An authentication system of a mobile Bluetooth device, a data transmission method and related products
By establishing dynamic identity authentication between mobile Bluetooth devices, mobile applications, and cloud platforms through a triple two-way authentication mechanism, the problem of weak authentication mechanisms in existing technologies is solved, and the security and reliability of data transmission are improved. It is suitable for high-security Bluetooth IoT scenarios such as smart door locks and wearable devices.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHONGQING YADEA TECHNOLOGY CO LTD
- Filing Date
- 2025-12-29
- Publication Date
- 2026-06-19
AI Technical Summary
In existing technologies, the authentication mechanisms between mobile Bluetooth devices, mobile applications, and the cloud are weak, making them vulnerable to man-in-the-middle attacks, easy to be counterfeited, and untrustworthy application identities, which makes it difficult to guarantee the security of data transmission.
A triple two-way authentication mechanism is adopted, which performs identity authentication between the mobile application and the mobile Bluetooth device, between the mobile application and the cloud platform, and between the mobile Bluetooth device and the cloud platform. A dynamic and verifiable identity authentication mechanism is established through digital signatures and key negotiation.
It enhances the security and reliability of data transmission between mobile Bluetooth devices, mobile applications, and cloud platforms, preventing device counterfeiting and unauthorized control. It is suitable for high-security Bluetooth IoT scenarios such as smart door locks and wearable devices, and complies with data security standards.
Smart Images

Figure CN122248411A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of Internet of Things (IoT) security technology, and in particular to an authentication system, data transmission method, and related products for mobile Bluetooth devices. Background Technology
[0002] With the widespread adoption of Bluetooth Low Energy (BLE) technology, numerous mobile Bluetooth devices connect to mobile applications via Bluetooth, and these applications then upload data to the cloud for centralized management. However, security vulnerabilities currently exist among the mobile Bluetooth devices, mobile applications, and the cloud, making it difficult to guarantee the security of data transmission.
[0003] Therefore, how to improve the security of data transmission is a key issue of concern to those skilled in the art. Summary of the Invention
[0004] To address the aforementioned issues, this application provides an authentication system, data transmission method, and related products for mobile Bluetooth devices, thereby enhancing the security of data transmission.
[0005] The embodiments of this application disclose the following technical solutions:
[0006] The first aspect of this application provides an authentication system for mobile Bluetooth devices, the authentication system including a mobile application, a mobile Bluetooth device, and a cloud platform;
[0007] The mobile application is used to perform authentication operations with the mobile Bluetooth device; and the mobile application is used to perform authentication operations with the cloud platform.
[0008] The mobile Bluetooth device is used to perform authentication operations with the cloud platform.
[0009] In one feasible implementation, the mobile application is used to perform an authentication operation with the mobile Bluetooth device, including:
[0010] The mobile application is used to send a first device random number to the mobile Bluetooth device and receive the device certificate and the signed first device random number returned by the mobile Bluetooth device.
[0011] If the mobile application determines that the device certificate and the signed first device random number have passed verification, the mobile application is used to send the signed second device random number to the mobile Bluetooth device;
[0012] When the mobile Bluetooth device determines that the second device random number verification after the signature is successful, the mobile application is used to receive the target device key returned by the mobile Bluetooth device, so that the mobile application and the mobile Bluetooth device can pass the two-way authentication.
[0013] In one feasible implementation, the mobile application is used to perform an authentication operation with the cloud platform, including:
[0014] The mobile application is used to generate a signed first mobile random number based on a first mobile random number sent by the cloud platform, and send the signed first mobile random number to the cloud platform.
[0015] When the cloud platform determines that the verification of the first mobile random number after the signature is passed, the mobile application is used to receive the cloud platform certificate and the second mobile random number after the signature sent by the cloud platform.
[0016] If the mobile application determines that the cloud platform certificate and the signed second mobile random number verification are successful, the mobile application is used to receive the target mobile key sent by the cloud platform, so that the mobile application and the cloud platform can pass two-way authentication.
[0017] In one feasible implementation, the mobile application is used to send the target device key to the cloud platform based on the target mobile key.
[0018] In one possible implementation, the mobile Bluetooth device is used to perform an authentication operation with the cloud platform, including:
[0019] The mobile Bluetooth device is used to perform authentication operations with the cloud platform through the mobile application.
[0020] In one feasible implementation, the mobile Bluetooth device is configured to perform an authentication operation with the cloud platform via the mobile application, including:
[0021] The mobile Bluetooth device is used to receive a first platform random number transmitted by the cloud platform through the mobile application.
[0022] The mobile Bluetooth device is used to sign the random number of the first platform to obtain the signed random number of the first platform, and send the signed random number of the first platform to the cloud platform through the mobile application.
[0023] When the cloud platform determines that the first platform random number verification after the signature is passed, the mobile Bluetooth device is used to receive the encrypted target platform key sent by the cloud platform through the mobile application, wherein the encrypted target platform key is obtained based on the target device key;
[0024] If the mobile Bluetooth device obtains the decrypted target platform key based on the target device key, then the two-way authentication between the mobile Bluetooth device and the cloud platform is confirmed to be successful.
[0025] In one feasible implementation, the execution time of the authentication operation between the mobile application and the mobile Bluetooth device is the same as the execution time of the authentication operation between the mobile application and the cloud platform.
[0026] A second aspect of this application provides a data transmission method for a mobile Bluetooth device, comprising:
[0027] When the mobile application, the mobile Bluetooth device, and the cloud platform are all in operation, the mobile application transmits the object information of the target object obtained by the mobile Bluetooth device to the cloud platform.
[0028] The mobile application in operation includes a certified mobile application, the mobile Bluetooth device in operation includes a certified mobile Bluetooth device, and the cloud platform in operation includes a certified cloud platform. The mobile application, the mobile Bluetooth device, and the cloud platform are the mobile application, the mobile Bluetooth device, and the cloud platform in the mobile Bluetooth device authentication system described in the first aspect.
[0029] A third aspect of this application provides a computer device, including: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the computer program, it implements the data transmission method of a mobile Bluetooth device as described in the second aspect of the embodiments of this application.
[0030] The fourth aspect of this application provides a computer-readable storage medium storing instructions that, when executed on a terminal device, cause the terminal device to perform the data transmission method of a mobile Bluetooth device as described in any one of the second aspects of this application.
[0031] Compared with the prior art, this application has the following beneficial effects:
[0032] The authentication system in this application includes a mobile application, a mobile Bluetooth device, and a cloud platform. The mobile application performs authentication operations with the mobile Bluetooth device; and the mobile application performs authentication operations with the cloud platform. The mobile Bluetooth device performs authentication operations with the cloud platform. Thus, this application can establish a dynamic, verifiable, and non-repudiable authentication mechanism among the mobile Bluetooth device, the mobile application, and the cloud platform, thereby improving the security and reliability of subsequent data transmission among these three entities. Attached Figure Description
[0033] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0034] Figure 1 An architecture diagram of an authentication system for a mobile Bluetooth device provided in this application embodiment;
[0035] Figure 2 An architecture diagram of another authentication system for a mobile Bluetooth device provided in this application embodiment;
[0036] Figure 3 A flowchart illustrating the implementation of an authentication system for a mobile Bluetooth device provided in this application embodiment;
[0037] Figure 4 A flowchart illustrating a data transmission method for a mobile Bluetooth device provided in this application embodiment;
[0038] Figure 5 This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Detailed Implementation
[0039] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the protection scope of this application.
[0040] It should be noted that the "first" and "second" in the names such as "first" and "second" (if they exist) mentioned in the embodiments of this application are only used as name identifiers and do not represent the first and second in order.
[0041] As described earlier, with the widespread adoption of Bluetooth Low Energy (BLE) technology, numerous mobile Bluetooth devices connect to mobile applications via Bluetooth, and these applications then upload data to the cloud for centralized management. However, security vulnerabilities currently exist among the mobile Bluetooth devices, mobile applications, and the cloud, making it difficult to guarantee the security of data transmission.
[0042] Understandably, the authentication mechanisms in related technical solutions are weak: PIN code pairing or unauthenticated connections between mobile Bluetooth devices and mobile applications are vulnerable to man-in-the-middle (MITM) attacks and replay attacks; devices are easily impersonated: attackers can forge BLE broadcast packets, masquerading as legitimate Bluetooth devices to trick users into connecting; and applications are untrustworthy: illegitimate mobile applications can impersonate official clients and gain control of Bluetooth devices. Therefore, improving data transmission security is a key concern for those skilled in the art.
[0043] In view of this, embodiments of this application provide an authentication system, data transmission method, and related products for mobile Bluetooth devices, aiming to improve the security of data transmission. The authentication system in this application includes a mobile application, a mobile Bluetooth device, and a cloud platform. The mobile application is used to perform authentication operations with the mobile Bluetooth device; and the mobile application is used to perform authentication operations with the cloud platform. The mobile Bluetooth device is used to perform authentication operations with the cloud platform. Thus, this application can perform identity authentication among the mobile Bluetooth device, the mobile application, and the cloud platform, avoiding the problems of weak authentication mechanisms, easy device imitation, and untrustworthy application identities found in related technical solutions. It also avoids situations where the mobile Bluetooth device and the mobile application cannot verify the authenticity of the cloud server, making it easy to connect to phishing servers, thereby improving the security and reliability of subsequent data transmission among the mobile Bluetooth device, the mobile application, and the cloud platform.
[0044] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of the present application.
[0045] Figure 1 This is an architecture diagram of an authentication system for a mobile Bluetooth device provided in an embodiment of this application. (Combined with...) Figure 1 As shown, Figure 1The authentication system includes a mobile application 100, a mobile Bluetooth device 200, and a cloud platform 300. First, it should be noted that this application applies to Bluetooth IoT scenarios requiring high security levels, such as smart door locks, digital keys, wearable devices, and medical instruments.
[0046] Specifically, mobile application 100 is used to perform authentication operations with mobile Bluetooth device 200; and mobile application 100 is used to perform authentication operations with cloud platform 300; mobile Bluetooth device 200 is used to perform authentication operations with cloud platform 300.
[0047] Understandably, this application implements identity verification and secure communication among the mobile application 100, the mobile Bluetooth device 200, and the cloud platform 300 through a triple two-way authentication mechanism. The first two-way authentication occurs between the mobile application 100 and the mobile Bluetooth device 200; the second two-way authentication occurs between the mobile application 100 and the cloud platform 300; and the third two-way authentication occurs between the mobile Bluetooth device 200 and the cloud platform 300, with authentication messages relayed through the mobile application 100.
[0048] Among them, the mobile application 100 is an application located on a mobile device, which includes at least smartphones and tablets. The mobile application 100 establishes a Bluetooth connection with the mobile Bluetooth device 200 to realize data interaction and device control. The mobile Bluetooth device 200 is a device with a built-in Bluetooth module, which includes at least wearable devices and smart door locks. The cloud platform 300 is a large-scale server cluster and network infrastructure built based on cloud computing technology, which provides a series of services such as data storage, computing, analysis, and management to the mobile application 100 and the mobile Bluetooth device 200 through the network.
[0049] The functions of mobile application 100 are as follows: it integrates a Bluetooth communication module and a security SDK; it stores user credentials, application private keys, and cloud public keys; and it is responsible for initiating connections, relaying authentication messages, and verifying certificates. Understandably, mobile application 100 integrates a security SDK to locally store application private keys and cloud public keys, and to perform certificate verification, signature operations, and key negotiation.
[0050] The mobile Bluetooth device 200 has the following functions: a built-in security chip (SE / TEE) stores the device's unique identifier, device private key, and pre-installed root certificate; it supports BLE encrypted communication and lightweight signature algorithms (such as ECDSA). As you can understand, the mobile Bluetooth device 200 has a built-in security chip for securely storing the device's private key, device certificate, and pre-installed root certificate, and supports a lightweight encryption protocol stack.
[0051] The Cloud Platform 300 offers the following functions: device registration, authentication and authorization (AAA), key management (KMS), and API gateway; it possesses authoritative TLS certificates; and it maintains a device-user binding relationship database. Understandably, the Cloud Platform 300 maintains the device registration database, user account system, and access policies, and provides key management services (KMS) for generating and distributing session keys.
[0052] like Figure 2 As shown, Figure 2 This is an architecture diagram of another authentication system for a mobile Bluetooth device provided in an embodiment of this application. Figure 2 The China Mobile Bluetooth device 200 and the mobile application 100 are connected via Bluetooth BLE communication; the mobile application 100 and the cloud platform 300 are connected via HTTPS protocol; the mobile Bluetooth device 200 and the cloud platform 300 communicate using the mobile application 100 as a communication relay channel.
[0053] Next, combine Figure 3 This application describes the first, second, and third layers of two-way authentication processes. For example... Figure 3 As shown, Figure 3 This is a flowchart illustrating the implementation of an authentication system for a mobile Bluetooth device, as provided in an embodiment of this application.
[0054] First, it should be noted that the authentication system in this application occurs before the user triggers an operation, i.e., before data transmission. Understandably, after the user binds the mobile Bluetooth device 200 to the cloud platform 300 via the mobile application 100 and completes initial identity authentication and key pre-setting, the system enters the runtime authentication phase, requiring the execution of first-level, second-level, and third-level two-way authentication. Furthermore, if any level of two-way authentication fails, the connection is interrupted, and a security period is recorded; if all three levels of two-way authentication succeed, an encrypted channel is recommended for secure data exchange.
[0055] It should also be noted that this application supports offline mode downgrade processing. Understandably, when the mobile application 100 / mobile Bluetooth device 200 cannot connect to the cloud platform 300, only the first layer of two-way authentication is performed, and the connection is marked as a "risky connection," restricting sensitive operation permissions to improve the security of data connection / transmission.
[0056] exist Figure 3 In (a), the process of "mobile application 100 performing authentication operation with mobile Bluetooth device 200" (first-level two-way authentication process) in this application is described as follows:
[0057] First, the mobile application 100 (APP) sends a first device random number (random number A) to the mobile Bluetooth device 200 (Device), and receives the device certificate corresponding to the mobile Bluetooth device and the signed first device random number (signed random number A) returned by the mobile Bluetooth device 200. The random number is digitally signed using a private key. The random number can be understood as a random challenge code.
[0058] Next, the mobile application 100 determines the validity of the device certificate and the legality of the signature of the first device random number. If the mobile application 100 determines that the device certificate is valid and the signature of the first device random number is legal, that is, if the mobile application 100 determines that the device certificate verification is successful and the first device random number verification is successful, the mobile application 100 sends the second device random number (random number D) and the signed second device random number (signed random number D) to the mobile Bluetooth device 200.
[0059] Next, the mobile Bluetooth device 200 verifies the validity of the signature of the second device random number after signing, and also verifies the validity of the mobile certificate of the mobile application 100. If the mobile Bluetooth device 200 determines that the signature of the second device random number is valid and the mobile certificate is valid, that is, when the mobile Bluetooth device 200 determines that the verification of the second device random number and the mobile certificate is successful, the mobile application receives the target device key returned by the mobile Bluetooth device 200, so that the two-way authentication between the mobile application 100 and the mobile Bluetooth device 200 is successful. That is, after the two-way authentication between the mobile application 100 and the mobile Bluetooth device 200 is successful, the two parties negotiate the target device key (temporary session key SK1). The target device key is used to realize data transmission between the mobile application 100 and the mobile Bluetooth device 200 in the next round of the current round.
[0060] Thus, compared to the problems existing in related technical solutions—the factory-preset key is difficult to update, and once leaked, it will lead to systemic risks—this application can update the key in a timely manner when the mobile application and the mobile Bluetooth device pass two-way authentication, thereby improving the security of data transmission.
[0061] exist Figure 3 In (b), the process of "mobile application 100 for performing authentication operations with cloud platform 300" (second-level two-way authentication process) in this application is described as follows:
[0062] First, it should be noted that the execution time for the authentication operation between the mobile application 100 and the mobile Bluetooth device 200 is the same as the execution time for the authentication operation between the mobile application 100 and the cloud platform 300. This can improve authentication efficiency to some extent, thereby improving subsequent data transmission efficiency.
[0063] First, after the mobile application 100 logs into the cloud platform 300, the mobile application 100 generates a signed first mobile random number (signed random number C) based on the first mobile random number (random number C) sent by the cloud platform 300 (Cloud), and sends the signed first mobile random number to the cloud platform 300. Simultaneously, during the first two-way authentication process, the mobile application 100 receives the device certificate corresponding to the mobile Bluetooth device and the signed first device random number returned by the mobile Bluetooth device 200.
[0064] Next, the cloud platform 300 verifies the validity of the signature of the first mobile random number after signing, and simultaneously verifies the user identity of the mobile application 100 and its binding status with the cloud platform 300. When the cloud platform 300 determines that the signature of the first mobile random number after signing is valid, that is, the cloud platform 300 determines that the verification of the first mobile random number after signing is successful, and determines that the user authentication of the mobile application 100 is successful (which can be based on the identifier of the mobile application 100 to determine whether it has been bound to the cloud platform 300 before; if it has been bound before, the verification is successful), the mobile application 100 is used to receive the cloud platform certificate (server certificate) and the second mobile random number after signing (signed random number M) sent by the cloud platform 300.
[0065] Next, the mobile application 100 determines the validity of the cloud platform certificate (i.e., whether the certificate chain of the cloud platform certificate is valid) and the legality of the signature of the second mobile random number. If the mobile application 100 determines that the cloud platform certificate is valid and the signature of the second mobile random number is legal, that is, if the mobile application 100 determines that the cloud platform certificate verification and the second mobile random number verification are successful, then the mobile application 100 receives the target mobile key sent by the cloud platform 300 to enable mutual authentication between the mobile application 100 and the cloud platform 300. In other words, once mutual authentication between the mobile application 100 and the cloud platform 300 is successful, the two parties negotiate the target mobile key (temporary session key SK2). The target mobile key is used to enable data transmission between the mobile application 100 and the cloud platform 300 in the next round of the current round.
[0066] It should be noted that after the mobile application 100 and the cloud platform 300 pass two-way authentication, the mobile application 100 is used to send the target device key to the cloud platform 300 based on the target mobile key, so as to facilitate secure data transmission between the mobile Bluetooth device and the cloud platform in the future.
[0067] Thus, compared to the problems existing in related technical solutions—the factory-preset key is difficult to update, and once leaked, it will lead to systemic risks—this application can update the key in a timely manner when the mobile application and the cloud platform pass two-way authentication, thereby improving the security of data transmission.
[0068] exist Figure 3 In section (c), the process of "mobile Bluetooth device for performing authentication operations with cloud platform" (third-level two-way authentication process) in this application is described as follows:
[0069] In this application, the mobile application 100 enables the mobile Bluetooth device 200 and the cloud platform 300 to perform authentication operations, that is, the mobile application 100 acts as a communication relay channel between the mobile Bluetooth device 200 and the cloud platform 300.
[0070] Specifically, the process of "mobile Bluetooth device for performing authentication operations with a cloud platform via a mobile application" in this application is as follows:
[0071] First, it should be noted that after the mobile application 100 and the cloud platform 300 have passed two-way authentication, but before the mobile Bluetooth device 200 and the cloud platform 300 have passed two-way authentication, the mobile application 100 sends the target device key to the cloud platform 300 based on the target mobile key, so as to facilitate secure data transmission between the mobile Bluetooth device and the cloud platform in the future.
[0072] Mobile Bluetooth device 200 is used to receive a first platform random number (random number S) transmitted from the cloud platform via mobile application 100.
[0073] Next, the mobile Bluetooth device 200 is used to sign the first platform random number to obtain the signed first platform random number (signed random number S), and sends the signed first platform random data to the cloud platform 300 through the mobile application 100.
[0074] Next, the cloud platform 300 verifies the validity of the signature of the first platform random number after signing, and simultaneously verifies the device identity and device permissions of the mobile Bluetooth device 200. When the cloud platform 300 determines that the signature of the first platform random number after signing is valid, that is, when the cloud platform 300 determines that the verification of the first platform random number after signing is successful, and when the verification of the device identity and device permissions of the mobile Bluetooth device 200 is successful, the mobile Bluetooth device 200 receives the encrypted target platform key (encrypted SK3) sent by the cloud platform 300 through the mobile application 100. The encrypted target platform key is obtained by encryption based on the target device key (obtained by encryption using the device's public key).
[0075] Finally, it is determined whether the mobile Bluetooth device 200 has obtained the decrypted target platform key based on the target device key. If the mobile Bluetooth device 200 has obtained the decrypted target platform key based on the target device key, then the two-way authentication between the mobile Bluetooth device 200 and the cloud platform 300 is confirmed to be successful. The target platform key is used to enable data transmission between the mobile Bluetooth device 200 and the cloud platform 300 in the next round of the current round. At this point, the shared session key between the mobile application 100, the mobile Bluetooth device 200, and the cloud platform 300 is established, and subsequent data transmission can be securely executed.
[0076] Thus, compared to the problems existing in related technical solutions—the factory-preset key is difficult to update, and once leaked, it will lead to systemic risks—this application can update the key in a timely manner when the mobile Bluetooth device and the cloud platform pass two-way authentication, thereby improving the security of data transmission.
[0077] It should be noted that in all the judgment processes of this application, if there is any "no" branch (i.e. the judgment fails), the subsequent steps will not be executed.
[0078] It should also be noted that the digital signatures used in the first, second, and third layers of two-way authentication in this application employ the Elliptic Curve Digital Signature Algorithm (ECDSA), and the random challenge code is a random number of at least 128 bits to ensure protection against replay attacks. Furthermore, after the first, second, and third layers of two-way authentication are completed, the generated target device key, target mobile terminal key, and target platform key are used to generate a master key (MasterKey) through a key derivation function (KDF) for subsequent data encryption and integrity protection.
[0079] Thus, in this application, a triple two-way authentication mechanism can be used between the mobile Bluetooth device, the mobile application, and the cloud platform to achieve mutual trust in identity, prevent device impersonation, data leakage, and illegal control, thereby improving security (i.e., achieving mutual trust among the mobile Bluetooth device, the mobile application, and the cloud platform, eliminating the risk of single-point forgery), enhancing anti-attack capabilities (i.e., effectively defending against common attacks such as MITM, replay attacks, cloning, and phishing), improving scalability (i.e., applicable to various BLE devices and compatible with other wireless protocols such as Wi-Fi and UWB), optimizing user experience (i.e., the authentication process is completed silently in the background without affecting normal usage), and ensuring strong compliance (i.e., compliant with data security standards such as GDPR, Cybersecurity Classified Protection 2.0, and ISO / IEC 27001).
[0080] Figure 4 A flowchart illustrating a data transmission method for a mobile Bluetooth device provided in an embodiment of this application. (In conjunction with...) Figure 4 As shown, the data transmission method for a mobile Bluetooth device provided in this application embodiment may include:
[0081] S1: When the mobile application, the mobile Bluetooth device, and the cloud platform are all in operation, the mobile application transmits the object information of the target object obtained by the mobile Bluetooth device to the cloud platform.
[0082] It should be noted that a mobile application in a working state includes a mobile application that has successfully connected and passed two-way authentication; a mobile Bluetooth device in a working state includes a mobile Bluetooth device that has successfully connected and passed two-way authentication; and a cloud platform in a working state includes a cloud platform that has successfully connected and passed two-way authentication. Here, the mobile application, mobile Bluetooth device, and cloud platform refer to the mobile application, mobile Bluetooth device, and cloud platform in the aforementioned mobile Bluetooth device authentication system.
[0083] In this step, when the mobile application, mobile Bluetooth device, and cloud platform are all operational, the mobile Bluetooth device can acquire object information of the target object through its built-in sensors and transmit this information to the mobile application. The target object can be a person or an object, and the target object and its information can be determined based on the specific scenario; for example, the object information could be the object's health information. Next, the object information is transmitted to the cloud platform via the mobile application.
[0084] It should also be noted that the key used in the transmission process from the mobile Bluetooth device to the mobile application is the new key obtained after the first two-way authentication is successful; the key used in the transmission process from the mobile application to the cloud platform is the new key obtained after the second two-way authentication is successful; and the key used in the transmission process from the mobile Bluetooth device to the cloud platform is the new key obtained after the third two-way authentication is successful.
[0085] Thus, this application can enhance the security of data transmission between mobile applications, mobile Bluetooth devices, and cloud platforms based on a triple two-way authentication mechanism.
[0086] like Figure 5 The diagram shown is a structural schematic of a computer device provided in an embodiment of this application. Figure 5 The computer device 12 shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments of the present invention.
[0087] like Figure 5 As shown, the computer device 12 is represented in the form of a general-purpose computing device. The components of the computer device 12 may include, but are not limited to: one or more processors or processing units 16, system memory 28, and a bus 18 connecting different system components (including system memory 28 and processing unit 16).
[0088] Bus 18 represents one or more of several bus architectures, including a memory bus or memory controller, a peripheral bus, a graphics acceleration port, a processor, or a local bus using any of the various bus architectures. For example, these architectures include, but are not limited to, the Industry Standard Architecture (ISA) bus, the Micro Channel Architecture (MAC) bus, the Enhanced ISA bus, the Video Electronics Standards Association (VESA) local bus, and the Peripheral Component Interconnect (PCI) bus.
[0089] Computer device 12 typically includes a variety of computer system readable media. These media can be any available media that can be accessed by computer device 12, including volatile and non-volatile media, removable and non-removable media.
[0090] System memory 28 may include computer system readable media in the form of volatile memory, such as random access memory (RAM) 30 and / or cache memory 32. Computer device 12 may further include other removable / non-removable, volatile / non-volatile computer system storage media. By way of example only, storage system 34 may be used to read and write non-removable, non-volatile magnetic media (…). Figure 5 Not shown; usually referred to as a "hard drive"). Although Figure 5 Not shown, a disk drive for reading and writing to a removable non-volatile disk (e.g., a "floppy disk") and an optical disk drive for reading and writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 via one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to perform the functions of the embodiments of the present invention.
[0091] A program / utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28. Such program modules 42 include, but are not limited to, an operating system, one or more application programs, other program modules, and program data. Each or some combination of these examples may include an implementation of a network environment. Program modules 42 typically perform the functions and / or methods described in the embodiments of the present invention.
[0092] Computer device 12 can also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), and with one or more devices that enable a user to interact with the computer device 12, and / or with any device that enables the computer device 12 to communicate with one or more other computing devices (e.g., network card, modem, etc.). This communication can be performed through input / output (I / O) interface 22. Furthermore, computer device 12 can also communicate with one or more networks (e.g., local area network (LAN), wide area network (WAN), and / or public networks, such as the Internet) through network adapter 20. Figure 5 As shown, network adapter 20 communicates with other modules of computer device 12 via bus 18. It should be understood that, although... Figure 5 As not shown, it can be used in conjunction with computer device 12 with other hardware and / or software modules, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems.
[0093] The processor unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, such as implementing the data transmission method of the mobile Bluetooth device provided in the embodiments of this application.
[0094] This application provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the data transmission method of the mobile Bluetooth device described in this application.
[0095] In practical applications, the computer-readable storage medium can be any combination of one or more computer-readable media. The computer-readable medium can be a computer-readable signal medium or a computer-readable storage medium. For example, a computer-readable storage medium can be, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media (a non-exhaustive list) include: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this embodiment, the computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.
[0096] Computer-readable signal media may include data signals propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals may take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. Computer-readable signal media may also be any computer-readable medium other than computer-readable storage media, capable of sending, propagating, or transmitting programs for use by or in connection with an instruction execution system, apparatus, or device.
[0097] Program code contained on a computer-readable medium may be transmitted using any suitable medium, including but not limited to wireless, wire, optical fiber, RF, etc., or any suitable combination thereof.
[0098] Computer program code for performing the operations of this invention can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, as well as conventional procedural programming languages such as "C" or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0099] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the device and system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiments. The device and system embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components indicated as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of the solution in this embodiment according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0100] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. An authentication system for a mobile Bluetooth device, characterized in that, The authentication system includes a mobile application, a mobile Bluetooth device, and a cloud platform; The mobile application is used to perform authentication operations with the mobile Bluetooth device; and the mobile application is used to perform authentication operations with the cloud platform. The mobile Bluetooth device is used to perform authentication operations with the cloud platform.
2. The system according to claim 1, characterized in that, The mobile application is used to perform authentication operations with the mobile Bluetooth device, including: The mobile application is used to send a first device random number to the mobile Bluetooth device and receive the device certificate and the signed first device random number returned by the mobile Bluetooth device. If the mobile application determines that the device certificate and the signed first device random number have passed verification, the mobile application is used to send the signed second device random number to the mobile Bluetooth device; When the mobile Bluetooth device determines that the second device random number verification after the signature is successful, the mobile application is used to receive the target device key returned by the mobile Bluetooth device, so that the mobile application and the mobile Bluetooth device can pass the two-way authentication.
3. The system according to claim 2, characterized in that, The mobile application is used to perform authentication operations with the cloud platform, including: The mobile application is used to generate a signed first mobile random number based on a first mobile random number sent by the cloud platform, and send the signed first mobile random number to the cloud platform. When the cloud platform determines that the verification of the first mobile random number after the signature is passed, the mobile application is used to receive the cloud platform certificate and the second mobile random number after the signature sent by the cloud platform. If the mobile application determines that the cloud platform certificate and the signed second mobile random number verification are successful, the mobile application is used to receive the target mobile key sent by the cloud platform, so that the mobile application and the cloud platform can pass two-way authentication.
4. The system according to claim 3, characterized in that, The mobile application is used to send the target device key to the cloud platform based on the target mobile key.
5. The system according to claim 4, characterized in that, The mobile Bluetooth device is used to perform authentication operations with the cloud platform, including: The mobile Bluetooth device is used to perform authentication operations with the cloud platform through the mobile application.
6. The system according to claim 5, characterized in that, The mobile Bluetooth device is used to perform authentication operations with the cloud platform through the mobile application, including: The mobile Bluetooth device is used to receive a first platform random number transmitted by the cloud platform through the mobile application. The mobile Bluetooth device is used to sign the random number of the first platform to obtain the signed random number of the first platform, and send the signed random number of the first platform to the cloud platform through the mobile application. When the cloud platform determines that the first platform random number verification after the signature is passed, the mobile Bluetooth device is used to receive the encrypted target platform key sent by the cloud platform through the mobile application, wherein the encrypted target platform key is obtained based on the target device key; If the mobile Bluetooth device obtains the decrypted target platform key based on the target device key, then the two-way authentication between the mobile Bluetooth device and the cloud platform is confirmed to be successful.
7. The system according to claim 1, characterized in that, The execution time for the authentication operation between the mobile application and the mobile Bluetooth device is the same as the execution time for the authentication operation between the mobile application and the cloud platform.
8. A data transmission method for a mobile Bluetooth device, characterized in that, include: When the mobile application, the mobile Bluetooth device, and the cloud platform are all in operation, the mobile application transmits the object information of the target object obtained by the mobile Bluetooth device to the cloud platform. The mobile application in operation includes a certified mobile application, the mobile Bluetooth device in operation includes a certified mobile Bluetooth device, and the cloud platform in operation includes a certified cloud platform. The mobile application, the mobile Bluetooth device, and the cloud platform are the mobile application, the mobile Bluetooth device, and the cloud platform in the authentication system for mobile Bluetooth devices according to any one of claims 1 to 7.
9. A computer device, characterized in that, include: Processor, memory, system bus; The processor and the memory are connected via the system bus; The memory is used to store one or more programs, the one or more programs including instructions that, when executed by the processor, cause the processor to perform the method of claim 8.
10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores instructions that, when executed on a terminal device, cause the terminal device to perform the method of claim 8.