CN111343634B - Safe connection method and data transmission method between low-power-consumption Bluetooth devices - Google Patents

Safe connection method and data transmission method between low-power-consumption Bluetooth devices Download PDF

Info

Publication number
CN111343634B
CN111343634B CN202010147139.4A CN202010147139A CN111343634B CN 111343634 B CN111343634 B CN 111343634B CN 202010147139 A CN202010147139 A CN 202010147139A CN 111343634 B CN111343634 B CN 111343634B
Authority
CN
China
Prior art keywords
broadcasting
equipment
scanning
data
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010147139.4A
Other languages
Chinese (zh)
Other versions
CN111343634A (en
Inventor
黄双
王文漪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Fengxin Technology Services Co ltd
Original Assignee
Shenzhen Fengxin Technology Services Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Fengxin Technology Services Co ltd filed Critical Shenzhen Fengxin Technology Services Co ltd
Priority to CN202010147139.4A priority Critical patent/CN111343634B/en
Publication of CN111343634A publication Critical patent/CN111343634A/en
Application granted granted Critical
Publication of CN111343634B publication Critical patent/CN111343634B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • H04W48/10Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a safe connection method between low-power-consumption Bluetooth devices, which comprises the following steps: the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts the password and the one-time safe connection secret key to the outside after the basic setting of the broadcasting is completed; scanning the broadcast signal and reading the broadcast content by the scanning equipment, taking out the dynamic authentication password, and restoring the equipment model, the random mask code and the authentication code by specifying an encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. The invention also discloses a data transmission method based on the safe connection method between the low-power-consumption Bluetooth devices. The invention can solve the problems of poor interactive experience of the connection authentication user between the existing Bluetooth devices and easy decryption and tampering of the transmission data.

Description

Safe connection method and data transmission method between low-power-consumption Bluetooth devices
Technical Field
The invention relates to the field of Bluetooth connection and transmission safety among devices, in particular to a safe connection method and a data transmission method among low-power-consumption Bluetooth devices.
Background
Bluetooth communication has the advantages of wide coverage range, high signal strength, high transmission rate and the like, but communication signals of the Bluetooth communication also have the risks of being monitored and data being stolen and the like, so that the Bluetooth communication is difficult to be applied to financial offline scenes (payment, account transfer, bill checking and the like) with extremely high safety requirements. With the continuous improvement and updating of the Bluetooth protocol, the self-contained authentication pairing and encryption and decryption mode improves the safety of communication connection and data transmission to a certain extent and prevents data tampering and man-in-the-middle attack. However, the authentication mode requires that the device to be connected pops up a pairing request, and a user needs to confirm a secret key and start encryption connection in a visual comparison or digital password input mode, so that the interaction experience is poor.
Disclosure of Invention
The invention aims to provide a safe connection method and a data transmission method between low-power-consumption Bluetooth devices, and solves the problems that the interactive experience of the connection authentication user between the existing Bluetooth devices is poor and the transmitted data is easy to decrypt and tamper.
The technical scheme for realizing the purpose is as follows:
a method for secure connection between low-power Bluetooth devices includes:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts the password and the one-time safe connection secret key to the outside after the basic setting of the broadcasting is completed;
s2, scanning the broadcast signal and reading the broadcast content by the scanning equipment, taking out the dynamic authentication password, and restoring the equipment model, the random mask code and the authentication code by a specified encryption and decryption algorithm; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment.
Preferably, the step S1 includes:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted to generate a one-time safe connection secret key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcasting, starts the broadcasting and starts a countdown according to the broadcasting time length;
and S13, when the broadcasting time exceeds the broadcasting duration, the refreshing frequency is broadcasted, and no equipment is connected, the current broadcasting is ended, the broadcasting content is refreshed, and the broadcasting is restarted.
Preferably, the valid timestamp is generated according to the system time and the key valid time interval constraint;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm; the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the one-time safe connection secret key is as follows: generating a secret key according to the model, the effective timestamp, the random mask and the data to be transmitted by a specified encryption and decryption algorithm;
the dynamic authentication password is: the combination of the model of the machine, the random mask code and the verification code;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
Preferably, the step S2 includes:
step S21, scanning signals and reading broadcast contents by scanning equipment, taking out a dynamic authentication password, and restoring the equipment model, the random mask and the authentication code by a specified encryption and decryption algorithm;
s22, the scanning equipment judges the safe connection distance according to the models of the two pieces of equipment and the real-time signal strength RSSI;
step S23, the scanning equipment calls a specified encryption and decryption algorithm, generates a one-time safe connection secret key according to the received broadcast content, and verifies a dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Preferably, the method is characterized by comprising the following steps:
s3, the scanning equipment generates a random seed to be encrypted and then informs the broadcasting equipment, the broadcasting equipment receives the random seed and then verifies and decrypts the random seed, and the two parties use the random seed to generate a communication secret key by calling a specified encryption and decryption algorithm;
s4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication secret key;
and S5, after receiving the ciphertext data, the scanning equipment decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, successfully verifies the verification, completes data transmission, and destroys the communication secret key by the two parties.
Preferably, the step S3 includes:
step S31, generating random seeds by scanning equipment;
step S32, the scanning device encrypts the random seed by using the one-time safe connection secret key and the appointed encryption and decryption algorithm, and informs the broadcasting device;
step S33, the broadcasting equipment receives the signature, and a one-time safe connection secret key and a specified encryption and decryption algorithm are used for obtaining and verifying the signature random seed;
and step S34, the two devices adopt the same random seeds and generate a communication secret key by combining a specified encryption and decryption algorithm.
Preferably, the step S4 includes:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted by using the communication key as a key for data encryption.
Preferably, the dynamic characteristic universal unique identification code is converted into 32-bit characters according to a 16-system, the characters are divided into a plurality of groups of check domains, and check domain codes are determined by actual service scenes and data to be transmitted.
Preferably, the check domain is composed of the appointed part byte information according to any sequence, including but not limited to merchant information, transmission content, identity password, setting information and collection information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check domain is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
Preferably, the step S5 includes:
step S51, the scanning device receives the encrypted data packet, and restores the data content by using the communication secret key and the appointed encryption and decryption algorithm;
step S52, the scanning equipment verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
The invention has the beneficial effects that: the invention defines the authentication and safe connection standard between devices from the configuration and application level of GATT (generic attribute protocol) and GAP (generic access protocol), enhances the user experience and the connection safety, and ensures the confidentiality of the transmission data, and prevents falsification and man-in-the-middle attack by combining an algorithm library and other safe secret mechanisms based on the Bluetooth characteristic and the time algorithm.
Drawings
FIG. 1 is a flow chart of a method for secure connection and data transmission between Bluetooth low energy devices according to the present invention;
FIG. 2 is a detailed flowchart of steps S1-S3 according to the present invention;
FIG. 3 is a detailed flowchart of steps S4-S5 of the present invention.
Detailed Description
The invention will be further explained with reference to the drawings.
Referring to fig. 1, the method for secure connection between bluetooth low energy devices of the present invention includes the following steps:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection secret key, and broadcasts to the outside after the basic setting of the broadcasting is completed. Specifically, as shown in fig. 2, step S1 includes:
step S11, the broadcasting device (also called a server and a peripheral device) generates a one-time secure Connection Secret Key (Connection Secret Key) and a dynamic Authentication password (Authentication Code) by using a specified encryption/decryption algorithm (a built-in encryption/decryption and hash algorithm) according to the local model, the valid timestamp, the random mask, the data to be transmitted, and the like.
The valid timestamp is generated according to the restriction of the system time and the valid time of the secret key, is the valid time of the secret key for one-time secure connection, and after the valid time is exceeded, the broadcast, the scanning and the related security mechanisms need to be reset. The random mask is a random combination of 4-bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm. The data to be transmitted includes, but is not limited to, a signature such as complete transmission content or a designated string segment before and after encryption, or a hash value thereof. The one-time secure Connection Key (Connection Secret Key) is: the method comprises the steps of generating a secret key by the type of the computer, an effective timestamp, a random mask and data to be transmitted according to a specified encryption and decryption algorithm. The dynamic authentication password is: the combination of the local model, the verification code and the random mask.
And S12, the broadcasting equipment completes basic broadcasting setting, starts broadcasting and starts countdown according to the broadcasting time length. The basic broadcast settings include, but are not limited to, broadcast frequency, power consumption level, etc. Broadcast content includes, but is not limited to, broadcast basic settings, dynamic authentication passwords, service numbers, service content, and the like. The broadcast time is the single broadcast refresh frequency built in the system, and in principle, the broadcast time is less than the valid time of the secret key.
And step S13, when the broadcasting time exceeds the broadcasting time, namely the broadcasting refreshing frequency, and no equipment is connected, ending the current broadcasting, refreshing the broadcasting content, and restarting the broadcasting.
S2, scanning signals and reading broadcast contents by scanning equipment, taking out a dynamic identity authentication password, a specified encryption and decryption algorithm, and restoring an equipment model, a random mask and an authentication code; and the signal strength and the identity password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment. Specifically, as shown in fig. 2, step S2 includes:
step S21, the scanning device (otherwise called client and central device) scans the signal and reads the broadcast content, and takes out the dynamic authentication password, and restores the device model, the random mask, and the authentication code.
And S22, the scanning equipment performs safe connection distance verification according to the models of the two pieces of equipment and the real-time Signal Strength indicator (RSSI). Reference is made to the technical contents of patent ZL201810646308.1 in the prior art, and the details are not repeated.
The built-in signal intensity threshold value table defines real-time signal intensity threshold values which are allowed to be connected among different types of equipment when the safety distance among most of the mainstream mobile equipment is fixed (for example, the safety distance is less than or equal to 5 cm), wherein the scanning equipment calls the built-in signal intensity threshold value table to carry out safety distance verification according to the type of the received broadcasting equipment and the type of the scanning equipment, carries out subsequent operation when the specified threshold value is reached, and continues scanning when the specified threshold value is not reached.
And step S23, the scanning equipment generates a one-time safe connection secret key according to the received broadcast content by using a specified encryption and decryption algorithm, and verifies the dynamic authentication password. If the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, the broadcast signal is ignored and scanning is restarted.
And step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
Referring to fig. 1, the data transmission method based on the secure connection method between bluetooth low energy devices of the present invention includes the following steps:
and S3, the scanning equipment generates a random seed to be encrypted and then informs the broadcasting equipment, the broadcasting equipment receives the random seed and then verifies and decrypts the random seed, and the two parties use the random seed to generate a communication secret key through a specified encryption and decryption algorithm. Specifically, as shown in fig. 2, step S3 includes:
in step S31, the scanning device generates a random seed. The random seed is an 8 to 128 bit random string generated according to a built-in algorithm.
Step S32, the scanning device encrypts the random seed (when an asymmetric algorithm is selected, the encrypted content needs to be signed) by using the one-time secure connection key and the specified encryption/decryption algorithm, and informs the broadcasting device.
And step S33, the broadcasting equipment receives the random seed, completes decryption (signature verification is required to be completed first when the asymmetric algorithm is selected) by using the one-time safe connection secret key and the appointed encryption and decryption algorithm, and acquires the random seed.
In step S34, the broadcasting device and the scanning device generate a communication key by using the random seed and the specified encryption and decryption algorithm.
And S4, the broadcasting equipment generates a dynamic Characteristic universal unique identification code (Characteristic UUID), and encrypts and transmits data to be transmitted by using a communication secret key. As shown in fig. 3, step S4 includes:
in step S41, the broadcaster generates a dynamic feature universal unique identifier (charateristic UUID).
The Bluetooth technical alliance defines a Universal Unique Identifier (UUID) as a 128-bit numerical value, but does not define the assignment specification of a Characteristic (charasteristic) in the financial or payment field. Electronic payment is used as an example for convenience of description below, and may include but is not limited to merchant information, transmission content, identity passwords, setup information, payment information, and the like. The check field can be composed of the appointed part of byte information according to any sequence:
the merchant information check field includes, but is not limited to, information such as a merchant name, a merchant number, a cash register address, and the like, or a hash value thereof. The transmission content check field includes, but is not limited to, signatures or hash values such as complete content or specified character string segments before and after encryption. The identity password check field is a designated character string segment in the dynamic identity authentication password. The setting information check field includes, but is not limited to, software parameters, communication parameters, hardware parameters, and the like. The collection information includes, but is not limited to, information such as a collection amount, collection information, order number, and the like, or a hash value.
In step S42, the broadcasting device encrypts and transmits the data to be transmitted by using the communication key as a key for data encryption.
And S5, after receiving the ciphertext data, the scanning equipment decrypts the ciphertext data by using the communication secret key, verifies each verification domain of the dynamic characteristic universal unique identification code through the restored data, successfully verifies the verification, completes data transmission, and destroys the communication secret key by the two parties. As shown in fig. 3, step S5 includes:
in step S51, the scanning device receives the encrypted data packet, and restores the data content using the communication key and the specified encryption/decryption algorithm.
And S52, the scanning equipment verifies the corresponding check domain in the received Universal Unique Identifier (UUID) of the dynamic characteristics according to the restored data content.
After the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
In conclusion, the invention is not only applicable to traditional financial transaction scenarios including but not limited to transfer accounts, electronic payments, ATM user authorized login and the like, but also applicable to innovative financial fields such as digital currency payment settlement and the like and other application fields with higher security requirements. Broadcast information domains and universal unique identification codes of the Bluetooth connecting equipment are verified through a dynamic example and an algorithm library, malicious access or counterfeit equipment is prevented, and connection safety is ensured. Meanwhile, encryption and decryption signature verification is carried out on the transmission data by using the combination of encryption modes such as a symmetric algorithm, an asymmetric algorithm, a Hash algorithm and the like, so that the transmission data safety is guaranteed, and the user experience is optimized.
The above embodiments are provided only for illustrating the present invention and not for limiting the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, and therefore all equivalent technical solutions should also fall within the scope of the present invention, and should be defined by the claims.

Claims (9)

1. A method for secure connection between Bluetooth low energy devices, comprising:
step S1, the broadcasting equipment generates a dynamic authentication password and a one-time safe connection key, and broadcasts the password and the one-time safe connection key to the outside after basic broadcast setting is completed; the one-time secure connection key is: the method comprises the steps that a secret key is generated according to a specified encryption and decryption algorithm by a local model, an effective timestamp, a random mask and data to be transmitted; the dynamic authentication password is: the combination of the model, the random mask code and the verification code of the computer;
s2, scanning the broadcast signal and reading the broadcast content by the scanning equipment, taking out the dynamic authentication password, and restoring the equipment model, the random mask code and the authentication code by a specified encryption and decryption algorithm; and the signal intensity and the dynamic authentication password are verified, and after the verification is completed, the security connection is established with the broadcasting equipment; the method comprises the following steps:
step S21, scanning signals and reading broadcast contents by scanning equipment, taking out a dynamic authentication password, and restoring the equipment model, the random mask and the authentication code by a specified encryption and decryption algorithm;
s22, the scanning equipment judges the safe connection distance according to the models of the two pieces of equipment and the real-time signal strength RSSI;
s23, the scanning equipment calls a specified encryption and decryption algorithm, generates a one-time safe connection key according to the received broadcast content, and verifies a dynamic authentication password; if the verification is passed, initiating a connection request to the broadcasting equipment; if the verification fails, ignoring the broadcast signal and restarting scanning;
and step S24, the broadcasting equipment receives the connection request of the scanning equipment, the two parties establish Bluetooth safety connection, the scanning equipment stops broadcasting, and countdown is started according to the connection effective time.
2. The method for secure connection between bluetooth low energy devices according to claim 1, wherein the step S1 comprises:
step S11, the broadcasting equipment calls a specified encryption and decryption algorithm according to the model of the broadcasting equipment, the effective timestamp, the random mask and the data to be transmitted to generate a one-time safe connection key and a dynamic identity authentication password;
step S12, the broadcasting equipment completes the basic setting of the broadcasting, starts the broadcasting and starts a countdown according to the broadcasting time length;
and S13, when the broadcasting time exceeds the broadcasting duration, the refreshing frequency is broadcasted, and no equipment is connected, the current broadcasting is ended, the broadcasting content is refreshed, and the broadcasting is restarted.
3. The method of claim 2, wherein the valid timestamp is generated according to system time and key valid time interval constraints;
the random mask is a random combination of 4-8 bit letters, numbers and symbols randomly generated by the machine according to a built-in algorithm;
the data to be transmitted includes but is not limited to complete transmission content before and after encryption or signatures such as specified character string segments and the like or hash values thereof;
the verification code is that after the one-time safe connection key is subjected to Hash operation, a 4-6 bit character is taken as verification for use;
broadcast basic settings include, but are not limited to, broadcast frequency, power consumption level;
the broadcast content includes but is not limited to broadcast basic settings, dynamic authentication passwords, service numbers and service content;
the broadcast duration is the single broadcast refresh frequency built in the system.
4. A data transmission method based on the secure connection method between bluetooth low energy devices of claim 1, comprising:
s3, the scanning equipment generates a random seed to be encrypted and then informs the broadcasting equipment, the broadcasting equipment receives the random seed and then verifies and decrypts the random seed, and the random seed and the designated encryption and decryption algorithm are called by the two parties to generate a communication key;
s4, the broadcasting equipment generates a dynamic characteristic universal unique identification code, and encrypts and transmits data to be transmitted by using a communication key;
and S5, after receiving the ciphertext data, the scanning device decrypts the ciphertext data by using the communication key, verifies each verification domain of the dynamic characteristic universal unique identification code by the restored data, successfully verifies the data, completes data transmission, and destroys the communication key by the two parties.
5. The data transmission method according to claim 4, wherein the step S3 comprises:
step S31, generating random seeds by scanning equipment;
step S32, the scanning device encrypts the random seed by using the one-time safe connection key and the appointed encryption and decryption algorithm and informs the broadcasting device;
s33, the broadcasting equipment receives the signature, and acquires and verifies the random seed by using the one-time safe connection key and the appointed encryption and decryption algorithm;
and step S34, the two devices adopt the same random seeds and generate a communication key by combining a specified encryption and decryption algorithm.
6. The data transmission method according to claim 4, wherein the step S4 comprises:
step S41, the broadcasting equipment generates a dynamic characteristic universal unique identification code;
in step S42, the broadcasting device encrypts and transmits the data to be transmitted using the communication key as a key for data encryption.
7. The data transmission method according to claim 6, wherein the dynamic characteristic universal unique identification code is converted into 32-bit characters according to 16 systems, and is divided into a plurality of groups of check domains, and check domain coding is determined by actual service scenes and data to be transmitted.
8. The data transmission method according to claim 7, wherein the check field is composed of the byte information of the designated part thereof in any order, including but not limited to merchant information, transmission content, identity password, setting information, and payment information;
the merchant information check field includes but is not limited to a merchant name, a merchant number, money receiving wallet address information or a hash value thereof;
the transmission content check domain comprises but is not limited to complete content before and after encryption or a designated character string fragment signature or a hash value;
the identity password check field is a designated character string segment or a hash value in the dynamic identity authentication password;
setting information check fields including but not limited to software parameters, communication parameters and hardware parameter information;
the collection information includes, but is not limited to, a collection amount, collection information, order number information, or a hash value.
9. The data transmission method according to claim 4, wherein the step S5 comprises:
s51, the scanning device receives the encrypted data packet and restores the data content by using a communication key and a specified encryption and decryption algorithm;
step S52, the scanning equipment verifies the corresponding check domain in the received dynamic characteristic universal unique identification code according to the restored data content;
after the verification is successful, carrying out subsequent service processing;
if the verification fails, the connection is disconnected, the broadcasting equipment restarts broadcasting, and the scanning equipment restarts scanning;
if the connection valid time is exceeded and the verification or data transmission is not completed, the connection is considered to be abnormal, the connection is disconnected, and the broadcasting and scanning are restarted.
CN202010147139.4A 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices Active CN111343634B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010147139.4A CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010147139.4A CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Publications (2)

Publication Number Publication Date
CN111343634A CN111343634A (en) 2020-06-26
CN111343634B true CN111343634B (en) 2023-01-03

Family

ID=71185894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010147139.4A Active CN111343634B (en) 2020-03-05 2020-03-05 Safe connection method and data transmission method between low-power-consumption Bluetooth devices

Country Status (1)

Country Link
CN (1) CN111343634B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935684A (en) * 2020-07-17 2020-11-13 深圳一卡通新技术有限公司 Bluetooth payment system and method
CN115606212A (en) * 2020-08-12 2023-01-13 Oppo广东移动通信有限公司(Cn) Method and apparatus for device discovery
CN112566126B (en) * 2020-12-02 2022-04-26 支付宝(杭州)信息技术有限公司 Method, device and equipment for connecting equipment
CN112788600B (en) * 2020-12-31 2022-12-27 中国人民银行数字货币研究所 Method and device for realizing authentication and safe connection between Bluetooth devices
CN113766482B (en) * 2021-09-15 2022-10-14 荣耀终端有限公司 Method for searching Bluetooth device, electronic device and storage medium
CN114286290B (en) * 2021-12-08 2023-03-14 广州安凯微电子股份有限公司 BLE broadcast sending and receiving method, device and system
CN114339591B (en) * 2021-12-09 2024-03-08 青岛海信移动通信技术有限公司 Method and related device for positioning based on ultra-wideband chip
CN114254342A (en) * 2021-12-10 2022-03-29 青岛海尔科技有限公司 Communication connection method, system, device, storage medium and processor
CN114423004B (en) * 2021-12-24 2024-03-19 深圳市丰鑫科技服务有限公司 Method for realizing virtual connection and safe transmission between Bluetooth devices based on data chain
CN116614806B (en) * 2023-07-18 2023-10-20 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN117579392B (en) * 2024-01-16 2024-04-16 北京富通亚讯网络信息技术有限公司 Reliable data transmission method, device, equipment and medium based on encryption processing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105631987A (en) * 2015-02-12 2016-06-01 北京神器科技有限公司 Bluetooth access control unlocking method, device and system
CN107833046A (en) * 2017-11-28 2018-03-23 恒宝股份有限公司 A kind of method of mobile payment and its checkout terminal
CN107947931A (en) * 2017-12-29 2018-04-20 北京海泰方圆科技股份有限公司 A kind of method and system of key agreement, bluetooth equipment
CN108737971A (en) * 2018-05-11 2018-11-02 深圳市文鼎创数据科技有限公司 Identity identifying method, equipment and storage medium
CN109639435A (en) * 2018-12-26 2019-04-16 江苏恒宝智能***技术有限公司 It is a kind of based on terminal card to the authentication method and system of APP

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9763063B2 (en) * 2014-10-06 2017-09-12 Derek D. Kumar Secure broadcast beacon communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105631987A (en) * 2015-02-12 2016-06-01 北京神器科技有限公司 Bluetooth access control unlocking method, device and system
CN107833046A (en) * 2017-11-28 2018-03-23 恒宝股份有限公司 A kind of method of mobile payment and its checkout terminal
CN107947931A (en) * 2017-12-29 2018-04-20 北京海泰方圆科技股份有限公司 A kind of method and system of key agreement, bluetooth equipment
CN108737971A (en) * 2018-05-11 2018-11-02 深圳市文鼎创数据科技有限公司 Identity identifying method, equipment and storage medium
CN109639435A (en) * 2018-12-26 2019-04-16 江苏恒宝智能***技术有限公司 It is a kind of based on terminal card to the authentication method and system of APP

Also Published As

Publication number Publication date
CN111343634A (en) 2020-06-26

Similar Documents

Publication Publication Date Title
CN111343634B (en) Safe connection method and data transmission method between low-power-consumption Bluetooth devices
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
US20180331837A1 (en) Secure information transmitting system and method for personal identity authentication
US9117324B2 (en) System and method for binding a smartcard and a smartcard reader
US6073237A (en) Tamper resistant method and apparatus
EP1277301B1 (en) Method for transmitting payment information between a terminal and a third equipement
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
WO2015161699A1 (en) Secure data interaction method and system
CN101631305B (en) Encryption method and system
CN103944736A (en) Data security interactive method
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN103944729A (en) Data security interactive method
CN103366278A (en) Method and system for processing operation request
CN103944728A (en) Data security interactive system
KR100957044B1 (en) Method and system for providing mutual authentication using kerberos
CN103944735A (en) Data security interactive method
CN110138736B (en) Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things
CN112639785A (en) System and method for signaling potential attacks on contactless cards
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
CN116132986A (en) Data transmission method, electronic equipment and storage medium
CN112769783B (en) Data transmission method, cloud server, receiving end and sending end
KR20180029932A (en) Method and apparatus for providing encryption security message
CN201270518Y (en) Safeguard device
CN113592484A (en) Account cubing method, system and device
KR101490638B1 (en) Method of authenticating smart card, server performing the same and system performint the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Huang Shuang

Inventor after: Wang Wenyi

Inventor before: Huang Shuang

Inventor before: Wang Wenyi

Inventor before: Xue Musong

Inventor before: Zhu Zhi

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant