Data transmission method, apparatus and electronic device
By implementing dual authentication and encrypted transmission for terminal devices in the smart home system, the problem of data privacy leakage when smart devices connect through the home gateway is solved, ensuring that only authorized devices can access and achieve secure communication.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA UNITED NETWORK COMM GRP CO LTD
- Filing Date
- 2022-11-09
- Publication Date
- 2026-06-05
AI Technical Summary
In smart home systems, when smart devices connect through a home gateway, a leaked WiFi password can lead to connections from devices not owned by the user, causing a breach of user data privacy.
The first terminal device sends access authentication information to the gateway device and the second terminal device to perform dual authentication. After successful authentication, the user decides whether to grant access. Encrypted transmission is used to ensure communication security.
This ensures that only authorized devices can access the home network, preventing user data leaks and improving the security and reliability of data transmission.
Smart Images

Figure CN115915116B_ABST
Abstract
Description
Technical Field
[0001] This application relates to communication technology, and more particularly to a data transmission method, apparatus, and electronic device. Background Technology
[0002] With the popularization of the Internet of Things and smart homes, in the smart home ecosystem, all smart devices in home life are controlled by interacting with terminal devices, and various smart home devices are also interconnected.
[0003] Currently, home smart gateways have become the heart of home automation. Communication between various smart devices in the home is no longer simple point-to-point communication, but rather message relay through the gateway. The gateway receives data reported by smart devices, converts the data into a protocol, and transmits it to the Internet; therefore, all smart devices must first connect to the gateway.
[0004] Typically, smart devices connect to a gateway via WiFi. However, WiFi passwords and other information may be leaked due to sharing, leading to non-user-owned smart devices connecting to the user's home gateway and causing security issues such as user data privacy leaks. Summary of the Invention
[0005] This application provides a data transmission method, apparatus, and electronic device to address the security issue of user data privacy leakage.
[0006] In a first aspect, this application provides a data transmission method, applied to a first terminal device, the method comprising:
[0007] The first terminal device sends first access authentication information to the gateway device and sends second access authentication information to the second terminal device; wherein, the third access authentication information is sent by the second terminal device to the gateway device and is generated based on the second access authentication information, so that the gateway device performs identity authentication on the second terminal device based on the first access authentication information and the third access authentication information, and sends the identity authentication result of the second terminal device to the first terminal device;
[0008] After receiving the authentication result of the second terminal device from the gateway device, the first terminal device obtains the user instruction and sends the user instruction to the gateway device. The session authentication information is sent by the gateway device to the second terminal device when the user instruction is to agree to the access request. The session authentication information is used for session communication between the second terminal device and the gateway device.
[0009] Optionally, the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code.
[0010] The second access authentication information includes gateway access information, dynamic code, gateway public key, and the identity identifier of the first terminal device.
[0011] Optionally, the method further includes:
[0012] The first terminal device receives the identity identifier of the second terminal device sent by the second terminal device and stores the identity identifier of the second terminal device locally.
[0013] Accordingly, after receiving the authentication result of the second terminal device from the gateway device, the first terminal device obtains user instructions, specifically including:
[0014] The first terminal device extracts the identity identifier of the second terminal device from the authentication result of the second terminal device, and compares the extracted identity identifier of the second terminal device with the identity identifier of the second terminal device stored locally; if the comparison result is the same, the user instruction is obtained.
[0015] Optionally, the method further includes:
[0016] When the second terminal device is in access mode, the first terminal device obtains the terminal access information of the second terminal device;
[0017] The first terminal device establishes a communication connection with the second terminal device based on the terminal access information.
[0018] Secondly, this application provides a data transmission method, applied to a gateway device, the method comprising:
[0019] The gateway device receives first access authentication information sent by the first terminal device and third access authentication information sent by the second terminal device; wherein the third access authentication information is generated based on the second access authentication information, and the second access authentication information is sent by the first terminal device to the second terminal device;
[0020] The gateway device authenticates the second terminal device based on the first access authentication information and the third access authentication information.
[0021] The gateway device sends the authentication result of the second terminal device to the first terminal device;
[0022] The gateway device receives a user instruction sent by the first terminal device, wherein the user instruction is obtained by the first terminal device after receiving the authentication result of the second terminal device sent by the gateway device;
[0023] When the user's instruction is to agree to the access request, the gateway device sends session authentication information to the second terminal device. The session authentication information is used for session communication between the second terminal device and the gateway device.
[0024] Optionally, the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code.
[0025] The second access authentication information includes gateway access information, dynamic code, gateway public key, and the identity identifier of the first terminal device.
[0026] Optionally, the gateway device receives third access authentication information sent by the second terminal device, specifically including:
[0027] The gateway device receives gateway access information sent by the second terminal device;
[0028] The gateway device authenticates the gateway access information, and when the authentication result indicates successful authentication, a communication connection is established between the second terminal device and the gateway device.
[0029] The gateway device receives encrypted information sent by the second terminal device; wherein, the encrypted information is generated by the second terminal device using the gateway public key to combine a second timestamp, a dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key.
[0030] Optionally, the gateway device performs identity authentication on the second terminal device based on the first access authentication information and the third access authentication information, specifically including:
[0031] The gateway device uses its private key to decrypt the encrypted information to obtain the decrypted information; the decrypted information includes the identity identifier, dynamic code, and second timestamp of the first terminal device.
[0032] When the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the identity identifier of the first terminal device obtained by decryption with the identity identifier of the first terminal device stored locally, and compares the dynamic code obtained by decryption with the dynamic code stored locally. When both comparison results indicate that they are consistent, it generates an identity authentication result of the second terminal device indicating that the authentication has been passed.
[0033] Thirdly, this application provides a data transmission apparatus, comprising:
[0034] The first sending module is used to send first access authentication information to the gateway device and second access authentication information to the second terminal device; wherein, the third access authentication information is sent by the second terminal device to the gateway device and is generated based on the second access authentication information, so that the gateway device can authenticate the identity of the second terminal device based on the first access authentication information and the third access authentication information.
[0035] The first sending module is used to obtain user instructions after receiving the authentication result of the second terminal device sent by the gateway device; and to send user instructions to the gateway device; wherein, the session authentication information is sent by the gateway device to the second terminal device when the user instruction is to agree to the access request, and the session authentication information is used for session communication between the second terminal device and the gateway device.
[0036] Optionally, a data transmission device includes:
[0037] The second receiving module is used to receive first access authentication information sent by the first terminal device and to receive third access authentication information sent by the second terminal device; wherein the third access authentication information is generated based on the second access authentication information, and the second access authentication information is sent from the first terminal device to the second terminal device.
[0038] The second processing module is used to perform identity authentication on the second terminal device based on the first access authentication information and the third access authentication information;
[0039] The second sending module is used to send the authentication result of the second terminal device to the first terminal device;
[0040] The second receiving module is used to receive user instructions sent by the first terminal device, wherein the user instructions are obtained by the first terminal device after receiving the authentication result of the second terminal device sent by the gateway device;
[0041] The second sending module is used to send session authentication information to the second terminal device when the user instruction is to agree to the access request. The session authentication information is used for session communication between the second terminal device and the gateway device.
[0042] Fourthly, this application provides an electronic device, including: a processor, and a memory communicatively connected to the processor;
[0043] The memory stores instructions that the computer executes;
[0044] The processor executes computer execution instructions stored in memory to implement the methods involved in the first and second aspects.
[0045] Fifthly, this application provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement the methods involved in the first and second aspects above.
[0046] This application provides a data transmission method, apparatus, and electronic device. The data transmission method includes: a first terminal device sending first access authentication information to a gateway device and sending second access authentication information to a second terminal device; the gateway device receiving third access authentication information from the second terminal device and comparing it with the first access authentication information to authenticate the identity information of the second terminal device; after successful authentication, the first terminal device receiving the authentication success information from the gateway device, obtaining a user instruction, and sending the user instruction to the gateway device; after receiving the user's access consent request, the gateway device sending session authentication information to the second terminal device, and using the session authentication information for subsequent session communication between the gateway device and the second terminal device. This application verifies the identities of the first and second terminal devices to ensure mutual trust between the communicating parties, ensuring that only authorized second terminal devices can access the user's home network; and through encrypted communication between the gateway device and the second terminal device, it solves the problem of user data leakage and ensures data security. Attached Figure Description
[0047] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0048] Figure 1 This is an application scenario diagram of a data transmission method provided in an embodiment of this application;
[0049] Figure 2 A flowchart illustrating a data transmission method provided in an embodiment of this application;
[0050] Figure 3 A flowchart illustrating a data transmission method provided in an embodiment of this application;
[0051] Figure 4 This is a schematic diagram of the interface of the first terminal device provided in an embodiment of this application;
[0052] Figure 5 A flowchart illustrating a data transmission method provided in an embodiment of this application;
[0053] Figure 6 This is a schematic diagram of the structure of a data transmission device provided in an embodiment of this application;
[0054] Figure 7 This is a schematic diagram of another data transmission device provided in an embodiment of this application;
[0055] Figure 8 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application.
[0056] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation
[0057] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0058] The data transmission method is based on a smart home ecosystem, which includes a first terminal device, a gateway device, and a second terminal device. The gateway device connects the first and second terminal devices, enabling both to connect to the internet. Through its protocol conversion function, the gateway device transmits user control commands from the first terminal device to the second terminal device, while also facilitating information exchange between different second terminal devices.
[0059] The inventive concept of this application is as follows: By encrypting the transmission of information between a first terminal device and a second terminal device, the gateway device confirms whether the initiator of the access operation of the first terminal device and the user's request to register the second terminal device have been authenticated. If the authentication is successful, the user further decides whether to agree to the access of the second terminal device. The information of the first terminal device and the second terminal device is transmitted in encrypted form, making it difficult to be leaked. At the same time, multiple authentications ensure that only authorized target devices can access the user's home network, preventing the leakage of user privacy. After the second terminal device successfully accesses the home network, it achieves encrypted transmission of information with the gateway device, thereby improving data security.
[0060] Figure 1 This is an application scenario diagram of a data transmission method provided in an embodiment of this application, such as... Figure 1 As shown, the application scenario of a data transmission method provided in this application embodiment includes: a first terminal device 11, a second terminal device 12, and a gateway device 13.
[0061] The first terminal device 11 can be a mobile phone, tablet computer, or handheld device with wireless communication capabilities, etc., and this application embodiment is not limited to this. A target application, such as a Smart Home APP, can be installed on the first terminal device. Multiple second terminal devices in the home are configured to connect to the network through the Smart Home APP. After successful configuration, the second terminal device will appear in the device list, and the user can access the device control page of the Smart Home APP to issue operation commands to the second terminal device.
[0062] The second terminal device 12 can be a smart home device such as a smart TV 121 or a smart light 122. For example, a smart home APP can issue operation commands to smart devices such as the smart TV 121 and the smart light 122.
[0063] Gateway device 13 acts as a relay station in the smart home, connecting the second terminal device 12 and the first terminal device 11. Gateway device 13 receives control commands from the first terminal device 11 to the second terminal device 12, parses the data into the format of the gateway device 13's unified protocol, and sends it to the second terminal device 12 to realize the user's control.
[0064] Figure 2 A flowchart of a data transmission method provided in an embodiment of this application is shown below. Figure 2 As shown, the application scenario provided in this embodiment is based on Figure 1 As shown in the application scenario, this data transmission method includes the following steps:
[0065] S201. The first terminal device sends the first access authentication information to the gateway device.
[0066] More specifically, the first access authentication information includes a dynamic code and a first timestamp. The dynamic code consists of a random string, and the first timestamp indicates the validity period of the dynamic code, such as 1 minute, to prevent replay attacks. A replay attack occurs when an attacker impersonates a user during the authentication process and performs a series of operations. Within the valid time, the first terminal device sends the dynamic code to the gateway device.
[0067] S202, The first terminal device sends the second access authentication information to the second terminal device.
[0068] More specifically, the second access authentication information includes gateway access information, a dynamic code, a gateway public key, and the identity identifier of the first terminal device. The gateway access information includes the gateway WiFi account and password, and the identity identifier of the first terminal device is a unique APP identifier S representing the APP user's identity. appSuch as the mobile phone number bound to the broadband, PPPoE number, etc. The first terminal device sends the gateway WiFi account and password, dynamic code, gateway public key and APP unique identifier S to the second terminal device. app .
[0069] For example, the first terminal device sends the gateway WiFi account and password, a random string, the gateway public key, and the mobile phone number bound to the broadband to the second terminal device.
[0070] S203. The second terminal device sends third access authentication information to the gateway device.
[0071] More specifically, the third access authentication information includes a second timestamp, a dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key. Among these, the identity identifier of the second terminal device represents the device's identity and can be a unique identifier S of the smart device. d Such as the SN and MAC address of a smart device, the identity identifier of the first terminal device is the unique identifier S of the APP user. app Examples include broadband-bound mobile phone numbers and PPPoE numbers. The second terminal device encrypts the third access authentication information using the gateway's public key and sends the third access authentication information to the gateway device.
[0072] For example: The first terminal device sends the second access authentication information to the second terminal device. The second terminal device connects to the gateway WiFi and uses the gateway public key in the second access authentication information to encrypt the second timestamp, the random sequence dynamic code, the MAC address of the smart device, the mobile phone number bound to the broadband, and the terminal public key, and then sends the information to the gateway device.
[0073] S204. The gateway device performs identity authentication on the second terminal device.
[0074] More specifically, the gateway device receives third access authentication information sent by the second terminal device, wherein the third access authentication information is generated by the second terminal device using the gateway public key against a second timestamp, a dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key.
[0075] The gateway device authenticates the second terminal device based on the first access authentication information and the third access authentication information. The authentication process includes: the gateway device decrypting the third access authentication information using its private key to obtain decrypted information, which includes the identity identifier of the first terminal device, a dynamic code, and a second timestamp. When the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the obtained identity identifier of the first terminal device with the locally stored identity identifier of the first terminal device, and compares the obtained decrypted dynamic code with the locally stored dynamic code. If both comparison results indicate a match, an authentication result is generated indicating that the second terminal device and the first terminal device have passed authentication.
[0076] For example: The gateway device receives a random sequence dynamic code sent by the first terminal device, and receives a second timestamp, a random sequence dynamic code, the MAC address of the second terminal device, the mobile phone number bound to the broadband, and the terminal public key, which are encrypted and sent by the gateway device using the gateway public key. The gateway device then decrypts the information using the gateway private key and compares the random sequence dynamic code and the mobile phone number bound to the broadband. If both match, it indicates that both the first and second terminal devices are trusted and authorized devices, and a communication connection is established between the second terminal device and the gateway device.
[0077] S205. The gateway device sends the authentication result to the first terminal device.
[0078] More specifically, the gateway device sends an authentication result to the first terminal device, which includes whether the gateway device agrees to the access request of the second terminal device.
[0079] S206, The first terminal device obtains user instructions.
[0080] More specifically, after receiving the authentication result of the second terminal device sent by the gateway device, the first terminal device obtains user instructions, which include the user deciding whether to ultimately access the second terminal device and performing corresponding operations on the first terminal device.
[0081] S207. The first terminal device sends a user instruction to the gateway device.
[0082] More specifically, after receiving the user's instruction, the first terminal device sends the user's instruction to the gateway device.
[0083] S208. The gateway device sends session authentication information to the second terminal device.
[0084] More specifically, when the user instruction is to agree to the access request, the gateway device sends session authentication information to the second terminal device, wherein the session authentication information is used for session communication between the second terminal device and the gateway device.
[0085] In the data transmission method provided in this application embodiment, the relevant information of the first terminal device and the second terminal device is transmitted in encrypted form to perform dual authentication of the second terminal device and the first terminal device. After successful authentication, a communication connection is established between the second terminal device and the gateway device. Compared with the existing method of authenticating the second terminal device by transmitting the relevant information of the terminal device in unencrypted form, the encrypted transmission and dual authentication method of this application makes the authentication result more reliable and ensures the data security of the terminal device.
[0086] Figure 3 A flowchart of a data transmission method provided in an embodiment of this application is shown below. Figure 3 As shown, the application scenario provided in this embodiment is based on Figure 1 As shown in the application scenario, this data transmission method includes the following steps:
[0087] S301. The first terminal device sends the first access authentication message to the gateway device.
[0088] More specifically, the first access authentication information includes a dynamic code and a first timestamp.
[0089] S302. When the second terminal device is in access mode, it sends the second access authentication information.
[0090] More specifically, when the second terminal device is in access mode, such as AP mode, the first terminal device obtains the terminal access information of the second terminal device, such as QR code information. The first terminal device establishes a communication connection with the second terminal device based on the terminal access information and sends second access authentication information, which includes gateway access information, dynamic code, gateway public key and the identity identifier of the first terminal device.
[0091] For example, when the second terminal device is in AP state, the first terminal device obtains the QR code information by scanning the QR code of the second terminal device, establishes a communication connection between the first terminal device and the second terminal device based on the QR code information, and sends the second access authentication information.
[0092] S303, The second terminal device sends its identity identifier to the first terminal device.
[0093] More specifically, the second terminal device sends its own identification identifier to the first terminal device and stores it locally. This identifier represents the device's identity and can be a unique identifier S for the smart device. d Such as the SN and MAC address of smart devices.
[0094] S304. The second terminal device sends the third access authentication information to the gateway device in encrypted form.
[0095] More specifically, after receiving the second authentication access information, the second terminal device establishes a connection with the gateway device via the gateway device's WiFi in the second access authentication information, encrypts the third access authentication information using the gateway's public key, and sends it to the gateway device. The third access authentication information includes a second timestamp, a dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and a terminal public key, wherein the terminal public key includes the public key of the second terminal device.
[0096] S305. The gateway device performs identity authentication on the second terminal device.
[0097] S306. The gateway device sends the authentication result to the first terminal device.
[0098] S307, The first terminal device receives user instructions.
[0099] More specifically, after receiving the authentication result of the second terminal device from the gateway device, the first terminal device obtains user instructions, specifically including:
[0100] The first terminal device extracts the identity identifier of the second terminal device from the authentication result of the second terminal device, and compares the extracted identity identifier with the locally stored identity identifier of the second terminal device. If the comparison result is the same, the user command is retrieved. Here, the identity identifier of the second terminal device represents the device's identity and can be a unique identifier S of the smart device. d Such as the SN and MAC address of smart devices.
[0101] For example, Figure 4 This is a schematic diagram of the interface of the first terminal device provided in the embodiments of this application, such as... Figure 4 As shown, the first terminal device extracts the identity identifier of the second terminal device from the identity authentication result of the second terminal device, and compares the extracted identity identifier of the second terminal device with the identity identifier of the second terminal device stored locally. When the comparison result is the same, the first terminal device will display the authentication information of the second terminal device, such as "Smart device (serial number: 1234565) authentication passed" displayed on interface 41. The user can click Next to jump to the user instruction interface, as shown in interface 42. The user can click Agree to agree to the access request of the second terminal device, and the page will jump to the second terminal device successfully access interface, as shown in interface 43.
[0102] S308, The first terminal device sends a user instruction to the gateway device.
[0103] More specifically, after receiving the successful access information from the second terminal device, the first terminal device sends a user instruction to the gateway device. The user instruction also includes the identity identifier S of the successfully accessed second terminal device. d .
[0104] S309. The gateway device sends session authentication information to the second terminal device in encrypted form.
[0105] More specifically, the session authentication information includes a third timestamp and a session key K, where the session key K is used for session communication between the second terminal device and the gateway device. When the user agrees to the access request of the second terminal device, the gateway device encrypts the session authentication information using the terminal's public key and sends it to the second terminal device. The terminal's public key is the third access authentication information sent by the second terminal device to the gateway device. When the user disagrees with the access request of the second terminal device, the subsequent process stops.
[0106] S310, the second terminal device obtains session authentication information.
[0107] More specifically, the second terminal device uses its terminal private key to decrypt the session authentication information, and obtains the session key K when it determines that the decrypted information is valid based on the third timestamp.
[0108] S311, the gateway device and the second terminal device use session keys to encrypt communication.
[0109] More specifically, after the second terminal device establishes a communication connection with the gateway device, the communication between the second terminal device and the gateway device is transmitted using session key encryption.
[0110] In the data transmission method provided in this application embodiment, the user can ultimately decide whether the access request of the second terminal device is approved, ensuring the reliability of authorizing the second terminal device to access the gateway device. Furthermore, by using the terminal public key to encrypt the transmission session key, the key between the second terminal device and the gateway device is synchronized. The session key is then used to implement subsequent data transmission between the second terminal device and the gateway device, thereby improving the security of data transmission and preventing user data leakage.
[0111] This application provides a data transmission method, such as... Figure 5 As shown, the application scenario provided in this embodiment is based on Figure 1 As shown in the application scenario, this data transmission method includes the following steps:
[0112] S501. The second terminal device sends encrypted information about itself to the gateway device.
[0113] More specifically, the information related to the second terminal device includes a fourth timestamp, the identity identifier of the second terminal device, and the terminal public key. The identity identifier of the second terminal device represents the device's identity and can be a unique identifier S of the smart device. d This includes information such as the smart device's serial number (SN) and MAC address. The second terminal device connects to the gateway device via WiFi, encrypts its information using the gateway's public key, and then sends this information to the gateway device.
[0114] For example, the second terminal device connects to the gateway device's WiFi, uses the gateway's public key to encrypt the third timestamp, the second terminal device's identity identifier, and the terminal's public key, and sends the fourth timestamp, the smart device's MAC address, and the terminal's public key to the gateway device.
[0115] S502. The gateway device verifies whether the second terminal device has passed authentication.
[0116] More specifically, the gateway device uses its private key to decrypt the information related to the second terminal device and obtains the decrypted information. When the gateway device determines that the decrypted information is valid based on the fourth timestamp, it compares the identity identifier of the second terminal device obtained from the decryption with the identity identifier of the second terminal device that has been connected locally. When the two comparison results are consistent, it generates a verification result indicating that the second terminal device has been authenticated.
[0117] S503. If the second terminal device has been authenticated, send the session authentication information in encrypted form.
[0118] More specifically, the session authentication information includes a third timestamp and a session key K, where the session key K is used for session communication between the second terminal device and the gateway device. If the second terminal device has been authenticated by the gateway device, the gateway device encrypts the session authentication information using the terminal's public key and sends it to the second terminal device, where the terminal's public key contains information related to the second terminal device that the second terminal device sends to the gateway device. If the second terminal device has not been authenticated by the gateway device, communication between the gateway device and the second terminal device is stopped.
[0119] S504. The second terminal device and the gateway device use session keys to encrypt communication.
[0120] More specifically, the second terminal device uses its private key to decrypt the session authentication information to obtain decrypted information, which includes a third timestamp and a session key K. When the gateway device determines that the decrypted information is valid based on the third timestamp, it uses the session key K to encrypt the communication data between the second terminal device and the gateway device before transmitting the communication data.
[0121] In the data transmission method provided in this application embodiment, the gateway device can verify whether the second terminal device is connected again, ensuring the accuracy of the second terminal device connection judgment. By synchronizing the session key between the gateway device and the second terminal device and using the session key to encrypt data information, the data is protected from being tampered with or decrypted, thus protecting the data security of the communication between the second terminal device and the gateway device.
[0122] This application provides a data transmission device, the structural schematic diagram of which is shown below. Figure 6 As shown, the data transmission device 600 includes:
[0123] The first sending module 601 is used to send first access authentication information to the gateway device and send second access authentication information to the second terminal device; wherein, the third access authentication information is sent by the second terminal device to the gateway device, and the third access authentication information is generated based on the second access authentication information, so that the gateway device can authenticate the identity of the second terminal device based on the first access authentication information and the third access authentication information.
[0124] The first sending module 601 is further configured to obtain a user instruction after receiving the authentication result of the second terminal device sent by the gateway device; and send the user instruction to the gateway device; wherein, the session authentication information is sent by the gateway device to the second terminal device when the user instruction is to agree to the access request, and the session authentication information is used for session communication between the second terminal device and the gateway device.
[0125] Optionally, the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code.
[0126] The second access authentication information includes gateway access information, dynamic code, gateway public key, and the identity identifier of the first terminal device.
[0127] Optionally, the data transmission device further includes a first receiving module 602, used for:
[0128] Receive the identity identifier of the second terminal device sent by the second terminal device, and store the identity identifier of the second terminal device locally;
[0129] Extract the identity identifier of the second terminal device from the authentication result of the second terminal device, and compare the extracted identity identifier of the second terminal device with the identity identifier of the second terminal device stored locally; if the comparison result is the same, obtain the user instruction.
[0130] Optionally, the data transmission device further includes a first processing module 603, used for:
[0131] When the second terminal device is in access mode, the first terminal device obtains the terminal access information of the second terminal device;
[0132] The first terminal device establishes a communication connection with the second terminal device based on the terminal access information.
[0133] This application provides another data transmission device, the structural schematic diagram of which is shown below. Figure 7 As shown, the data transmission device 700 includes:
[0134] The second receiving module 701 is used to receive first access authentication information sent by the first terminal device and to receive third access authentication information sent by the second terminal device; wherein the third access authentication information is generated based on the second access authentication information, and the second access authentication information is sent from the first terminal device to the second terminal device.
[0135] The second receiving module 701 is also used to receive user instructions sent by the first terminal device, wherein the user instructions are obtained by the first terminal device after receiving the authentication result of the second terminal device sent by the gateway device.
[0136] The second receiving module 701 is also used to receive encrypted information sent by the second terminal device, wherein the encrypted information is generated by the second terminal device using the gateway public key to combine a second timestamp, a dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key.
[0137] Optionally, the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code.
[0138] The second access authentication information includes gateway access information, dynamic code, gateway public key, and the identity identifier of the first terminal device.
[0139] Receive third access authentication information sent by the second terminal device, specifically including:
[0140] Receive gateway access information sent by the second terminal device;
[0141] The gateway device authenticates the gateway access information, and when the authentication result indicates successful authentication, a communication connection is established between the second terminal device and the gateway device.
[0142] Optionally, the data transmission device further includes a second processing module 702, for:
[0143] The second terminal device is authenticated based on the first access authentication information and the third access authentication information, specifically including:
[0144] The gateway device uses its private key to decrypt the encrypted information to obtain the decrypted information; the decrypted information includes the identity identifier, dynamic code, and second timestamp of the first terminal device.
[0145] When the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the identity identifier of the first terminal device obtained by decryption with the identity identifier of the first terminal device stored locally, and compares the dynamic code obtained by decryption with the dynamic code stored locally. When both comparison results indicate that they are consistent, it generates an identity authentication result of the second terminal device indicating that the authentication has been passed.
[0146] Optionally, the data transmission device further includes a second transmitting module 703, used for:
[0147] Send the authentication result of the second terminal device to the first terminal device; when the user instruction is to agree to the access request, send session authentication information to the second terminal device. The session authentication information is used for session communication between the second terminal device and the gateway device.
[0148] like Figure 8 As shown, this application embodiment provides an electronic device 800, which includes a processor 801 and a memory 802 communicatively connected to the processor.
[0149] Among them, memory 802 is used to store computer instructions that can be executed by the processor;
[0150] The processor 801 implements the various steps of the method in the above embodiments when executing computer instructions. For details, please refer to the relevant descriptions in the foregoing method embodiments.
[0151] Optionally, the processor 801 can be either standalone or integrated with the memory 802. When the processor 801 is set up independently, the electronic device also includes a bus for connecting the processor 801 and the memory 802.
[0152] This application also provides a computer-readable storage medium storing computer instructions, which, when executed by a processor, implement the steps of the methods described above.
[0153] This application also provides a computer program product, including computer instructions that, when executed by a processor, implement the various steps in the methods described above.
[0154] Other embodiments of this application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this application are indicated by the following claims.
[0155] It should be understood that this application is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this application is limited only by the appended claims.
Claims
1. A data transmission method, characterized in that, The method is applied to a first terminal device, and the method includes: The first terminal device sends first access authentication information to the gateway device and second access authentication information to the second terminal device to enable the second terminal device to connect to the gateway WiFi. It then sends third access authentication information to the gateway device. The first access authentication information includes a dynamic code and a first timestamp. The first timestamp indicates the validity period of the dynamic code. The second access authentication information includes gateway access information, a dynamic code, a gateway public key, and the identity identifier of the first terminal device. The gateway access information includes the gateway WiFi account and password, and is used by the second terminal device to connect to the gateway WiFi. The third access authentication information is generated based on the second access authentication information. The third access authentication information is generated by the second terminal device using the gateway public key to verify the second timestamp, dynamic code, identity identifier of the second terminal device, and identity identifier of the first terminal device. The gateway device generates an identifier and a terminal public key, enabling it to authenticate the second terminal device based on the first access authentication information and the third access authentication information, and send the authentication result of the second terminal device to the first terminal device. The authentication process of the gateway device includes: the gateway device using its private key to decrypt the third access authentication information to obtain decrypted information, wherein the decrypted information includes the identity identifier of the first terminal device, a dynamic code, and a second timestamp; when the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the identity identifier of the first terminal device obtained through decryption with the identity identifier of the first terminal device stored locally, and compares the dynamic code obtained through decryption with the dynamic code stored locally; when both comparison results indicate consistency, it generates an authentication result indicating that the second terminal device and the first terminal device have passed authentication. After receiving the authentication result of the second terminal device sent by the gateway device, the first terminal device obtains a user instruction and sends the user instruction to the gateway device. The session authentication information is sent by the gateway device to the second terminal device when the user instruction is an access consent request. The session authentication information is used for session communication between the second terminal device and the gateway device. The session authentication information includes a session key K, which is used for session communication between the second terminal device and the gateway device.
2. The data transmission method according to claim 1, characterized in that, The method further includes: The first terminal device receives the identity identifier of the second terminal device sent by the second terminal device and stores the identity identifier of the second terminal device locally; Accordingly, after receiving the authentication result of the second terminal device sent by the gateway device, the first terminal device obtains user instructions, specifically including: The first terminal device extracts the identity identifier of the second terminal device from the identity authentication result of the second terminal device, and compares the extracted identity identifier of the second terminal device with the identity identifier of the second terminal device stored locally; if the comparison result is the same, the user instruction is obtained.
3. The data transmission method according to claim 1, characterized in that, The method further includes: When the second terminal device is in access mode, the first terminal device obtains the terminal access information of the second terminal device; The first terminal device establishes a communication connection with the second terminal device based on the terminal access information.
4. A data transmission method, characterized in that, The method is applied to a gateway device, and the method includes: The gateway device receives first access authentication information sent by a first terminal device and third access authentication information sent by a second terminal device; wherein, the third access authentication information is generated based on the second access authentication information, which is sent by the first terminal device to the second terminal device; the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code; the second access authentication information includes gateway access information, a dynamic code, a gateway public key, and the identity identifier of the first terminal device, the gateway access information including the gateway WiFi account and password, the gateway access information being used by the second terminal device to connect to the gateway WiFi; the third access authentication information is generated by the second terminal device using the gateway public key to access the second timestamp, the dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key; The gateway device performs identity authentication on the second terminal device based on the first access authentication information and the third access authentication information. The gateway device sends the authentication result of the second terminal device to the first terminal device; The gateway device receives a user instruction sent by the first terminal device, wherein the user instruction is obtained by the first terminal device after receiving the authentication result of the second terminal device sent by the gateway device; When the user instruction is to agree to the access request, the gateway device sends session authentication information to the second terminal device. The session authentication information is used for session communication between the second terminal device and the gateway device. The session authentication information includes a session key K, wherein the session key K is used for session communication between the second terminal device and the gateway device. The gateway device receives third access authentication information sent by the second terminal device, specifically including: The gateway device receives gateway access information sent by the second terminal device; The gateway device authenticates the gateway access information, and when the authentication result indicates successful authentication, a communication connection is established between the second terminal device and the gateway device. The gateway device receives encrypted information sent by the second terminal device; wherein, the encrypted information is generated by the second terminal device using the gateway public key, a second timestamp, the dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key; The gateway device performs identity authentication on the second terminal device based on the first access authentication information and the third access authentication information, specifically including: The gateway device uses its private key to decrypt the encrypted information to obtain decrypted information; the decrypted information includes the identity identifier of the first terminal device, the dynamic code, and the second timestamp. When the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the identity identifier of the first terminal device obtained by decryption with the identity identifier of the first terminal device stored locally, and compares the dynamic code obtained by decryption with the dynamic code stored locally. When both comparison results indicate that they are consistent, it generates an identity authentication result of the second terminal device indicating that the authentication has been passed.
5. A data transmission device, characterized in that, include: A first sending module is configured to send first access authentication information to a gateway device and second access authentication information to a second terminal device to enable the second terminal device to connect to the gateway WiFi, and to send third access authentication information to the gateway device. The first access authentication information includes a dynamic code and a first timestamp; the first timestamp indicates the validity period of the dynamic code. The second access authentication information includes gateway access information, a dynamic code, a gateway public key, and the identity identifier of the first terminal device. The gateway access information includes the gateway WiFi account and password, and is used by the second terminal device to connect to the gateway WiFi. The third access authentication information is generated based on the second access authentication information. The third access authentication information is generated by the second terminal device using the gateway public key to access the second timestamp, the dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key, enabling the second terminal device to connect to the gateway WiFi. The gateway device authenticates the second terminal device based on the first access authentication information and the third access authentication information. The authentication process of the gateway device includes: the gateway device decrypting the third access authentication information using its private key to obtain decrypted information, wherein the decrypted information includes the identity identifier, dynamic code, and second timestamp of the first terminal device; when the gateway device determines that the decrypted information is valid based on the second timestamp, it compares the identity identifier of the first terminal device obtained by decryption with the identity identifier of the first terminal device stored locally, and compares the dynamic code obtained by decryption with the dynamic code stored locally. When both comparison results indicate that they are consistent, an authentication result indicating that the second terminal device and the first terminal device have passed authentication is generated. The first sending module is configured to obtain a user instruction after receiving the authentication result of the second terminal device sent by the gateway device; and send the user instruction to the gateway device; wherein, the session authentication information is sent by the gateway device to the second terminal device when the user instruction is an access consent request, and the session authentication information is used for session communication between the second terminal device and the gateway device, and the session authentication information includes a session key K, wherein the session key K is used for session communication between the second terminal device and the gateway device.
6. A data transmission device, characterized in that, include: The second receiving module is configured to receive first access authentication information sent by the first terminal device and third access authentication information sent by the second terminal device; wherein the third access authentication information is generated based on the second access authentication information, which is sent by the first terminal device to the second terminal device; the first access authentication information includes a dynamic code and a first timestamp; the first timestamp is used to indicate the validity period of the dynamic code; the second access authentication information includes gateway access information, a dynamic code, a gateway public key, and the identity identifier of the first terminal device, wherein the gateway access information includes the gateway WiFi account and password, and the gateway access information is used by the second terminal device to connect to the gateway WiFi; the third access authentication information is generated by the second terminal device using the gateway public key to the second timestamp, the dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key; The second processing module is used to perform identity authentication on the second terminal device based on the first access authentication information and the third access authentication information. The second sending module is used to send the authentication result of the second terminal device to the first terminal device; The second receiving module is used to receive a user instruction sent by the first terminal device, wherein the user instruction is obtained by the first terminal device after receiving the authentication result of the second terminal device sent by the gateway device; The second sending module is used to send session authentication information to the second terminal device when the user instruction is an access consent request. The session authentication information is used for session communication between the second terminal device and the gateway device. The session authentication information includes a session key K, wherein the session key K is used for session communication between the second terminal device and the gateway device. When the second receiving module receives the third access authentication information sent by the second terminal device, it is specifically used for: Receive gateway access information sent by the second terminal device; The gateway access information is authenticated, and when the authentication result indicates successful authentication, a communication connection is established between the second terminal device and the gateway device. The device receives encrypted information sent by the second terminal device; wherein the encrypted information is generated by the second terminal device using the gateway public key, a second timestamp, the dynamic code, the identity identifier of the second terminal device, the identity identifier of the first terminal device, and the terminal public key. The second processing module is specifically used for: The encrypted information is decrypted using the gateway's private key to obtain decrypted information; the decrypted information includes the identity identifier of the first terminal device, the dynamic code, and the second timestamp. When the decryption information is determined to be valid based on the second timestamp, the identity identifier of the first terminal device obtained by decryption is compared with the identity identifier of the first terminal device stored locally, and the dynamic code obtained by decryption is compared with the dynamic code stored locally. When both comparison results indicate that they are consistent, an identity authentication result of the second terminal device indicating that the authentication has been passed is generated.
7. An electronic device, characterized in that, include: A processor, and a memory communicatively connected to the processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory to implement the method as described in any one of claims 1 to 3, or 4.
8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1 to 3, or 4.