CN110022320B - Communication pairing method and communication device - Google Patents

Communication pairing method and communication device Download PDF

Info

Publication number
CN110022320B
CN110022320B CN201910275903.3A CN201910275903A CN110022320B CN 110022320 B CN110022320 B CN 110022320B CN 201910275903 A CN201910275903 A CN 201910275903A CN 110022320 B CN110022320 B CN 110022320B
Authority
CN
China
Prior art keywords
key
public key
pairing
intermediate value
temporary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910275903.3A
Other languages
Chinese (zh)
Other versions
CN110022320A (en
Inventor
孙吉平
刘跃峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wikipedia Technology Co.,Ltd.
Original Assignee
Beijing Wikipedia Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wikipedia Technology Co ltd filed Critical Beijing Wikipedia Technology Co ltd
Priority to CN201910275903.3A priority Critical patent/CN110022320B/en
Publication of CN110022320A publication Critical patent/CN110022320A/en
Application granted granted Critical
Publication of CN110022320B publication Critical patent/CN110022320B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a communication pairing method, which is applied to first equipment and comprises the following steps: after sending a pairing request to the second device, receiving a second temporary public key from the second device; generating a first temporary public key and a first temporary private key, generating a first intermediate value based on a dynamic password input into first equipment, generating a second intermediate value based on the first temporary public key and a second temporary public key, generating a first verification code based on the first intermediate value and the second intermediate value, and sending the first temporary public key and the first verification code to second equipment for first verification; after the first authentication is passed, the pairing public key is exchanged with the second device. The embodiment of the invention also discloses a communication device. Through the pairing scheme of the embodiment of the invention, the communication key with higher safety and usability can be established.

Description

Communication pairing method and communication device
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a communication pairing method and a communication device.
Background
Communication channels between devices, particularly wireless communication channels, are susceptible to eavesdropping by malicious attackers and tampering with communicated data. Therefore, data encryption needs to be performed on the communication channel. Pairing means that a mutual trust relationship is established between two devices, and a communication key can be securely negotiated, so that a secure data channel is established between the devices.
In the prior art, the same encryption key is usually preset on the device. In this way, the devices need to be set in a unified manner when leaving the factory, and if the devices are produced by different manufacturers, a common key needs to be negotiated among different manufacturers, so that the key negotiation and management costs are high, and the key is easy to leak.
In the prior art, a Diffie-Hellman algorithm is also adopted to negotiate the key, and the Diffie-Hellman algorithm has the defect that a man-in-the-middle attack problem exists, and an attacker can intercept the key negotiation information on a communication channel and respectively establish communication keys with two communication parties.
Disclosure of Invention
In view of this, embodiments of the present invention provide a communication pairing method and a communication device, which can solve the security risk in the prior art, and an attacker cannot perform man-in-the-middle attack by intercepting key negotiation information on a communication channel.
To this end, an aspect of the present invention provides a communication pairing method, applied to a first device, the method including: after sending a pairing request to the second device, receiving a second temporary public key from the second device; generating a first temporary public key and a first temporary private key, generating a first intermediate value based on a dynamic password input into first equipment, generating a second intermediate value based on the first temporary public key and a second temporary public key, generating a first verification code based on the first intermediate value and the second intermediate value, and sending the first temporary public key and the first verification code to second equipment for first verification; after the first authentication is passed, the pairing public key is exchanged with the second device.
In another aspect, an embodiment of the present invention provides a communication pairing method, applied to a first device, including: generating a third temporary public key and a third temporary private key, sending the third temporary public key to the second equipment, and receiving a pairing public key identification ciphertext and a fourth temporary public key from the second equipment; calculating a second key based on an agreed algorithm and agreed parameters, and obtaining a paired public key identifier and a first check value from the paired public key identifier ciphertext by using the second key, wherein the agreed parameters comprise a third temporary private key and a fourth temporary public key; performing third verification on the first verification value by using a pairing public key corresponding to a pairing public key identification; and after the third authentication is passed, performing data communication with the second device by taking the second key as a communication key.
An embodiment of the present invention also provides a communication apparatus, which serves as a first device, and includes: a memory configured to store predetermined computer instructions; a processor configured to execute the predetermined computer instructions to implement the processes in any of the communication pairing method embodiments described above.
Through the communication pairing method and the communication device, the two devices to be paired are firstly verified based on the temporary public key and the dynamic password, and the two devices exchange the pairing public key after the verification is passed so as to be paired and communicated.
Drawings
FIG. 1 is a schematic flow chart diagram of a communication pairing method according to one embodiment of the invention;
FIG. 2 is a schematic flow chart diagram of a communication pairing method according to another embodiment of the invention;
FIG. 3 is a schematic flow chart diagram of a communication pairing method according to another embodiment of the invention;
fig. 4 is a flowchart of an exemplary embodiment of a communication pairing method of the present invention.
Detailed Description
Various embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a communication pairing method according to an embodiment of the present invention. The communication pairing method of the embodiment of the present invention is applied to one communication apparatus (first apparatus) that issues a pairing request of two communication apparatuses (first apparatus and second apparatus) to be subjected to communication pairing and data transmission.
As shown in fig. 1, a communication pairing method according to an embodiment of the present invention includes:
s11, after the first device sends a pairing request to the second device, the first device receives a second temporary public key from the second device;
s12, generating a first temporary public key and a first temporary private key, generating a first intermediate value based on a dynamic password input into first equipment, generating a second intermediate value based on the first temporary public key and the second temporary public key, generating a first verification code based on the first intermediate value and the second intermediate value, and sending the first temporary public key and the first verification code to second equipment for first verification;
and S13, exchanging the pairing public key with the second device after the first verification is passed.
The first device and the second device may be owned by the same user or by different users. After the first device and the second device establish a communication channel through a broadcast signal and a request connection, the first device sends a communication pairing request to the second device. And after receiving the communication pairing request from the first equipment, the second equipment generates a second temporary public key and a second temporary private key, and sends the second temporary public key to the first equipment.
The user inputs a dynamic password to the first device for the first device to generate a first intermediate value based on the dynamic password. The dynamic password may be generated by the second device and displayed to the user and then input into the first device by the user, or may be generated by another device and displayed or sent to the user of the first device and the user of the second device and then input into the first device and the second device by the user, respectively. The first device and the second device may pre-negotiate an algorithm for generating the first intermediate value based on the dynamic password, so that the first device and the second device can generate the same first intermediate value based on the same dynamic password. The algorithm generating the first intermediate value may be, for example, MD5, SHA1, MAC, etc.
The first device generates a first temporary public key and a second temporary public key of itself, and generates a second intermediate value based on the first temporary public key and the second temporary public key after receiving the second temporary public key from the second device. The algorithm that generates the second intermediate value is also pre-negotiated by the first device and the second device so that both the first device and the second device can generate the same second intermediate value based on the first temporary public key and the second temporary public key. The algorithm for generating the second intermediate value may be the same as or different from the algorithm for generating the first intermediate value, and may also be MD5, SHA1, MAC, etc.
After generating the first and second intermediate values, the first device generates a first verification code based on the first and second intermediate values. When the first verification code is generated, for example, the first intermediate value and the second intermediate value may be directly calculated by using algorithms such as MD5, SHA1, and MAC, or the third intermediate value may be calculated by using an agreed algorithm negotiated with the second device for the first intermediate value and the second intermediate value, and then the third intermediate value may be calculated by using algorithms such as MD5, SHA1, and MAC.
After the first verification code is generated, the first device sends the generated first verification code and the first temporary public key generated for the first device to the second device for verification. After receiving the first verification code and the first temporary public key from the first device, the second device generates an intermediate value by using an algorithm negotiated with the first device based on the dynamic password, generates an intermediate value by using an algorithm negotiated with the first device based on the first temporary public key and the second temporary public key, generates a verification code by using an algorithm negotiated with the first device based on the two generated intermediate values, compares the generated verification code with the first verification code received from the first device, and exchanges a pairing public key between the first device and the second device through first verification if the comparison result is consistent, so that communication pairing between the first device and the second device is completed.
When the first device and the second device exchange the pairing public key, the pairing public key may be encrypted by using the device public key of the other device and then transmitted to the other device, or the pairing public key may be encrypted by using a symmetric key negotiated in advance and then encrypted by using the device public key of the other device, and then the pairing public key ciphertext and the symmetric key ciphertext may be transmitted to the other device. In addition, when the pairing public key is sent, the identification of the pairing public key can be sent to the other side together, so that the pairing public key can be managed, and the pairing public keys of different devices can be searched conveniently according to the identification. In addition, when the pairing public key is sent, the pairing public key can be used for carrying out signature operation on the pairing public key, and the obtained digital signature and the pairing public key are sent to the opposite side together, so that the opposite side can use the pairing public key of the sender device to carry out signature verification on the digital signature, and the pairing safety between devices is further improved.
By the communication pairing method, when verification is performed before pairing, the intermediate value generated based on the temporary public key of the first device and the temporary public key of the second device is used, the intermediate value generated based on the dynamic password shared by the first device and the second device is also used for generating the verification code for performing pairing verification, the dynamic password is not transmitted to the first device through a communication line, but is input into the first device by a user, and safe pairing verification and safe dispatching of the pairing key are achieved. Even if an attacker intercepts the temporary public key of the first device and the temporary public key of the second device on a communication channel between the first device and the second device, the attacker cannot obtain a dynamic password, cannot pair the illegal device with the first device and the second device which are legal devices through a man-in-the-middle attack means, and cannot establish a legal pairing relationship with the first device and the second device. In addition, communication equipment manufacturers do not need to preset communication keys in the communication equipment in advance, and the complicated operation and insecurity of negotiating common keys among different manufacturers are avoided.
Fig. 2 is a schematic flow chart of a communication pairing method according to another embodiment of the present invention.
As shown in fig. 2, the communication pairing method according to the embodiment of the present invention includes:
s21, after the first device sends a pairing request to the second device, the first device receives a second temporary public key from the second device;
s22, generating a first temporary public key and a first temporary private key, generating a first intermediate value based on a dynamic password input into first equipment, generating a second intermediate value based on the first temporary public key and the second temporary public key, generating a first verification code based on the first intermediate value and the second intermediate value, and sending the first temporary public key and the first verification code to second equipment for first verification;
s23, after the first verification passes, receiving a second verification code from the second device and performing a second verification, that is, generating a third verification code based on the first verification code and at least one of the first temporary public key and the second temporary public key, and comparing the third verification code with the second verification code;
and S24, exchanging the pairing public key with the second device after the second verification is passed.
In the embodiment of the present invention, S21-S22 are the same as S11-S12 in the embodiment shown in FIG. 1, and specific descriptions thereof are omitted, and S23-S24 are specifically described below.
In the embodiment of the present invention, after the second device verifies the first verification code, the second device further generates a second verification code and returns the second verification code to the first device for second verification, and the first device performs an operation of exchanging the pairing public key between the first device and the second device only after the second verification. Specifically, in an embodiment of the present invention, after the second device verifies the first verification code, the second device may use an algorithm negotiated with the first device to perform an operation on data composed of the first verification code and the first temporary public key to generate a second verification code, and send the second verification code to the first device for second verification, the second device uses the same algorithm to perform an operation on data composed of the first verification code and the first temporary public key to generate a verification code and compare the generated verification code with the second verification code sent by the second device, if the comparison is consistent, the second verification is passed, otherwise, the pairing procedure is ended. In another embodiment of the present invention, after the second device verifies the first verification code, the second device may use a negotiation algorithm to operate on data composed of the first verification code and the second temporary public key to generate a second verification code, and send the second verification code to the first device for second verification, and the second device uses the same algorithm to operate on data composed of the first verification code and the second temporary public key to generate a verification code and compare the generated verification code with the second verification code sent by the second device for verification. In another embodiment of the present invention, after the second device verifies the first verification code, the negotiation algorithm may be used to operate on data composed of the first verification code, the first temporary public key and the second temporary public key to generate a second verification code, which is sent to the first device for second verification, and the second device uses the same algorithm to operate on data composed of the first verification code and the second temporary public key to generate a verification code and compares the generated verification code with the second verification code sent by the second device for verification.
According to the communication pairing method, after the second equipment completes the first verification of the first verification code, the second verification code is generated based on the first verification code to verify the first equipment, the reliability of pairing verification is further improved through bidirectional verification, and man-in-the-middle attack can be effectively responded.
In some embodiments of the invention, the first device and the second device may take a part of the value generated using the negotiation algorithm operation as the intermediate value to be used when generating the first intermediate value and the second intermediate value. Specifically, alternatively, in generating the first intermediate value, a negotiation algorithm such as MD5 may be used to perform an operation based on the dynamic password to obtain the first operation value, and a predetermined portion of the first operation value may be taken as the first intermediate value, for example, the first 1-3 bytes of the first operation value may be taken as the first intermediate value. Alternatively, when generating the second intermediate value, a negotiation algorithm such as MD5 may be used to perform an operation based on the combined data of the first temporary public key and the second temporary public key to obtain the second operation value, and a predetermined portion of the second operation value may be taken as the second intermediate value, for example, the first 2 bytes of the second operation value may be taken as the second intermediate value. By the communication pairing method, higher safety can be ensured, the calculation amount required by the pairing process can be reduced, and the operation efficiency can be improved.
In some embodiments of the present invention, when the first device generates the first temporary private key and the first temporary public key, a random number may be generated as the first temporary private key, and then an operation is performed based on the first temporary private key to obtain the first temporary public key, for example, an ECC private key may be generated first, and then a KDF (key derivation function) method is used to calculate a corresponding private key. Optionally, a similar method may also be employed when the second device generates the second ephemeral private key and the second ephemeral public key.
In some embodiments of the present invention, the first temporary public key may be generated by the first device based on the first temporary private key and calculated according to one or both of an exponentiation and a modulo operation. For example, the first temporary public key may be obtained by performing an exponentiation operation on the first temporary private key using a predetermined radix, or the first temporary public key may be obtained by performing a modulo operation on the first temporary private key using a predetermined modulus, or the first temporary public key may be obtained by performing a modulo operation on the operation result using a predetermined modulus after performing an exponentiation operation on the first temporary private key using a predetermined radix. Optionally, a similar method may also be employed when the second device generates the second ephemeral private key and the second ephemeral public key.
In some embodiments of the present invention, the second device further generates a random number as the first salt value and sends the random number to the first device, and after the first device receives the first salt value from the second device, the first device may perform an operation using the first salt value as one of the operation parameters when generating the first intermediate value, the second intermediate value, or the first verification code, may perform an operation using the first salt value as one of the parameters only when generating the first intermediate value and the second intermediate value, or may perform an operation using the first salt value as one of the operation parameters when generating the first intermediate value, the second intermediate value, and the first verification code. For example, when generating the first intermediate value, the first intermediate value may be generated by combining the first salt value and the dynamic password and then performing an operation using a negotiation algorithm. The second device also performs an operation using the first salt value as one of the parameters when generating the first intermediate value, the second intermediate value, and the first verification code, so that the second device can successfully complete verification of the first verification code. By the embodiment of the invention, the safety and the reliability of pairing verification can be further improved.
In some embodiments of the present invention, when the first device generates the first verification code, the first device may first calculate a first key factor based on the first intermediate value and the second intermediate value, generate a first key according to the first key factor, and then generate the first verification code based on the first key. And the second equipment carries out corresponding calculation when the first verification code is verified. In the embodiment of the present invention, the method for calculating the first key factor is not limited, for example, the first device may use a negotiated algorithm to calculate a value formed by splicing the first intermediate value and the second intermediate value to obtain the first key factor; optionally, the first device may also multiply the first intermediate value and the second intermediate value and take the value on the appointed bit of the operation result as the first key factor, and so on. Generating the first key from the first key factor may use the SHA algorithm or any KDF algorithm. When the first verification code is generated based on the first key, the first key can be operated by using a negotiation algorithm to generate the first verification code, and a numerical value spliced by the first key and other data can also be operated by using the negotiation algorithm to generate the first verification code. The first key generated in the embodiment of the present invention may be used as an agreed key to encrypt a predetermined value, for example, when the first device and the second device exchange the pairing public key, the first key may be used as the agreed key to encrypt the pairing public key to be transmitted together with other data (such as identification data, signature data, and the like) and then transmit the encrypted pairing public key, so as to further improve the security and reliability of communication pairing.
In some embodiments of the invention, the first device may calculate the first key factor by performing at least one of an exponentiation operation and a modulo operation on the first intermediate value and the second intermediate value when calculating the first key factor based on the first intermediate value and the second intermediate value. For example, the first device may add, subtract, or multiply a value obtained by exponentiating the first intermediate value according to the agreed radix and a value obtained by exponentiating the second intermediate value according to the agreed radix to obtain the first key factor; optionally, the first device may perform operations such as adding, subtracting, or multiplying a value obtained by performing a modulo operation on the first intermediate value according to the predetermined modulus and a value obtained by performing a modulo operation on the second intermediate value according to the predetermined modulus to obtain the first key factor, or perform operations such as adding, subtracting, or multiplying a value obtained by performing an exponentiation operation on the first intermediate value according to the predetermined radix and a value obtained by performing a modulo operation on the second intermediate value according to the predetermined modulus to obtain the first key factor; optionally, the first device may further perform a modular operation on the operation result with an agreed modulus after performing an exponentiation operation on the average of the first intermediate value and the second intermediate value with an agreed radix to obtain the first key factor, and so on.
In some embodiments of the present invention, when the first device calculates the first key factor based on the first intermediate value and the second intermediate value, in addition to taking the first intermediate value and the second intermediate value as the operation parameters, the first temporary public key, the second temporary public key, or the first temporary private key may be taken as one of the operation parameters, or the second temporary public key and the first temporary public key may be taken as the operation parameters, or the second temporary public key and the first temporary private key may be taken as the operation parameters.
Specifically, in some embodiments of the present invention, when the first temporary public key and/or the second temporary public key and the first intermediate value and the second intermediate value are/is used as the operation parameter, the first key factor may be calculated in a similar manner as when the first intermediate value and the second intermediate value are used as the operation parameter, for example, the first key factor may be obtained by performing an exponentiation operation on the first intermediate value, the second intermediate value, the first temporary public key and the second temporary public key respectively using a predetermined radix, then performing an addition, subtraction or multiplication operation on the operation results, and the like, performing an exponentiation operation on the value obtained by adding the first intermediate value, the second intermediate value and the first temporary public key using a predetermined radix, then performing a modulo operation on the operation results with a predetermined modulus, and the like.
In the above embodiment, when the first device and the second device use a common parameter when calculating the first key factor separately, the first key factor may be calculated using the same equation or algorithm. In other embodiments, when the first/second ephemeral public key is calculated based on the first/second ephemeral private key, the first device and the second device use parameters that may be different when calculating the first key factor separately, and calculate the first key factor using a corresponding equation or algorithm. In some embodiments, when the first device calculates the first key factor using the first temporary private key and the first and second intermediate values as operational parameters, the second device may calculate the first key factor using the first temporary public key and the first and second intermediate values as operational parameters, for example, taking the first intermediate value as x, the second intermediate value as u, the first key factor as S, and the first temporary private key is denoted as a, the first temporary public key is denoted as a, and a ═ g ^ a% N, where g is a given radix, N is a given modulus, < lambda > represents a power operation, < lambda > represents a modulus operation, the first device may use the equation S ═ N (g ^ a + g ^ x + g ^ u)% N when calculating the first key factor and the second device may use the equation S ^ N (a + g ^ x + g ^ u)% N when calculating the first key factor. In other embodiments, when the first device calculates the first key factor using the first temporary private key, the second temporary public key, and the first and second intermediate values as the operation parameters, the second device may calculate the first key factor using the first temporary public key, the second temporary private key, and the first and second intermediate values as the operation parameters, for example, using the above-mentioned flag, and recording the second temporary private key as B, and recording the second temporary public key as B, and recording a ^ g% N and B ^ g% B% N, then the first device may calculate the first key factor using the formula sj ^ g + B + g ^ x + g ^ u)% N, and the second device may calculate the first key factor using the formula sj ^ a + g + B + g + x + g ^ u)% N. By the method, the first device and the second device calculate the first key factor by using different formulas or algorithms, and the safety and reliability of pairing verification can be further improved.
In some embodiments of the present invention, when the second device further generates the first salt value and sends the first salt value to the first device as described above, the first device may further use the first salt value as one of the parameters when generating the first verification code, for example, the first verification code is obtained by using a negotiation algorithm to operate on the combined data of the first key and the first salt value, or the first verification code is obtained by using a negotiation algorithm to operate on the combined data of the first key, the first salt value and the first temporary public key, or the first verification code is obtained by using a negotiation algorithm to operate on the combined data of the first key, the first salt value, the first temporary public key and the second temporary public key. By the embodiment of the invention, the complexity of the first verification code can be further improved, and the safety and reliability of pairing verification can be improved.
In some embodiments of the present invention, the first device may also generate the first verification code using the first key and the first predetermined value as parameters when generating the first verification code. In some embodiments, the first predetermined value may be a fixed value negotiated by the first device and the second device, for example, the aforementioned predetermined base number or predetermined modulus may be used as the first predetermined value. In other embodiments, the first predetermined value may be obtained by the first device and the second device calculating a fixed value negotiated by the first device and the second device using a convention algorithm, for example, the first predetermined value may be obtained by operating the aforementioned convention base number or convention modulus using an algorithm such as MD5 or SHA negotiated, or the first predetermined value may be obtained by operating the sum of the convention base number and the convention modulus using a negotiation algorithm. In still other embodiments, after the aforementioned agreed base number and the predetermined number are respectively operated by using a negotiation algorithm such as SHA, the operation result is subjected to operations such as addition, subtraction, OR (OR operation) OR HOR (exclusive OR operation) to obtain the first agreed value. By the embodiment of the invention, the complexity of the first verification code can be further improved, and the safety and reliability of pairing verification are improved.
Some embodiments of the invention may be obtained by combining the above-described embodiments in various ways. For example, the embodiment of performing the second verification after performing the first verification may be combined with the embodiment of calculating the first key to obtain the following embodiments: and after the first device sends the pairing request to the second device, the second temporary public key is received from the second device. Then, the first device generates a first temporary public key and a first temporary private key, generates a first intermediate value based on a dynamic password input into the first device, generates a second intermediate value based on the first temporary public key and the second temporary public key, calculates a first key factor based on the first intermediate value and the second intermediate value, generates a first key according to the first key factor, generates a first verification code according to the first key, and sends the first temporary public key and the first verification code to the second device for first verification. And the second equipment calculates a first key factor based on the first intermediate value and the second intermediate value according to the negotiation algorithm, generates a first key according to the first key factor, generates a verification code according to the first key, and compares the generated verification code with the first verification code for verification. And after the second equipment successfully verifies the first verification code, namely after the first verification passes, the second equipment uses a negotiation algorithm to operate data consisting of the first verification code and the first key to generate a second verification code and sends the second verification code to the first equipment for second verification, and the second equipment uses the negotiation algorithm to operate data consisting of the first verification code and the first key to generate a third verification code and compares the generated third verification code with the second verification code sent by the second equipment for verification. And exchanging the pairing public key with the second equipment after the second verification is passed, wherein when the pairing public key is exchanged, the first secret key can be used for encrypting the pairing public key and other data and then transmitting the data. Optionally, in this embodiment, when the second device generates the second verification code, at least one of the first temporary public key and the second temporary public key may also be used as an operation parameter at the same time, for example, the second verification code may be calculated using the first temporary public key, the first secret key, and the first verification code as parameters, or the second verification code may be calculated using the first temporary public key, the second temporary public key, the first secret key, and the first verification code as parameters. When the first equipment verifies the second verification code, the third verification code is also calculated by using the corresponding parameters to verify whether the second verification code is consistent. According to the embodiment of the invention, the verification code is generated based on the first secret key, and the pairing public key is encrypted by the first secret key and then transmitted, so that the security and reliability of the pairing verification can be improved greatly.
Fig. 3 is a schematic flow chart of a communication pairing method according to another embodiment of the present invention. The communication pairing method of the embodiment of the present invention is applied to one (first device) of two communication devices (first device and second device) to be subjected to data transmission, which issues a communication request. The method of the embodiment of the present invention may be performed after the step of exchanging the pairing public key of the foregoing embodiment, or may be performed after the step of exchanging the pairing public key according to the prior art.
As shown in fig. 3, the communication pairing method according to the embodiment of the present invention includes:
s31, generating a third temporary public key and a third temporary private key, sending the third temporary public key to the second equipment, and receiving a pairing public key identification ciphertext and a fourth temporary public key from the second equipment;
s32, calculating a second key based on an agreed algorithm and agreed parameters, and obtaining a paired public key identifier and a first check value from the paired public key identifier ciphertext by using the second key, wherein the agreed parameters comprise a third temporary private key and a fourth temporary public key;
s33, performing third verification on the first verification value by using a pairing public key corresponding to the pairing public key identification;
and S34, after the third verification is passed, performing data communication with the second device by taking the second key as a communication key.
In the embodiment of the invention, after the first device and the second device finish the exchange of the pairing public key, when a communication key needs to be established between the first device and the second device, the pairing verification step is executed. In the pairing verification, the first device does not use the first temporary public key and the second temporary public key any more, but generates a third temporary public key and a third temporary private key, and sends the third temporary public key to the second device through the pairing verification request. When the second device receives the third temporary public key and the pairing verification request from the first device, the fourth temporary public key and the fourth temporary private key are generated, the second key is generated based on the agreed algorithm and the agreed parameters, and the method for generating the second key may adopt a method similar to the method for generating the first key or other methods. Then, the second device processes the identification of the pairing public key of the second device by using the pairing private key of the second device to generate a first check value, or processes data composed of the identification of the pairing public key of the second device and other data by using the pairing private key of the second device to generate a first check value, then encrypts the identification of the pairing public key of the second device or the data containing the identification of the pairing public key of the second device and the first check value by using the second key to obtain a pairing public key identification ciphertext, and sends the pairing public key identification ciphertext and the fourth temporary public key to the first device. The first check value may be, for example, a digital signature obtained by signing, using a pairing private key of the second device, an identifier of a pairing public key of the second device or data including the identifier of the pairing public key of the second device. And the data processed when the first check value is generated may include an identifier of a pairing public key of the second device, the third temporary public key, and/or the fourth temporary public key.
After receiving the pairing public key identification ciphertext and the fourth temporary public key from the second device, the first device also generates a second secret key based on an agreed algorithm and agreed parameters, decrypts the pairing public key identification ciphertext by using the second secret key to obtain a first check value and the pairing public key amount identification of the second device or data including the identification of the pairing public key of the second device, then finds the pairing public key of the second device, which is obtained and stored through pairing in the past, according to the identification of the pairing public key of the second device obtained through decryption, and performs third verification on the first check value by using the found pairing public key of the second device. After the third authentication is passed, the first device and the second device may perform data communication with each other using the second key as a communication key.
In the embodiment of the invention, the communication channel established later has higher safety and effectively resists man-in-the-middle attack by carrying out the independent pairing verification when the communication key is established.
In some embodiments of the present invention, after the third verification is passed, a fourth verification is performed and the verification is passed in S34, and the first device and the second device perform mutual data communication by using the second key as the communication key. Specifically, the first device calculates a second verification value using a pairing private key of the first device for an identifier of a pairing public key of the first device or data including the identifier of the pairing public key of the first device, encrypts the identifier of the pairing public key of the first device or the data including the identifier of the pairing public key of the first device with the second verification value using the second key, and sends the encrypted result to the second device for the fourth verification. After receiving the pairing public key identification ciphertext of the first device, the second device decrypts the pairing public key identification ciphertext by using the second key to obtain a second check value and an identification of the pairing public key of the first device or data including the identification of the pairing public key of the first device, then finds the pairing public key of the first device which is obtained and stored through pairing according to the identification of the pairing public key of the first device obtained through decryption, and performs fourth verification on the second check value by using the found pairing public key of the first device. After the fourth authentication is passed, the first device and the second device may perform data communication with each other using the second key as a communication key.
In the embodiment of the invention, the communication channel established later has higher safety and more effectively resists man-in-the-middle attack by carrying out the independent bidirectional pairing verification when the communication key is established.
An embodiment of the present invention also provides a communication apparatus, which can be used as the first device described above, where the communication apparatus includes a memory and a processor, the memory can be configured to store a predetermined computer instruction, and the processor can be configured to execute the predetermined computer instruction to implement the operation processing implemented by the first device in any communication pairing method described above. Correspondingly, the embodiment of the present invention further provides a communication apparatus, which can be used as the second device, where the communication apparatus includes a memory and a processor, the memory may be configured to store a predetermined computer instruction, and the processor may be configured to execute the predetermined computer instruction to implement the operation processing implemented by the second device in any communication pairing method.
Fig. 4 is a flowchart of an exemplary embodiment of a communication pairing method of the present invention. In fig. 4, the operation flow performed after two connected devices have established a communication channel is labeled as device a and device B, respectively. The specific operation flow is as follows:
step 401, device a initiates a pairing request to device B.
Step 402, the device B randomly generates a salt value s and a temporary private key B, randomly generates a dynamic password p and displays the dynamic password p on a display screen of the device B, calculates a first intermediate value x as H (s | p), and H represents hash calculation and takes a part of the first intermediate value x; calculating a temporary public key B ═ g ^ (x + B)% N, wherein g is a predetermined base number, N is a predetermined modulus, and ^ represents power operation,% represents modulus operation; s and B are sent to device a.
Step 403, the device a receives the password p input by the user, and calculates a first intermediate value x ═ H (s | p); randomly generating a temporary private key a, and calculating a temporary public key A ^ g ^ a% N; calculating a second intermediate value u ═ H (a | B); calculating a shared secret S ═ B-g ^ x ^ (a + u ^ x)% N as a first key factor; deriving a key K as a first key by using the shared secret S, wherein the derivation algorithm can be a Hash algorithm or any KDF algorithm; calculating an authentication code M ═ H (n) XOR H (g) | s | a | B | K), where XOR represents an exclusive or operation; a and M are sent to device B.
Step 404, device B calculates shared secret S ═ (a ^ v ^ u) ^ B% N, where v ^ g ^ x% N; deriving a key K from the shared secret S; the device B calculates M 'by the same method, and if the M' is different from the M, the pairing is failed, and the process is ended; if the same, M2 is calculated as H (a | M | K), M2 is sent to device a.
Step 405, the device a calculates M2' by the same method, compares with M2, if different, the pairing is failed, and ends the process; if the same, Enc (IdA | PublicKeyA | Sig) is sent to device B. Where IdA is the identifier of the device a pairing key, PublicKeyA is the device a pairing public key, Sig is the digital signature of IdA | PublicKeyA calculated using the device a pairing private key, and Enc represents encryption using the shared key K.
Step 406, device B decrypts Enc (IdA | public key a | Sig) by using the shared key K, verifies the digital signature, stores IdA and public key a in association after verification is successful, and sends Enc (IdB | public key B | Sig) to device a. The IdB is an identifier of a device B pairing key, public key B is a device B pairing public key, Sig is a digital signature of IdB | public key calculated by using a device B pairing private key, and Enc represents encryption by using a shared key K.
Step 407, device a decrypts Enc (IdB | public key b | Sig) using shared key K, verifies the digital signature, and stores IdB and public key b after verification is successful.
The pairing of device a and device B is completed through the above steps 401 and 407.
When a communication key is to be established between device a and device B, the following pairing verification steps are performed:
step 408, device a initiates pairing verification to device B, generates a temporary key pair: the temporary public key temppublic key a and the temporary private key tempprivatekey a transmit the temporary public key temppublic key a to the device B.
Step 409, the device B generates a temporary key pair: the temporary public key TempPublicKeyB and the temporary private key TempPrivateKeyB are used, a shared secret S serving as a second key factor is calculated by using the TempPrivateKeyB and the TempPublicKeyA through a Diffie-Hellman algorithm, a key K serving as a second key is derived through the shared secret S, and the derived algorithm can be a Hash algorithm or any KDF algorithm; calculating Enc (IdB | Sig), wherein IdB is the identification of the pairing public key of the device B, Sig is the digital signature for calculating TempPublicKeyB | IdB | TempPublicKeyA by using the pairing private key, and Enc represents the encryption by using a secret key K; the temporary public keys temppubickeyb and Enc (IdB | Sig) are sent to device a.
Step 410, the device a calculates the shared secret S through Diffie-Hellman algorithm using TempPrivateKeyA and TempPublicKeyB, derives the key K through the shared secret S, and the derivation algorithm may be hash algorithm or any KDF algorithm; decrypting Enc (IdB | Sig) results in IdB | Sig, which is verified using the public pairing key of device B. If the verification fails, the pairing verification fails, and the process is ended; if the verification is passed, calculating Enc (IdA | Sig), wherein IdA is the identification of the pairing public key of the device A, Sig is the digital signature for calculating TempPublicKeyA | IdA | TempPublicKeyB by using the pairing private key, and Enc represents the encryption by using the key K; enc (IdA | Sig) is sent to device B.
Step 411, device B decrypts Enc (IdA | Sig) with key K to obtain IdA | Sig, and verifies the signature with the public pairing key of device a. If the verification fails, the pairing verification fails, and the process is ended; if the verification is passed, the pairing verification is successful, and the device A and the device B establish a shared secret key K.
It should be noted that, although the pairing process (401-; meanwhile, before the step 408 + 411, instead of performing the step 408 + 411, a pairing process according to the prior art may be performed to complete the exchange of the pairing public key.
By the method, the devices are paired, and a reliable communication key can be established between the paired devices without the participation of a user, so that the data security of a communication channel is ensured. It can be seen that even if a malicious attacker intercepts and captures data on the channel, since the dynamic password cannot be obtained, the illegal device cannot be paired with the legal device through man-in-the-middle attack, and further the legal signature cannot be forged in the pairing verification process, so that the shared key cannot be established with the legal device.
Two specific implementations of the embodiment shown in fig. 4 are given below, and reference may still be made to fig. 4 in order to better understand the embodiment of the present invention:
first embodiment
For convenience of description, the number of bits of the selected parameter is small in this embodiment, and a larger number of bits should be used in practical application to ensure the safety of the algorithm. In this example, a pairing is established between device a and device B, with device a having a00 identifier and device B having a01 identifier (unless otherwise specified, the following data are all represented in 16-ary format). g takes a value of 2 and N takes a value of 7. The hash algorithm uses SHA1 algorithm, the digital signature algorithm uses RSA algorithm, and the temporary key is Diffie-Hellman algorithm key.
401. Device a initiates a pairing request to device B.
402. Device B generates random number 5 as a salt, random number 6 as a dynamic password, and random number 2 as a temporary private key, SHA1(05|06) takes the first byte to get x ═ F0, and public key B ^ 2^ F0+2^ 2% 7 ^ 5, and sends 0505 to device a.
403. The device A receives the password 06 input by the user, and calculates x as F0; generating a random number 3 as a temporary private key, wherein a public key A is 2^ 3% and 7 is 1; the SHA1(01|04) takes the first byte to get u ═ a 7; calculating shared secret S ═ 1 (05-2^ F0) ^ (03+ A7 ^ F0)% 7 ═ 1, deriving key K ═ 2D 0134 ED 3B 9D E C720 FE 697B 532B 4C using SHA1 algorithm, calculating check code M ═ SHA1 (99F 1C EB 652 FA 5062634C 9D 2A BC 9608307 a 1163 FA |05|01|04|2D 0134 ED 3B 9D E C720 39697B 532B 4C) ═ 834a 7202C F E4F 93C DD 33D 8E 107D 257, sending 01834 a 7202C F E4F 93 478 DD 33D 107D 257 to device B.
404. Device B calculates shared secret S ═ (01 × 1^ A7) ^ 2% 7 ═ 1, derives key K ═ 2D 0134 ED 3B 9D E132C 720 FE 697B 532B 4C using SHA1 algorithm, calculates check code M' ═ 834a 7202C 02F 33E 4F 93C 4739 DD 33D 8E 107D 257, the same as received M; the check code M2 is calculated as SHA1(01| 834a 7202C 02F 33E 4F 93C 4739 DD 33D 8E 107D 257 |2D 0134 ED 3B 9D E132C 720 FE 697B 532B 4C) as B5E 46C E565E 2D 14C 115B 7B 8199F 2D 389 DD 80 a 209, and M2 is sent to device a.
405. Device a calculated M2' ═ B5E 46C E565E 2D 14C 115B 7B 8199F 2D 389 DD 80 a 209 in the same way as M2. And generating an RSA public and private key pair, wherein the public key is as follows:
30818902818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359ab353c5e32fb9802fffe67135f89ff5a3a22643030203010001
the private key is:
3082025c02010002818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359ab353c5e32fb9802fffe67135f89ff5a3a226430302030100010281800440f26bab6c0fefa591e776cde279702d40b1d51456dd7a36eb63921b3e8977d564b6b23642481c55b6a9a031ec0451f9f4ef4435846d140e807d410e7b48999578eea5aeadd2805c88e95cb6b9955ec8ddb2323651cbd18d2ef2dd1dd3e57c11bfc5a11ffc97ba27e4d9d3892eaa85b8f785a85f2de26bf9303fe544e18799024100c0f1ca4a5b1cd37a3459151f2f83e2a6c51c6c5291d06fd2d537fc52bc644ef5960d5af012e4dd794bedcaab9ccc54e8543410bc28aebdcab92b7a0e67999eeb024100d7c74157be575a550aec6ceed3334b18b45675f55a5bdbef0fc475912ac4440658e56480c892416a9ff5c3af973bb189b4d45eaacc739295a51ff110589f5649024060575b3f0d87b3410dea7d5579104d98204c34fa75bcb2598005d88427759ec79a0949231f0c105a84c353b3a533922200098f61a49ebc3e017fe80e5144afc902410083db4f22bf3dc20595d743f9ed35bafe2db567ffb667cbce1a648333625eecf2b3fff99a78f666e3313c8d880f727adb1b956b04144bcb9786802e5f3ec89f8102404aceb656c94ea442419e9ecd74b28118dbe57648367420b5cdd786cdd1270335eb39ff123f02c9fb0ea2a641d2c565d1eac5a005aa7c8c0cbe54a9f6adfe180f
using private key pairs
00|30818902818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359 c5e32fb9802fffe67135f89ff5a3a 22630203030210001 signature:
24b999451f018ce9d15a61bbdf984a6669066b48fd8e2c3eafb2c72dbb317c29c5c97b03b49eaac7a7cc0c5415ff15a34e8d69655db277721cf4427ef2c67e2f41a304217a652d7f05e0959baf1871cff9da2a2fef0f4b323cb0a5dea6b65dc94a88d81009b1afbec96b350b162cb0562e5bad71024f9f42893033f71c970850
encryption using a secret key K
00|30818902818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359ab353c5e32fb9802fffe67135f89ff5a3a22643030203010001|24b999451f018ce9d15a61bbdf984a6669066b48fd8e2c3eafb2c72dbb317c29c5c97b03b49eaac7a7cc0c5415ff15a34e8d69655db277721cf4427ef2c67e2f41a304217a652d7f05e0959baf1871cff9da2a2fef0f4b323cb0a5dea6b65dc94a88d81009b1afbec96b350b162cb0562e5bad71024f9f42893033f71c970850030303
Obtaining:
1239acf9750e0b3cd7a18658ce721148ee992861757f772c3ba8a5f02d074c85060f5139fc665be3dbe911f89a132d95404f48886a2253717819e483106c92c35ef584314b0cca00ee8c5388d53593cb6ab6ca7b16cda29d166a8144221f867f113cb0a6e7a505ca5618a68fecbc7120d9907ba3da6ea325cabbf6b54e583ab861c35f1be7186e3fd622ccfdabe40bb904ae7c0a59d722fffbd35ed9ea09c9f6dedc2ae9b2f34f9c279b415a79560b94e97cf5128547e93eb75e1513778df2d7f2aa44a147d0410e014fb0c82269f8544bd00d32020e70297e46de314a9384b0faa2d598ccd43f954a4e883b565e5111a25834d5a0577193a6f75091af07cb8aeca20066ed8ae03b96e7fe7c2cc13f02
it is sent to device B.
406. Device B decrypts using key K to obtain:
0030818902818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359ab353c5e32fb9802fffe67135f89ff5a3a2264303020301000124b999451f018ce9d15a61bbdf984a6669066b48fd8e2c3eafb2c72dbb317c29c5c97b03b49eaac7a7cc0c5415ff15a34e8d69655db277721cf4427ef2c67e2f41a304217a652d7f05e0959baf1871cff9da2a2fef0f4b323cb0a5dea6b65dc94a88d81009b1afbec96b350b162cb0562e5bad71024f9f42893033f71c970850
after the signature is verified, the device A is identified with 00 and a public key
30818902818100a2a13e18384ff3cf56f9b52f5e80625d8ae5349c23bc122e9acf697c59cd479da95022e2b2709c4e3ad74e02c51d94d1eb471896a7cece375805240c67e4fb21fd752305c9086df489e8d32ac5b40824b706783bb41ee0284b75f7c95f8e6c6606f80808090c32974d23359ab 5e32fb9802fffe67135f89 f5a3a 226430030353 10001. And generating an RSA public and private key pair, wherein the public key is as follows:
30818902818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909dd0203010001
the private key is:
3082025c02010002818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909dd02030100010281805384aaffa4d71617d03db9d7fd38cc8d98156d186ee238b7d885958bec238223e228d23275db8f504c585f0db0eabb98c346441f84efb523df097365f8dc3ee3e2da0a3b6ecd293094aba565ea11a1c9efce99375a0ac3f1d7d774e6a2a3982f33ad8699b37690daa691588d8a25658444fc85b2c9c423a191afe0d1c353348d024100d77f92e8643792d14ec356b323ac839b17cc2e77cde9f292de090dcf416c0551f0bb6ef620f04f2fc7a1229f0efb360a920d406634b969eb9bd088dbd975f853024100d1eed69eed467df25cf62b273d1444502c45d0e109a5d69964d8c9a86bd39e3ed379a1b7ea0f1cdeef92118bd05da877fa78fb2af95235226c736bd930beef0f024100807c74f81080be0e03fb1ddf735eb19d3044325486367dc629929664436a878582960ea3bba1ec64dd8eea98919320768efc4db062b146410f46f7c2b556cc3702403f6a4b70c4b237977fd768dfb886a7c0242f8ed27bcc99cfca73e62eb72bbcb0b3c7193fea37587c4b982f2eb1e9a8db5d51306621dc606a9ea21b2107a595a702401ca2359415432ccb243e08b77de0b9791379ecbef0179813f38b3752121f8a68276959a1785019c052072546866d9206f5c748044a341c8bad019e2a187bbee2
using private key pairs
01|30818902818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909 09dd0203010001 signature:
0ae2357a8a97ec6e5e4bc754d9619f76cb217e57e57069467cbd169e4c4939a39da8e2303c8f0cc8ab31ba528acee2e6d309428197350b29762735ab979456ff874680cd78bc1d8f0dee4a839a9227c7f7c2c6c5dfc4f62363b1ff738b4e94bb7f2a7f7433368f14eb497efe47c057eb8dd45a56207a8c9ba18a12dcae5b6813
encryption using a secret key K
01|30818902818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909dd0203010001|0ae2357a8a97ec6e5e4bc754d9619f76cb217e57e57069467cbd169e4c4939a39da8e2303c8f0cc8ab31ba528acee2e6d309428197350b29762735ab979456ff874680cd78bc1d8f0dee4a839a9227c7f7c2c6c5dfc4f62363b1ff738b4e94bb7f2a7f7433368f14eb497efe47c057eb8dd45a56207a8c9ba18a12dcae5b6813030303
Obtaining:
8b5a647c3c10bb5c495121d03ddbba7c55093f3a93a6d9c7196888d18a538cf9acfc04c5917ddfccd31e8568cd5ed1543e7bb6e293f37f7bf8e666ea9aed780081ba50e150a0e018f39ff3f490e870020f08d67b3c73f9e33ea375cc3793a92fbebdf0d617f17adc8b2f6585209b34bd4b3bcc9e3e781dca94889b3f594d830ba9de867e62f51e7c6ad0e06fe57fb90ae934d466dc0b2c83fff2add73c09c64d23dfc492e658717852518512c852651d2bb311343d9b9a1a029c1cab8a2aa545e50a5d3399d4f492590fe24866788b43bfb3ff31ed29e3af1d8aac22700985b0ff13e30d52d743b65bf1fa06374889300ce6b30ee144fc7b2eae5d06ca213136b36c47da29a91cd8d9af1543adac2c73
it is sent to device a.
407. Device a decrypts using key K to yield:
0130818902818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909dd02030100010ae2357a8a97ec6e5e4bc754d9619f76cb217e57e57069467cbd169e4c4939a39da8e2303c8f0cc8ab31ba528acee2e6d309428197350b29762735ab979456ff874680cd78bc1d8f0dee4a839a9227c7f7c2c6c5dfc4f62363b1ff738b4e94bb7f2a7f7433368f14eb497efe47c057eb8dd45a56207a8c9ba18a12dcae5b6813
after the signature is verified, the device B is identified with 01 and a public key
30818902818100b0b83434bb25eba44ed48cdab0eec816b7dc672a755f4538ddf35f09c673d925f2c3ce99d127145f695031609015650e21eddc6cae313a819e08d4b5c5953a2fd01cb3d87131d39da423958dc56539b62aa040474e2712b6c6ec18c38a30722770e85fc3866022f616b04655650dc4a9665a881905f76ebbd201f85fbe5909dd 0203010001.
To this end, device a and device B have completed pairing, and the pairing verification process is described below:
in the Diffie-Hellman algorithm, g takes a value of 2, and N takes a value of 5.
408. Device a generates a random number 3 as a temporary private key, and a temporary public key 2^ 3% 5 ═ 3. 03 is sent to device B.
409. The device B generates a random number 2 as a temporary private key, and a temporary public key 2^ 2% 5 ═ 4; shared secret S ═ 3^ 2% 5 ═ 4; calculating K ═ SHA1(S) ═ a42c6cf1de3abfdea9b95f34687cbbe9 using SHA1 algorithm; calculating a signature Sig (040103) ═ Sign
2804c0441052398b6c030e5016b62e34144852e97e68599099ec2ba25b77039f22893f832ca2b714c2f35c7ae1fe2b9ba5810ed7c640bdf32d24b691b948e3246b9f9bfaa3607d908f8985ea615be52d03c51b5865932faa6347ba8c012695b4cb83c0ce458e81ace6793f7b32054f3a007a50d7655b26957d68f098a2e45458;
Encryption using a secret key K
01
2804c0441052398b6c030e5016b62e34144852e97e68599099ec2ba25b77039f22893f832ca2b714c2f35c7ae1fe2b9ba5810ed7c640bdf32d24b691b948e3246b9f9bfa 3607d908f8985ea615be52d03c51b5865932fa 6347ba8c012695b4cb83c0ce458e81ace6793f7b32054f3a007a50d7655b26957d 098a2e454580f0f0f0f0f0f0f0f0f0f0 f:
91202ec6faae 01415da9491fd8cbec34f63f241bc8323c24f656003453580786b9854c28f3dbac648351d914a2a157ba34f503756380296d6d5e8e9c960447eb740845c6f07c4bd8b4f0d5725b 9ddc0a47acabb47fad1cbd7e27 c27 e8c6b71ccd860141c4a09183b3ec998bf9c2d33b8438250ec1c5e1a33c787d30c 4c08124daf5bc 5f21db8c742e00208f2d, which is sent to device a along with the temporary public key 00204.
410. The equipment A calculates S4 ^ 3%, 5 ^ 4; calculating K ═ SHA1(S) ═ a42c6cf1de3abfdea9b95f34687cbbe9 using SHA1 algorithm; decryption Using secret Key K
91202ec6faae 01415da9491fd8cbec34f63f241bc8323c24f656003453580786b9854c28f3dbac648351d914a2a157ba34f503756380296d6d5e8e9c960447eb740845c6f07c4bd8b4f0d5725b7e9ddc0a47acabb47fad1cbd7e27 c27 e8c6b71ccd860141c4a09183b3ec998bf9c2d33b8438250ec1c5e1a33c787d30c 4bf 5bc 5f21db8c742e00208f2 d:
01
2804c0441052398b6c030e5016b62e34144852e97e68599099ec2ba25b77039f22893f832ca2b714c2f35c7ae1fe2b9ba5810ed7c640bdf32d24b691b948e3246b9f9bfa 3607d908f8985ea615be52d03c51b5865932fa 6347ba8c012695b4cb83c0ce458e 6793f7b32054f3a007a50d7655b26957d68f098a2e454580f0f0f0f0f0f0f0f0 f.
Calculating a signature Sig (030004) ═ Sign
8af8a79111d21b1082a7d72147f7a19f223ab7109590b9c439c4b9a80b39af2b92d950316435f28c1fe9f158dccf14dab236ab6a9ba0b4492ac5cf1285c7286d95c1bb1fc2fb35408be8432d9cb29af3c9b4edc6abcc7408559e748ce98a44b9be5ecc0ff0bcc6501da1b1e1c8ae8d481612ec23567bdbc876587594dde6ce79
Encryption using a secret key K
00
8af8a79111d21b1082a7d72147f7a19f223ab7109590b9c439c4b9a80b39af2b92d950316435f28c1fe9f158dccf14dab236ab6a9ba0b4492ac5cf1285c7286d95c1bb1fc2fb35408be8432d9cb29af3c9b4edc6abcc7408559e ce98a44b9be5ecc0ff0bcc6501da1b 1c8ae8d481612 23567bdbc876587594dde 6ec 790f0f0f0f0f0f0f0f0f0 f:
2a42ce5d8245c9481473ba489e0e5fe5a26e343fd0728f7512a9ddc1db5fe110ede6B6e9442e3e027d89bd242145318e4440f 3711dab298e5848584c0e1 ebbffab 4e1d0a122d3556d9f059c 0fc5adef0e278475786B15d8560eab9a 9c 58de24587519badbe62f 6B 88723a1776740d514ce635ee7f612c6f19555a 4af 37375044824821a21ea43, which is sent to equipment B.
411. Device B decrypts Using Key K
2a42ce5d8245c9481473ba489e0e5fe5a26e343fd0728f7512a9ddc1db5fe110ede6b6e9442e3e027d89bd242145318e4440f 3711dab298e5848584c0e1 ebbffabb 4e1d0a122d3556d9f059c 0fc5adef0e278475786b15d8560eab9a9b262c58de24587519badbe62f6 ba88723a1776740d514 ee 635ee7f612c6f19555a 4af 37375044824821a21ea 43:
00
8af8a79111d21B1082a7d72147f7a19f223ab7109590B9c439c4B9a80B39af2B92d950316435f28c1fe9f158dccf14dab236ab6a9ba0B4492ac5cf1285c7286d95c1bb1fc2fb35408be8432d9cb29af3c9B4edc6abcc7408559e ce98a44B9be5ecc0ff0bcc6501da1B1e 8ae8d481612 23567bdbc876587594dde6c 790f0f0f0f0f0f0f0f 748 f0f0f, verifying that the signature passes and device B shares the key K with device a.
Second embodiment
Similar to the first embodiment, the number of bits of the selected parameter is small, and a larger number of bits should be used in practical application to ensure the safety of the algorithm. In this example, a pairing is established between device a and device B, with device a having a00 identifier and device B having a01 identifier (unless otherwise specified, the following data are all represented in 16-ary format). g takes a value of 2 and N takes a value of 5. The hash algorithm uses an MD5 algorithm, the digital signature algorithm uses an ECDSA algorithm, and the temporary key is an ECDH algorithm key.
401. Device a initiates a pairing request to device B.
402. Device B generates random number 5 as a salt, random number 6 as a dynamic password, and random number 2 as a temporary private key, then MD5(05|06) takes the first byte to get x ═ 8A, public key B ^ 2^8A +2^ 2% 5 ^3, and sends 0503 to device a.
403. The device A receives a password 06 input by a user, and calculates x as 8A; generating a random number 3 as a temporary private key, wherein a public key A is 2^ 3%, and 5 ^ 3; MD5(03|03) takes the first byte to get u ═ AC; calculating shared secret S ═ 1 (03-2^8A) ^ (03+ AC ^ 8A)% 5 ═ 1, deriving key K ═ 55a54008ad1ba589aa210d2629c1df41 using MD5 algorithm, calculating check code M ═ MD5(9e688c58A5487B8eaf69c9e1005ad08f |05|03|03|5a54008ad1ba589aa210d2629c1df41) ═ 12552e8715c6f9ee8A2183e8c33eb7f8, sending 0312552 e8715c6f 9a 2183e8c33eb7f8 to device B.
404. Device B calculates the shared secret S ═ (03 ^ 4^ AC) ^ 2% 5 ═ 1, derives the key K ═ 55a54008ad1ba589aa210d2629c1df41 using the MD5 algorithm, calculates the check code M' ═ 12552e8715c6f9ee8a2183e8c33eb7f8, identical to the received M; and calculating a check code M2, namely MD5(03|12552e8715c6f9ee8a2183e8c33eb7f8|55a54008ad1ba589aa210d2629c1df41), namely acff8544a74516d28e4bbdc727241024, and sending M2 to the device A.
405. The apparatus a calculates M2' ═ acff8544a74516d28e4bbdc727241024 in the same manner as M2. And generating an ECC public and private key pair, wherein the public key is as follows:
3049301306072a8648ce3d020106082a8648ce3d03010103320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349cdc71f3dda844a2944671f14
the private key is:
305f02010104186284531840613b006faf0764aef2fc22666231b5519ad37fa00a06082a8648ce3d030101a13403320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349cdc71f3dda844a2944671f14
using private key pairs
00|3049301306072a8648ce3d020106082a8648ce3d03010103320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349cdc71f3dda844a2944671f14
The signature is obtained:
3035021900fc4b73226eef4a5bc506cce81db597be9a2c0d94df17f8fd021865944bee18bf68ed1e5dd3a48fbbe747818e2be4277261b0
encryption using a secret key K
00|3049301306072a8648ce3d020106082a8648ce3d03010103320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349cdc71f3dda844a2944671f14|3035021900fc4b73226eef4a5bc506cce81db597be9a2c0d94df17f8fd021865944bee18bf68ed1e5dd3a48fbbe747818e2be4277261b0
Obtaining:
90d46584f35c05ab65cc6cd9e655f4d0b6629e3b9a5505a4f77aa9d45807ece3cd69fe01239a6c7724bf1b5070eafd2747131563b49492a23bf41bebf00211b6b39590be5565fefd5b3905a7272eeed1d77e1ea8eeb9bef545ac4e43d32ffdbea2eb44bbc57c8577b91cb89b7715cd69da98538de93908b0f2a5cc86edf883267486458dbc0686fe3ff584184a4e9cbb
it is sent to device B.
406. Device B decrypts using key K to obtain:
003049301306072a8648ce3d020106082a8648ce3d03010103320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349cdc71f3dda844a2944671f143035021900fc4b73226eef4a5bc506cce81db597be9a2c0d94df17f8fd021865944bee18bf68ed1e5dd3a48fbbe747818e2be4277261b0
after the signature is verified, the device A is identified with 00 and a public key
3049301306072a8648ce3d020106082a8648ce3d03010103320004cf62a2cd76c65ef3af60e4b53408719cf9bfb58da01b9d38842e7de78b0dfc8cf7a7b349c 71f3dda844a2944671f 14. And generating an ECC public and private key pair, wherein the public key is as follows:
3049301306072a8648ce3d020106082a8648ce3d03010103320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c4
the private key is:
305f0201010418fdced95b87ee50d1f79cb4a721623d0c3cc147fee2126f88a00a06082a8648ce3d030101a13403320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c4
using private key pairs
01|3049301306072a8648ce3d020106082a8648ce3d03010103320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c4
The signature is obtained:
303502190089c4f5cb26db9af36a45e796275d6b2bde67e6259cd80bc6021839646d7e7b37123e9197885bf18c148f6f84b503791b19ce
encryption using a secret key K
01|3049301306072a8648ce3d020106082a8648ce3d03010103320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c4|303502190089c4f5cb26db9af36a45e796275d6b2bde67e6259cd80bc6021839646d7e7b37123e9197885bf18c148f6f84b503791b19ce
Obtaining:
142ccc00a0f6fbcb48d0895108312ed6edd030bb875a5aa9804977e624c9be01a342dadf97daa7601a0a8268ff90cfa5ec39a110c3f2cf5203a086c78473f44c9b6344a798f9caa3aba3ec0ef05de6040ccff242f86dd4c59f0e9d830e7501c9c541a8781da4abe778a289b5bfeed493d7b5f2f08816db330ffb0a639fc78a94ca421919d7193c9ed314a450d7b48c40
it is sent to device a.
407. Device a decrypts using key K to yield:
013049301306072a8648ce3d020106082a8648ce3d03010103320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c4303502190089c4f5cb26db9af36a45e796275d6b2bde67e6259cd80bc6021839646d7e7b37123e9197885bf18c148f6f84b503791b19ce
verifying the signature by identifying 01 device B and the public key
3049301306072a8648ce3d020106082a8648ce3d03010103320004c7ae724b1294905cc937e1bfb0c99340a629433475387066a0d81f57af281c961b01f6e2ee7a6183b12bc1d11f7292c 4.
To this end, device a and device B have completed pairing, and the pairing verification process is described below:
in the present embodiment, an ECC P192 curve in the ECDH algorithm is used.
408. Device a generates a temporary public and private key pair, the temporary public key:
3049301306072a8648ce3d020106082a8648ce3d030101033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841
temporary private key:
305f02010104185d86ced608d5141560765157784f05300db7b6da6d1ac982a00a06082a8648ce3d030101a134033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841
temporary public key
3049301306072a8648ce3d020106082a8648ce3d030101033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841
And sent to device B.
409. Device B generates a temporary public-private key pair, the temporary public key:
3049301306072a8648ce3d020106082a8648ce3d03010103320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c
temporary private key:
305f0201010418468e4fbb4118a204a397980dba1450940963327a4ea33622a00a06082a8648ce3d030101a13403320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c
calculating a shared secret S ═
(305f0201010418468e4fbb4118a204a397980dba1450940963327a4ea33622a00a06082a8648ce3d030101a13403320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c)˙
(3049301306072a8648ce3d020106082a8648ce3d030101033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841)=
C05284A68EAE44497D93D6CC2241595A6E156D947CC1F89ED31F96D7495B052ED008B53A017F12B582C8924CDD42A586
Wherein the symbol represents a dot-and-multiply operation in the ECC algorithm;
calculating K-using the MD5 algorithm
MD5(C05284A68EAE44497D93D6CC2241595A6E156D947CC1F89ED31F96D7495B052ED008B53A017F12B582C8924CDD42A586)=
87643663dbb2e3b90ac7e59580668a65;
Calculating the signature Sig ═
Sign(3049301306072a8648ce3d020106082a8648ce3d03010103320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c|01|
3049301306072a8648ce3d020106082a8648ce3d030101033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841)=
303402183032a76a9aba849cc385147fc002fe78eb5198c27c83a6c202180dc4afbab5b652cefac391f0ab59053edf722ab4036c6f25;
Encryption using a secret key K
01
303402183032a76a9aba849cc385147fc002fe78eb5198c27c83a6c202180dc4afbab5b652cefac391f0ab59053edf722ab4036c6f25
Obtaining:
9781763338592ba879a610cda024753b8192f998bbaaf593510682f248871da049f1bb8b1c4fb450fd8a1e54980fc4869fcecc54bf17c2d75bfc280cf74e102a,
it and temporary public key
3049301306072a8648ce3d020106082a8648ce3d03010103320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f 8877 a8877b2fd38c is sent to device A.
410. Device a calculates S ═
(305f02010104185d86ced608d5141560765157784f05300db7b6da6d1ac982a00a06082a8648ce3d030101a134033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841)˙
(3049301306072a8648ce3d020106082a8648ce3d03010103320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c)=
C05284A68EAE44497D93D6CC2241595A6E156D947CC1F89ED31F96D7495B052ED008B53A017F12B582C8924CDD42A586;
Calculating K-using the MD5 algorithm
MD5(C05284A68EAE44497D93D6CC2241595A6E156D947CC1F89ED31F96D7495B052ED008B53A017F12B582C8924CDD42A586)=87643663dbb2e3b90ac7e59580668a65;
Decryption Using secret Key K
9781763338592ba879a610cda024753b8192f998bbaaf593510682f248871da049f1bb8b1c4fb450fd8a1e54980fc4869fcec 54bf17c2d75bfc280 cfc 74e102 a:
01
303402183032a76a9aba849cc385147fc002fe78eb5198c27c83a6c202180dc4afbab5b652cefac391f0ab59053edf722ab4036c6f25, the signature is verified to pass.
Calculating the signature Sig ═
Sign(3049301306072a8648ce3d020106082a8648ce3d030101033200040806482e610d2a1955f3e8b1a7fb64e572497217cf0b64b07a5812533f30991ec1f4f1d5a982a73fcd880ca6ba87b841|00|
3049301306072a8648ce3d020106082a8648ce3d03010103320004cae168ec1b2d17ddb15bcf970cc2bb3461d1014b5bf10e90b400d2c51e6187ddcd2fe4ddd0f852320f77a8877b2fd38c)=
303502190093244003af0a68b5a8382f6392cd47303b35f7adacf1854f02180dac065452db02fb6f74d7ec09cb262a38ad334b46526fd1
Encryption using a secret key K
00
303502190093244003af0a68b5a8382f6392cd47303b35f7adacf1854f02180dac065452db02fb6f74d7ec09cb262a38ad334b46526fd1 gave:
73337415d21502fe5fb6bd403534B7c3bff9ff247eff5B802dfee57e3cf9fc5B23 a4B24f0195ba47B6d18d2765f3d51bb516cb 47B 6e 12eec43ed556c0f, which is sent to device B.
411. Device B decrypts Using Key K
73337415d21502fe5fb6bd403534b7c3bff9ff247eff5b802dfee57e3cf9fc5b23 a4b24f0195ba47b6d18d2765f3d51bb516cb 47b 6e 12eec43ed556c0 f:
00
303502190093244003af0a68B5a8382f6392cd47303B35f7adacf1854f02180dac065452db02fb6f74d7ec09cb262a38ad334B46526fd1, device B shares the key K87643663 dbb2e3B90ac7e59580668a65 with device a to verify that the signature passes.

Claims (20)

1. A communication pairing method is applied to a first device and comprises the following steps:
after sending a pairing request to the second device, receiving a second temporary public key from the second device;
generating a first temporary public key and a first temporary private key, generating a first intermediate value based on a dynamic password input into first equipment, generating a second intermediate value based on the first temporary public key and a second temporary public key, generating a first verification code based on the first intermediate value and the second intermediate value, and sending the first temporary public key and the first verification code to second equipment for first verification;
exchanging a pairing public key with the second device after the first verification passes;
wherein whether the first verification passes is determined by the second device according to a comparison result of a fourth verification code and the first verification code, the fourth verification code is generated based on a fourth intermediate value and a fifth intermediate value, the fourth intermediate value is generated based on the dynamic password, and the fifth intermediate value is generated based on the first temporary public key and the second temporary public key.
2. The method of claim 1, wherein prior to exchanging the pairing public key with the second device, the method further comprises:
receiving a second verification code from the second device and performing a second verification, the second verification comprising: a third verification code is generated based on the first verification code and at least one of the first temporary public key and the second temporary public key, and the third verification code is compared with the second verification code.
3. The method of claim 1,
the generating of the first intermediate value comprises: performing a predetermined operation based on the dynamic password to obtain a first operation value, and taking a predetermined part of the first operation value as a first intermediate value; and/or
The generating of the second intermediate value comprises: and performing a predetermined operation based on the first temporary public key and the second temporary public key to obtain a second operation value, and taking a predetermined part of the second operation value as a second intermediate value.
4. The method of claim 1, wherein the first ephemeral private key is randomly generated and the first ephemeral public key is computed based on the first ephemeral private key.
5. The method of claim 4, wherein the first temporary public key is calculated based on the first temporary private key and based on at least one of an exponentiation and a modulo operation.
6. The method of claim 1, further comprising receiving a first salt value from a second device, wherein the first salt value is also used in generating the first intermediate value, the second intermediate value, and/or the first verification code.
7. The method of claim 1, wherein generating the first verification code based on the first intermediate value and the second intermediate value comprises:
calculating a first key factor based on the first intermediate value and the second intermediate value;
generating a first key according to the first key factor;
a first verification code is generated based on the first key.
8. The method of claim 7, wherein calculating the first key factor based on the first intermediate value and the second intermediate value comprises: a first key factor is calculated based on the first intermediate value and the second intermediate value and according to at least one of an exponentiation and a modulo operation.
9. The method of claim 7 or 8, wherein calculating the first key factor based on the first intermediate value and the second intermediate value comprises: a first key factor is calculated based on the first and second intermediate values and at least one of the first ephemeral public key, the second ephemeral public key, and the first ephemeral private key.
10. The method of claim 7, further comprising receiving a first salt value from a second device, and wherein generating the first verification code based on the first key comprises: a first verification code is generated based on the first key and at least one of the first temporary public key, the second temporary public key, and the first salt.
11. The method of claim 7, wherein generating the first validation code based on the first key comprises: a first verification code is generated based on the first key and the first predetermined value.
12. The method of claim 11, wherein the first predetermined value is calculated using a predetermined algorithm for at least one predetermined factor.
13. The method of claim 11, wherein the first predetermined value is obtained by processing the operation result using the second predetermined algorithm after the operation result is calculated using the first predetermined algorithm for each predetermined factor of the plurality of predetermined factors.
14. The method of claim 7, wherein prior to exchanging the pairing public key with the second device, the method further comprises:
receiving a second verification code from the second device and performing a second verification, the second verification comprising: a third verification code is generated based on the first key and the first verification code, and the third verification code is compared with the second verification code.
15. The method of claim 14, wherein generating a third validation code based on the first key and the first validation code comprises:
a third verification code is generated based on at least one of the first and second temporary public keys and the first and second keys.
16. The method of claim 7, wherein the pairing public key is encrypted with the first key when exchanging the pairing public key with the second device.
17. A communication pairing method is applied to a first device, and is characterized by comprising the following steps:
generating a third temporary public key and a third temporary private key, sending the third temporary public key to the second equipment, and receiving a pairing public key identification ciphertext and a fourth temporary public key from the second equipment;
calculating a second key based on an agreed algorithm and agreed parameters, and obtaining a paired public key identifier and a first check value from the paired public key identifier ciphertext by using the second key, wherein the agreed parameters comprise a third temporary private key and a fourth temporary public key;
performing third verification on the first verification value by using a pairing public key corresponding to a pairing public key identification;
and after the third authentication is passed, performing data communication with the second device by taking the second key as a communication key.
18. The method of claim 17, wherein prior to communicating data with the second device, the method further comprises:
and calculating a second check value for data including the identification of the pairing public key of the first device by using the pairing private key of the first device, encrypting the identification of the pairing public key of the first device and the second check value by using a second key, and sending the encrypted identification and the second check value to the second device for fourth check.
19. The method of claim 18, wherein the data further comprises a third temporary public key and/or a fourth temporary public key.
20. A communication apparatus, as a first device, comprising:
a memory configured to store predetermined computer instructions;
a processor configured to execute the predetermined computer instructions to implement the method of any one of claims 1-19.
CN201910275903.3A 2019-04-08 2019-04-08 Communication pairing method and communication device Active CN110022320B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910275903.3A CN110022320B (en) 2019-04-08 2019-04-08 Communication pairing method and communication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910275903.3A CN110022320B (en) 2019-04-08 2019-04-08 Communication pairing method and communication device

Publications (2)

Publication Number Publication Date
CN110022320A CN110022320A (en) 2019-07-16
CN110022320B true CN110022320B (en) 2020-12-18

Family

ID=67190695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910275903.3A Active CN110022320B (en) 2019-04-08 2019-04-08 Communication pairing method and communication device

Country Status (1)

Country Link
CN (1) CN110022320B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314072B (en) * 2020-02-21 2021-06-22 北京邮电大学 Extensible identity authentication method and system based on SM2 algorithm
CN112187832A (en) * 2020-11-03 2021-01-05 北京指掌易科技有限公司 Data transmission method and electronic equipment
CN112636910B (en) * 2020-12-29 2021-08-24 北京深思数盾科技股份有限公司 Method, device and system for generating and verifying temporary password
CN112529588A (en) * 2020-12-30 2021-03-19 楚天龙股份有限公司 Method and device for preventing hardware wallet from being maliciously paired
CN113032815B (en) * 2021-05-18 2021-08-24 杭州海康威视数字技术股份有限公司 Key combination calculation management method, device and equipment
WO2023212904A1 (en) * 2022-05-06 2023-11-09 Oppo广东移动通信有限公司 Relay communication method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494640A (en) * 2008-01-23 2009-07-29 华为技术有限公司 Method for protecting movable IP routing optimizing signaling, system, node and hometown proxy
CN105590040A (en) * 2014-11-03 2016-05-18 索尼公司 METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT of ENCRYPTED DIGITAL CONTENT

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004048660A (en) * 2002-05-24 2004-02-12 Sony Corp Information processing system and method, information processing apparatus and method, recording medium, and program
KR100930577B1 (en) * 2006-11-13 2009-12-09 한국전자통신연구원 Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher
CN100488099C (en) * 2007-11-08 2009-05-13 西安西电捷通无线网络通信有限公司 Bidirectional access authentication method
EP2128781A1 (en) * 2008-05-27 2009-12-02 Benny Kalbratt Method for authentication
CN101582906B (en) * 2009-06-23 2012-04-18 中国人民解放军信息工程大学 Key agreement method and device
CN102035644B (en) * 2009-09-29 2013-02-27 国基电子(上海)有限公司 Primary key dynamic configuration system and method
US8782491B2 (en) * 2011-08-17 2014-07-15 Cleversafe, Inc. Detecting intentional corruption of data in a dispersed storage network
CN104955040B (en) * 2014-03-27 2019-12-24 西安西电捷通无线网络通信股份有限公司 Network authentication method and equipment
EP2966805A1 (en) * 2014-07-09 2016-01-13 Broadcom Corporation Push button configuration pairing
CN105184553B (en) * 2015-09-06 2019-01-22 宁波大学 Movie theatre method of mobile payment based on near-field communication
CN107786572A (en) * 2017-11-07 2018-03-09 苏州工业园区服务外包职业学院 A kind of verification method of user identity, device and terminal
CN108880783B (en) * 2018-09-06 2021-04-20 成都三零嘉微电子有限公司 Combined attack method aiming at SM4 algorithm
CN109286921B (en) * 2018-09-25 2021-07-02 锐达互动科技股份有限公司 Portable multi-scene teaching identity authentication method
CN109617701A (en) * 2019-01-23 2019-04-12 桂林航天工业学院 Method for using the certification safety in electronic communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494640A (en) * 2008-01-23 2009-07-29 华为技术有限公司 Method for protecting movable IP routing optimizing signaling, system, node and hometown proxy
CN105590040A (en) * 2014-11-03 2016-05-18 索尼公司 METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT of ENCRYPTED DIGITAL CONTENT

Also Published As

Publication number Publication date
CN110022320A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
CN110022320B (en) Communication pairing method and communication device
US8644515B2 (en) Display authenticated security association
Biham et al. Breaking the Bluetooth pairing–the fixed coordinate invalid curve attack
US7814320B2 (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks
JP7389103B2 (en) Method and apparatus for establishing a wireless secure link while maintaining privacy against tracking
Ray et al. Establishment of ECC-based initial secrecy usable for IKE implementation
CN110048849B (en) Multi-layer protection session key negotiation method
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN104270249A (en) Signcryption method from certificateless environment to identity environment
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN103118363A (en) Method, system, terminal device and platform device of secret information transmission
CN115499250B (en) Data encryption method and device
CN107508684A (en) Asymmetric encipher-decipher method and device
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
Niu et al. A novel user authentication scheme with anonymity for wireless communications
CN103401872A (en) Method for preventing and detecting man-in-the-middle attack based on improved RDP (Remote Desktop Protocol)
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
CN101888383B (en) Method for implementing extensible trusted SSH
CN108932425B (en) Offline identity authentication method, authentication system and authentication equipment
CN114070570B (en) Safe communication method of electric power Internet of things
CN113014376B (en) Method for safety authentication between user and server
CN110365482B (en) Data communication method and device
CN113905359A (en) Bluetooth safety communication method, device, equipment and medium for bank peripheral
KR20170087120A (en) Certificateless public key encryption system and receiving terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201028

Address after: Room 124, 1 / F, building 2, yard 9, jiaogezhuang street, Nanfaxin Town, Shunyi District, Beijing

Applicant after: Beijing Wikipedia Technology Co.,Ltd.

Address before: 100193, No. 5, building 5, east 10, East Hospital, No. 510 Wang Dong Road, Beijing, Haidian District

Applicant before: BEIJING SENSE SHUDUN TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant