure element 21, and the second secure element 21 transmits the desired identification information expectedID, the first random number Salt and the resolvable random address RPA to the first trusted service management 3a through the second trusted service management 3 b;
The first trusted service manager 3a uses the identity identification information expectedID and the first random number Salt to splice, encrypts the first trusted service manager by the second shared secret key EncKey to obtain first authentication information, and the first authentication information is consistent with the third identity analysis secret key tIRK, so that the authentication is successful. The first trusted service manager 3a returns the sixth public key ap.pk to the second trusted service manager 3b, and the second trusted service manager 3b signs the sixth public key ap.pk with the private key of the device OEM and sends it back to the second secure element 121;
after the second secure element 21 verifies that the signature of the sixth public key ap.pk is successful, a fourth random number RK is generated, encrypted using the sixth public key ap.pk and signed using the private key of the digital certificate SE;
The second secure element 21 sends the encrypted and signed fourth random number RK and the digital certificate SE to the first trusted service management 3a via the second trusted service management 3b, after the first trusted service management 3a uses the manufacturer root certificate of the second secure element 21 to verify successfully, the fourth random number RK is obtained by decrypting using the sixth private key ap.sk, and a third secure channel can be established between the first trusted service management 3a and the second secure element 21 according to the fourth random number RK.
According to the Bluetooth module pairing method provided by the embodiment of the application, the execution main body can be a Bluetooth module pairing device. In the embodiment of the application, a bluetooth module pairing device executes a bluetooth module pairing method as an example, and the bluetooth module pairing device provided by the embodiment of the application is described.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a bluetooth module pairing device according to another embodiment of the application, and as shown in fig. 11, the bluetooth module pairing device may include:
A first broadcasting module 111, configured to send a bluetooth pairing broadcast according to a network state managed by the first electronic device and the trusted service;
A first sharing module 112, configured to negotiate a first sharing key with the second electronic device based on a negotiation rule matched with the bluetooth pairing broadcast;
a first communication module 113, configured to perform encrypted communication with the second electronic device based on the first shared secret key, to obtain bluetooth pairing information;
A first pairing module 114, configured to establish a bluetooth pairing with the second electronic device according to the bluetooth pairing information;
wherein the first sharing module 112 includes:
a first sharing unit, configured to negotiate a first sharing key with a second electronic device via trusted service management in a case where the network state is networking;
the second sharing unit is used for negotiating a first sharing secret key with the second electronic equipment based on a first certificate and a second certificate under the condition that the network state is disconnected, wherein the first certificate is a digital certificate which is pre-signed to the first electronic equipment for trusted service management, and the second certificate is a digital certificate which is pre-signed to the second electronic equipment for trusted service management.
In some embodiments, the first sharing unit is configured to generate, in a case where the network state is networking, a first key pair, the first key pair including a first public key and a first private key;
Transmitting the first public key to the trusted service manager through a secure channel established with the trusted service manager, so that the trusted service manager forwards the first public key to the second electronic device;
Receiving a second public key sent by the trusted service management through the secure channel, wherein the second public key is a secret key generated by the second electronic equipment according to the first public key and sent to the trusted service management;
and calculating to obtain a first shared secret key according to the first private key and the second public key.
In some embodiments, the first broadcast module 111 is configured to send a bluetooth pairing broadcast, where the network status is networking, the bluetooth pairing broadcast carrying a first identity resolution key;
the first communication module 113 is configured to:
Sending the first identity resolving key to the trusted service management through the secure channel, so that the trusted service management forwards the first identity resolving key to the second electronic device;
receiving a Bluetooth connection request sent by the second electronic equipment according to the first identity analysis key;
Establishing connection with the second electronic equipment according to the Bluetooth connection request;
And carrying out encryption communication with the second electronic equipment by adopting the first sharing secret key to obtain Bluetooth pairing information.
In some embodiments, the second sharing unit is configured to receive a second certificate sent by the second electronic device in a case where the network state is off-network;
Under the condition that the second certificate is successfully verified, resolving a first shared secret key based on a pre-stored third private key and a fourth public key in the second certificate;
The first certificate is sent to the second electronic equipment, so that the second electronic equipment analyzes the first shared secret key based on a pre-stored fourth secret key and a third public key in the first certificate under the condition that the first certificate is successfully verified;
the first certificate is a device entity certificate issued by the trusted service management to the third public key, the third public key and the third private key are paired key pairs, the second certificate is a device entity certificate issued by the trusted service management to the fourth public key, and the fourth public key and the fourth private key are paired key pairs.
In some embodiments, the bluetooth module pairing device further comprises:
the first certificate signing request module is used for generating a third private key, a third public key and a certificate signing request related to the third public key, and sending the certificate signing request to the trusted service management through a secure channel established with the trusted service management;
Receiving an intermediate certificate and a first certificate sent by the trusted service management according to a certificate signing request, wherein the intermediate certificate is a certificate issued by the trusted service management through the first certificate, and the first certificate is a certificate issued by the trusted service management to a third public key according to a private key of the intermediate certificate;
The second sharing unit is further configured to parse the first sharing key based on the third private key and the fourth public key, where the second sharing unit is configured to manage, for the trusted service, a certificate issued by the second sharing unit to the fourth public key according to the private key of the intermediate certificate, if the second certificate is successfully authenticated by the intermediate certificate.
In some embodiments, the first broadcast module 111 is to:
generating a first random number under the condition that the network state is off-network, and generating first safety information according to first equipment identification information of the first electronic equipment and the first random number;
encrypting the first security information through a second shared secret key to obtain a second identity analysis secret key, wherein the second shared secret key is a secret key issued by trusted service management;
Broadcasting Bluetooth pairing broadcast carrying a second identity analysis key and a first random number, so that the second electronic equipment verifies the second identity analysis key according to the first equipment identification information, the received first random number and a pre-stored second shared key;
The bluetooth module pairing device further includes:
the first connection module is used for receiving a Bluetooth connection request sent by the second electronic equipment according to the first identity analysis secret key which is successfully verified;
establishing a second channel with the second electronic equipment according to the Bluetooth connection request;
The second sharing unit is further configured to receive a second certificate sent by the second electronic device through the second channel.
In some embodiments, the bluetooth module pairing device further comprises:
The first authentication module is used for receiving third security information sent by the first trusted service management, wherein the third security information comprises a fifth public key generated by the second trusted service management, the first trusted service management is the trusted service management for managing the first electronic equipment, and the second trusted service management is the trusted service management for managing the second electronic equipment;
generating a second random number, and encrypting the second random number through a fifth public key;
transmitting the encrypted second random number to the second trusted service manager via the first trusted service manager;
Establishing a first secure channel based on the encrypted second random number and the second trusted service management;
The first sharing unit is further configured to negotiate a first sharing key with the second electronic device via a first secure channel established with the second trusted service management in case the network state is networking;
The second sharing unit is further configured to negotiate a first sharing key with the second electronic device based on a first certificate that is signed to the first electronic device through the first secure channel in advance by the second trusted service management and a second certificate that is signed to the second electronic device through the first secure channel in advance by the second trusted service management when the network state is off-network.
In some embodiments, the third security information further comprises signature information of the first trusted service management to the fifth public key, the first authentication module is further configured to generate a second random number if verification of the signature information of the third security information is successful, encrypt the second random number with the fifth public key, and sign the encrypted second random number;
the signed second random number is sent to the first trusted service manager such that the first trusted service manager forwards the signed second random number to the second trusted service manager, which decrypts the encrypted second random number with a fifth private key that matches the fifth public key if verification of the signed second random number is successful.
The present application also provides a bluetooth module pairing device, which may include:
The second receiving module is used for receiving Bluetooth pairing broadcast sent by the first electronic equipment, wherein the Bluetooth pairing broadcast is sent by the first electronic equipment according to the network state managed by the first electronic equipment and the trusted service;
The second sharing module is used for negotiating the first sharing secret key with the first electronic equipment based on a negotiation rule matched with the Bluetooth pairing broadcast;
the second communication module is used for carrying out encrypted communication with the first electronic equipment based on the first shared secret key to obtain Bluetooth pairing information
The second pairing module is used for establishing Bluetooth pairing with the first electronic equipment according to the Bluetooth pairing information;
Wherein the second sharing module includes:
A third sharing unit configured to negotiate a first sharing key with the first electronic device via trusted service management in a case where the network state is networking;
The fourth sharing unit is configured to negotiate a first sharing key with the first electronic device based on a first certificate and a second certificate when the network state is off-network, where the first certificate is a digital certificate pre-signed to the first electronic device for trusted service management, and the second certificate is a digital certificate pre-signed to the second electronic device for trusted service management.
In some embodiments, the bluetooth module pairing device further comprises:
the second authentication module is used for sending a third identity analysis key in the Bluetooth pairing broadcast to the second trusted service management so that the second trusted service management is forwarded to the first trusted service management, wherein the first trusted service management is the trusted service management for managing the first electronic equipment, and the second trusted service management is the trusted service management for managing the second electronic equipment;
Receiving a signed sixth public key sent by the second trusted service manager, the signed sixth public key being a public key generated for the first trusted service manager and signed by the second trusted service manager;
generating a fourth random number under the condition that verification of the signed sixth public key is successful, encrypting the fourth random number through the sixth public key, and signing the encrypted fourth random number;
Transmitting the signed fourth random number to a second trusted service manager, so that the second trusted service manager forwards the signed fourth random number to the first trusted service manager, and the first trusted service manager decrypts the signed fourth random number through a sixth private key to obtain a fourth random number under the condition that verification of the signed fourth random number is successful, wherein the sixth private key and the sixth public key are paired key pairs;
Establishing a third secure channel with the first trusted service management based on the fourth random number;
the fourth sharing unit is configured to negotiate a first sharing key with the first electronic device based on a first certificate pre-signed to the first electronic device by the first trusted service management and a second certificate pre-signed to the second electronic device by the first trusted service management through the third secure channel when the network state is off.
The bluetooth module pairing device in the embodiment of the application can be an electronic device, and also can be a component in the electronic device, such as an integrated circuit or a chip. The electronic device may be a terminal, or may be other devices than a terminal. The electronic device may be a Mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic device, a Mobile internet appliance (Mobile INTERNET DEVICE, MID), an augmented reality (augmented reality, AR)/Virtual Reality (VR) device, a robot, a wearable device, an ultra-Mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), etc., and may also be a server, a network attached storage (NetworkAttached Storage, NAS), a personal computer (personal computer, PC), a Television (TV), a teller machine, a self-service machine, etc. an augmented reality (augmented reality, AR), a Virtual Reality (VR) device, etc., which are not particularly limited in the embodiments of the present application.
The bluetooth module pairing device in the embodiment of the application can be a device with an operating system. The operating system may be an Android operating system, an ios operating system, a BlueOS operating system, or other possible operating systems, and the embodiment of the present application is not limited specifically.
The bluetooth module pairing device provided by the embodiment of the present application can implement each process implemented by the method embodiments of fig. 1 to 10, and in order to avoid repetition, a detailed description is omitted here.
Optionally, as shown in fig. 12, the embodiment of the present application further provides an electronic device 100, including a processor 101 and a memory 102, where the memory 102 stores a program or an instruction that can be executed on the processor 101, and the program or the instruction implements each step of the above embodiment of the bluetooth module pairing method when executed by the processor 101, and can achieve the same technical effect, so that repetition is avoided, and no further description is given here.
The electronic device in the embodiment of the application includes the mobile electronic device and the non-mobile electronic device.
Fig. 13 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present application.
The electronic device 1000 includes, but is not limited to, a radio frequency unit 1201, a network module 1202, an audio output unit 1203, an input unit 1204, a sensor 1205, a display unit 1206, a user input unit 1207, an interface unit 1208, a memory 1209, and a processor 1210.
Those skilled in the art will appreciate that the electronic device 1000 may also include a power source (e.g., a battery) for powering the various components, and that the power source may be logically coupled to the processor 1210 by a power management system for performing functions such as managing charging, discharging, and power consumption by the power management system. The electronic device structure shown in fig. 13 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than shown, or may combine certain components, or may be arranged in different components, which are not described in detail herein.
Wherein the processor 1210 is configured to send a bluetooth pairing broadcast according to a network state managed by the first electronic device and the trusted service;
processor 1210 is configured to negotiate a first shared secret key with a second electronic device based on a negotiation rule that matches a bluetooth pairing broadcast;
The processor 1210 is configured to perform encrypted communication with the second electronic device based on the first shared secret key to obtain bluetooth pairing information;
The processor 1210 is configured to establish a bluetooth pairing with the second electronic device according to the bluetooth pairing information;
Wherein the processor 1210 is configured to negotiate a first shared key with the second electronic device via trusted service management if the network state is networking;
the processor 1210 is configured to negotiate a first shared secret key with a second electronic device based on a first certificate and a second certificate, where the first certificate is a digital certificate pre-signed to the first electronic device for trusted service management, and the second certificate is a digital certificate pre-signed to the second electronic device for trusted service management, in case the network state is off-network.
Optionally, the processor 1210 is configured to send the first public key to the trusted service manager through a secure channel established with the trusted service manager, so that the trusted service manager forwards the first public key to the second electronic device;
The processor 1210 is configured to receive a second public key sent by the trusted service manager through the secure channel, where the second public key is a key generated by the second electronic device according to the first public key and sent to the trusted service manager;
the processor 1210 is configured to calculate a first shared secret key according to the first private key and the second public key.
Optionally, the processor 1210 is configured to send a bluetooth pairing broadcast in case the network status is networking, where the bluetooth pairing broadcast carries a first identity resolution key;
the processor 1210 is configured to send the first identity-resolving key to the trusted service manager via the secure channel, so that the trusted service manager forwards the first identity-resolving key to the second electronic device;
The processor 1210 is configured to receive a bluetooth connection request sent by the second electronic device according to the first identity-resolving key;
The processor 1210 is configured to establish a connection with the second electronic device according to the bluetooth connection request;
the processor 1210 is configured to perform encrypted communication with the second electronic device using the first shared key to obtain bluetooth pairing information.
Optionally, the processor 1210 is configured to receive a second certificate sent by the second electronic device in a case where the network status is off-line;
The processor 1210 is configured to parse the first shared secret key based on the pre-stored third private key and the fourth public key in the second certificate if the second certificate is successfully verified;
The processor 1210 is configured to send a first certificate to the second electronic device, so that the second electronic device parses the first shared secret key based on the pre-stored fourth secret key and the third public key in the first certificate if the first certificate is verified successfully;
the first certificate is a device entity certificate issued by the trusted service management to the third public key, the third public key and the third private key are paired key pairs, the second certificate is a device entity certificate issued by the trusted service management to the fourth public key, and the fourth public key and the fourth private key are paired key pairs.
Optionally, the processor 1210 is configured to generate a third private key, a third public key, and a certificate signing request related to the third public key, and send the certificate signing request to the trusted service management through a secure channel established with the trusted service management;
The processor 1210 is configured to receive an intermediate certificate and a first certificate sent by the trusted service manager according to the certificate signing request, where the intermediate certificate is a certificate issued by the trusted service manager through the first certificate, and the first certificate is a certificate issued by the trusted service manager to the third public key according to a private key of the intermediate certificate;
The processor 1210 is configured to parse the first shared secret key based on the third private key and the fourth public key if the second certificate is successfully verified by the intermediate certificate, where the second certificate manages, for the trusted service, a certificate issued to the fourth public key according to the private key of the intermediate certificate.
Optionally, the processor 1210 is configured to generate a first random number if the network status is off-line, and generate first security information according to the first device identification information of the first electronic device and the first random number;
The processor 1210 is configured to encrypt the first security information with a second shared key to obtain a second identity resolution key, where the second shared key is a key issued by trusted service management;
The processor 1210 is configured to broadcast a bluetooth pairing broadcast carrying a second identity resolution key and a first random number, so that the second electronic device verifies the second identity resolution key according to the first device identification information, the received first random number and a pre-stored second shared key;
the processor 1210 is configured to receive a bluetooth connection request sent by the second electronic device according to the first identity-resolving key that is successfully verified;
the processor 1210 is configured to establish a second channel with a second electronic device according to the bluetooth connection request;
The processor 1210 is configured to receive a second certificate sent by a second electronic device over a second channel.
Optionally, the processor 1210 is configured to receive third security information sent by the first trusted service manager, where the third security information includes a fifth public key generated by the second trusted service manager, and the first trusted service manager is used for managing the trusted service manager of the first electronic device, and the second trusted service manager is used for managing the trusted service manager of the second electronic device;
The processor 1210 is configured to generate a second random number, and encrypt the second random number with a fifth public key;
Processor 1210 is configured to send the encrypted second random number to the second trusted service manager via the first trusted service manager;
The processor 1210 is configured to establish a first secure channel with a second trusted service management based on the encrypted second random number;
The processor 1210 is configured to negotiate a first shared key with a second electronic device via a first secure channel established with a second trusted service management if the network state is networked;
The processor 1210 is configured to negotiate a first shared key with a second electronic device based on a first certificate that is signed in advance by the second trusted service manager through the first secure channel and a second certificate that is signed in advance by the second trusted service manager through the first secure channel in case the network state is off-network.
The processor 1210 is configured to generate a second random number if verification of the signature information of the third security information is successful, encrypt the second random number with the fifth public key, and sign the encrypted second random number;
The processor 1210 is configured to send the signed second random number to the first trusted service manager to cause the first trusted service manager to forward the signed second random number to the second trusted service manager, which decrypts the encrypted second random number with a fifth private key that matches the fifth public key if verification of the signed second random number is successful.
The processor 1210 of the electronic device is configured to receive a bluetooth pairing broadcast sent by the first electronic device, where the bluetooth pairing broadcast is sent by the first electronic device according to a network state managed by the first electronic device and a trusted service;
Processor 1210 is configured to negotiate a first shared secret key with a first electronic device based on a negotiation rule that matches a bluetooth pairing broadcast;
the processor 1210 is configured to perform encrypted communication with the first electronic device based on the first shared secret key, and the bluetooth pairing information processor 1210 is configured to establish bluetooth pairing with the first electronic device according to bluetooth pairing information;
wherein the processor 1210 is configured to negotiate a first shared key with the first electronic device via trusted service management if the network state is networking;
The processor 1210 is configured to negotiate a first shared secret key with the first electronic device based on a first certificate and a second certificate, where the first certificate is a digital certificate pre-signed to the first electronic device for trusted service management, and the second certificate is a digital certificate pre-signed to the second electronic device for trusted service management, in case the network state is off-network.
In some embodiments, the processor 1210 is configured to send the third identity resolution key in the bluetooth pairing broadcast to the second trusted service manager to cause the second trusted service manager to forward to the first trusted service manager, the first trusted service manager being a trusted service manager that manages the first electronic device, the second trusted service manager being a trusted service manager that manages the second electronic device;
The processor 1210 is configured to receive a signed sixth public key sent by the second trusted service manager, the signed sixth public key being a public key generated for the first trusted service manager and signed by the second trusted service manager;
the processor 1210 is configured to generate a fourth random number if the signed sixth public key is verified, encrypt the fourth random number with the sixth public key, and sign the encrypted fourth random number;
The processor 1210 is configured to send the signed fourth random number to the second trusted service manager, so that the second trusted service manager forwards the signed fourth random number to the first trusted service manager, and the first trusted service manager decrypts the signed fourth random number with the sixth private key to obtain a fourth random number if the verification of the signed fourth random number is successful, where the sixth private key and the sixth public key are paired key pairs;
the processor 1210 is configured to establish a third secure channel with the first trusted service management based on the fourth random number;
The processor 1210 is configured to negotiate a first shared secret key with the first electronic device based on a first certificate pre-signed to the first electronic device by the first trusted service management and a second certificate pre-signed to the second electronic device by the first trusted service management through a third secure channel, in case the network state is off-network.
It should be appreciated that in an embodiment of the present application, the input unit 1204 may include a graphics processor (Graphics Processing Unit, GPU) 12041 and a microphone 12042, and the graphics processor 12041 processes image data of still pictures or video obtained by an image capturing apparatus (e.g., camera module) in a video capturing mode or an image capturing mode. The display unit 1206 may include a display panel 12061, and the display panel 12061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 1207 includes at least one of a touch panel 12071 and other input devices 12072. The touch panel 12071 is also called a touch screen. The touch panel 12071 may include two parts, a touch detection device and a touch controller. Other input devices 12072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and so forth, which are not described in detail herein.
Memory 1209 may be used to store software programs as well as various data. The memory 1209 may mainly include a first memory area storing programs or instructions and a second memory area storing data, wherein the first memory area may store an operating system, application programs or instructions (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like. Further, the memory 1209 may include volatile memory or nonvolatile memory, or the memory 1209 may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM), static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate Synchronous dynamic random access memory (Double DATA RATE SDRAM, DDRSDRAM), enhanced Synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCH LINK DRAM, SLDRAM), and Direct random access memory (DRRAM). Memory 1209 in embodiments of the present application includes, but is not limited to, these and any other suitable types of memory.
Processor 1210 may include one or more processing units and, optionally, processor 1210 integrates an application processor that primarily processes operations involving an operating system, user interface, application program, etc., and a modem processor that primarily processes wireless communication signals, such as a baseband processor. It will be appreciated that the modem processor described above may not be integrated into processor 1210.
The embodiment of the application also provides a readable storage medium, and the readable storage medium stores a program or an instruction, which when executed by a processor, implements each process of the bluetooth module pairing method embodiment, and can achieve the same technical effect, so that repetition is avoided, and no further description is provided herein.
The processor is a processor in the electronic device in the above embodiment. Readable storage media include computer readable storage media such as computer readable memory ROM, random access memory RAM, magnetic or optical disks, and the like.
The embodiment of the application further provides a chip, the chip comprises a processor and a communication interface, the communication interface is coupled with the processor, the processor is used for running programs or instructions, the processes of the Bluetooth module pairing method embodiment can be realized, the same technical effects can be achieved, and the repetition is avoided, and the description is omitted here.
It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, chip systems, or system-on-chip chips, etc.
Embodiments of the present application provide a computer program product stored in a storage medium, where the program product is executed by at least one processor to implement the respective processes of the bluetooth module pairing method embodiment described above, and achieve the same technical effects, and for avoiding repetition, a detailed description is omitted herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Furthermore, it should be noted that the scope of the methods and apparatus in the embodiments of the present application is not limited to performing the functions in the order shown or discussed, but may also include performing the functions in a substantially simultaneous manner or in an opposite order depending on the functions involved, e.g., the described methods may be performed in an order different from that described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in part in the form of a computer software product stored on a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the embodiments of the present application.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510261637.4A CN119835648A (en) | 2025-03-05 | 2025-03-05 | Bluetooth module pairing method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510261637.4A CN119835648A (en) | 2025-03-05 | 2025-03-05 | Bluetooth module pairing method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN119835648A true CN119835648A (en) | 2025-04-15 |
Family
ID=95301288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510261637.4A Pending CN119835648A (en) | 2025-03-05 | 2025-03-05 | Bluetooth module pairing method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119835648A (en) |
-
2025
- 2025-03-05 CN CN202510261637.4A patent/CN119835648A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101366243B1 (en) | Method for transmitting data through authenticating and apparatus therefor | |
| US12231427B2 (en) | Mutual authentication system | |
| US7552322B2 (en) | Using a portable security token to facilitate public key certification for devices in a network | |
| JP4617763B2 (en) | Device authentication system, device authentication server, terminal device, device authentication method, and device authentication program | |
| US20190074977A1 (en) | Method and system for producing a secure communication channel for terminals | |
| US8621210B2 (en) | Ad-hoc trust establishment using visual verification | |
| CN102857911B (en) | Positioning method, terminal and server | |
| US9369464B2 (en) | Scalable authentication system | |
| CN113515755B (en) | Awakening method of automatic driving vehicle, storage medium and electronic equipment | |
| US8831225B2 (en) | Security mechanism for wireless video area networks | |
| CN106131008B (en) | Video and audio monitoring equipment, security authentication method thereof and video and audio display equipment | |
| CN111510448A (en) | Communication encryption method, device and system in OTA (over the air) upgrade of automobile | |
| CN112084521A (en) | Unstructured data processing method, device and system for block chain | |
| CN115643020A (en) | Method and electronic device for verifying device identity during secure pairing | |
| CN113904830A (en) | SPA authentication method and device, electronic equipment and readable storage medium | |
| CN114490552B (en) | Data transmission method, device and electronic device | |
| CN108696361A (en) | Configuration method, generation method and the device of smart card | |
| CN112667992A (en) | Authentication method, authentication device, storage medium, and electronic apparatus | |
| CN116015906B (en) | Node authorization method, node communication method and device for privacy calculation | |
| CN119835648A (en) | Bluetooth module pairing method and device, electronic equipment and readable storage medium | |
| KR101256114B1 (en) | Message authentication code test method and system of many mac testserver | |
| JP2005086428A (en) | Method for performing encrypted communication with authentication, authentication system and method | |
| CN115242395A (en) | Data communication method, device, distributed system and storage medium | |
| US20050076217A1 (en) | Integrating a device into a secure network | |
| KR100479323B1 (en) | A payment method based on credit card on a wireless internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |