CN113329386A - Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module - Google Patents

Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module Download PDF

Info

Publication number
CN113329386A
CN113329386A CN202110653740.5A CN202110653740A CN113329386A CN 113329386 A CN113329386 A CN 113329386A CN 202110653740 A CN202110653740 A CN 202110653740A CN 113329386 A CN113329386 A CN 113329386A
Authority
CN
China
Prior art keywords
key
pairing
bluetooth
bluetooth module
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110653740.5A
Other languages
Chinese (zh)
Other versions
CN113329386B (en
Inventor
耿震磊
李延
袁艳芳
张磊
杨峰
张彦杰
高志洲
王佩颐
王振林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110653740.5A priority Critical patent/CN113329386B/en
Publication of CN113329386A publication Critical patent/CN113329386A/en
Application granted granted Critical
Publication of CN113329386B publication Critical patent/CN113329386B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of security, and provides a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module. The Bluetooth pairing method supporting identity authentication comprises the following steps of: acquiring an identity of an opposite-end Bluetooth module; generating exchange data according to the acquired identity and the identity of the local end Bluetooth module; generating a negotiation key according to the exchange data; confirming that the negotiation key is successfully authenticated; the negotiation key is used as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; wherein the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on a key exchange protocol of the identity cipher algorithm. The embodiment of the invention improves the safety and the autonomy in the process of pairing the Bluetooth modules.

