CN113329386B - Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module - Google Patents

Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module Download PDF

Info

Publication number
CN113329386B
CN113329386B CN202110653740.5A CN202110653740A CN113329386B CN 113329386 B CN113329386 B CN 113329386B CN 202110653740 A CN202110653740 A CN 202110653740A CN 113329386 B CN113329386 B CN 113329386B
Authority
CN
China
Prior art keywords
key
pairing
bluetooth
identity
bluetooth module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110653740.5A
Other languages
Chinese (zh)
Other versions
CN113329386A (en
Inventor
耿震磊
李延
袁艳芳
张磊
杨峰
张彦杰
高志洲
王佩颐
王振林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110653740.5A priority Critical patent/CN113329386B/en
Publication of CN113329386A publication Critical patent/CN113329386A/en
Application granted granted Critical
Publication of CN113329386B publication Critical patent/CN113329386B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of security, and provides a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module. The Bluetooth pairing method supporting identity authentication comprises the following steps of: acquiring an identity of an opposite-end Bluetooth module; generating exchange data according to the acquired identity and the identity of the local end Bluetooth module; generating a negotiation key according to the exchange data; confirming that the negotiation key is successfully authenticated; the negotiation key is used as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; wherein the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on a key exchange protocol of the identity cipher algorithm. The embodiment of the invention improves the safety and the autonomy in the process of pairing the Bluetooth modules.

Description

Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
Technical Field
The invention relates to the technical field of security, in particular to a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module of an integrated controller.
Background
The bluetooth technology is a short-distance Wireless Personal Area Network (WPAN) technology working in a 2.4GHz ISM unlicensed frequency band, is widely applied to various personal intelligent devices at present, and can realize a data exchange function between fixed equipment and mobile equipment.
The application scene of the Bluetooth safety is set as two mutually untrusted Bluetooth devices, under the operation of an operator, the connection can be quickly and simply established, and a connecting channel can prevent man-in-the-middle attack and prevent an air interface message from being intercepted and tampered. The bluetooth security mechanism includes five different security features, pairing, binding, device authentication, encryption, and integrity protection. In the bluetooth protocol stack, the modules strongly related to bluetooth security are the SM (security management) and link layer. The SM is responsible for the process management of pairing, binding and authentication, and generates a series of process keys in the process; and the link layer is responsible for receiving the instruction of the SM and performing encryption and decryption and integrity protection encapsulation operation on data according to the instruction of the SM and the secret key.
The application scene of Bluetooth safety is set as two Bluetooth devices which are not trusted with each other, under the operation of an operator, connection can be established quickly and simply, and a connection channel can prevent man-in-the-middle attack and prevent an empty port message from being eavesdropped and tampered. The design scene of the Bluetooth protocol is a personal area wireless network, one operator needs to exist in the pairing mode of the Bluetooth standard, and the two paired devices can be observed, input or touched (out-of-band NFC) simultaneously. The operator needs to select and confirm the pairing according to own judgment and operation. The scene and the corresponding safety mechanism of the operator are relied on, the scene and the safety requirements of the industrial Internet of things are greatly deviated, and the industrial Internet of things terminal is allowed to be connected through the Bluetooth after the Bluetooth of the opposite terminal is confirmed to be a legal terminal.
At present, industrial internet of things terminals have a large amount of near field communication requirements and are very suitable for Bluetooth communication. But the bluetooth protocol cannot completely meet the requirement of the industrial internet of things terminal on the bluetooth access identity authentication.
Disclosure of Invention
The embodiment of the invention aims to provide a Bluetooth pairing method supporting identity authentication, a security chip and a Bluetooth module.
In order to achieve the above object, a first aspect of the present invention provides a bluetooth pairing method supporting identity authentication, where the pairing method is based on a key exchange protocol of an identity-based cryptographic algorithm, and includes:
acquiring an identity of an opposite-end Bluetooth module; generating exchange data according to the acquired identity and the identity of the local end Bluetooth module; generating a negotiation key according to the exchange data; confirming that the negotiation key is successfully authenticated; the negotiation key is used as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; wherein the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on a key exchange protocol of the identity cipher algorithm.
Preferably, the identity is a MAC address.
Preferably, the identification cryptographic algorithm includes: one of an identity encryption algorithm, an identity public key algorithm, and an SM9 algorithm.
Preferably, the key exchange protocol for identifying the cryptographic algorithm is integrated in the secure chip.
Preferably, before acquiring the identity of the bluetooth module of the peer end, the pairing method further includes: and initializing a secret key according to the identity of the local terminal Bluetooth module.
Preferably, the initializing the key according to the identity of the local bluetooth module includes: and a key management server adopting an identification cryptographic algorithm takes the identity of the local end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip.
Preferably, the confirming that the negotiated key is successfully authenticated comprises: generating a confirmation result according to the step of confirming the negotiation key in the key exchange protocol of the identification cryptographic algorithm; and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated.
Preferably, in the pairing method, data exchange between the home terminal and the opposite terminal is performed by taking a bluetooth link layer between the home terminal bluetooth module and the opposite terminal bluetooth module as a channel.
Preferably, the taking the negotiation key as a pairing key in a process of pairing the local terminal bluetooth module and the opposite terminal bluetooth module includes:
acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module;
if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing;
and if the adopted mode is a safe pairing mode, taking the negotiation key as the acquired input key for pairing.
In a second aspect of the present invention, a security chip is further provided, where the security chip is used in cooperation with a bluetooth module, the security chip includes a key exchange protocol identifying a cryptographic algorithm, and a pairing key is generated by the aforementioned bluetooth pairing method supporting identity authentication for pairing the bluetooth module.
In a third aspect of the present invention, there is also provided a bluetooth module integrated with a controller, in which a key exchange protocol identifying a cryptographic algorithm is integrated, and a pairing key is generated by the aforementioned bluetooth pairing method supporting identity authentication for pairing the bluetooth module.
A fourth aspect of the present invention provides a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute the aforementioned bluetooth pairing method supporting identity authentication.
A fifth aspect of the invention provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described bluetooth pairing method supporting identity authentication.
Through above-mentioned technical scheme, have following beneficial effect:
(1) Through the fusion of the Bluetooth module and the security chip, the credibility between the security chips is used for ensuring the credibility of both sides of the Bluetooth pairing;
(2) A TK generation mode based on a security chip and a temporary secret key is provided, and identity-based authentication capability is provided for Bluetooth pairing.
(3) The Bluetooth module does not need to manually determine a pairing password, can be automatically paired in a scene without human intervention, and improves the pairing autonomy.
Additional features and advantages of embodiments of the present invention will be described in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a schematic flowchart illustrating steps of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention;
fig. 2 schematically shows an implementation diagram of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention;
fig. 3 schematically shows a module diagram of a bluetooth pairing apparatus supporting identity authentication according to an embodiment of the present invention.
Detailed Description
The following describes in detail embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic flowchart illustrating steps of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention, as shown in fig. 1. A Bluetooth pairing method supporting identity authentication is based on a key exchange protocol of an identification cipher algorithm. In the embodiment, the SM9 in the identified cryptographic algorithm is taken as an example for explanation, and other algorithms Based on the idea of the identified cryptographic algorithm, for example, algorithms Based on Identity-Based Encryption (Identity-Based Encryption) and Identity Public Key (Identity Public Key) can be regarded as equivalent replacements for the SM 9.
Whether part three of the cipher algorithm is identified according to GMT 0044.3-2016SM 9: the key exchange protocol, also GB/T38635.1-2020 information security technology SM9 identifies the second part of the cryptographic algorithm: algorithm it can be seen that the SM9 key exchange protocol is divided into the following three steps: exchange data is generated, and a negotiation key and a confirmation negotiation key are generated. Therefore, only proper parameters are needed to be set, and the required key can be obtained through a specified algorithm. The pairing method specifically comprises the following steps:
s01, acquiring an identity of an opposite-end Bluetooth module;
according to the bluetooth protocol flow, the bluetooth modules of two parties to be paired mutually obtain the identity, such as the MAC address, of the bluetooth module of the other party in the connection discovery stage.
S02, generating exchange data according to the acquired identity and the identity of the local Bluetooth module;
here, taking the ID as the MAC address as an example, the local bluetooth module starts the SM9 key exchange protocol flow with the MAC address MAC-se:Sub>A as its ID (ID) and the MAC address MAC-B as its peer ID (ID). The home terminal generates R according to the SM9 key exchange protocol, the self ID and the opposite terminal identification ID A The opposite end generates R according to the same mode B ,R A And R B The SM9 key exchange protocol flow is started as exchange data and then exchanged with each other.
S03, generating a negotiation key according to the exchange data;
the generation of the negotiation key is also based on the SM9 key exchange protocol, and the specific calculation method is performed according to the aforementioned specification, which is not described herein again. The home terminal generates a negotiation key SK according to SM9 key exchange protocol A The opposite end generates SK in the same way B Where SK A =SK B = KDF (parameter 1, \8230;, parameter n), where the parameters include the aforementioned R A 、R B And other parameters that are the same at the home and peer ends.
S04, confirming that the negotiation key is successfully authenticated;
the step is also specified in the SM9 key exchange protocol, the local terminal and the opposite terminal respectively obtain two hash values through specific two hash operations, one hash value is exchanged with the other hash value, and the exchanged hash value is compared with the hash value which is not exchanged. And when the comparison results of the local terminal and the opposite terminal are equal, the negotiation key is successfully authenticated.
S05, taking the negotiation key as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module;
in the low-power-consumption Bluetooth secure pairing protocol, the low-power-consumption Bluetooth secure pairing protocol is divided into a traditional mode and a secure connection mode. The pairing parties may negotiate a pairing mode according to the mode they support. In the traditional mode, three pairing methods are just work, passkey Entry and OOB respectively, the three processes need to share one pairing key TK between two Bluetooth pairing parties, and if the two pairing parties have the same pairing key TK, the pairing is successful. The authenticated negotiation key is used as a pairing key TK, and the pairing process of the Bluetooth module is completed. In the secure connection mode, pairing is also performed based on the negotiation key.
Through the implementation mode, the safe pairing based on the credible identity is realized by both Bluetooth pairing parties by adopting the identification cryptographic algorithm (SM 9), and the problem that unattended industrial Bluetooth equipment is illegally paired is solved. A safety chip is respectively added on both sides of the Bluetooth device, and the Bluetooth chip and the safety chip can adopt 7816, SPI and other protocols to communicate. The security chip is internally prefabricated with SM9 algorithm security keys and other parameters, and the security keys and the other parameters are issued by an operator of the Bluetooth device to ensure that only devices authorized by the operator of the Bluetooth device can be successfully paired, thereby providing access control capability based on legal identity for Bluetooth pairing.
In an alternative embodiment, the identity is a MAC address. The aforementioned id can be selected from a custom name of the bluetooth module, a name of the device and a communication identifier of the device. The MAC address of the Bluetooth module is used as the identity, so that the Bluetooth system can be simplified.
In an alternative embodiment, the key exchange protocol identifying the cryptographic algorithm is integrated in the secure chip. The security chip is adopted to integrate a key exchange protocol such as SM9, the existing security chip on the market can be selected, and the processing capability and the storage capability of the security chip are utilized, so that the system integration is improved.
In an embodiment provided by the present invention, before obtaining the identity of the bluetooth module of the opposite end, the pairing method further includes: and initializing a secret key according to the identity of the local terminal Bluetooth module. Here, the key initialization includes: the initialization parameter of the security chip A corresponding to the local terminal Bluetooth module comprises the following steps: encrypting se:Sub>A main public key P, se:Sub>A private key deA and an identity mark MAC-A; similarly, the initialization parameters of the security chip B corresponding to the peer bluetooth module include: the encrypted master public key P and the encrypted private key deB have the identity of MAC-B.
In an optional implementation manner, the performing key initialization according to the identity of the local bluetooth module includes: and a key management server adopting an identification cryptographic algorithm takes the identity of the local end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip. The bluetooth device operator performs identity-based key management and distribution through an identity algorithm (SM 9) key management server. And the server initializes the key by taking the MAC address of the Bluetooth chip as the identity of the corresponding security chip. The initialized security keys and other parameters are issued by the operator of the bluetooth device to ensure that only devices authorized by the operator of the bluetooth device can be successfully paired, thereby providing access control capabilities based on legitimate identities for bluetooth pairing.
In an embodiment provided by the present invention, the confirming that the negotiated key is successfully authenticated includes: generating a confirmation result according to the step of confirming the negotiation key in the SM9 key exchange protocol; and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated. As previously described, the validation result is based on a comparison of hash values generated by a particular algorithm. And when the comparison results of the hash values are equal, confirming that the negotiation key is successfully authenticated. The way in which the hash value calculation step, the exchange step and the comparison step have been defined in the SM9 key exchange protocol corresponds to the step in which the negotiated key is confirmed, here the confirmation results being equal, is also equal according to what is defined in the SM9 key exchange protocol. And will not be repeated here. The confirmation and authentication of the negotiation key can be realized simply and normatively by the confirmation step defined by the specification.
In an embodiment provided by the present invention, in the pairing method, data exchange between the local terminal and the opposite terminal is performed through a bluetooth link layer between the local terminal bluetooth module and the opposite terminal bluetooth module as a channel. During the pairing process, the bluetooth module needs to exchange data, and the exchange is performed through a bluetooth link layer. The embodiment also adopts the channels for data exchange, avoids the modification or redefinition of the pairing process, and has the advantage of simple and convenient implementation.
In an embodiment provided by the present invention, taking the negotiation key as a pairing key in a process of pairing the local terminal bluetooth module and the peer terminal bluetooth module includes: acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module; if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing; and if the adopted mode is a safe pairing mode, taking the negotiation key as the acquired input key for pairing. In the traditional mode, three pairing methods are just work, passkey Entry and OOB respectively, the three processes need to share one pairing key TK between two Bluetooth pairing parties, and if the two pairing parties have the same pairing key TK, the pairing is successful. The authenticated negotiation key is used as a pairing key TK, and the pairing process of the Bluetooth module is completed. In the secure connection mode, there is a password input pairing mode. And (4) pairing the two sides to input ra and rb, wherein the ra and the rb are originally input from a keyboard. The password input pairing mode of the scheme in the secure connection mode is changed into ra = SK A ,rb=SK B
In an embodiment provided by the present invention, a security chip is further provided, where the security chip is used in cooperation with a bluetooth module, the security chip includes a key exchange protocol identifying a cryptographic algorithm, and generates a pairing key for pairing the bluetooth module by using the aforementioned bluetooth pairing method supporting identity authentication. A safety chip is respectively added on both sides of the Bluetooth device, algorithm safety keys such as SM9 and other parameters are prefabricated in the safety chip, and the safety chip and the Bluetooth module can adopt 7816, SPI and other protocols for communication. And providing a pairing key through the security chip for pairing. The trusted guarantee between the Bluetooth and the Bluetooth can be realized, and the authentication capability based on the identity is provided for Bluetooth pairing.
In an embodiment provided by the present invention, a bluetooth module of an integrated controller, a key exchange protocol identifying a cryptographic algorithm is integrated in the controller, and a pairing key is generated by the aforementioned bluetooth pairing method supporting identity authentication for pairing the bluetooth module. Most of the bluetooth modules on the market at present are SoC bluetooth modules, namely bluetooth modules with MCUs. The bluetooth stack runs on the MCU of the module and the client can easily configure the module via the UART interface with AT commands, which makes the module very easy to use and has great balance, flexibility and integration. Therefore, a key exchange protocol such as SM9 and the Bluetooth pairing method supporting the identity authentication can be written into the MCU of the Bluetooth module, and the SoC Bluetooth modules can be paired by adopting the Bluetooth pairing method supporting the identity authentication, and meanwhile, the credibility guarantee between the SoC Bluetooth modules and the Bluetooth module is realized, and the authentication capability based on identity is provided for Bluetooth pairing.
Fig. 2 schematically shows an implementation schematic diagram of a bluetooth pairing method supporting identity authentication according to an embodiment of the present invention, as shown in fig. 2. The implementation method comprises the following steps:
(1) The bluetooth device operator performs identity-based key management and distribution through an identity algorithm (SM 9) key management server. And the server initializes the key according to the MAC address of the Bluetooth chip as the identity of the corresponding security chip.
(2) The initialization parameters of the secure chip a include: encrypting se:Sub>A main public key P, se:Sub>A private key deA and an identity mark MAC-A; the initialization parameters of the secure chip B include: the master public key P is encrypted, the private key deB and the identification MAC-B are encrypted.
(3) According to the Bluetooth protocol flow, the two parties can mutually obtain the Bluetooth MAC address of the other party in the connection discovery stage.
(4) Both parties set the SM9 key exchange protocol parameters. The security chip A sets the self identification as MAC-A and sets the identification of the other side as MAC-B; the security chip B sets the self identification as MAC-B and sets the identification of the other side as MAC-A.
(5) And the security chips of the two parties use the Bluetooth link layer as a channel and start the SM9 key exchange process by the parameter set in the step 4. If the negotiation authentication fails, the Bluetooth pairing process fails.
(6) If the negotiation is successful, the security chip A sends a key negotiation result SKA to the Bluetooth chip A; and the security chip B sends the key negotiation result SKB to the Bluetooth chip B.
(7) According to the difference of the pairing modes started by the Bluetooth of the two parties, the following step (8) or (8') is selected to be executed
(8) Both parties bluetooth initiate a conventional pairing mode negotiation. The Bluetooth chip A sets the SKA into the traditional temporary key TKA for pairing, and the Bluetooth chip B sets the SKB into the traditional temporary key TKB for pairing. And performing subsequent pairing process on the Bluetooth A and the Bluetooth B through respective TK values, referring to the standard of Bluetooth SIG BLUETOOTH CORE SPECIFICATION Version 5.1, if the TKA and the TKB are the same, the two parties are successfully paired, and if the TKA and the TKB are different, the pairing is failed.
(8') both parties bluetooth initiate secure connection mode negotiation. The Bluetooth chip A sets SKA as ra in a Passkey Entry mode of a secure connection mode, and the Bluetooth chip B sets SKB as rb paired with the Passkey Entry mode of the secure connection mode. And performing subsequent pairing process on the Bluetooth A and the Bluetooth B through respective ra/rb values, referring to the standard of Bluetooth SIG BLUETOOTH CORE SPECIFICATION Version 5.1, if ra and rb are the same, pairing the two parties successfully, and if ra and rb are different, pairing fails.
Fig. 3 schematically shows a module diagram of a bluetooth pairing apparatus supporting identity authentication according to an embodiment of the present invention, as shown in fig. 3. In this embodiment, there is further provided an identity authentication supporting bluetooth pairing apparatus, including: the identity acquisition module is used for acquiring the identity of the Bluetooth module at the opposite end; the exchange data generation module is used for generating exchange data according to the acquired identity identifier and the identity identifier of the local terminal Bluetooth module; a negotiation key generation module for generating a negotiation key according to the exchange data; the negotiation key authentication module is used for confirming that the negotiation key is successfully authenticated; the pairing key assignment module is used for taking the negotiation key as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module; the function realization of the exchange data generation module, the negotiation key generation module and the negotiation key authentication module is all based on SM9 key exchange protocol.
The specific limitations of each functional module in the bluetooth pairing apparatus supporting identity authentication may refer to the limitations of the above bluetooth pairing method supporting identity authentication, and are not described herein again. The various modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a machine-readable storage medium having instructions stored thereon, which when executed by a processor, cause the processor to be configured to perform the above-described bluetooth pairing method supporting identity authentication is provided.
In one embodiment, a computer program product is provided, which includes a computer program that, when executed by a processor, implements the above-described bluetooth pairing method that supports identity authentication.
Through the embodiment, the TK in the pairing process is generated based on the security chip and the built-in secret key, so that the Bluetooth device is prevented from being illegally accessed by an unauthorized terminal, and the information security of the industrial Internet of things terminal is guaranteed. The matching autonomy provided by the method at least solves the problems in the following scenes: ordinary bluetooth pairs and is applicable to the scene that has operating personnel, and the equipment that pairs relies on operating personnel's subjective will and the selection of operation pairing, is not fit for the terminal scene of industrial thing allies oneself with unmanned on duty. Whether a bluetooth module of an unattended power terminal allows paired connection with bluetooth of an opposite terminal or not should be based on whether bluetooth equipment of the opposite terminal has authorization of a terminal operation and maintenance department or not, rather than operation will of field personnel.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims (11)

1. A Bluetooth pairing method supporting identity authentication, wherein the pairing method is based on a key exchange protocol of an identification cipher algorithm, and comprises:
acquiring an identity of an opposite-end Bluetooth module;
generating exchange data according to the acquired identity and the identity of the local terminal Bluetooth module;
generating a negotiation key according to the exchange data;
confirming that the negotiation key is successfully authenticated;
the step of using the negotiation key as a pairing key in the process of pairing the local terminal Bluetooth module and the opposite terminal Bluetooth module comprises the following steps: acquiring a mode adopted in the pairing process of the local terminal Bluetooth module and the opposite terminal Bluetooth module; if the adopted mode is the traditional pairing mode, the negotiation key is used as a temporary key for pairing; if the adopted mode is a safe pairing mode, taking the negotiation key as the acquired input key for pairing;
the steps of generating exchange data, generating a negotiation key and authenticating the negotiation key are all based on the key exchange protocol of the identification cryptographic algorithm.
2. The pairing method of claim 1, wherein the identification cryptographic algorithm comprises: one of an identity encryption algorithm, an identity public key algorithm, and an SM9 algorithm.
3. The pairing method of claim 1, wherein the identity is a MAC address.
4. Pairing method according to claim 1 or 3, characterized in that the key exchange protocol identifying the cryptographic algorithm is integrated in a secure chip.
5. The pairing method of claim 4, wherein before obtaining the identity of the peer Bluetooth module, the pairing method further comprises:
and initializing a secret key according to the identity of the local terminal Bluetooth module.
6. The pairing method of claim 5, wherein the key initialization according to the identity of the local bluetooth module comprises:
and a key management server adopting an identification cryptographic algorithm takes the identity of the local end Bluetooth module as the identity of a corresponding security chip, and performs key initialization on the security chip.
7. The pairing method according to claim 1, wherein the confirming that the agreement key is successfully authenticated comprises:
generating a confirmation result according to the step of confirming the negotiation key in the key exchange protocol of the identification cryptographic algorithm;
and if the confirmation result is equal, confirming that the negotiation key is successfully authenticated.
8. The matching method of claim 1, wherein data exchange between the local end and the opposite end is performed through a bluetooth link layer between the local end bluetooth module and the opposite end bluetooth module as a channel.
9. A bluetooth module integrated with a controller, wherein the controller is integrated with a key exchange protocol identifying a cryptographic algorithm, and comprises a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the bluetooth pairing method supporting identity authentication according to any one of claims 1 to 8 to generate a pairing key for pairing the bluetooth module.
10. The controller-integrated bluetooth module according to claim 9, wherein the controller is a security chip.
11. A computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the method of bluetooth pairing supporting identity authentication of any one of claims 1 to 8.
CN202110653740.5A 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module Active CN113329386B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110653740.5A CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110653740.5A CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Publications (2)

Publication Number Publication Date
CN113329386A CN113329386A (en) 2021-08-31
CN113329386B true CN113329386B (en) 2023-03-31

Family

ID=77420476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110653740.5A Active CN113329386B (en) 2021-06-11 2021-06-11 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Country Status (1)

Country Link
CN (1) CN113329386B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10055567B2 (en) * 2014-05-30 2018-08-21 Apple Inc. Proximity unlock and lock operations for electronic devices

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418845A (en) * 2018-07-13 2018-08-17 上海银基信息安全技术股份有限公司 Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN112926075A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key generation method, device, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420642B (en) * 2011-12-15 2014-04-23 北京握奇数据***有限公司 Bluetooth device and communication method thereof
US9609677B2 (en) * 2012-06-20 2017-03-28 Certis Cisco Security Pte Ltd Bluetooth pairing system, method, and apparatus
CN105430605B (en) * 2015-12-10 2018-09-25 飞天诚信科技股份有限公司 A kind of method that bluetooth master-slave equipment and the two establish escape way
CN106851540B (en) * 2017-02-08 2019-11-15 飞天诚信科技股份有限公司 A kind of implementation method and device of Bluetooth pairing
CN110635901B (en) * 2019-09-11 2023-01-17 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418845A (en) * 2018-07-13 2018-08-17 上海银基信息安全技术股份有限公司 Bluetooth pairing code matches Preparation Method, system, terminal, server and mobile unit
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN112926075A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key generation method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113329386A (en) 2021-08-31

Similar Documents

Publication Publication Date Title
EP3530020B1 (en) Configurator key package for device provisioning protocol (dpp)
US10951423B2 (en) System and method for distribution of identity based key material and certificate
EP1929745B1 (en) Method for secure device discovery and introduction
CN105530238B (en) Computer-implemented system and method for secure session establishment and encrypted exchange of data
US7707412B2 (en) Linked authentication protocols
US8572387B2 (en) Authentication of a peer in a peer-to-peer network
TWI479872B (en) Method for distributed identification, a station in a network
KR20160078475A (en) Key configuration method, system and apparatus
CN109075968A (en) Method and apparatus for safety equipment certification
CN109075973B (en) Method for carrying out unified authentication on network and service by using ID-based cryptography
WO2019041802A1 (en) Discovery method and apparatus based on service-oriented architecture
CN101459506A (en) Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
HU223924B1 (en) Method and system for initializing secure communications between a first and a second devices
CN111866881A (en) Wireless local area network authentication method and wireless local area network connection method
JP2022513134A (en) Ensuring secure attachments in size-limited authentication protocols
CN113329386B (en) Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
EP3340530B1 (en) Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server
WO2020140929A1 (en) Key generation method, ue, and network device
CN112751664B (en) Internet of things networking method, internet of things networking device and computer readable storage medium
WO2004098145A1 (en) Security in a communications network
KR101785382B1 (en) Method for authenticating client, operation method of client, server enabling the method, and communication software enabling the operation method
CN106230595B (en) A kind of authorized agreement of credible platform control module
WO2022109941A1 (en) Security authentication method and apparatus applied to wifi
CN115348578B (en) Method and device for tracking contacter
EP4044553A1 (en) Method and device to provide a security level for communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant