Bluetooth binding and two-dimension code verification combined device mutual identification and verification methodTechnical Field
The invention relates to a device mutual identification and verification method combining Bluetooth binding and two-dimension code verification.
Background
At present, with the development of the internet of things and the Bluetooth protocol, the device binding and device verification method based on the Bluetooth protocol is increasingly popular and widely used in the internet of things devices including the field of medical appliances. Although the bluetooth protocol belongs to a short-distance space wireless communication protocol, for medical devices, particularly for medical devices with strict requirements on human life safety such as insulin infusion pumps, the safety risk brought by controlling insulin infusion operation through the bluetooth protocol is still not negligible. In particular, the safety risk of the bluetooth protocol in insulin infusion pumps is mainly manifested in the following points:
1. the Bluetooth broadcasting distance is still far, so that the equipment is easily detected and monitored; bluetooth broadcasting based on radio technology belongs to non-directional broadcasting, and the propagation distance of the Bluetooth broadcasting to the periphery in an open unobstructed space can reach tens of meters; because the Bluetooth broadcast packet contains privacy information such as equipment control information, user data information and the like, if the signal is detected, monitored and interfered, the privacy information of the user is leaked slightly, and the equipment cannot work normally, so that the life safety of the user is threatened;
2. the Bluetooth communication protocol belongs to an open protocol when the device is not bound, and if the device adopts a no-input-output (No Input No Output) mode to bind, whether the device sending the binding request is a user permission device cannot be identified; if the device is illegally bound and controlled, excessive insulin infusion by the user may result, thereby risking life safety of the user;
3. when the Bluetooth equipment is bound, equipment MAC addresses are mostly adopted as equipment identifiers, but the equipment MAC addresses have poor identification performance on terminal users, and the MAC addresses are mostly automatically built and produced in the equipment, so that users cannot identify whether the equipment is owned by the users through the equipment MAC addresses; blindness exists in binding, and misoperation is easy to cause;
4. the bluetooth binding process is not controllable. According to the bluetooth protocol specification, the bluetooth communication protocol stack belongs to a multi-layer protocol, and comprises a physical layer (HY), a Link Layer (LL), a host control interface layer (HCI), a logical link control and adaptation protocol layer (L2 CAP), a security management layer (SM), a generic access profile layer (GAP), an attribute protocol layer (ATT) and a generic attribute profile layer (GATT). The conventional Bluetooth application only carries out conventional operation on the GATT and ATT layers, and the device binding operation is that key exchange and password transmission are automatically carried out by the Bluetooth chip under the SM layers (HY, LL, HCI, L CAP and SM) according to Bluetooth binding protocol specifications, and the binding process is invisible and uncontrollable to users; this results in the user device, once illegally bound, possibly causing the device to be out of function.
Disclosure of Invention
The invention aims to solve the technical problems that through the safety identification and verification of the identity and the data of the control machine and the pump body in the use process, misoperation of a user or malicious control of the pump body and malicious hijacking or tampering of the data are avoided, the safety of the infusion process is improved, and the infusion risk is reduced.
The invention discloses a device mutual identification and verification method combining Bluetooth binding and two-dimension code verification, which is realized by the following technical scheme, and specifically comprises the following steps:
s1, in the device searching stage, after the insulin infusion pump is powered on, broadcasting outside is started, and broadcasting content comprises a device manufacturer identifier and a device serial number, wherein the device manufacturer identifier and the device serial number are high in readability and identifiability, besides a device MAC address; the controller equipment monitors the received Bluetooth broadcasting packet, analyzes data in the Bluetooth broadcasting packet according to the Bluetooth broadcasting specification, and searches and identifies the equipment manufacturer identifier; if the equipment manufacturer identifier is successfully analyzed and identified, the equipment manufacturer identifier is used as candidate equipment to be added into a list to be identified, otherwise, the equipment manufacturer identifier is ignored and search is continued;
s2, in the equipment identification stage, after the equipment manufacturer identifier is identified, the controller further searches and identifies the equipment serial number; the control machine preliminarily determines whether the pump body equipment is bound user legal equipment or not by identifying the equipment type identification of the pump body matched with the control machine; if the equipment type is illegal, neglecting, otherwise, adding the equipment type into a list to be confirmed;
s3, in the equipment confirmation stage, the list to be confirmed contains all insulin pump equipment technical lists with legal equipment manufacturer identifiers and equipment identifiers; the control machine needs to further confirm the equipment which needs to be uniquely bound with the control machine through the two-dimensional code; the user reads the content of the two-dimension code by using a camera of the control machine, the control machine automatically compares the equipment serial number contained in the two-dimension code with the equipment identifier in the list to be confirmed, and the equipment which is successfully matched is used as the only bindable equipment for binding; s4, in the equipment binding stage, after the unique bindable equipment is determined, the controller executes binding operation, and the pump body receives a binding request sent by the controller; reading the MAC address of the controller and adding the MAC address into a device white list;
s5, in a data verification stage, when the controller communicates with the pump body, communication connection is established with the pump body firstly, and a command packet is sent; when the pump body receives the command packet, the data in the packet is recalculated, the calculation result is compared with the command packet, if the comparison fails, the data is tampered or missing, the pump body refuses to execute and returns an error, otherwise, the command is executed.
In step S1, the identifier of the manufacturer of the device is the manufacturer identifier of the insulin infusion pump device, and the serial number of the device is the unique legal identifier of the device; the manufacturer identification and the equipment identification each contain specific meanings, and are analyzed and identified.
As a preferred technical solution, in step S2, the device serial number is created by the insulin pump manufacturer, has a specific definition rule and contains a specific prefix and suffix, and can be parsed and identified; the device serial number is stored inside the pump body.
As an preferable technical scheme, in step S3, the two-dimensional code recognition technology is a technology for determining a final unique binding device; the two-dimensional code comprises an equipment serial number and is attached to the surface of the pump body when the insulin pump leaves a factory.
In step S4, the bluetooth broadcasting mode is changed from Public to Private.
In step S5, the tail of the data in the command packet includes a data CRC32 check code, and when the pump body receives the command packet, the CRC32 calculation is performed on the data in the packet again, and the calculation result is compared with the check code included in the packet.
The beneficial effects of the invention are as follows: by safely identifying and checking the identity and the data of the control machine and the pump body in the use process, the invention avoids misoperation of a user or malicious control of the pump body and malicious hijacking or tampering of the data, improves the safety of the infusion process and reduces the infusion risk.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
All of the features disclosed in this specification, or all of the steps in a method or process disclosed, may be combined in any combination, except for mutually exclusive features and/or steps.
Any feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. That is, each feature is one example only of a generic series of equivalent or similar features, unless expressly stated otherwise.
In the description of the present invention, it should be understood that the terms "one end," "the other end," "the outer side," "the upper," "the inner side," "the horizontal," "coaxial," "the center," "the end," "the length," "the outer end," and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, merely to facilitate description of the present invention and simplify the description, and do not indicate or imply that the device or element being referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention.
Furthermore, in the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
Terms such as "upper," "lower," and the like used herein to refer to a spatially relative position are used for ease of description to describe one element or feature's relationship to another element or feature as illustrated in the figures. The term spatially relative position may be intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, elements described as "below" or "beneath" other elements or features would then be oriented "above" the other elements or features. Thus, the exemplary term "below" can encompass both an orientation of above and below. The device may be otherwise oriented and the spatially relative descriptors used herein interpreted accordingly.
In the present invention, unless explicitly specified and limited otherwise, the terms "disposed," "coupled," "connected," "plugged," and the like are to be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly, through intermediaries, or both, may be in communication with each other or in interaction with each other, unless expressly defined otherwise. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
As shown in fig. 1, the device mutual identification and verification method combining bluetooth binding and two-dimension code verification of the invention specifically comprises the following steps:
s1, in the device searching stage, after the insulin infusion pump is powered on, broadcasting outside is started, and broadcasting content comprises a device manufacturer identifier and a device serial number, wherein the device manufacturer identifier and the device serial number are high in readability and identifiability, besides a device MAC address; the controller equipment monitors the received Bluetooth broadcasting packet, analyzes data in the Bluetooth broadcasting packet according to the Bluetooth broadcasting specification, and searches and identifies the equipment manufacturer identifier; if the equipment manufacturer identifier is successfully analyzed and identified, the equipment manufacturer identifier is used as candidate equipment to be added into a list to be identified, otherwise, the equipment manufacturer identifier is ignored and search is continued; in the stage, bluetooth equipment of other manufacturers is eliminated through identification of equipment manufacturer identifiers;
s2, in the equipment identification stage, after the equipment manufacturer identifier is identified, the controller further searches and identifies the equipment serial number; the control machine preliminarily determines whether the pump body equipment is bound user legal equipment or not by identifying the equipment type identification of the pump body matched with the control machine; if the equipment type is illegal, neglecting, otherwise, adding the equipment type into a list to be confirmed; this phase excludes other types of infusion pump devices by identifying the device type identifier;
s3, in the equipment confirmation stage, the list to be confirmed contains all insulin pump equipment technical lists with legal equipment manufacturer identifiers and equipment identifiers; the control machine needs to further confirm the equipment which needs to be uniquely bound with the control machine through the two-dimensional code; the user reads the content of the two-dimension code by using a camera of the control machine, the control machine automatically compares the equipment serial number contained in the two-dimension code with the equipment identifier in the list to be confirmed, and the equipment which is successfully matched is used as the only bindable equipment for binding; the stage can effectively prevent other types of nearby devices from being bound by mistake or maliciously;
s4, in the equipment binding stage, after the unique bindable equipment is determined, the controller executes binding operation, and the pump body receives a binding request sent by the controller; reading the MAC address of the controller and adding the MAC address into a device white list; after successful binding, only the devices in the white list can establish communication connection with the pump body and perform data transmission;
s5, in a data verification stage, when the controller communicates with the pump body, communication connection is established with the pump body firstly, and a command packet is sent; when the pump body receives the command packet, recalculating the data in the packet and comparing the calculation result with the command packet, if the comparison fails, the data is tampered or missing, the pump body refuses to execute and returns an error, otherwise, the command is executed; the stage can effectively prevent the command packet from being illegally hijacked or tampered in the broadcasting process.
In this embodiment, in step S1, the device manufacturer identifier is a manufacturer identifier of the insulin infusion pump device, and the device serial number is a device unique legal identifier; the manufacturer identification and the equipment identification contain specific meanings, and can be analyzed and identified.
In this embodiment, in step S2, the device serial number is created by the insulin pump manufacturer, has a specific definition rule, and contains a specific prefix and suffix (such as a device type identifier, a production date identifier, a device serial number identifier, a lot number identifier, etc.), and can be parsed and identified; the device serial number is stored inside the pump body.
In this embodiment, in step S3, the two-dimensional code recognition technology is a technology for determining a final unique binding device; the two-dimensional code comprises an equipment serial number and is attached to the surface of the pump body when the insulin pump leaves a factory.
In this embodiment, in step S4, the bluetooth broadcasting mode is changed from Public to Private.
In this embodiment, in step S5, the tail of the data in the command packet includes a data CRC32 check code, and when the pump body receives the command packet, the CRC32 calculation is performed on the data in the packet again, and the calculation result is compared with the check code included in the packet.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any changes or substitutions that do not undergo the inventive effort should be construed as falling within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope defined by the claims.