Secure communication method and terminal and cloud thereof

Abstract

The invention provides a secure communication method and a terminal and a cloud thereof. The method comprises the following steps: transmitting a connection request to the cloud by the terminal, and transmitting a number corresponding to a public key to the cloud; receiving encrypted data from the cloud by the terminal, wherein the encrypted data are obtained by using a private key to encrypt a random string sign-rand by the cloud; decrypting the encrypted data by using the public key by the terminal, so as to enable the terminal to verify the cloud; if the verification is passed, calculating the random string sign-rand obtained by the terminal and a random string key-rand generated by the terminal by using an encryption algorithm, and generating symmetric keys, wherein the symmetric keys are keys for encrypting and decrypting transmitted data; encrypting the random string key-rand by using the public key by the terminal; transmitting the encrypted data to the cloud by the terminal, so as to enable the cloud to verify the terminal; and receiving a terminal verification result sent by the cloud which is used for representing whether the terminal and the cloud shake hands successfully by the terminal. The method, the terminal and the cloud provided by the invention reduce the operation and maintenance cost and reduce the number of times of network interactions.

Description

technical field [0001] The present invention relates to the technical field of communication, in particular to a secure communication method and its terminal and cloud. Background technique [0002] In Internet or Internet of Things applications, in order to ensure the integrity and security of data between two communication applications, Transport Layer Security Protocol (TLS) is generally used to establish a secure data communication channel. The symmetric secret key negotiated by both parties will not be the same every time a communication channel is established, so malicious users can neither decrypt communication data nor capture packets on the network for replay attacks. Using the TLS protocol requires pre-installing the root certificate of a third-party authoritative certificate authority (Certificate Authority, CA) in the operating system of the IoT device and other terminals, and at the same time, the cloud needs to go to the CA to apply for a data certificate. In ...

AI Technical Summary

Problems solved by technology

[0003] However, the operating systems of terminals such as IoT devices are very simple, which is not suitable for installing root certificates, or does not have the system environment for installing root certificates

Secondly, terminals such as IoT devices have relatively poor computing and networking capabilities. The standard TLS process needs to interact with the server more than ten times, and also interacts with foreign servers, and its interaction performance is relatively poor.

In addition, the standard TLS process needs to go to the CA to apply for a digital certificate. The digital certificate is charged and has a valid period. It needs to be renewed regularly, which has a certain operating cost.

Images