A method and system for encrypted communication based on dynamic key agreement

By using dynamic key negotiation and timestamp mechanisms, the printer and consumable chip generate session keys, which solves the security problem in the communication between the printer and consumable chip, realizes the confidentiality and integrity protection of data, and prevents static key leakage and replay attacks.

CN122339822APending Publication Date: 2026-07-03ZHONGSHAN YUANSHI MICRO TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ZHONGSHAN YUANSHI MICRO TECH CO LTD
Filing Date
2026-05-13
Publication Date
2026-07-03

Smart Images

  • Figure CN122339822A_ABST
    Figure CN122339822A_ABST
Patent Text Reader

Abstract

The application discloses an encryption communication method and system based on dynamic key negotiation. The method comprises the following steps: in response to a communication request sent by a printer to a consumable chip, the consumable chip generates a first random number and sends the first random number to the printer; the printer generates a second random number, and dynamically negotiates a session key according to the first random number, the second random number and a pre-shared root key; and the printer and the consumable chip perform encrypted transmission on interactive data based on the session key. Through the dynamic key negotiation mechanism of the double random numbers combined with the pre-shared root key, the application realizes independent generation or periodic update of the session key between the printer and the consumable chip in each communication, effectively prevents the data leakage risk caused by interception or cracking of the static key, guarantees the confidentiality and integrity of the interactive data, and significantly improves the security of the communication data between the printer and the consumable chip.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information security technology, specifically to an encrypted communication method and system based on dynamic key negotiation. Background Technology

[0002] Printers typically use embedded chips for authentication and data exchange with replaceable consumables (such as ink cartridges, toner cartridges, and drum units) to identify the authenticity of consumables, record their usage status, and control the printer's normal operation. As the value of communication data between printing devices and consumable chips (such as consumable balance data, regional restriction information, and firmware upgrade commands) becomes increasingly apparent, security threats targeting the communication link, such as interception, tampering, and replay attacks, are constantly increasing. Therefore, improving the security of data exchanged between printers and consumable chips has become a pressing technical problem in this field.

[0003] Currently, the existing communication security solutions between printers and consumable chips mainly adopt the following two methods: First, a symmetric encryption method with a pre-set fixed key is used, where the printer and chip are written with the same static key during production, and subsequent communication uses this fixed key for encrypted transmission; Second, a simple one-way challenge-response authentication mechanism is used, where the printer sends a random challenge value to the chip, and the chip returns an authentication response value based on a pre-set algorithm. After successful authentication, plaintext or simply encrypted data interaction is performed.

[0004] However, the aforementioned existing technical solutions have significant security flaws in practical applications. For encryption schemes using fixed keys, once the static key is reverse-engineered or leaked during chip production, transportation, or use, the communication security of all consumables in the same batch will be completely lost, and the key cannot be updated without replacing the hardware. For one-way challenge-response authentication schemes, they only verify the chip's identity and legitimacy, without providing continuous encryption protection for the subsequent transmission of interactive data. Data interaction after authentication is still transmitted in plaintext or weak encryption, making it extremely vulnerable to interception or tampering by man-in-the-middle attacks. Furthermore, existing solutions generally lack mechanisms for verifying the integrity of communication data and preventing replay attacks. Attackers can deceive printers or chips by intercepting and replaying legitimate communication data.

[0005] Therefore, it is necessary to study a communication method that enables dynamic negotiation of session keys between the printer and the consumable chip, and provides end-to-end encryption and integrity protection for the interactive data, in order to overcome the security defects of existing static key schemes and one-way authentication schemes and significantly improve the security of printer consumable chip communication data. Summary of the Invention

[0006] This invention discloses an encrypted communication method based on dynamic key negotiation.

[0007] In response to a communication request sent by the printer to the consumable chip, the consumable chip generates a first random number and sends it to the printer;

[0008] The printer generates a second random number and dynamically negotiates and generates a session key based on the first random number, the second random number, and the pre-shared root key.

[0009] The printer and the consumable chip encrypt and transmit interactive data based on the session key.

[0010] Furthermore, the dynamic negotiation to generate the session key includes:

[0011] The printer concatenates the first random number and the second random number to generate a random number combination;

[0012] The printer uses a hash algorithm to perform calculations on the random number combination and the pre-shared root key to generate the session key.

[0013] Furthermore, it also includes:

[0014] The consumable chip receives the second random number sent by the printer;

[0015] The consumable chip uses the same splicing rules and hash algorithm as the printer, and calculates the same session key independently based on the first random number, the second random number and the pre-shared root key.

[0016] Specifically, the encrypted transmission includes:

[0017] The sending end uses the session key to perform symmetric encryption on the plaintext data to generate ciphertext data;

[0018] The sending end sends the encrypted data together with the message authentication code generated using the session key to the receiving end;

[0019] After verifying the message authentication code using the session key, the receiving end decrypts the ciphertext data.

[0020] Furthermore, the encrypted transmission process also includes:

[0021] After each interactive communication is completed or a preset time threshold is reached, the printer triggers a session key update process;

[0022] The printer and the consumable chip re-execute the dynamic negotiation process to generate a new session key.

[0023] Furthermore, it also includes:

[0024] Before sending the communication request, the printer sends a first authentication challenge value to the consumable chip;

[0025] The consumable chip calculates the first authentication challenge value based on a preset key and returns a first authentication response value;

[0026] After the printer verifies that the first authentication response value is passed, it initiates the step of dynamically negotiating and generating a session key.

[0027] Furthermore, it also includes:

[0028] When generating the first random number, the consumable chip simultaneously records the timestamp of the communication request;

[0029] If the timestamp corresponding to the first random number received by the printer deviates from the local time by more than a preset threshold, the printer refuses to perform key negotiation.

[0030] On the other hand, another technical solution adopted by the present invention is:

[0031] An encryption system based on dynamic key negotiation is provided.

[0032] Furthermore, the system includes:

[0033] A random number generation module, configured on the consumable chip side, is used to generate a first random number in response to the printer's communication request;

[0034] A key negotiation module, configured on the printer side, is used to dynamically negotiate and generate a session key based on the first random number, the second random number generated by the printer, and the pre-shared root key.

[0035] An encrypted communication module is configured on both sides of the printer and the consumable chip, and is used to encrypt and transmit interactive data based on the session key.

[0036] Preferably, the key negotiation module includes:

[0037] The splicing unit is used to splice the first random number and the second random number in a preset order to generate a random number combination;

[0038] The hash operation unit is used to perform operations on the random number combination and the pre-shared root key using a hash algorithm to generate the session key.

[0039] The session key update module is used to trigger the key negotiation module to re-execute the dynamic negotiation process and generate a new session key after each interactive communication is completed or when a preset time threshold is reached.

[0040] As can be seen from the above technical solution, the present invention has at least the following advantages and positive effects compared with the prior art:

[0041] 1. It enables dynamic negotiation of session keys and independent generation for each communication, eliminating the risk of static key leakage.

[0042] The consumable chip generates a first random number, and the printer generates a second random number. Both parties dynamically negotiate and generate a session key based on the two random numbers and the pre-shared root key. Combined with a periodic update mechanism, the session key is made "one-time key". Even if a single key is intercepted, it is impossible to deduce the key for other communication sessions.

[0043] 2. By independently calculating the same session key on both ends, both security and computational efficiency in resource-constrained scenarios are balanced.

[0044] In this invention, the printer and consumable chip use the same splicing rules and hash algorithm to independently calculate the same session key, eliminating the need for complex public key operations, minimizing computational overhead, and avoiding the risk of the session key being intercepted during over-the-air transmission.

[0045] 3. It achieves dual protection of confidentiality and integrity of interactive data throughout the entire process.

[0046] This invention uses a session key to symmetrically encrypt interactive data and sends the ciphertext data along with a message authentication code. The receiving end decrypts the data after verifying the message authentication code, thus ensuring the confidentiality of the data and preventing tampering during transmission, effectively resisting man-in-the-middle attacks.

[0047] 4. Construct a multi-layered security defense system through two-way authentication and timestamp-based replay prevention mechanisms.

[0048] This invention achieves bidirectional authentication between the printer and the chip through challenge-response before key negotiation, and at the same time rejects replay attacks that exceed the time window through a timestamp verification mechanism, effectively preventing unauthorized chip access and replay attacks. Attached Figure Description

[0049] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort, wherein:

[0050] Figure 1 This is a flowchart illustrating an encrypted communication method based on dynamic key negotiation according to an embodiment of the present invention.

[0051] Figure 2This is a flowchart illustrating a communication method for a consumable chip with a two-way authentication mechanism, provided in another embodiment of the present invention.

[0052] Figure 3 This is a schematic diagram of the structure of an encrypted communication system based on dynamic key negotiation provided in another embodiment of the present invention. Detailed Implementation

[0053] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of them. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0054] Example 1

[0055] Figure 1 This is a flowchart illustrating an encrypted communication method based on dynamic key negotiation, provided as an embodiment of the present invention.

[0056] S1: In response to a communication request sent by the printer to the consumable chip, the consumable chip generates a first random number and sends it to the printer;

[0057] Before a print job is started or when reading consumable level information, the printer first sends a communication request command to the consumable chip. This communication request command can be a pre-formatted wake-up frame or request frame, containing a command header, device address verification information, and an optional operation type identifier.

[0058] Upon receiving the communication request, the consumable chip first performs a command validity check. For example, the microcontroller unit or security control logic on the consumable chip parses the received command frame, checks whether the command header matches the preset communication protocol format, and verifies whether the address information matches the device identifier stored in its own memory. After successful verification, the consumable chip enters the key negotiation preparation state.

[0059] The consumable chip then invokes its internal random number generator to generate a first random number R1. To ensure the security of key negotiation, this first random number R1 should possess sufficient entropy and unpredictability. In a preferred embodiment, the consumable chip uses a hardware true random number generator to generate a 128-bit or 256-bit first random number R1. In another embodiment, for low-end consumable chips with limited computing resources, a pseudo-random number generator based on clock jitter or circuit noise can be used, combined with the chip's unique serial number as a random seed, to improve the unpredictability of the random number.

[0060] After the consumable chip generates the first random number R1, it encapsulates it in a response frame and sends it back to the printer via the communication interface. Optionally, the response frame also includes the consumable chip's type identifier and protocol version number, so that the printer can select matching key negotiation parameters. At this point, step S1 is complete, and the printer has obtained the first random number R1 from the consumable chip.

[0061] S2: The printer generates a second random number and dynamically negotiates and generates a session key based on the first random number, the second random number, and the pre-shared root key;

[0062] After receiving the first random number R1 returned by the consumable chip, the printer initiates the local key negotiation process.

[0063] First, the printer invokes its own random number generation module, typically implemented by the random number generator built into the printer's main control SoC, to generate a second random number R2. Similarly, R2 should have sufficient randomness and length, usually 128 bits or 256 bits. It should be noted that the printer's computing power and storage resources are far superior to those of the consumable chip, therefore more complex random number generation algorithms can be used, including true random numbers based on hardware noise or cryptographically secure pseudo-random numbers based on entropy sources such as system time and interrupts.

[0064] After the random number generation is complete, the printer retrieves the pre-shared root key K_root, which is stored locally. This pre-shared root key K_root is a shared secret value issued by the printer to the consumable chip during the consumable chip manufacturing stage or the initial installation authentication stage, and stored respectively in the printer's secure storage area and the consumable chip's secure non-volatile memory. The length of K_root is typically 128 bits, 192 bits, or 256 bits, corresponding to the key length requirements of subsequent symmetric encryption algorithms.

[0065] The printer dynamically negotiates and generates a session key K_session based on a first random number R1, a second random number R2, and a pre-shared root key K_root. In this embodiment, "dynamic negotiation" means that the session key is not a pre-stored fixed value, nor is it generated independently by one party and directly transmitted to the other. Instead, it is calculated in real time based on the random numbers (R1 and R2) contributed by both parties and the shared root key K_root. Therefore, the K_session generated for each communication session is different.

[0066] Specifically, the printer uses the following key derivation function to calculate the session key:

[0067] K_session = KDF( K_root, R1 ∥ R2 )

[0068] Here, KDF (Key Derivation Function) is the key derivation function, which can be implemented using Hash Message Authentication Code (HMAC) or Hash-based Key Derivation Function (HKDF). R1 ​​∥ R2 means concatenating the first random number R1 and the second random number R2 in a predetermined order. For example, R1 can be used as the high-order part and R2 as the low-order part, or vice versa. The concatenated random array serves as the input parameter for key derivation.

[0069] In a simplified but equally effective implementation, a cryptographic hash algorithm (such as SHA-256) can be used directly for calculation:

[0070] K_session = SHA-256( K_root ∥ R1 ∥ R2 )

[0071] The pre-shared root key K_root is concatenated with the first random number R1 and the second random number R2 in sequence, and then input into the SHA-256 hash function. The output hash value (256 bits) is either truncated or directly used as the session key K_session. If subsequent encryption algorithms require a shorter key (such as AES-128), the first 128 bits of the hash value are used as K_session.

[0072] During the above calculation process, the printer completed the dynamic negotiation and generation of the session key K_session. It is important to emphasize that at this point, the consumable chip has not yet learned the second random number R2, and therefore cannot independently calculate the same session key. The printer will send R2 (or along with other negotiation parameters) to the consumable chip in the next step.

[0073] Optionally, in step S2, the printer can also temporarily store the generated session key and generate a session identifier (Session_ID) corresponding to the negotiation, so as to quickly index the corresponding session key in subsequent encrypted communication.

[0074] S3: The printer and the consumable chip encrypt and transmit interactive data based on the session key.

[0075] After the session key is generated, the printer and the consumable chip can enter the encrypted communication phase. In order for both parties to use the same session key, the printer needs to securely pass a second random number R2 to the consumable chip.

[0076] In one implementation, the printer encapsulates the second random number R2 generated in step S2 in a key negotiation response frame and sends it to the consumable chip via the communication interface. To protect the confidentiality of R2 during transmission, it can be encrypted using a pre-shared root key K_root, or it can be transmitted directly in plaintext—because R2 itself is a random number, even if intercepted by an attacker, the session key cannot be calculated due to the lack of the pre-shared root key K_root and the first random number R1. However, to further improve security, this embodiment preferably uses encrypted transmission of R2.

[0077] After receiving the second random number R2 sent by the printer, the consumable chip uses the same key derivation algorithm as the printer to independently calculate the same session key K_session based on its own stored first random number R1 (which was previously generated by the consumable chip and stored in its local cache), the received second random number R2, and the pre-shared root key K_root. At this point, the printer and the consumable chip have completed key negotiation and both possess the same session key.

[0078] Subsequently, the printer and the consumable chip encrypt the transmitted data based on the session key K_session. Specifically, when the printer needs to write data to the consumable chip, it uses the session key K_session to symmetrically encrypt the plaintext data M, generating ciphertext data C. The encryption algorithm can be Advanced Encryption Standard (AES), Chinese national standard SM4, or other lightweight block cipher algorithms suitable for embedded systems. The encryption mode preferably uses counter mode or cipher feedback mode to avoid padding overhead and supports parallel processing.

[0079] In addition to encryption, to ensure data integrity, the sender also generates a message authentication code (MAC). The MAC is calculated as: MAC = HMAC(K_session, C || sequence number), which means using the session key K_session to perform an HMAC operation on the ciphertext data C and an incrementing sequence number to generate a fixed-length authentication tag. This sequence number is used to prevent replay attacks and out-of-order attacks.

[0080] The printer encapsulates the encrypted data C, the message authentication code MAC, and an optional serial number into an encrypted data frame and sends it to the consumable chip.

[0081] After receiving an encrypted data frame, the consumable chip first verifies the message authentication code (MAC) using the locally calculated session key K_session: it recalculates HMAC(K_session, C ∥ sequence number) and compares it with the received MAC. If the comparison fails, it indicates that the data has been tampered with during transmission or is old data being replayed; the consumable chip refuses to process it and returns an error status. If the comparison succeeds, the consumable chip then decrypts the ciphertext C using the session key K_session to recover the original plaintext data M, and performs corresponding operations according to the plaintext instructions, such as updating the internal storage balance count.

[0082] Conversely, when the consumable chip needs to report data to the printer, the exact same encryption and MAC protection process is used, only the roles of the sender and receiver are reversed. Therefore, every data exchange between the printer and the consumable chip is protected by both confidentiality and integrity.

[0083] Optionally, after a complete encrypted communication session ends, the printer can initiate a new key negotiation process to generate a new session key for the next communication. Alternatively, multiple encrypted data frames can be transmitted consecutively within a single session, each using the same session key but with an incrementing sequence number to prevent replay.

[0084] Example 2:

[0085] Figure 2 This is a flowchart illustrating a method for dynamically updating session keys based on a communication time threshold, according to an embodiment of the present invention. The method includes the following steps:

[0086] S50: After each interactive communication is completed or a preset time threshold is reached, the printer triggers a session key update process;

[0087] S51: The printer and the consumable chip re-execute the dynamic negotiation process to generate a new session key.

[0088] After each interactive communication is completed or a preset time threshold is reached, the printer triggers a session key update process; the printer and the consumable chip re-execute the dynamic negotiation process to generate a new session key.

[0089] Specifically, a complete interactive communication between the printer and the consumable chip includes three sub-processes: key negotiation, encrypted data transmission, and data acknowledgment confirmation. Upon completion of this interaction, the printer's internal state machine automatically triggers the key update flag. The printer sends a key update command to the consumable chip, notifying it to clear the currently cached session key K_session_old. Subsequently, the printer and consumable chip re-execute the dynamic negotiation process: the consumable chip generates a new first random number R1_new, the printer generates a new second random number R2_new, and both parties negotiate and generate a new session key K_session_new based on R1_new, R2_new, and the pre-shared root key K_root.

[0090] As another triggering method, the printer has an internal timer with a preset time threshold that can be configured to 30 seconds, 60 seconds, or 300 seconds. When the accumulated time from the moment the session key is generated reaches this threshold, the printer will forcibly interrupt the current communication process, send a synchronization update command, and trigger the key update process, regardless of whether data transmission is currently in progress. This time threshold can be dynamically adjusted according to the security level of the application scenario: it can be set to 10 seconds for high-security scenarios and 300 seconds for ordinary office scenarios.

[0091] If the key update fails due to communication interference, the printer allows a maximum of 3 retries. After consecutive failures, the printer will mark the consumable chip as untrusted and refuse further communication until the user reinstalls the consumable.

[0092] The dynamic update mechanism ensures that the validity period of the session key is strictly limited to a single communication or a preset time window. Even if a session key is extracted by a physical probe, attackers cannot use the key to decrypt historical or subsequent communication data, thus achieving forward and backward security of the key.

[0093] Example 3:

[0094] Figure 3 A schematic diagram of an encrypted communication system based on dynamic key negotiation, provided for another embodiment of the present invention, is shown. The system includes:

[0095] This embodiment provides an encrypted communication system based on dynamic key negotiation, applied between a printer and a replaceable consumable chip.

[0096] like Figure 3 As shown, the system includes: a random number generation module 100, a key negotiation module 200, and an encrypted communication module 300.

[0097] A random number generation module 100 is configured on the consumable chip 10 side. In response to a communication request sent by the printer 20 to the consumable chip 10, this module generates a first random number and sends it to the printer 20. Specifically, the random number generation module 100 integrates a true random number generator or a pseudo random number generator, outputting a 128-bit first random number.

[0098] A key negotiation module 200 is configured on the printer 20 side. This module receives a first random number from the random number generation module 100 and calls the random number generator inside the printer 20 to generate a second random number. The key negotiation module 200 dynamically negotiates and generates a session key based on the first random number, the second random number, and the pre-shared root key pre-stored in the printer's secure storage area.

[0099] An encrypted communication module 300 is configured on both sides of the printer 20 and the consumable chip 10. This module includes a first encryption unit 310 and a first decryption unit 320 on the printer 20 side, and a second encryption unit 330 and a second decryption unit 340 on the consumable chip 10 side. The encrypted communication module 300 encrypts and transmits interactive data between the printer 20 and the consumable chip 10 based on the session key generated by the key negotiation module 200.

[0100] When printer 20 sends a communication request to consumable chip 10, random number generation module 100 generates a first random number and sends it back; key negotiation module 200 dynamically generates a session key based on this and synchronizes it to consumable chip 10; encrypted communication module 300 uses the session key to encrypt all subsequent interactive data until the session ends or a key update is triggered.

[0101] The above description is merely an embodiment of the present invention and does not limit the patent scope of the present invention. Any equivalent structural or procedural transformations made based on the content of the present invention's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of the present invention.

Claims

1. A method for encrypted communication based on dynamic key agreement, applied between a printer and a replaceable consumable chip, characterized in that, include: In response to a communication request sent by the printer to the consumable chip, the consumable chip generates a first random number and sends it to the printer; The printer generates a second random number and dynamically negotiates and generates a session key based on the first random number, the second random number, and the pre-shared root key. The printer and the consumable chip encrypt and transmit interactive data based on the session key.

2. The method according to claim 1, characterized in that, The dynamic negotiation to generate the session key includes: The printer concatenates the first random number and the second random number to generate a random number combination; The printer uses a hash algorithm to perform calculations on the random number combination and the pre-shared root key to generate the session key.

3. The method according to claim 2, characterized in that, Also includes: The consumable chip receives the second random number sent by the printer; The consumable chip uses the same splicing rules and hash algorithm as the printer, and calculates the same session key independently based on the first random number, the second random number and the pre-shared root key.

4. The method according to claim 1, characterized in that, The encrypted transmission includes: The sending end uses the session key to perform symmetric encryption on the plaintext data to generate ciphertext data; The sending end sends the encrypted data together with the message authentication code generated using the session key to the receiving end; After verifying the message authentication code using the session key, the receiving end decrypts the ciphertext data.

5. The method according to claim 1, characterized in that, Also includes: After each interactive communication is completed or a preset time threshold is reached, the printer triggers a session key update process; The printer and the consumable chip re-execute the dynamic negotiation process to generate a new session key.

6. The method according to claim 1, characterized in that, Also includes: Before sending the communication request, the printer sends a first authentication challenge value to the consumable chip; The consumable chip calculates the first authentication challenge value based on a preset key and returns a first authentication response value; After the printer verifies that the first authentication response value is passed, it initiates the step of dynamically negotiating and generating a session key.

7. The method according to claim 1, characterized in that, Also includes: When generating the first random number, the consumable chip simultaneously records the timestamp of the communication request; If the timestamp corresponding to the first random number received by the printer deviates from the local time by more than a preset threshold, the printer refuses to perform key negotiation.

8. An encrypted communication system based on dynamic key negotiation, characterized in that, include: A random number generation module, configured on the consumable chip side, is used to generate a first random number in response to the printer's communication request; A key negotiation module, configured on the printer side, is used to dynamically negotiate and generate a session key based on the first random number, the second random number generated by the printer, and the pre-shared root key. An encrypted communication module is configured on both sides of the printer and the consumable chip, and is used to encrypt and transmit interactive data based on the session key.

9. The system according to claim 8, characterized in that, The key negotiation module includes: The splicing unit is used to splice the first random number and the second random number in a preset order to generate a random number combination; The hash operation unit is used to perform operations on the random number combination and the pre-shared root key using a hash algorithm to generate the session key.

10. The system according to claim 8, characterized in that, Also includes: The session key update module is used to trigger the key negotiation module to re-execute the dynamic negotiation process and generate a new session key after each interactive communication is completed or when a preset time threshold is reached.