Description

Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
Technical Field
The invention relates to the technical field of security, in particular to a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module of an integrated controller.
Background
The bluetooth technology is a short-distance Wireless Personal Area Network (WPAN) technology working in a 2.4GHz ISM unlicensed frequency band, is widely applied to various personal intelligent devices at present, and can realize a data exchange function between fixed equipment and mobile equipment.
The application scene of the Bluetooth safety is set as two mutually untrusted Bluetooth devices, under the operation of an operator, the connection can be quickly and simply established, and a connecting channel can prevent man-in-the-middle attack and prevent an air interface message from being intercepted and tampered. The bluetooth security mechanism includes five different security features, pairing, binding, device authentication, encryption, and integrity protection. In the bluetooth protocol stack, the modules strongly related to bluetooth security are the SM (security management) and link layer. The SM is responsible for the process management of pairing, binding and authentication, and generates a series of process keys in the process; and the link layer is responsible for receiving the instruction of the SM and performing encryption and decryption and integrity protection encapsulation operation on data according to the instruction of the SM and the secret key.
The application scene of the Bluetooth safety is set as two mutually untrusted Bluetooth devices, under the operation of an operator, the connection can be quickly and simply established, and a connecting channel can prevent man-in-the-middle attack and prevent an air interface message from being intercepted and tampered. The design scene of the Bluetooth protocol is a personal area wireless network, one operator needs to exist in the pairing mode of the Bluetooth standard, and the two paired devices can be observed, input or touched (out-of-band NFC) simultaneously. The operator needs to select and confirm the pairing according to own judgment and operation. The scene and the corresponding safety mechanism of the operator are relied on, the scene and the safety requirements of the industrial Internet of things are greatly deviated, and the industrial Internet of things terminal is allowed to be connected through the Bluetooth after the Bluetooth of the opposite terminal is confirmed to be a legal terminal.
At present, industrial internet of things terminals have a large amount of near field communication requirements and are very suitable for Bluetooth communication. But the bluetooth protocol cannot completely meet the requirement of the industrial internet of things terminal on the bluetooth access identity authentication.
Disclosure of Invention
The embodiment of the invention aims to provide a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module.
In order to achieve the above object, a first aspect of the present invention provides a bluetooth pairing method supporting identity authentication, where the pairing method is based on a key exchange protocol of an identity-based cryptographic algorithm, and includes:
acquiring an identity of an opposite-end Bluetooth module; generating exchange data according to the acquired identity and the identity of the local end Bluetooth module; generating a negotiation key according to the exchange data; confirming that the negotiation key is successfully authenticated; the negotiation key is used as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; wherein the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on a key exchange protocol of the identity cipher algorithm.
Preferably, the identity is a MAC address.
Preferably, the identification cryptographic algorithm includes: one of an identity encryption algorithm, an identity public key algorithm, and an SM9 algorithm.
Preferably, the key exchange protocol for identifying the cryptographic algorithm is integrated in the secure chip.
Preferably, before acquiring the identity of the peer bluetooth module, the pairing method further includes: and initializing a secret key according to the identity of the local terminal Bluetooth module.
Preferably, the initializing the key according to the identity of the local bluetooth module includes: and a key management server adopting an identification cryptographic algorithm takes the identity of the local-end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip.
Preferably, the confirming that the negotiated key is successfully authenticated comprises: generating a confirmation result according to the step of confirming the negotiation key in the key exchange protocol of the identification cryptographic algorithm; and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated.
Preferably, in the pairing method, data exchange between the home terminal and the opposite terminal is performed by taking a bluetooth link layer between the home terminal bluetooth module and the opposite terminal bluetooth module as a channel.
Preferably, the taking the negotiation key as a pairing key in the process of pairing the local terminal bluetooth module and the opposite terminal bluetooth module includes:
acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module;
if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing;
and if the adopted mode is a safe pairing mode, pairing by taking the negotiation key as the acquired input key.
In a second aspect of the present invention, a secure chip is further provided, where the secure chip is used in cooperation with a bluetooth module, the secure chip includes a key exchange protocol identifying a cryptographic algorithm, and generates a pairing key for pairing the bluetooth module by using the aforementioned bluetooth pairing method supporting identity authentication.
In a third aspect of the present invention, there is also provided a bluetooth module integrated with a controller, in which a key exchange protocol identifying a cryptographic algorithm is integrated, and a pairing key is generated by the aforementioned bluetooth pairing method supporting identity authentication for pairing the bluetooth module.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute the aforementioned bluetooth pairing method supporting identity authentication.
A fifth aspect of the invention provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described bluetooth pairing method supporting identity authentication.
Through above-mentioned technical scheme, have following beneficial effect:
(1) through the fusion of the Bluetooth module and the security chip, the credibility between the security chips is used for ensuring the credibility of both sides of the Bluetooth pairing;
(2) a TK generation mode based on a security chip and a temporary secret key is provided, and identity-based authentication capability is provided for Bluetooth pairing.
(3) The Bluetooth module does not need to manually determine a pairing password, can be automatically paired in a scene without human intervention, and improves the pairing autonomy.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a schematic flowchart illustrating steps of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention;
fig. 2 schematically shows an implementation diagram of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention;
fig. 3 schematically shows a module diagram of a bluetooth pairing apparatus supporting identity authentication according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic flowchart illustrating steps of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention, as shown in fig. 1. A Bluetooth pairing method supporting identity authentication is based on a key exchange protocol of an identification cipher algorithm. In the embodiment, the SM9 in the Identity-Based cryptographic algorithm is taken as an example for explanation, and other algorithms Based on the idea of the Identity-Based cryptographic algorithm, such as algorithms Based on Identity-Based Encryption (Identity-Based Encryption) and Identity Public Key (Identity Public Key), can be considered as equivalent replacements for the SM 9.
Whether part three of the cipher algorithm is identified according to GMT 0044.3-2016SM 9: the key exchange protocol, also GB/T38635.1-2020 information security technology SM9 identifies the second part of the cryptographic algorithm: algorithm it is known that the SM9 key exchange protocol is divided into the following three steps: exchange data is generated, and a negotiation key and a confirmation negotiation key are generated. Therefore, only proper parameters are needed to be set, and the required key can be obtained through a specified algorithm. The pairing method specifically comprises the following steps:
s01, acquiring the identity of the opposite terminal Bluetooth module;
according to the bluetooth protocol flow, the bluetooth modules of two parties to be paired mutually obtain the identity, such as the MAC address, of the bluetooth module of the other party in the connection discovery stage.
S02, generating exchange data according to the obtained identity and the identity of the local terminal Bluetooth module;
here, taking the ID as the MAC address as an example, the local bluetooth module starts the SM9 key exchange protocol flow with the MAC address MAC-a as its ID (ID) and the MAC address MAC-B as its peer ID (ID). The local terminal generates R according to the SM9 key exchange protocol, the self ID and the opposite terminal identification IDAThe opposite end generates R according to the same modeB,RAAnd RBThe SM9 key exchange protocol flow is started as exchange data and then exchanged with each other.
S03, generating a negotiation key according to the exchange data;
the generation of the negotiation key is also based on the SM9 key exchange protocol, and the specific calculation method is performed according to the aforementioned specification, which is not described herein again. The home terminal generates a negotiation key SK according to SM9 key exchange protocolAThe opposite end generates SK in the same wayBWhere SKA=SKBKDF (parameter 1, …, parameter n), where the parameters include the foregoing RA、RBAnd other parameters that are the same at both the home and peer ends.
S04, confirming that the negotiation key is successfully authenticated;
this step is also specified in the SM9 key exchange protocol, where the local end and the peer end each obtain two hash values through two specific hash operations, where one hash value is exchanged with the other hash value, and the exchanged hash value is compared with the hash value that is not exchanged. And when the comparison results of the local terminal and the opposite terminal are equal, the negotiation key is successfully authenticated.
S05, taking the negotiation key as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module;
in the low-power-consumption Bluetooth secure pairing protocol, the low-power-consumption Bluetooth secure pairing protocol is divided into a traditional mode and a secure connection mode. The pairing parties may negotiate a pairing mode according to the mode they support. In the traditional mode, three pairing methods are just work, Passkey Entry and OOB respectively, the three processes need to share one pairing key TK between two Bluetooth pairing parties, and if the two pairing parties have the same pairing key TK, the pairing is successful. The authenticated negotiation key is used as a pairing key TK, and the pairing process of the Bluetooth module is completed. In the secure connection mode, pairing is also performed based on the negotiation key.
Through the implementation mode, the identification cryptographic algorithm (SM9) is adopted, so that safe pairing based on credible identities is realized by both Bluetooth pairing parties, and the problem that unattended industrial Bluetooth equipment is illegally paired is solved. A safety chip is respectively added on both sides of the Bluetooth device, and the Bluetooth chip and the safety chip can adopt 7816, SPI and other protocols to communicate. An SM9 algorithm security key and other parameters are prefabricated inside the security chip, and the security key and the other parameters are issued by an operator of the Bluetooth device to ensure that only devices authorized by the operator of the Bluetooth device can be successfully paired, thereby providing access control capability based on legal identity for Bluetooth pairing.
In an alternative embodiment, the identity is a MAC address. The aforementioned id can be selected from a custom name of the bluetooth module, a name of the device and a communication identifier of the device. The MAC address of the Bluetooth module is used as the identity, so that the Bluetooth system can be simplified.
In an alternative embodiment, the key exchange protocol identifying the cryptographic algorithm is integrated in the secure chip. The key exchange protocol such as SM9 is integrated by adopting the security chip, the existing security chip on the market can be selected, and the processing capability and the storage capability of the security chip are utilized, so that the system integration is improved.
In an embodiment provided by the present invention, before obtaining the identity of the bluetooth module of the opposite end, the pairing method further includes: and initializing a secret key according to the identity of the local terminal Bluetooth module. Here, the key initialization includes: the initialization parameter of the security chip A corresponding to the local terminal Bluetooth module comprises the following steps: encrypting a main public key P, a private key deA and an identity mark MAC-A; similarly, the initialization parameters of the security chip B corresponding to the peer bluetooth module include: the encrypted primary public key P and the encrypted private key deB, whose identities are identified as MAC-B.
In an optional implementation manner, the performing key initialization according to the identity of the local bluetooth module includes: and a key management server adopting an identification cryptographic algorithm takes the identity of the local-end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip. The bluetooth device operator performs identity-based key management and distribution through an identity algorithm (SM9) key management server. And the server initializes the key according to the MAC address of the Bluetooth chip as the identity of the corresponding security chip. The initialized security keys and other parameters are issued by the operator of the bluetooth device to ensure that only devices authorized by the bluetooth device operator can be successfully paired, thereby providing access control capability based on legal identity for bluetooth pairing.
In an embodiment provided by the present invention, the confirming that the negotiation key is successfully authenticated includes: generating a confirmation result according to the step of confirming the negotiation key in the SM9 key exchange protocol; and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated. As previously described, the validation result is based on a comparison of hash values generated by a particular algorithm. And when the comparison results of the hash values are equal, confirming that the negotiation key is successfully authenticated. The way in which the hash value calculation step, the exchange step and the comparison step have been defined in the SM9 key exchange protocol corresponds to the step in which the agreed keys are confirmed, here the confirmation results being equal, is also equal as defined in the SM9 key exchange protocol. And will not be repeated here. The confirmation and authentication of the negotiation key can be realized simply and normatively by the confirmation step defined by the specification.
In an embodiment provided by the present invention, in the pairing method, data exchange between the local terminal and the opposite terminal is performed by using a bluetooth link layer between the local terminal bluetooth module and the opposite terminal bluetooth module as a channel. During the pairing process, the bluetooth module needs to exchange data, and the exchange is performed through a bluetooth link layer. The embodiment also adopts the channels for data exchange, avoids the modification or redefinition of the pairing process, and has the advantage of simple and convenient implementation.
In an embodiment provided by the present invention, taking the negotiation key as a pairing key in a process of pairing the local terminal bluetooth module and the peer terminal bluetooth module includes: acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module; if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing; and if the adopted mode is a safe pairing mode, pairing by taking the negotiation key as the acquired input key. In the traditional mode, three pairing methods are just work, Passkey Entry and OOB respectively, the three processes need to share one pairing key TK between two Bluetooth pairing parties, and if the two pairing parties have the same pairing key TK, the pairing is successful. The authenticated negotiation key is used as a pairing key TK, and the pairing process of the Bluetooth module is completed. In the secure connection mode, there is a password input pairing mode. And (4) pairing the two sides to input ra and rb, wherein the ra and the rb are originally input from a keyboard. The password input pairing mode in the safe connection mode is changed into ra-SKA,rb=SKB
In an embodiment provided by the present invention, a security chip is further provided, where the security chip is used in cooperation with a bluetooth module, the security chip includes a key exchange protocol identifying a cryptographic algorithm, and generates a pairing key for pairing the bluetooth module by using the aforementioned bluetooth pairing method supporting identity authentication. A safety chip is respectively added on both sides of the Bluetooth device, algorithm safety keys such as SM9 and other parameters are preset in the safety chip, and the safety chip and the Bluetooth module can communicate by adopting protocols such as 7816, SPI and the like. And providing a pairing key through the security chip for pairing. The trusted guarantee between the Bluetooth and the Bluetooth can be realized, and the authentication capability based on the identity is provided for Bluetooth pairing.
In an embodiment provided by the present invention, a bluetooth module of an integrated controller, a key exchange protocol identifying a cryptographic algorithm is integrated in the controller, and a pairing key is generated by the aforementioned bluetooth pairing method supporting identity authentication for pairing the bluetooth module. Most of the bluetooth modules on the market at present are SoC bluetooth modules, namely bluetooth modules with MCUs. The bluetooth stack runs on the MCU of the module and the client can easily configure the module through the UART interface with AT commands, which makes the module very easy to use and has great balance, flexibility and integration. Therefore, a key exchange protocol such as SM9 and the aforementioned Bluetooth pairing method supporting identity authentication in the present invention can be written into the MCU of the Bluetooth module, and these SoC Bluetooth modules can pair by adopting the aforementioned Bluetooth pairing method supporting identity authentication, and at the same time, the trusted guarantee between the two is realized, and the authentication capability based on identity is provided for Bluetooth pairing.
Fig. 2 is a schematic diagram illustrating an implementation of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention, as shown in fig. 2. The implementation method comprises the following steps:
(1) the bluetooth device operator performs identity-based key management and distribution through an identity algorithm (SM9) key management server. And the server initializes the key according to the MAC address of the Bluetooth chip as the identity of the corresponding security chip.
(2) The initialization parameters of the secure chip a include: encrypting a main public key P, a private key deA and an identity mark MAC-A; the initialization parameters of the secure chip B include: the encrypted master public key P, the encrypted private key deB and the identity MAC-B.
(3) According to the Bluetooth protocol flow, the two parties can mutually obtain the Bluetooth MAC address of the other party in the connection discovery stage.
(4) Both parties set the SM9 key exchange protocol parameters. The security chip A sets the self identification as MAC-A and sets the opposite identification as MAC-B; the security chip B sets the self identification as MAC-B and sets the other identification as MAC-A.
(5) The security chips of both parties use the bluetooth link layer as a channel, and start the SM9 key exchange process with the parameters set in step 4. If the negotiation authentication fails, the Bluetooth pairing process fails.
(6) If the negotiation is successful, the security chip A sends a key negotiation result SKA to the Bluetooth chip A; and the security chip B sends the key negotiation result SKB to the Bluetooth chip B.
(7) According to the difference of the pairing modes started by the Bluetooth of the two parties, the following step (8) or (8') is selected to be executed
(8) Both bluetooth initiates the traditional pairing mode negotiation. Bluetooth chip A sets up SKA into the tradition and pairs interim secret key TKA, and Bluetooth chip B sets up SKB into the tradition and pairs interim secret key TKB. And performing subsequent pairing process on the Bluetooth A and the Bluetooth B through respective TK values, referring to the standard of Bluetooth SIG BLUETOOTH CORE SPECIFICATION Version 5.1, if the TKA and the TKB are the same, the two parties are successfully paired, and if the TKA and the TKB are different, the pairing is failed.
(8') both parties bluetooth initiate secure connection mode negotiation. The Bluetooth chip A sets SKA as ra in a Passkey Entry mode of a secure connection mode, and the Bluetooth chip B sets SKB as rb paired with the Passkey Entry mode of the secure connection mode. And performing subsequent pairing process on the Bluetooth A and the Bluetooth B through respective ra/rb values, referring to the standard of Bluetooth SIG BLUETOOTH CORE SPECIFICATION Version 5.1, if ra and rb are the same, pairing the two parties successfully, and if ra and rb are different, pairing fails.
Fig. 3 schematically shows a module diagram of a bluetooth pairing apparatus supporting identity authentication according to an embodiment of the present invention, as shown in fig. 3. In this embodiment, there is further provided an identity authentication supporting bluetooth pairing apparatus, including: the identity identification acquisition module is used for acquiring the identity identification of the Bluetooth module at the opposite end; the exchange data generation module is used for generating exchange data according to the acquired identity identifier and the identity identifier of the local terminal Bluetooth module; a negotiation key generation module for generating a negotiation key according to the exchange data; the negotiation key authentication module is used for confirming that the negotiation key is successfully authenticated; the pairing key assignment module is used for taking the negotiation key as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; the function realization of the exchange data generation module, the negotiation key generation module and the negotiation key authentication module is based on the SM9 key exchange protocol.
The specific limitations of each functional module in the bluetooth pairing apparatus supporting identity authentication may refer to the limitations of the above bluetooth pairing method supporting identity authentication, and are not described herein again. The various modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a machine-readable storage medium having instructions stored thereon, which when executed by a processor, cause the processor to be configured to perform the above-described bluetooth pairing method supporting identity authentication is provided.
In one embodiment, a computer program product is provided, which includes a computer program that, when executed by a processor, implements the above-described bluetooth pairing method that supports identity authentication.
Through the embodiment, the TK in the pairing process is generated based on the security chip and the built-in secret key, so that the Bluetooth device is prevented from being illegally accessed by an unauthorized terminal, and the information security of the industrial Internet of things terminal is guaranteed. The matching autonomy provided by it solves at least the problems in the following scenarios: ordinary bluetooth pairs and is applicable to the scene that has operating personnel, and the equipment that pairs relies on operating personnel's subjective will and the selection of operation pairing, is not fit for the terminal scene of industrial thing allies oneself with unmanned on duty. Whether a bluetooth module of an unattended power terminal allows paired connection of bluetooth of an opposite terminal or not should be based on whether bluetooth equipment of the opposite terminal has authorization of a terminal operation and maintenance department or not, rather than operation intention of field personnel.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (12)

1. A Bluetooth pairing method supporting identity authentication, wherein the pairing method is based on a key exchange protocol of an identification cipher algorithm, and comprises:
acquiring an identity of an opposite-end Bluetooth module;
generating exchange data according to the acquired identity and the identity of the local end Bluetooth module;
generating a negotiation key according to the exchange data;
confirming that the negotiation key is successfully authenticated;
the negotiation key is used as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module;
the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on the key exchange protocol of the identification cryptographic algorithm.
2. The pairing method of claim 1, wherein the identification cryptographic algorithm comprises: one of an identity encryption algorithm, an identity public key algorithm, and an SM9 algorithm.
3. The pairing method of claim 1, wherein the identity is a MAC address.
4. Pairing method according to claim 1 or 3, characterized in that the key exchange protocol identifying the cryptographic algorithm is integrated in a secure chip.
5. The pairing method of claim 4, wherein before obtaining the identity of the peer Bluetooth module, the pairing method further comprises:
and initializing a secret key according to the identity of the local terminal Bluetooth module.
6. The pairing method of claim 5, wherein the key initialization according to the identity of the local bluetooth module comprises:
and a key management server adopting an identification cryptographic algorithm takes the identity of the local-end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip.
7. The pairing method of claim 1, wherein the confirming that the negotiated key is successfully authenticated comprises:
generating a confirmation result according to the step of confirming the negotiation key in the key exchange protocol of the identification cryptographic algorithm;
and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated.
8. The matching method of claim 1, wherein data exchange between the local end and the opposite end is performed through a bluetooth link layer between the local end bluetooth module and the opposite end bluetooth module as a channel.
9. The pairing method of claim 1, wherein the step of using the negotiation key as a pairing key in a process of pairing the local bluetooth module and the peer bluetooth module comprises:
acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module;
if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing;
and if the adopted mode is a safe pairing mode, pairing by taking the negotiation key as the acquired input key.
10. A security chip, which is used together with a bluetooth module, wherein the security chip includes a key exchange protocol for identifying a cryptographic algorithm, and generates a pairing key for pairing the bluetooth module by using the bluetooth pairing method supporting identity authentication according to any one of claims 1 to 9.
11. A bluetooth module integrated with a controller, characterized in that the controller is integrated with a key exchange protocol identifying a cryptographic algorithm and generates a pairing key for pairing the bluetooth module by the method of bluetooth pairing supporting identity authentication according to any one of claims 1 to 9.
12. A computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the method of bluetooth pairing supporting identity authentication of any one of claims 1 to 9.
CN202110653740.5A 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module Active CN113329386B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110653740.5A CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110653740.5A CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Publications (2)

Publication Number Publication Date
CN113329386A true CN113329386A (en) 2021-08-31
CN113329386B CN113329386B (en) 2023-03-31

Family

ID=77420476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110653740.5A Active CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Country Status (1)

Country Link
CN (1) CN113329386B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210312029A1 (en) * 2014-05-30 2021-10-07 Apple Inc. Proximity Unlock and Lock Operations for Electronic Devices

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420642A (en) * 2011-12-15 2012-04-18 北京握奇数据***有限公司 Bluetooth device and communication method thereof
US20150147970A1 (en) * 2012-06-20 2015-05-28 Poh Beng Tan Bluetooth pairing system, method, and apparatus
CN105430605A (en) * 2015-12-10 2016-03-23 飞天诚信科技股份有限公司 Bluetooth master and slave devices and method for establishing safety channel between same
CN106851540A (en) * 2017-02-08 2017-06-13 飞天诚信科技股份有限公司 The implementation method and device of a kind of Bluetooth pairing
CN108418845A (en) * 2018-07-13 2018-08-17 上海银基信息安全技术股份有限公司 Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN110635901A (en) * 2019-09-11 2019-12-31 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN112926075A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key generation method, device, equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420642A (en) * 2011-12-15 2012-04-18 北京握奇数据***有限公司 Bluetooth device and communication method thereof
US20150147970A1 (en) * 2012-06-20 2015-05-28 Poh Beng Tan Bluetooth pairing system, method, and apparatus
CN105430605A (en) * 2015-12-10 2016-03-23 飞天诚信科技股份有限公司 Bluetooth master and slave devices and method for establishing safety channel between same
CN106851540A (en) * 2017-02-08 2017-06-13 飞天诚信科技股份有限公司 The implementation method and device of a kind of Bluetooth pairing
CN108418845A (en) * 2018-07-13 2018-08-17 上海银基信息安全技术股份有限公司 Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN110635901A (en) * 2019-09-11 2019-12-31 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN112926075A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key generation method, device, equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
国家密码管理局: "SM9标识密码算法 第3部分:密钥交换协议", 《中华人民共和国密码行业标准GM/T0044.3-2016》 *
国家市场监督管理总局等: "信息安全技术 SM9标识密码算法 第2部分:算法", 《中华人民共和国国家标准GB/T38635.2-2020》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210312029A1 (en) * 2014-05-30 2021-10-07 Apple Inc. Proximity Unlock and Lock Operations for Electronic Devices
US11741210B2 (en) * 2014-05-30 2023-08-29 Apple Inc. Proximity unlock and lock operations for electronic devices

Also Published As

Publication number Publication date
CN113329386B (en) 2023-03-31

Similar Documents

Publication Publication Date Title
EP3530020B1 (en) Configurator key package for device provisioning protocol (dpp)
EP1929745B1 (en) Method for secure device discovery and introduction
CN105684344B (en) A kind of cipher key configuration method and apparatus
US20180109418A1 (en) Device provisioning protocol (dpp) using assisted bootstrapping
US8572387B2 (en) Authentication of a peer in a peer-to-peer network
TWI479872B (en) Method for distributed identification, a station in a network
EP3065334A1 (en) Key configuration method, system and apparatus
CN109075968A (en) Method and apparatus for safety equipment certification
US20070055877A1 (en) Security in a communication network
WO2019041802A1 (en) Discovery method and apparatus based on service-oriented architecture
US20050210251A1 (en) Linked authentication protocols
CN109075973B (en) Method for carrying out unified authentication on network and service by using ID-based cryptography
HU223924B1 (en) Method and system for initializing secure communications between a first and a second devices
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN112602290B (en) Identity authentication method and device and readable storage medium
JP2022513134A (en) Ensuring secure attachments in size-limited authentication protocols
CN111866881A (en) Wireless local area network authentication method and wireless local area network connection method
CN114079915A (en) Method, system and device for determining user plane security algorithm
CN113329386B (en) Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
WO2018115221A1 (en) Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server
WO2020140929A1 (en) Key generation method, ue, and network device
EP4044553A1 (en) Method and device to provide a security level for communication
CN114553426B (en) Signature verification method, key management platform, security terminal and electronic equipment
WO2004098145A1 (en) Security in a communications network
KR101785382B1 (en) Method for authenticating client, operation method of client, server enabling the method, and communication software enabling the operation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant