CN105684483B

CN105684483B - Register meter apparatus, agent equipment, application provider and corresponding method

Info

Publication number: CN105684483B
Application number: CN201480056752.8A
Authority: CN
Inventors: W·A·库尔蒂斯; D·M·安森; K·M·巴拉恩扎
Original assignee: Arm IP Ltd
Current assignee: Arm IP Ltd
Priority date: 2013-10-17
Filing date: 2014-10-15
Publication date: 2019-11-22
Anticipated expiration: 2034-10-15
Also published as: KR102169947B1; GB2533511B; GB2533727B; GB201604448D0; KR20160072178A; WO2015056010A2; WO2015056009A1; CN105684483A; WO2015056010A3; CN105684482B; GB2533728B; KR20160072176A; CN105637915A; GB2533728A; GB2533511A; CN105684482A; WO2015056008A1; KR102168392B1; GB201604447D0; KR20160071456A

Abstract

Registration meter apparatus (8) for keeping the device registry of the agent equipment (4) communicated with application provider (6) is provided.Registration table (8) includes the authentication information for uniquely authenticating at least one trust agent equipment (4).In response to coming from the certification request (154) of agent equipment (4), the authentication information for being used for the equipment (4) is obtained from registration table (8), and implement the certification (156) of agent equipment (4).If authenticated successfully, key information (30) is applied at least one of agent equipment (4) and application provider (6) transmission.

Description

Register meter apparatus, agent equipment, application provider and corresponding method

The present invention relates to data processing fields.More specifically, it is being acted on behalf of the present invention relates to a kind of using registration meter apparatus The method that trust communicates is established between equipment and application provider.

Have processing and communication capacity to allow it to set with other processing in family, other buildings or outdoor environment The number of the standby equipment interacted is increasing.Everyday objects and relatively small-scale processing equipment can be used as " Internet of Things A part of net " is connected to each other and is connected to central platform.For example, the sprinkler system in family can be from various wet Spend sensor collection information, and the activation based on humidity information control sprinkler.In addition, health care provider can be used Wireless sensor (such as heart rate monitor or sensor that its prescription drug is being taken for monitoring patient) is located to track The health of patient at home.

Therefore, in numerous applications, it is understood that there may be provided with the center applications that one or more agent equipments interact Device, the agent equipment provide data to application provider and/or are controlled by application provider.Agent equipment exists It can be dramatically different in terms of complexity, process resource, hardware and purpose.It may be it is important being provided in agent equipment and application Trust is provided between device, so that application provider can trust the validity of the data received from agent equipment, and Agent equipment can trust any order received from application provider.But since many agent equipments in Internet of Things can Can only have very low processing capacity, therefore provide in agent equipment for establishing trusted relationship with application provider Resource may cost that is relatively difficult and may dramatically increasing agent equipment.The rapid widespread deployment of such agent equipment Mean to also want to so that installing as much as possible quickly and efficiently.Technology of the invention attempts to solve these problems.

From the point of view of on one side, the present invention provide it is a kind of for register meter apparatus agent equipment and application provider it Between establish trust communication method, wherein registration meter apparatus holding include for uniquely authenticating at least one agent equipment The device registry of authentication information；It the described method comprises the following steps:

(a) certification request for showing the device identifier of agent equipment is received from agent equipment；

(b) it is set from the agency that device registry is obtained for being identified by the device identifier shown by certification request Standby authentication information；

(c) implement the certification of agent equipment using the authentication information obtained from device registry；And

If (d) authenticated successfully, key is applied at least one of agent equipment and application provider transmission Information, for implementing trust communication between agent equipment and application provider.

Registration meter apparatus can be provided to communicate to establish trust between agent equipment and application provider.Registration table Device can keep device registry comprising for uniquely authenticating the authentication information of at least one agent equipment.Citing comes Say, can during manufacture or distribution to registration table for registering (multiple) agent equipment, once and it is disposed or become can Operation can attempted authentication.In response to the certification request from agent equipment, registers meter apparatus and utilize from for the equipment The authentication information that registration table obtains implements the certification of agent equipment.If authenticated successfully, provided to agent equipment and application At least one transmission of device is using key information for implementing trust communication.Registration meter apparatus can manage about The metadata of each agent equipment, the relationship between administration agent equipment and application provider, authentication proxy's equipment, and It is automatic that key is provided and enables to carry out safe trust communication for agent equipment and/or application provider.

This technology has the advantages that several better than prior art.Since registration table undertakes authentication proxy's equipment and establishes With the responsibility of the communication of application provider, therefore agent equipment can be manufactured more cheaply, this is because it does not need to use In the complicated resource of verifying and the trust of application provider.Agent equipment will be communicated even without comprising mark Application provider any information, this is because the information can alternatively be kept by registration table.Further, since in providing To trust for establishing between agent equipment and application provider, this has just opened agent equipment and using it vertical registration table Between relationship so that application provider is not only restricted to using the agent equipment manufactured by identical provider, or anti- .Due to that can be trusted by registering meter apparatus, can be used in conjunction with given application any " existing At " agent equipment, and the user of particular agent equipment can choose one of the application provider of several competitions, from And the using flexible of agent equipment and application is improved and at the same time still maintaining trust communication.

If authenticated successfully, registration table can be answered at least one of agent equipment and application provider transmission With key information for implementing trust communication.It may not be necessary to all to agent equipment and the whole the two of application provider Transmit key information.For example, it is answered what is communicated when application provider is registered as agent equipment in registration table Used time may provide for application provider and apply key information corresponding to agent equipment.In addition, agent equipment example It such as can have and permanently apply key information and always implement trust communication using the permanent application key information, and And once agent equipment has been certified, registration table can simply to application provider provide accordingly apply key information.

But when authenticating successfully, if registration meter apparatus is all transmitted to agent equipment and the whole the two of application provider Using key information, then higher safety may be implemented.For example, dress is provided in agent equipment and specific application every time When establishing communication between setting, new application key is can be generated in registration table.This method allows agent equipment to answer different Different keys is used with device is provided, and reduces the probability being exposed using key, to improve among these devices The safety of the data of exchange.

If authenticated successfully, registration table can also provide the device identifier of agent equipment to application provider, with Such as allow application provider associated with particular user account communicating.

Other than the certification of agent equipment, can also have and implement to authenticate between registration meter apparatus and application provider The step of.Therefore, registration table can be with both authentication application and agent equipment, to ensure trust therebetween.

Device registry may include at least one application identifier for each agent equipment, identifies agency and sets Standby at least one application provider that will implement trust communication therewith.When agent equipment has been certified, registration table can be with To any application provider transmission for the agent equipment shown in registration table using key information.It can be in response to Application identifier is registered in association request in device registry, and the association request shows that specified application provides dress It sets, and notifies the specified application provider that will be registered as authorized agency's equipment and answer what is communicated to registration table With.For example, application provider can determine being associated between particular user account and sensor id, and can be with Notify it that will communicate with which sensor then to registration table.Alternatively, can by registration table from addition to application provider it Outer other equipment (for example user has therefrom selected the application shop of the application used for agent equipment) receive application and close Connection request.

Authentication information may include the key information for authenticating the message received from agent equipment.The key information can be with It takes many forms, and for example may include symmetric key, wherein agent equipment and registration meter apparatus are respectively held identical Key information is to be used to encrypting/decrypting message, or may include asymmetric cipher key sets, such as the private held by agent equipment Key and the corresponding public key held by registration table.

The certification of agent equipment may include being mutually authenticated between agent equipment and registration meter apparatus.Therefore, in addition to by Except registration table device authentication agent equipment, agent equipment can also for example verify registration table dress using registration table authentication information The identity set is to authenticate registration table.In this way, agent equipment can be confirmed the registration table that it is just being communicated be by Trust registration table.

On the other hand, the present invention provides a kind of accredited for establishing between agent equipment and application provider Appoint the registration meter apparatus of communication, comprising:

It is configured to store the storage circuit of device registry, the device registry includes for uniquely authenticating at least The authentication information of one agent equipment；

It is configured to receive the telecommunication circuit for showing the certification request of device identifier of agent equipment from agent equipment；With And

It is configured to utilize setting for the agent equipment for being identified by the device identifier shown by certification request Implement the processing circuit of the certification of agent equipment for the authentication information of registration table；

Wherein, if certification is that successfully, telecommunication circuit is configured to agent equipment and application provider extremely Key information is applied in one of them few transmission, for implementing trust communication between agent equipment and application provider.

For storing the storage unit of device registry, the device registry includes for uniquely authenticating at least one The authentication information of agent equipment；

For receiving the communication component for showing the certification request of device identifier of agent equipment from agent equipment；And

Equipment for utilizing the agent equipment for being identified by the device identifier shown by certification request is infused The authentication information of volume table implements the processing component of the certification of agent equipment；

Wherein, if certification is that successfully, communication component is configured to agent equipment and application provider extremely Key information is applied in one of them few transmission, for implementing trust communication between agent equipment and application provider.

On the other hand, the present invention provides a kind of device registry for agent equipment using holding agent equipment Registration meter apparatus establish the method that communicates with the trust of application provider, wherein the agent equipment is configured to store The device identifier of agent equipment and authentication information for uniquely authentication proxy's equipment；The method includes following steps It is rapid:

(a) show the certification request of device identifier to registration meter apparatus transmission；

(b) certification is implemented to registration meter apparatus using the authentication information stored by agent equipment；And

If (c) certification is successfully, to receive from registration meter apparatus and apply key information, and believe using using key Breath is implemented to communicate with the trust of application provider.

According to corresponding mode, agent equipment can be established to trust and lead to by transmitting certification request to registration meter apparatus Letter.After implementing certification for registration meter apparatus, agent equipment can be received from registration meter apparatus using key information and Implement to communicate with the trust of application provider followed by application key information.This technology allows to establish to be provided with application The trust of device communicates, and holds without agent equipment itself for contact or the resource of authentication application offer device.

Certification request can be transmitted from trend registration table device in response to the activation of agent equipment.For example, described to swash Work may include that agent equipment is powered, and deployment agent equipment is perhaps installed in specific settings or presses agency and sets Standby upper button.Certification request can be automatically delivered without user interaction.It therefore, can be in no complicated user The configuration with the communication of application provider is particularly simple established in the case where interaction.By simply activating agent equipment, Automated validation request can be sent to registration table, and registration table can establish the application for communication then for application provider Key.

Agent equipment can have the registration table authentication information being embedded in for being mutually authenticated period to registration Meter apparatus is authenticated.For example, registration table authentication information may include the registration table private key held corresponding to registration table Public key.

In order to enhance safety, can be stored in protected section by the authentication information that agent equipment is kept.Citing For, only trusted software can read authentication information from protected section.

Trust communication can use directly to be carried out between agent equipment and application provider using key information, and Without information by registration meter apparatus.Therefore, once establishing trust communication and agent equipment has been certified, then registration table Device can no longer play a role with the communication of obstruction free trust.Also avoid potential safety issue in this way, this be because It communicates for trust not through registration table.

Trust communication, which can be, utilizes the coded communication using key information encryption.It can be pair using key information Claim key, wherein application provider and agent equipment all encrypt its message using symmetric key, and followed by identical Key decrypt the message received from another party.For example, it can be established between particular sensor and specific application every time Disposable session key is generated by registration table when link.Or asymmetric key pair can be generated using as using key information, Wherein agent equipment and application provider each of work as be provided with its own for trust communication private key and The public key of private key corresponding to another device.But asymmetric key usually may be enough for safety, and This method can reduce the cost for implementing registration table.

Agent equipment may be configured to the registration table address of storage identifier register meter apparatus.For example, registration table Location can be the URL or IP address of registration table.It can be asked to the registration meter apparatus transmission certification identified by registration table address It asks.Therefore, agent equipment can have the simple information item for contacting registration table without comprising mentioning for contact application For any information of device, because this can use registration table to establish.

On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipment Device establishes the agent equipment communicated with the trust of application provider, comprising:

It is configured to store the device identifier of agent equipment and for the uniquely authentication information of authentication proxy's equipment Storage circuit；

It is configured to show to registration meter apparatus transmission the telecommunication circuit of the certification request of device identifier；And

It is configured to implement registration meter apparatus using the authentication information stored the processing circuit of certification by storage circuit；

Wherein, telecommunication circuit is configured to receive the application key from registration meter apparatus in the case of successful certification and believes Breath, and be configured to communicate using using key information implementation with the trust of application provider.

Device identifier for storage agent equipment and the storage for the uniquely authentication information of authentication proxy's equipment Component；

For showing the communication component of the certification request of device identifier to registration meter apparatus transmission；And

For implementing the processing component of certification for registration meter apparatus using the authentication information stored by storage unit；

Wherein, communication component is configured to receive the application key from registration meter apparatus in the case of successful certification and believes Breath, and be configured to communicate using using key information implementation with the trust of application provider.

On the other hand, the present invention provides a kind of equipment note for application provider using holding agent equipment The registration meter apparatus of volume table establishes the method communicated with the trust of agent equipment, which comprises

(a) device identifier for the agent equipment for having utilized device registry to authenticate is received from registration meter apparatus；

(b) it receives using key information from registration meter apparatus for implementing to communicate with the trust of agent equipment；And

(c) implement to communicate with the trust of the agent equipment identified by device identifier using application key information.

In the way of corresponding to method previously discussed, application provider can be received from registration meter apparatus by recognizing The device identifier of the agent equipment of card and key information is applied for implement to communicate with the trust of agent equipment.Using Provider then can use to implement to communicate with the trust of agent equipment using key information.Trust communication for example can wrap It includes and issues order to agent equipment or receive data from agent equipment.

Application provider can to registration table device authentication its own, and can authenticate registration meter apparatus to establish phase Mutually trust.

Its own can be registered as authorized agency to registration meter apparatus transmission association request by application provider The application that equipment will communicate.It allows for registration table that application provider is associated with agent equipment in this way, is set without agency Standby user or agent equipment itself implements any configuration.

Application provider can also receive the equipment association request for showing the device identifier of authorized agency's equipment and By the user identifier of user associated with the equipment.For example, web interface or smart phone application can be used in user User identifier is associated with the device identifier of authorized agency's equipment, and can be then passed to apply and provided Quotient.In response to equipment association request, application provider can for authorized agency's equipment to registration table for registering its own.Therefore, Registration table does not need to store any user information, because user information can only be kept by application provider.Registration table can be only Only management application and the relationship between sensor, and any privacy of user can be avoided and not storing any user data Problem.

Application provider can use the data received from agent equipment in trust communication and carry out executing application.

On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipment Device establishes the application provider communicated with the trust of agent equipment, comprising:

It is configured to receive the device identifier for the agent equipment for having utilized device registry to authenticate from registration meter apparatus And the telecommunication circuit using key information for implementing to communicate with the trust of agent equipment；

Wherein, telecommunication circuit is configured to implement using the application key information received from registration meter apparatus and pass through equipment The trust for the agent equipment that identifier identifies communicates.

For from registration meter apparatus receive utilize device registry certification agent equipment device identifier and The communication component using key information for implementing to communicate with the trust of agent equipment；

Wherein, communication component is configured to implement using the application key information received from registration meter apparatus and pass through equipment The trust for the agent equipment that identifier identifies communicates.

On the other hand, the present invention provides a kind of for being acted on behalf of using the registration meter apparatus of holding device registry Establish the method that trust communicates between equipment and application provider, the device registry include for uniquely authenticate to The authentication information of a few agent equipment；It the described method comprises the following steps:

(a) certification request, the equipment that the certification request shows agent equipment are transmitted from agent equipment to registration meter apparatus Identifier；

If (d) authenticated successfully, from meter apparatus is registered at least one of agent equipment and application provider Key information is applied in transmission, and logical using trust is implemented between agent equipment and application provider using key information Letter.

On the other hand, the present invention provides a kind of for for implementing and the trust of at least one application provider The method that the agent equipment of communication establishes trusted identities, comprising the following steps:

(a) it generates for uniquely the first authentication information of authentication proxy's equipment and has for verifying agent equipment Second authentication information of one authentication information；

(b) it is embedded in the first authentication information in agent equipment and identifies the device identifier of agent equipment；And

(c) device identifier and the second authentication information are transmitted to for keeping and at least one described application provider The registration meter apparatus of the device registry of the agent equipment communicated.

The detailed description for illustrative embodiments below, foregoing and other mesh of the invention are read in conjunction with the accompanying drawings , feature and advantage will become obvious.

Fig. 1 is schematically shown including for establishing what trust communicated between agent equipment and application provider One example of the system of at least one registration meter apparatus；

Fig. 2 shows an examples of the relationship between agent equipment, application provider, device registry and consumer；

Fig. 3 show show agent equipment by its from be fabricated onto for application the life cycle used it is exemplary when Between line；

Fig. 4 schematically shows an examples of agent equipment；

Fig. 5 schematically show provide in agent equipment for authentication storage information and be used for and registration meter apparatus Establish an example of the storage section of the other information of communication；

Fig. 6 shows an example of application provider；

Fig. 7 shows an example for keeping the registration meter apparatus of trusted device registration table；

Fig. 8 A shows an example of the registry entries for agent equipment；

Fig. 8 B shows an example of the logout for agent equipment；

Fig. 9 is to show the chart of the compromise between safety and the cost of property with high safety；

Figure 10,11 and 12 show three examples of the authentication model of the identity for authentication proxy's equipment；

Figure 13 is the table for comparing the different attribute of authentication model shown in Figure 10 to 12；

Figure 14 shows the first illustrative methods for establishing the trusted identities for agent equipment；

Figure 15 shows the second illustrative methods for establishing the trusted identities for agent equipment；

Figure 16, which is shown, to be implemented certification between agent equipment and registration meter apparatus and provides in agent equipment and application The method of coded communication is established between device；

Figure 17 shows agent equipment is associated with user and agent equipment method associated with specific application An example；

Figure 18 shows the method that the agent equipment currently for the first registration table for registering is assigned to second registration table One example；

Figure 19 shows an example of the method for the ownership of agent equipment being reset back to the first registration table；And

Figure 20 to 23 shows four realities of the service condition for agent equipment, registration meter apparatus and application provider Example.

Fig. 1 shows one of the system 2 being made of several agent equipments 4, application provider 6 and registration meter apparatus 8 Example.Application provider 6 may include the data for providing cloud service or utilizing collected from one or more agent equipments 4 Executing application and/or issue any equipment for controlling the order of one or more agent equipments 4.Agent equipment 4 can be collection data with any equipment for being transmitted to application provider 6 or being controlled by application provider 6.It lifts For example, agent equipment 4 can be the connection equipment in Physical Network (IOT), such as wireless sensor and actuator.Although agency Equipment 4 may include the more large scale processing equipment of such as tablet computer or mobile phone etc, but agent equipment 4 is usually It may include only implementing the relatively small-scale equipment of limited set of tasks, for example collect sensing data and fed back To the sensor of application, or control such as sprinkler, pump in swimming pool or air-conditioning unit etc associated object it is opposite Simple control unit.Agent equipment 4 can use wired or wireless communication and other equipment (such as application provider 6 and Registration meter apparatus 8) it is communicated, this can be through internet connection progress.In this application, term " sensor " is sometimes It will be used as an example of agent equipment, but it would be recognized that agent equipment can also include that can implement in addition to sensing Except other tasks equipment.

Agent equipment 4 and application provider 6 are communicated by coded communication.In order to help to establish such added Close communication provides one or more registration meter apparatus 8 for keeping storage about the accredited of the information of trust agent equipment 4 Appoint agent equipment registration table.Registration table 8 promotes the automation of agent equipment 4 and application provider 6 to match safely, so that Using can with the authenticity and data integrity of trust agent equipment 4, and allow agent equipment 4 trust using 6 it is true Reality and order integrality, even if being the feelings provided by different manufacturers, supplier or retail trader in application and agent equipment It is also such under condition.Registration table 8 also simplifies the configuration that the trust between agent equipment 4 and application 6 communicates, so that agency Equipment 4 requires no knowledge about the detail of the application just communicated, and the user of agent equipment 4 is made not need reality Configuration operation is applied to communicate with using foundation.On the contrary, when activated, agent equipment 4 can simply contact registration table 8, It can then be communicated with one another with Configuration Agent equipment 4 and application 6.

As shown in fig. 1, multiple registration meter apparatus 8 can be provided, each registration meter apparatus is mentioned with agent equipment 4 and application For the different sets connection of quotient 6.As shown in fig. 1, agent equipment A8 is possible to for more than one registration table for registering.It is similar Ground, application provider 6 can be contacted with multiple registration tablies.In addition, although most of agent equipments 4 will be provided with single application Device 6 communicates, but it is also possible that communicating registration table Configuration Agent equipment 4 (for example, see Fig. 1 with multiple application providers In agent equipment A2).

For different applications, the function of agent equipment 4 and application provider 6 can have significant difference.Citing comes It says, agent equipment 4 can collect meteorological data for being transmitted to application provider 6, and the latter's operation is based on being collected by agent equipment 4 Data come implement prediction weather application.In addition, some agent equipments 4 can collect the information of the body building about user (such as heart rate, be completed distance etc.), and the information can be fed back to kept by application provider 6 body-building monitoring answer With.In another example, home air conditioning systems may include that central monitoring is passed using 6 and several agent equipments 4, such as temperature Sensor, humidity sensor, user configuration panel and conditioning control unit, wherein by center application it is sensor-based sensing with And the user preference set in user configuration panel controls the operation of conditioning control unit.There are many other applications can To come in a comparable manner using application provider 6 and one or more agent equipments 4.For example, there can be house Front yard safety, family or street lighting, public utilities offer, building automation, inspection, asset tracking and logistics etc. Using.Registration table 8 is provided for managing the certification between internet of things equipment and application 6 and the common architecture of trust.

Fig. 2 schematically shows the relationships between agent equipment 4, application provider 6, registration table 8 and consumer 10 One example.Consumer 10 has physics ownership to agent equipment 4.Consumer 10 is also closed with application provider 6 with business System.For example, application provider may establish the user profiles of consumer 10 using User ID and password.This feelings Consumer in border for example can be personal, family or company.

Agent equipment 4 (such as sensor) merges the authentication information for authenticating its own to registration table 8.For example, Agent equipment 4 can have key, and the key can be used to prove its identity.Therefore, registration table 8 can check that agency sets Standby 4 identity, and verifying it is trust agent equipment.Similarly, registration table 8 and application provider 6 can exchange key, To verify mutual identity and to establish trusted relationship.When registration table 8 and agent equipment 4 and application provider 6 are all built When having found trust, subsequent registration table 8 can provide to agent equipment 4 and application provider 6 and apply key.It is mentioned by registration table 8 What is supplied is subsequently used to the communication between encryption agents equipment 4 and application provider 6 without by registration table 8 using key Any communication.Therefore, the foundation that registration table 8 promotes the trust between agent equipment 4 and application provider 6 to communicate, without It needs agent equipment 4 and application provider 6 directly to establish in-between to trust.This is useful, because usually agent equipment 4 can It can be lesser ultra low power equipment (such as temperature sensor or heart rate monitor), only there is seldom processing capacity to come real It is applied to the agreement and cryptographic algorithm of the identity of verifying application provider 6.In addition, the people for being commonly installed agent equipment 4 may not With the knowledge or information for being used to implement for establishing the complex configurations application that trust communicates with application provider 6.Registration table So that the user of agent equipment 4 or setter is no longer needed to know how configuration trust communication.

It should be mentioned that there is no the relationships between consumer 10 and registration table 8 in Fig. 2.Registration table 8, which does not have, to close It is transmitted and is stored by registration table in any details of consumer, such as User ID or password, therefore without personal details.Disappear Expense person only has relationship 10 with application provider 6.Registration table 8 is only communicated with agent equipment 4 and application provider 6, without with consumption Person 10 communicates.Therefore, registration table 8 is the neutral platform for establishing trust between agent equipment and application.Once acting on behalf of Trust is established between equipment 4 and application 6 to communicate, then communicates and carry out directly between agent equipment and application, without regard to Registration table.

In other instances, consumer 10 as shown in Figure 2 may be not present, opposite agent equipment 4 can belong to running The identical tissue of application provider 6.For example, intelligent link city can have everywhere in city for example with In the internet of things equipment of monitoring street lighting, the magnitude of traffic flow or waste collection, and city management can possess offer sense simultaneously The agent equipment 4 of measured data and for monitoring the data obtained by agent equipment 4 and the one or more for handling the data (such as the application can provide cloud platform to application provider 6, and the accessible cloud platform of the resident in city is to examine It looks into state and Reports a Problem).In this case, it is possible to which not associated with particular agent equipment 4 as shown in Figure 2 disappear The person of expense 10.But the use of registration table 8 still can simplify the installation of agent equipment 4.Agent equipment 4 is mounted on street lamp or waste Contractor in case will for example require no knowledge about how Configuration Agent equipment 4 and to receive the applications of the data from agent equipment 4 Communication.On the contrary, agent equipment 4 activate when (such as agent equipment be powered or dispose when), agent equipment can automatically with note Volume table 8 communicates to set up trusted relationship with using 6.

Fig. 3, which is shown, shows that agent equipment (sensor) 4 is straight for the registration of registration table 8 and certification by it from its manufacture To the exemplary time line for establishing the process until communicating with application provider 6.At step A, manufactured with silicon for acting on behalf of The system on chip (SOC) of equipment.At step B, original equipment manufacturer (OEM) and/or original equipment manufacturer (ODM) benefit Agent equipment 4 is manufactured with the system on chip.At certain point during manufacture, unique device identifier with for authenticating The key information of the identity of agent equipment and other metadata about agent equipment are embedded in together in agent equipment 4. At step C, agent equipment is distributed.For example, user 10 can buy agent equipment 4 from shop, or can in generation Reason equipment is supplied to the tissue of such as weather forecast center or municipal government etc.Point at manufacture or step C at step B During pin, register information is provided to registration table 8 to be registered in registration table 8 using agent equipment 4 as trust agent equipment. Can provide for registration table 8 for verifying agent equipment 4 is trusted key information and about other yuan of agent equipment 4 Data.

At this point, registration table 8 knows that the agent equipment 4 with unique ID is trust agent equipment, but do not know also Which cloud service application of road will use the data from agent equipment 4.Therefore, at step D, implement bindings so as to User 10, agent equipment 4 and cloud are associated using 6.For example, agent equipment can have certain equipment mark on it Know symbol, such as reference number, bar code or QR code (quick response code).Application provider 6 can provide web interface or intelligence Can phone or tablet device application, with for input equipment identifier or scanning bar code or QR code, and by equipment mark The identifier for knowing symbol together with user uploads to application provider 6.Or this can by application provider consumer for The subsequent allocations of registration and agent equipment to user of application provider and implementation when sending with charge free.At this point, which cloud service knows One user possesses agent equipment 4, and can then notify this be used and be registered using 6 to registration table 8 Device identifier, so that it is now know which application provider 6 should communicate with agent equipment 4 for registration table.Pass through this Kind mode can establish agency in the presence of the user without agent equipment 4 knows registration table 8 in registration table 8 and set Being associated between standby 4 and application provider 6, and also do not need the storage of agent equipment 4 and agent equipment 4 is associated with specific cloud The information of service or application provider 6.

It is installed at step E, such as through a part as Internet of Things in original place, or by opening for the first time Agent equipment disposes agent equipment.When agent equipment 4 activates, agent equipment 4 utilizes the registration being stored in agent equipment 4 Table address contacts registration table 8 automatically.Agent equipment 4 and registration table 8 authenticate each other now to establish and trust, this is to utilize Be embedded at step B in agent equipment 4 and during the registration of step B or C for key information that registration table 8 is registered and It realizes.If mutual authentication success, registration table 8 provides to agent equipment 4 and application provider 6 and applies key, and so Agent equipment 4 and application provider 6 can be by utilizing the application key encryption reconciliation received from registration table 8 at step F afterwards Close message is safely communicated.Therefore, registration table 8 allows to set up trust between agent equipment 4 and application 6, without Agent equipment is wanted to implement the configuration of any complexity.

To sum up, registration table 8 is provided, for managing I/O T equipment (such as sensor) 4, (cloud is mentioned with application provider For quotient) framework of the certification of trust between 6.Registration table 8 includes cloud platform, is managed about each application provider 6 With the metadata of agent equipment 4, relationship between administration agent equipment 4 and application provider 6, authenticating device identifier, and Key is automatically provided for agent equipment and application to allow safe communication.Agent equipment 4 can be according to particular design guide Come what is manufactured and design, ensure that agent equipment 4 has unique identifiable identity, the key storage of safety, for safely protecting Hold the cryptographic abilities and predictable platform robustness of trust.Agent equipment manufacture supports platform that can support agent equipment 4 In key generate and insertion, the management of key pair and the interface with registration table.

The framework helps to solve the Railway Project in existing system.By providing for each agent equipment by registration table The unique identifier of cloud service certification, agent equipment can be uniquely identified to ensure to trust.Preferably, device identification Symbol can be it is globally unique so that the whole world is all there are no two the identical identifier of collaborative share.This means that system Making the appointment with device identifier may be completely independent of any subsequent registration table used.But it is also possible to make equipment mark Knowing symbol is that part is unique in given registration table or registration table group, wherein for registration table that is independent, not interacting In distinct device use identical identifier.It is real by safely matching the automatic registration process of agent equipment for application Being mutually authenticated between existing agent equipment 4 and application 6, so that using trust agent equipment authenticity and setting agency It is standby to trust using authenticity.Due to agent equipment 4 and application 6 even if be not manufactured or distribute by identical provider it is present can also To trust each other, market thus is opened for agent equipment and application, so that It is not necessary to mentioning using by specific application Trust for the agent equipment 4 for the particular brand that quotient 6 provides to realize.Using the wide variety from more manufacturers can be trusted Agent equipment, and agent equipment can trust the application of the wide variety from more providers.This will be helpful to reduce The cost of agent equipment and application, and additionally aid the use for increasing Physical Network agent equipment and application.In addition, registration table 8 Confidentiality of the application provider to the source for being used for the sensing data that " big data " is applied is helped to improve, it is described " big data " Using mass data of the processing received from many sources.The value for servicing collected information for " big data " is depended on by each The validity of all " small datas " that a individual agent equipment 4 is collected.If it is each individually that cloud service cannot trust on its Agent equipment 4 then can not be also trusted by " big data " using conclusion obtained, so that entire application is not anticipated Justice.Technology of the invention is helped to maintain for the trust using collected overall information in this way.In addition, registration table 8 can store the other information of usage history of agent equipment characteristic and, for example, agent equipment 4 etc.This can be used to permit Perhaps application provider 6 is using particular kind of agent equipment 4 as target.For example, application 6 may be intended merely to from specific The agent equipment 4 that minimum safe requires collects data.

Fig. 4 schematically shows agent equipments 4.Agent equipment includes the sensing circuit 11 for collecting sensing data. For example, sensing circuit 11 may include temperature sensor, video camera, heart rate monitor or for collecting application provider Any other detector of data needed for 6.Agent equipment 4 further includes for controlling the various processing implemented by agent equipment 4 The processing circuit 12 of operation, for example, be mutually authenticated, the encryption of data for being sent to application provider 6 and key it is raw At.Agent equipment 4 also has for the logical of the external device communication with such as registration meter apparatus 8 and application provider 6 etc Believe circuit 14.Wireless communication can be used in telecommunication circuit 14, for example utilizes the communication of WLAN (WiFi), such as radio frequency is logical Believe the short haul connection of (RFID) or near-field communication (NFC) etc, or use in such as ZigBee or Bluetooth or Communication in the wireless sensor network of 6LoWPAN etc.In addition, the bee of such as 3G or 4G etc can be used in telecommunication circuit 14 Nest network.Telecommunication circuit 14 can also use wire communication, for example use optical fiber or metallic cable.Telecommunication circuit 14 can also make With two or more various forms of communications, for example wherein several examples that front provides are applied in combination.Agent equipment also wraps Include storage circuit 16, be used for storage agent equipment 4 device identifier, for authentication proxy's equipment authentication information and by The other information that agent equipment 4 uses.Agent equipment optionally can also include key generator 18, be used to generate key letter Breath or for agent equipment 4 other authentication informations.

Although Fig. 4 be shown in which agent equipment be include sensing circuit 11 sensor an example, in other realities In example, sensing circuit 11 may not be vital.On the contrary, such as agent equipment may include for controlling physical object, Such as the control circuit of sprinkler, anti-theft alarm, heating or air-conditioning unit or traffic light systems.

Fig. 5 schematically shows an example of the information in the storage circuit 16 for being stored in agent equipment 4.Storage electricity Road 16 has One Time Programmable (OTP) section 20 for storing the device identifier 22 for uniquely identifying agent equipment 4.If Standby identifier 22 is embedded in OTP section 20 during the manufacture of agent equipment 4.In this embodiment, once being fixed on In OTP section 20, device identifier 22 can not be just changed.For example, device identifier be written to OTP section 20 it Afterwards, fuse can be burnt in storage circuit, so that OTP section 20 can not be rewritten.Alternatively, having in certain equipment May new identifier be generated for equipment after the fabrication.For example, when equipment is transferred to different registration tablies, having can Can be the new identifier of device assignment, to avoid with clashed via the identifier of the equipment of new registration table management.

Storage circuit 16 further includes the non-volatile memory section 24 that both can be read or be written into, but right It applies read-write protection, so that section 24 can only the access of the privileged software as performed by processing circuit 12.Read/write protection zone 24 storage registration table address 26 of section comprising URL, IP address or the other identifier for allowing the connection registration table 8 of agent equipment 4 Symbol.Protected section 24 also stores the registration table public key 27 for decrypting the message received from registration table 6, to verify the note Volume table is authorized (registration table public key 27 corresponds to the registration table private key that registration table is held).

Protected section 24 goes back storage sensor key 28 or private key 29, be agent equipment 4 kept for unique Ground identifies the unique key of its identity.Sensor key 28 is the symmetric key shared with registration table 8.First message can be at least In part with sensor key 28 encrypt, and if registration table 8 can use identical key successfully decrypt described in disappear Breath, then the message is considered received from trust agent equipment, therefore the equipment is authenticated.Alternatively, can be set for agency It is standby that the private key 29 for corresponding to the different public keys that registration table 8 is held is provided.Such asymmetry key pair allows to set agency Standby safer certification, this is because holding the private key 29 of agent equipment 4 without other equipment.Public affairs corresponding to private key 29 Key 32 is placed on the write-protect of storage circuit 16 but is in non-read-protected section 34.Therefore, public key 32 can be set by any Any software that is standby or operating on agent equipment 4 is read.In addition, digital certificate 36 associated with agent equipment 4 also by It is stored in the opening section 34 of storage circuit 16.The digital certificate includes various data, the metadata of mark agent equipment 4 And public key 32.The certificate is sent to registration table 8 during certification, and registration table to the certificate sign so as to Authentication proxy's equipment identities.Other equipment can then read certificate from registration table 8, and the signature verification agency of registration table sets Standby is public key 32 trusted and associated with certificate 36 actually from the agent equipment.Therefore, registration table 8 can serve as For issuing the Notified Body of public key 32, it's similar to other Notified Bodies in Public Key Infrastructure (PKI).

Read/write protection section 24 also store one or more application key 30, be for application provider 6 implementation by Trust the symmetric key of communication.These keys are provided by registration table 8, and are used to 6 institute of agent equipment 4 and application provider The data of exchange or order encrypt/decrypt.It can be that every a pair of of agent equipment 4 and application provider 6 provide by registration table 8 Different applies key, to keep the safety of the communication between equipment.In other embodiments, asymmetric key can be by As the application key 30 for being supplied to equipment 4 and application provider 6.Registering can be by infusing using key provided by meter apparatus 8 Volume meter apparatus 8 itself generates, or can be set by registration table from another equipment, such as hardware keys generator or key storage It is standby to obtain.

Fig. 6 shows an example of application provider 6.Telecommunication circuit 40 is provided to be used for and registration table 8 and agency Equipment 4 is communicated.Likewise it is possible to various forms of wired or wireless communications be provided, as previously for 4 institute of agent equipment As discussion.Application provider further includes storage circuit 42, various data that storage is used by application provider 6 and Using.For example, storage circuit 42 can store application program, the application program use by telecommunication circuit 40 received from The data of agent equipment 4 and it is handled in a manner, or issues control command to agent equipment 4.It provides Processing circuit 44 with for executing application and control other operations, such as registration table 8 certification and for agency Encryption/the decryption for the data that equipment 4 exchanges.Can provide the safe storage in cipher feature portion, such as storage circuit 42 with And cryptographic algorithm or safe handling function in processing circuit 44.

Fig. 7 shows an example for keeping the registration meter apparatus 8 of device registry.Registration table 8 have for The telecommunication circuit 50 that agent equipment 4 and application provider 6 are communicated.Similarly, telecommunication circuit 50 can be used and various have Line or wireless communication, as previously discussed.Registration table also has storage circuit 52, and storage is executed by registration table 8 Program, and store device registry with for track about various agent equipments 4 and it is corresponding apply 6 information.It provides Processing circuit 54 is for executing the application program being stored in storage circuit 52 and controlling various operations, such as authentication proxy Equipment 4 and application provider 6 implement transfer of the agent equipment 4 between different registration tablies, and management about agent equipment Metadata.Likewise it is possible to provide cipher feature portion, such as in the safe storage and processing circuit 44 in storage circuit 42 Cryptographic algorithm or safe handling function.Registration table 8 can also be to being directed to about particular agent equipment 4 from external equipment The inquiry of information makes a response, for example the information of which authentication model is used about agent equipment.For safety reasons, and Not all registration table 8 can allow such inquiry.For example, some registration table operators are not it may be preferred that provide Information about the authentication model used by particular agent equipment 4.In addition, registration table 8 can be using about agent equipment 4 Information is implemented to authenticate before making a response to query facility, to ensure that only trusted query facility is allowed to obtain the letter Breath.

Fig. 8 A shows an example of the registry entries 60 stored by the storage circuit 52 of registration meter apparatus 8.To note Each agent equipment 4 of volume table registration can have the device identifier 22 including the agent equipment 4, and (it, which corresponds to, is stored in Identifier 22 in the OTP section 20 of agent equipment 4) registry entries.Registry entries further include the equipment of agent equipment 4 Certificate 36 and public key 32, and used by registration table 8 come to verify agent equipment 4 be any other trusted authentication information.Though Right Fig. 8 A is shown in which the example that certificate 36 and public key 32 are in identical field, but certificate 36 and public key 32 It may be provided in different fields.In addition, registry entries 60 can also have for use in other authentication models Other kinds of authentication information field.

Registry entries 60 further include one or more application identifier 62, mark agent equipment 4 will establish therewith by The one or more application for trusting communication provides device 6, and one for being communicated with the application provider 6 identified or Multiple application keys 30.Similarly, application identifier 62 and the corresponding phase that registry entries 60 can be in using key 30 In same field or separated field.Can in response to from application provider by its request associated with the agent equipment And application identifier is stored in registry entries.Therefore, agent equipment itself does not need to know which it answer with With communication, and registration table 8 can provide being associated between agent equipment and application provider.For example, once acting on behalf of Equipment, which is received, applies key 30 from registration table 8, then it, which can simply be exported, utilizes the data encrypted using key 30 Without being concerned about the data will go to where.

Registry entries 60 further include identifying agent equipment 4 which authentication model safely to authenticate its own using Authentication model information, as will be described later.It should be appreciated that registry entries 60 may include about agent equipment Many other types of information and metadata, can be inquired by the external equipment of such as application provider etc.Should also It recognizes, agent equipment 4, application provider 6 and registration table 8 may include many other than shown in Fig. 4,6 and 7 Other units.

In addition, registry entries 60 include signature/hash field 68 comprising at least within based on registry entries 60 The trust signature or hashed value that information in some other fields generates.This allows registering in a certain equipment or personal trial It is created for the first time in table in the case that registry entries 60 modify one of them other field later and makes tampering detection.Registration table dress It sets 8 and can use other fields and recalculate signature or hash, and check whether it matches stored signature/hash field 68。

As shown in figure 8B, registration meter apparatus 8 can also store the event entries 69 for corresponding agent equipment 4.Thing Part entry 69 can be the sub- entry of registry entries 60 shown in Fig. 8 A, or may be provided as in other embodiments Pass through the record separated associated with registry entries 60 of device id 22.The offer of event entries 69 is acted on behalf of with for corresponding The related historical information of the event that equipment 4 occurred.Specific agent equipment 4 can have zero associated therewith, one A or multiple event entries 69.Therefore, for particular device registry entries 60 and with the associated event of identical equipment May exist many-one relationship between entry 69.Event entries 69 include sending out for the device id 22 of agent equipment, expression event The date information on raw date, show event occurred type logout and it is associated with event any other The field of information, and for signature/hash field of tampering detection, it is similarly to signature/hash column of registry entries 60 Position 68.New event entries 69 can be created when occurring with the associated event of agent equipment 4.For example, can be remembered The event of record include agent equipment 4 from the sending with charge free of manufacture, ship (position), equipment activation or deactivate, consumer is to equipment Registration and many other items.The history of the permission registration table tracking equipment of event entries 69.

As shown in Figure 9, different types of agent equipment 4 may have different requirements for safety and certification.One As for, the level of required safety it is higher (this be, for example, because data be it is valuable, belong to it is personal, commercially It is sensitive either because there are problems that with data using associated healthy or public safety), the manufacture of agent equipment 4 at It is originally higher, this is because the more complicated resource for administrative authentication may be needed.For some equipment, this is attached The cost added possibly can not be rationalized (justify).For example, for data are for example fed to weather monitoring application The agent equipment of thermometer etc, it is true that required all conditions, which are that data can be trusted, therefore phase can be used To the authentication model of low cost and low-security.On the other hand, in health care or intelligent city or telematics Used in other kinds of equipment, may it is highly important that agent equipment integrality and authenticity be without damage.For These applications, the way for incurring increased cost to obtain the safety of higher degree can be rationalized.Therefore, as schemed Shown in 9, multiple and different trust levels can establish, in order to provide one kind for keeping real equipment identity for IOT equipment Extensible technique.Each agent equipment 4 can have the specific authentication model selected for it, and can use such as Fig. 8 Shown in authentication model information 64 show selected model in registry entries 60.Furthermore it is likely present so that having The equipment of similar functions has the business demand of authentication model of the operation under different safety levels.This is different for catering to It the use of field may be useful.

After establishing during the manufacture or distribution of equipment with the different agent equipments 4 of different authentication model, registration Table 8 then can divide agent equipment based on authentication model information 64 or be separated in different classifications.For example, certain It may show that it can only be communicated with the agent equipment with specific authentication model using 6.In addition, equipment can inquire note Volume table 8 is used for the authentication model of authorized agency's equipment 4 to determine.For example, banking application provider may want to Determine that the ready-made agent equipment 4 of user meets specific minimum safe requirement establishing before trust communicates with agent equipment 4. Different authentication models may be different in terms of many different.For example, fixation can be used in some authentication models , unmodifiable authentication information, other authentication models can permit the key generator circuitry 18 using agent equipment 4 then come more New authentication information.For fixed model, key generator circuitry 18 may not be needed to provide together with agent equipment 4, so as to To implement agent equipment more cheaply, and the agent equipment with key generative capacity can then be provided safer Certification, this is because can regenerating key when needed.Similarly, some authentication models can be used by agent equipment 4 Asymmetric key then can be used in the symmetric key shared with registration table 8, other equipment, and wherein agent equipment 4 and registration table 8 have There is different complementary keys.Some models can permit an agent equipment and be transferred to another from a registration table, other models Agent equipment can be then restricted to for specific registration table handling.Therefore, there are many different modes to implement authentication model, And it can suitably be selected during the manufacture or exploitation of agent equipment.

Figure 10 to 12 shows three examples of authentication model.Figure 10 shows the first authentication model, wherein fixed biography Sensor key 28 is injected into during manufacture in the protected section 24 of agent equipment 4.Sensor key 28 is by belonging to manufacture The external equipment 70 of quotient generates.Then it is total to using sensor key 28 as the shared secret for uniquely identifying equipment with registration table 8 It enjoys.For example, sensor key can be 128 bits generated during manufacture or 256 bit A ES (Advanced Encryption Standard) Key.For authentication proxy's equipment 4, agent equipment 4 can transmit message to registration table 8, wherein a part of the message is It is encrypted using sensor key 28.If registration table 8 can successfully decrypt the part of message 28 and utilize its own Sensor key 28 copy verify its be correctly, then be successful for the certification of agent equipment 4.For example, may be used It is hashed with being generated by agent equipment 4 from the message, and encrypts the hash using sensor key 28.Receive message Registration table can use the hash of its own that identical with agent equipment 4 algorithm generates received message, and also Received hash can be decrypted and check whether received hash matches its hash generated.If two dissipate Column matching, then agent equipment is certified.The advantages of first authentication model is its implementation, and cost is relatively low.It is not necessary to be set in agency Public Key Infrastructure or key generator 18 are provided in standby 4.Only need AES or another shared secret scheme.But it is low The cost of cost is safety reduction, this is because providing if shared secret is cracked (compromise) for attacker For fully controlling for equipment or agent equipment, change including ownership or data access.Registration table 8 is arrived due to providing Shared sensor key 28 it is identical with the sensor key 28 of authenticating device is used to, therefore crack sensor key 28 a possibility that, is bigger compared with the case where using asymmetric key, and especially sensor key is being divided from manufacture system 70 It is dealt into during registration table 8 especially so.But since sensor key 28 is unique for each agent equipment 4 , therefore even if sensor key is cracked, this also only will affect an agent equipment 4, and will not affect that any other Agent equipment.Therefore, which can be used for the low-security applications of such as weather forecast etc.

In some embodiments, replacing has single sensor key 28, can the list of a sensor key is embedding Enter into agent equipment 4, and can select a key for authenticating its own from the list by agent equipment 4. In such a case, it is possible to using showing which key is that the index of selected key entered in list defines equipment Active mark.Then the corresponding agent equipment key for selected key can be provided for registration table 8.With this method, If a sensor key is cracked, agent equipment 4 can be switched to using another sensor key in list.

Figure 11 shows an example of the second authentication model, wherein the authentication information for agent equipment 4 is still solid Fixed (immutable), but this time the authentication information includes asymmetric key pair, including private key 29 and public key 32. This be it is safer because private key 29 can only by agent equipment 4 hold without with any other collaborative share, it is corresponding public Key 32 can then be broadcasted generally to other equipment without damaging private key 29.Before asymmetric key pair makes according to being similar to The mode that face is discussed can only be decrypted using the message that private key 29 partly encrypts using corresponding public key 32.Therefore, if Registration table 8 can use public key 32 and successfully decrypt the message received from agent equipment, then can determine that the message is to come from The agent equipment by authorization with private key 29.Digital certificate of the key pair also with the public face for representing agent equipment 4 36 is associated.Certificate 36 can be used to transmit public key 32, and verification public key 32 if by registry signature to registration table 8 It is the correct key for the agent equipment 4.The key pair and certificate may include any type of signing certificate and close Key pair.For example, elliptic curve cipher (ECC) key is used as key pair 29,32, and X.509 certificate can be by As digital certificate 36.In the model, manufacturing equipment 70 generates key pair and certificate 36 during manufacture, and is embedded into In the protected section 24,34 of memory, as illustrated in Figure 11.Although there are potential weakness, that is, Manufacture processing 70 will be appreciated by the private key 29 of agent equipment 4, but private key 29 once can be injected into agent equipment 4 by manufacturer 70 In after be just deleted, and hereafter agent equipment 4 will be the only equipment for being able to access that the private key.In addition to agency sets Standby 4 any other part except itself does not all need private key.Authentication information is more pacified from manufacturer 70 to the transfer of registration table 8 Entirely, this is because it only needs to shift public key 32 and certificate 36, without shifting private key 29.But in the model, with The increased costs that one authentication model is compared, this is because agent equipment needs PKI ability and for storing private key 29, public key 32 With more Guared memories of certificate 36.But safety is higher, this is because there is no for other than agent equipment 4 Other equipment known to permanent shared key.Similarly, replace single key pair, agent equipment 4 can have once in generation Reason equipment can operate the list with regard to alternative key pair later.Nevertheless, the list is not still in this case With great protection requirement, this is because the list of the agent equipment key kept by registration table 8 is only by public key and certificate structure At.Any of PKI scheme can be used for the second model.

Figure 12 shows third authentication model, safer than the first and second models, but implementation cost is also higher. Similarly, private key 29 and public key 32 are provided in the storage circuit 16 of agent equipment 4 together with digital certificate 36.But third model The difference is that, it is close to be used to generate that key generator circuitry 18 on chip is provided in agent equipment 4 with the second model Key is to 29,32.Higher safety is provided in this way, because manufacturer 70 never will appreciate that the private key 29 of agent equipment 4.This Outside, facility is generated due to the provision of key on chip, so if if necessary, then agent equipment can be with regenerating key pair To change authentication information.Only public key 32 and certificate 36 external equipment that is provided to such as registration table 8 etc.Therefore, in body During part and ownership are established, the chipset 18 in agent equipment 4 creates the asymmetric key pair of such as ECC key pair etc. Private key 29 is stored in the read/write protection section 24 of memory.Only authorization code is able to access that private key 29.Key on chip Generative circuit 18 will additionally generate certificate 36, and sends the certificate signature comprising device id 22 and public key 32 to registration table 8 and ask It asks.Public key 32 and certificate 36 are also written in the write-protect section 34 of memory, are fully readable without protection.Note Volume table 8 signs to certificate 36, is by authorization to verify agent equipment.This method does not have sudden and violent in model 1 or 2 Reveal weakness, in model 1 or 2, sensor key 28 or private key 29 can be extracted from registration table 8 or manufacturing platform 70.Generation The private key 29 of reason equipment will not be exposed to any other equipment other than agent equipment 4.In this case, safety Property intensity depend on the quality generated by key generator 18 carries out on chip key pair, in order to enable this aspect is enough Safety, there are additional costs in terms of manufacturing equipment, this is because must have additional silicon to support security key to generate (example Good generating random number will such as be needed).

In the example of Figure 12, third authentication model also allows the trusted relationship between registration table 8 and agent equipment 4 It is transferred to the second registration table 80.This processing will be described in further detail below.Since agent equipment 4 has key on chip raw At circuit 18, it is therefore intended that when trust is transferred to the second registration table 80 from the first registration table 8 by agent equipment, Ke Yisheng The key of Cheng Xin, so that the first registration table 8 is no longer able to authentication proxy's equipment 4.This can for providing additional safety Can be it is useful, this is to be that the operator of privately owned registration table 8 being such as used in government or defence application may may require that handle Certain agent equipments are transferred to its registration table, and remove and to be related with public registry 8.Alternatively, the first registration table can To be instructed to delete relevant entry, so that it be made to be no longer able to authentication proxy's equipment.In this way, agent equipment is not required to Generate new key.In another modification, agent equipment can have more than one pre-stored key.It is infused changing When volume table, the key being previously not used by then then can be used.

It should be appreciated that other models for being possible Figure 10 and 11 provide the energy of the transfer trust between registration table Power.But in this case, since agent equipment can not regenerate its key information, agent equipment 4 will utilize phase Same key information is registered in the second registration table 80.In this case, two registration tablies 8,80 can be shared identical Agent equipment 4, so that identical agent equipment 4 is registered to two registration tablies.Therefore, replace agent equipment data are straight Switch through and move on to another registration table, agent equipment can be assigned to two registration tablies on the contrary, so that agent equipment can be with With homogeneously associated application provider is communicated with two registration tablies.

It is, therefore, possible to provide several different types of authentication models, to allow agent equipment design balance to keep enough The cost of the ability of the safety of degree and property with high safety.Meaning depending on agent equipment determines purpose, during manufacture can be with Particular model is selected, and can then be kept by registration table 8 about the information of which model has been used, to allow to apply It requires to use agent equipment appropriate for it.Figure 13 shows the different attribute for comparing model shown in Figure 10 to 12 Table.It should be appreciated that other kinds of model can be used.For example, different types of key can be used to generate to mention For different degrees of safety.

Figure 14 shows the first example of the method for the trusted identities for establishing agent equipment 4.The trusted identities can To be established during the manufacture of agent equipment, in its distribution period or later when for registration table registering apparatus.In step At 100, the authentication model that will be used for agent equipment 4 is determined.If agent equipment 4 is manufactured, for selected certification Which resource the determination of model will depend on having been provided in agent equipment 4 (for example, if agent equipment does not have chip Upper key generator circuitry 18 then possibly can not select authentication model 3 previously discussed).On the other hand, if in agent equipment Implement the method before or during manufacture, then can choose any authentication model, and can implement later for implementing The required process resource of the model (for example is established protected storage, PKI infrastructure or key generative capacity to equipment In).

At step 102, the key information for being used for authentication proxy's equipment 4 is generated according to selected authentication model.Depending on institute Modeling type, this can be implemented by external manufacturing equipment 70 or be implemented by agent equipment 4 itself.At step 104, device id 22, shared sensor key 28 or private key 29, registration table address 26 and agency optionally is embedded in there are also device certificate 36 In the storage circuit 16 of equipment 4.The Embedded step can be implemented by the way that storage circuit is established into equipment, or pass through It is provided in the storage circuit in agent equipment and implements during the information has been stored in the fabrication stage previous. If sensor key 28 is embedded into using authentication model 1, if using authentication model 2 or 3, private key 29 and certificate 36 It is stored in storage circuit 16.At this point, registration table authentication information can also be provided for agent equipment 4 for verifying registration table 8 identity.

At step 106, registration table dress is uploaded to for defining the various metadata of trusted identities of agent equipment 4 Set 8.For example, device id 22, sensor key 28 (being used for model 1) or public key 32 (being used for model 2 or 3), digital certificate 36 (are used for model 2 or 3) and show that the authentication model information 64 of selected model can be uploaded to registration table 8.In step 108 Place, registration table if necessary signs to certificate, and device metadata is registered in registration table so as to the equipment It is established as the trusted device that its identity can be certified.

Figure 15 shows the second example for establishing trust and identity for equipment.In this embodiment, utilized key raw Agent equipment (biography has been manufactured at circuit 18 and using the device identifier 22 being stored in the OTP section 20 of storage circuit 16 Sensor) 4.Therefore, which using authentication model 3 or allows the close copy that key generates on chip.In step 120 Place, sensor 4 send registration (registration) request for showing the device identifier 22 of sensor 4 to registration table 8.At step 122, Whether Registry Checking sensor 4 has been possessed by registration table, and if so then the method terminates.

If agent equipment is not yet possessed, at step 124, trigger sensor 4 using key generator 18 to be created New key pair 29,32 is built, and the private key 29 in the key pair is placed in protected storage zone section 24.In step Certificate Signature Request is generated at 126, is sent to registration table 8.Certificate Signature Request requests registration table 8 to the number of sensor 4 Word certificate 32 is signed.The device identifier 22 that the certificate includes at least sensor 4 is used as subject name, sensor 4 Safety level (authentication model information), and the public key 32 generated by key generator 18.At step 128, registration table 8 is right The certificate signs to confirm the certificate and public key is effective.Registration table is the information registering about sensor 4 In device registry, so that sensor 4 is established as trust agent equipment.

Figure 16, which is shown, to be implemented certification to agent equipment 4 and is registered as trusted device to check it and is then acting on behalf of The method that trust communicates is established between equipment 4 and application provider 6.Assuming that for example using shown in Figure 14 or 15 Method has registered agent equipment 4 for registration table 8, therefore it includes uniquely identifying that registration table 8, which includes for verifying agent equipment 4, The information of the authentication information of the agent equipment 4.Authentication model 3 has been used in this embodiment, therefore agent equipment 4 includes that sensor is private Key Ks.pr, and registration table 8 includes the sensor public key Ks.pu corresponding to private key Ks.pr.Similarly, agent equipment 4 can be with Registration table 8 is authenticated using the registration table public key Kr.pu for corresponding to the registration table private key Kr.pr that registration table 8 is held.

At step 150, registration table 8 and application provider 6 are mutually authenticated to establish and trust implementation each other.Usually come It says, this will be implemented once each application provider 6 by registration table 8.It is mutual between registration table 8 and application provider 6 Certification 150 will usually not repeat each agent equipment 4 communicated with application provider 6.Being mutually authenticated 150 can use Any of authentication techniques occur.

At step 152, agent equipment is activated, and in response to activation, agent equipment 4 is set to by being embedded in agency The registration table that registration table URL 26 in standby protected storage 24 is identified transmits certification request 154.The certification request Device id 22 including identifying agent equipment 4.The activation of agent equipment for example may include agent equipment after mounting first Activator button in secondary energization or agent equipment is pressed.Certification request 154 can in response to agent equipment activation by from Dynamic transmission, so that not needing user interface or certain other kinds of user interface carrys out triggering authentication.This means that peace Dress does not need to know that agent equipment is just being certified using the people of agent equipment.In response to certification request 154,4 He of agent equipment Registration table 8 via the key exchanged during registration or registration with registration table 8 of agent equipment 4 using starting mutually to be recognized each other Card 156.In being mutually authenticated, agent equipment 4 encrypts the hash of message using sensor private key Ks.pr, and Partial encryption Message 158 be transmitted to registration table 8.According to corresponding mode, registration table 8 is dissipated using registration table private key Kr.pr encryption message Column, and the message of Partial encryption 159 is transmitted to agent equipment 4.Agent equipment 4 obtains the hash of the message 159 of its own, And it is compared with by the way that hash obtained is decrypted to keyed hash using registration table public key Kr.pu.Such as Two hash matchings of fruit, then assert that registration table 8 is true.Similarly, registration table 8 is hashed from message 158, and by its With by the way that hash obtained is decrypted to the keyed hash received with message 158 using sensor public key Ks.pu It is compared.Similarly, if two hash matchings, agent equipment 4 are authenticated.

Although Figure 16 shows the certification request 154 separated and certification message 158 transmitted by agent equipment 4, In other embodiments, certification request 154 and certification message 158 can be identical message, so that agent equipment 4 is activating The certification message 158 (together with device id 22) encrypted when 152 to 8 translator unit of registration table, and the Partial encryption is recognized Card message 158 serves as triggering registration table 8 by being mutually authenticated 156 certification requests made a response.

If registration table 8 successfully has authenticated the message 158 received from agent equipment 4, at step 160, registration table 8 It generates using key 30 and agent equipment 4 will be sent to using key.In addition, the also handle of registration table 8 is sent to using key 30 Pass through the application mark in the registry entries 60 for having the agent equipment 4 for the device id 22 specified in certification request 154 Know the application provider 6 that symbol 62 is identified.The agent equipment ID of agent equipment 4 is also sent to application provider by registration table 8 6, so that application provider 6 knows which agent equipment 4 will be communicated using received using key 30.

If agent equipment 4 successfully has authenticated registration table 8, at step 170, agent equipment 4 and application provider 6 Start coded communication using the application key 30 received from registration table 8.If the not yet proxied device 4 of registration table 8 is successfully recognized Card, then agent equipment 4, which is not involved in, utilizes any coded communication for applying key 30.In coded communication 180, usually act on behalf of Equipment 4 will transmit data to application provider 6, and application provider will transmit to agent equipment 4 and order, but it is also possible that Data or order are sent in the opposite direction.At step 190, the application processing operated on application provider 6 is received From the data of agent equipment.For example, other information is determined using data can be used, or data can be used for The cloud computing platform of access to the Internet can be passed through.Coded communication 180 is straight between agent equipment 4 and application provider 6 Row is tapped into, and without registration table 8.

Therefore, registration table 8 allows the 6 pairs of communications of agent equipment 4 and application provider to be encrypted without agent equipment 4 The complex configurations at place or user's interaction.This means that agent equipment 4 can be very simple, and do not need with complicated processing Resource, while still can keep safety.

Figure 17 shows in registration table 8 agent equipment 4 with particular consumer (user) 10 associated and handle The method associated with application provider 6 of agent equipment 4.At step 200, consumer 10 obtains the device id of agent equipment 22.This can be carried out in several ways.For example, agent equipment 4 or the box for equipment 4 can have and be printed on Device id thereon, and consumer can read device id from agent equipment shell.In addition, device id can by bar code or QR code or similar graphical representation indicate, and user can be used code reader and carry out scan code to obtain device id 22.Consumer 10 is then to 6 transmission equipment association request 210 of application provider, and it includes the identifier of consumer (User ID) With device identifier 22.The step for can in response to for example using smart phone or tablet device application or web interface read Bar code or QR code and occur automatically.Application provider 6 can record User ID for device id now, so that coming from The later communication of agent equipment 4 can be associated with particular consumer.After receiving equipment association request 210, application Provider 6 can also be to 8 sending application association request 220 of registration table, so that the application identifier of application provider 6 is associated with Device id 22 from agent equipment association request 210.It is requested in response to association, registration table 8 registers application identifier For having in the registry entries 60 by the agent equipment of the specified device identifier 22 of association request 220.

In other instances, consumer 10 may directly obtain agent equipment 4 from application provider, therefore work as consumer When obtaining agent equipment, application provider 6 may already know that being associated between device id and User ID.In this case, It may not be needed equipment association request 210, and application provider 6 can alternatively be generated using its internal record and will be sent out It is sent to the association request 220 of registration table 8.It should be mentioned that registration table 8 does not receive user identifier.Registration table item Mesh 60 only identifies agent equipment 4 by device id, and does not include any user data.

In a comparable manner, association request 220 can also be by application provider 6 using requesting currently with one The associated agent equipment 4 of a application provider 6 is transferred to different providers 6.In this case, association is requested 220 can come from a variety of sources, including agent equipment itself (for example, if if user selects switching application provider), first Preceding application provider 6 in the early time associated with agent equipment 4 is utilizing association request 220 to assign equipment for it New application provider 6 or another third party device.Agent equipment 4 be reassigned into new application provider 6 it Before, registration table 4 can check whether the equipment for issuing association request 220 is trusted device.Or if agent equipment 4 Be allowed to it is associated with multiple application providers 6, then can be together with previous application provider 6 for 4 note of agent equipment The new application provider 6 of volume, rather than previous application provider 6 is replaced as in the example that front provides.

Figure 18 shows the method that the agent equipment 4 registered to the first registration table 8 is assigned to the second registration table 80.In step At rapid 250, requester device is requested the ownership transfer of registered agent equipment 4 to the second registration table 80.Requester device It can be agent equipment 4, the second registration table 80 or can be the another of such as application provider (the cloud service owner) etc One third party device.At step 260, the first registration table 8 checks that the agent equipment 4 mentioned in device assignment request is current Whether it is registered in registration table.If it is not, then the method terminates.Therefore, in order to assign all of agent equipment Power, it is necessary to request license from the first registration table 8 of the registration currently with the agent equipment.Ensure so only with generation The registration table that reason equipment establishes trust, which could be authorized, is transferred to another registration table 80 for its trust state.

At step 270, the first registration table determines if that trusting the requestor for having issued agent equipment assignment request sets It is standby.If it is not, then the method terminates.Requestor may be previously authenticated in first registration table, in such case Under can determine it as trust requestor.Or at step 270, if requestor is certified not yet, registration table New certification can be carried out to requestor.Certification between first registration table 8 and requestor can use any of technology It carries out.In addition, the appointment of agent equipment 4 to different registration tablies may not be allowed to for certain authentication models, therefore register Table can check whether the authentication model information for agent equipment is licensed the appointment of agent equipment.

After the inspection at step 270, if registration table credential request person and agent equipment is allowed to be transferred to not Same registration table, then the method proceeds to step 280, and wherein agent equipment 4 generates new key using key generator 18 It is right.Agent equipment 4 can be triggered by different modes generate new key pair.In an example, the first registration table 8 can be with It will be assigned to another registration table to instruction agent equipment 4, and in response to the instruction, new key is can be generated in agent equipment It is right.Alternatively, the first registration table 8 can be assigned to requester device or the second registration table 80 notice equipment, and this sets New key pair is generated for then agent equipment can be triggered.At step 290, agent equipment 4 generates Certificate Signature Request, Device id comprising newly-generated public key and agent equipment 4.Private key corresponding to public key is stored in safe storage.Certificate Signature request is sent to the second registration table 80, signs at step 300 to certificate, and agent equipment 4 is registered In its device registry.At step 310, agent equipment cancels its original licensed table ownership, this is by from original close Key centering deletes private key 29 and updates its registration table URL 26 to the URL realization corresponding to the second registration table 80.In step At rapid 320, the first registration table 8 checks that agent equipment correctly displaced its registration table ownership, and then to second 80 notification agent equipment 4 of registration table is now arranged under its ownership.At this point, the first registration table 8 can be deleted optionally and is used for The registry entries 60 of agent equipment 4, so that it be made no longer to be registered in the first registration table.Alternatively, for agent equipment Entry may remain in registration table, this is because the public key 32 from primary key pair is proxied due to its corresponding private key Therefore it is no longer relevant that equipment 4 is deleted.

Example shown in Figure 18 is directed to authentication model 3, or wherein agent equipment has the ability to generate new key pair Similar authentication model.If agent equipment has authentication model 2 or wherein authentication information is fixed close copy, take In generation, generates new key pair, at step 280,290 and 300, can be used the primary key from the first registration table to and card Book, so that providing for the second registration table 80 is initially the identical authentication information being registered in the first registration table 8.It is assigning Later, agent equipment 4 can be registered in registration table 8, in 80 the two, so as to be authenticated by two registration tablies, and can be with It is communicated with two registration tablies 8,80 associated application providers.

Agent equipment 4 or the first registration table 8 can take steps to ensure that step 280 to 320 is occurred by atomic way, So that the step can not be interrupted halfway and in unfinished state.This means that if updating processing Midway break down, then only possible result either agent equipment 4 retain its primary key to and certificate and not by It is transferred to the second registration table (the case where similar to when registration table determines that requestor is not trusted after step 270), either Agent equipment will be fully updated under the ownership for being in the second registration table.This ensures that agent equipment 4 can will always join It is a registration table 8 or 80, and can not finally will not be authenticated by any one registration table 8,80.

In some cases, as shown in Figure 18, when agent equipment 4 is assigned to new registration table, with agent equipment 4 Associated application provider 6 also can change.Which (which) application second registration table 80, which for example can choose, to be referred to Send to agent equipment 4 or the second registration table 80 can wait the association from external source to request 220, show by with The application identifier of the associated application provider 6 of agent equipment 4.It is associated with agent equipment 4 or when switching registration table Application can keep identical, and the second registration table 80 can be registered simply and be registered in the first note for agent equipment 4 (such as the first registration table 8 can be provided (multiple) application identifier to the identical (multiple) application identifiers in volume table 8 Two registration tablies 80).

Figure 19 shows the method for the ownership for resetting the agent equipment 4 for being previously transferred to the second registration table 80, It is looked after to be returned to by the first registration table 8 of first registers agent equipment 4.At step 350, the second registration table 80 (requester device) requests the ownership of the first registration table 8 withdrawal agent equipment 4.At step 360, the first registration table 8 is determined Whether the second registration table 80 is trusted.Similarly, this may include implementing certification, check that requestor had previously been certified, or Determine whether agent equipment 4 is supported to be reset to the first registration table 8.If agent equipment 4 is not allowed to be reset to registration table, The method terminates.Otherwise, the method proceeds to step 370, and wherein whether Registry Checking agent equipment 4 is currently second Registration table 80 is possessed.If it is not, then the method terminates.Ensure that the current owner that only registers can be in this way The registration of equipment 4 is reset to the first registration table 8 by triggering.

If agent equipment is possessed by the second registration table 80, at step 380, generated by agent equipment 4 new close Key pair.At step 390, prepares Certificate Signature Request using new public key and device id and send it to the first registration table 8.Private key in key pair generated is stored in the secure storage 16 of agent equipment 4.At step 400, the first note Volume table 8 signs to new certificate, to authorize again to agent equipment.At step 410, agent equipment passes through Delete previous key pair and certificate and by its registration table URL 26 update to corresponding to the first registration table 8 and cancel its for The registration of second registration table 80.At step 420, the more new equipment title of ownership state in the first registration table 8, and the second registration Table 80 can delete its entry for being used for agent equipment 4.The method then terminates.Similarly, the operation at step 380-420 It can be implemented by atomic way, to ensure that agent equipment, and will not be most always for one of registration table for registering It is not all registered effectively in any one registration table eventually.

The method of Figure 18 and 19 allows the transfer agent equipment between registration table, or agent equipment is allowed to assign simultaneously The privately owned registration table for the agent equipment for providing its own to multiple registration tablies, this operator certain for permission may be useful , so that its agent equipment is separated with other agent equipments authenticated using public registry.For example, defence tissue, Government or city management can run the registration table of the safe trust agent equipment of its own for using in it is organized.It can To provide general public registry so that general purpose uses.It, can be initially for public registration when manufacturing agent equipment Table registration, but when being changed by privately owned registration table request ownership, then can be transferred into privately owned registration table.When privately owned note When volume table no longer needs agent equipment, then ownership can be reset to original licensed table.Preferably, it can be transferred to not With registration table when generate new authentication information, can be authenticated by registration table in the early time to ensure agent equipment no longer.

Figure 20 to 23 shows four examples for explaining the timeline of the different application example for technology of the invention.Figure 20 show the first example in personal health care field, and wherein agent equipment (sensor) is arrived specific by limit beam (tether) Cloud application, to make it directly be provided by application provider and other application can not be used for.Agent equipment 4 for example can be with It is the sensor of the weared on wrist comprising heart rate monitor, heart rate information can be fed back to by health care provider and be operated Application provider 6 with the health for monitoring patient.At step 1, chip I P company is designed for the hardware of sensor 4 With software and for the safety Design guide of sensor.It is hard that the production of system on chip (SOC) manufacturer is associated with safety The SOC of part and unique device identifier.Original equipment manufacturer (ODM) manufactures sensor device.Original equipment manufacturer (OEM) Develop final products.At the certain point during manufacture processing (this can be in SOC, ODM or OEM stage), in step 2 Place, device identifier and private key are installed in agent equipment 4.At step 3, sensor metadata is by manufacture support system 70 Upload to registration table 8.The metadata for example may include device identifier, public key and authentication model information.Register meter apparatus 8 By the information registering in its device registry.

At step 4, sensor is sold to health care provider 6.At step 5, health care provider 6 is biography Sensor is supplied to user as a part of its service.Health care provider 6 is the sensor ID of equipment and the ID phase of user Association.At step 4 or at step 5, OEM or application provider 6 provide association request to registration table 8, so as to It notifies sensor 4 to apply the cloud for being used for health care provider.Therefore, although registration table does not have Customer Information, But it knows that it will be communicated with the application provider 6 for corresponding to health care company when agent equipment 4 is activated.

At step 6, user is from 6 receiving sensor 4 of health care provider.Cuff is worn on his/her hand by user On wrist, turn on sensor 4 and begin to use.It opens equipment trigger sensor 4 and contacts registration table 8 using certification request, and It is then mutually authenticated, as previously discussed.User is to this and is unaware of, and does not recognize for triggering this The user interface of card --- certification is automatically triggered by the activation of equipment.Registration table 8 determines that sensor 4 has been registered in it In registration table, and there is the application identifier for corresponding to health care provider 6 in its registry entries.Therefore, in step At rapid 7, registration table 8 notifies device id to health care provider, and is protected using the effective device id being certified to health It is now active to manage 6 notification agent equipment of provider.At step 8, health care provider 6 is requested using key to be used for and biography The secure communication of sensor 4.At step 9, registration table provides to both sensor 4 and health care provider 6 and applies key.In Step 10 place, the direct safe encryption for starting not being related to registration table between sensor 4 and health care provider 6 are logical Letter.

Figure 21 shows another example of service condition, limits beam before wherein being substituted in and agent equipment being supplied to user It is applied to cloud, user can alternatively buy " ready-made " equipment and later that the application of equipment and specific cloud is related Connection.Sensor of the user for identical cloud using different type or brand is allowed in this way.Similarly, which belongs to Personal health care field, wherein application provider belongs to health care company.Step 1-3 is identical with Figure 20.But In this example, at step 4, product is sold to retailer by OEM, and sensor 4 is then sold to terminal temperature difference by retailer.This When, sensor 4 is not tied to application provider 6.

At step 5, user runs the smart phone application provided by health care provider 6, and scanning sensor 4 Itself or sensor are packaged in the code on box therein.Application on smart phone is transmitted to health care provider Sensors association request, so that the device id of sensor is associated with particular user account.At step 6, smart phone application Or the platform 6 of health care provider is to 8 sending application association request of registration table, so that application ID is associated with device id.Cause This, being now registered with table can be associated with specific application agent equipment, and application provider can agent equipment ID with Specific user is associated.The step 7-11 of Figure 21 is then carried out according to the same way of the step 6-10 of Figure 20 respectively.

Figure 22 shows third service condition, wherein buying " buying equipment by oneself " (BYOD) sensor 4 by user, and wherein User can be with one in the several different application providers of unrestricted choice to be used together with sensor 4.Internet of Things (IOT) application shop 400 is used to make this selection.Step 1-4 in Figure 22 is identical with Figure 21.Similarly, sensor 4 It is sold to retailer, retailer continues to be sold to terminal temperature difference.At step 5, user is in smart phone, tablet device Or application shop 400 is run on computer, and be used in the same manner QR code or similar technology carrys out the equipment of collecting sensor 4 ID.At step 6, device id of the application shop 400 for 8 verificating sensor of registration table.For example, application shop 400 can To inquire registration table 8, to determine other abilities of the authentication model or agent equipment that are used by agent equipment, and then It can prepare the menu of the compliant applications to work together with agent equipment 4.Application menu is provided for user, desired by user's selection Application, operation it is described application and log in.At step 7, application shop utilizes the selection more new registry of user, to make Obtain registration table the device id of sensor is associated with the application identifier of selected application.Application shop is also the equipment of sensor ID and User ID are sent to selected application provider 6, so that User ID and sensor ID be allowed to be associated together. At this point, registration table 8 know particular sensor 4 will with which application communication, and application provider know which customer with The sensor 4 is associated.Then the step 8-12 of Figure 22 is identical as the step 7-11 of Figure 21 respectively, wherein occur sensor 4 with Being mutually authenticated between registration table 22, and the communication of safety is then established between sensor 4 and application provider 6.

Figure 23 shows the 4th service condition, wherein agent equipment 4 be used in large-scale industry or government deployment in and It is not to be used in personal health care.In this embodiment, agent equipment is mounted in the sensor 4 on street lamp, about The data feedback of the operation of street lamp safeguards which street provider then can for example determine using the data to cloud platform Lamp needs repairing.Similarly, step 1-3 is identical with Figure 20-22.At step 4, manufacture includes the product of sensor and will It is supplied to contractor.For example, the street lamp with integrated sensor can be manufactured, or can be with the separately manufactured packet of street lamp Product containing sensor is for being installed to street lamp in the later a certain stage.At this time can more new registry, so as to spy Determine service provider 6 reflect sensor 4 scale or this when sensor and street lamp can be installed at later step 5 It carries out, smart phone application or similar equipment can be used to scan product IDs or provide for sensor in contractor at this time 4 GPS location data.At step 6, the equipment of contractor can be the device id of sensor 4 together with will use from sensing The application identifier of the application 6 of the sensing data of device 4 is sent collectively to registration table.Smart phone application, which can be, to allow to contract Quotient issues a kind of simple mode that sensor 4 is associated with to the association request of specific application 6, understands without contractor The thing of generation.

At step 7, when agent equipment 4 activates (such as when being powered), the agent equipment in street lamp directly contacts note Volume table is mutually authenticated with establishing, as previously discussed.Once establish certification, at step 8, registration table to exploitation or The service provider 6 of the deployment system based on Internet of Things (IoT) notifies new street lamp and agent equipment to be mounted, and leads to It is online to cross the example identity effectively authenticated.At step 9, service provider 6 is requested using key for secure communication.In step At rapid 10, registration table 8 provides to service provider 6 and agent equipment itself and symmetrically applies key.Then directly secure communication is opened Begin, and the IoT platform of service provider 6 executes application using the sensing data provided by sensor 4.Customer (such as City management office or maintenance company, contractor) IoT system (step 11) can also be for example accessed using web platform. Therefore, in the example of Figure 23, the use of registration table 8 simplifies the work of contractor's installation equipment, this is because contractor can With simply assemble agent equipment, scan code and/or using simple measure (such as insertion power supply or press individually by Button) agent equipment is activated, subsequent registration table 8 is responsible for authentication proxy's equipment and establishes the connection with application provider 6.It contracts Quotient does not need that the time is spent to interact with the user interface for Configuration Agent equipment.

Although specific embodiment is described herein, but it would be recognized that the invention is not limited thereto, and in this hair In bright range can many modifications may be made and addition.For example, in the feature of independent claims without departing substantially from of the invention In the case where range, the various combinations of the feature of subsequent dependent claims can be made.

Claims

1. a kind of method establishing trust for registering meter apparatus between agent equipment and application provider and communicating, wherein Registration meter apparatus keeps including the device registry for uniquely authenticating the authentication information of at least one agent equipment；The side Method the following steps are included:

(a) certification request of the device identifier of authorized agency's equipment is received from agent equipment；

(b) agent equipment for being identified by the device identifier specified by certification request is obtained from device registry Authentication information；

(c) implement the certification of agent equipment using the authentication information obtained from device registry, and registering meter apparatus and answering Implement certification between device with providing；And

If (d) authenticated successfully, key information is applied at least one of agent equipment and application provider transmission, For implementing trust communication between agent equipment and application provider.

2. according to the method described in claim 1, wherein, if authenticated successfully, the transfer step is to agent equipment and answers Key information is applied with device transmission is provided.

3. any method according to claim 1 or in 2, wherein if authenticate successfully, to application provider transmission The device identifier of agent equipment.

4. any method according to claim 1 or in 2, wherein close to the transmission application of at least one application provider Key information, at least one described application provider be identified as in device registry agent equipment will implement it is accredited with its Appoint the application provider of communication.

5. according to the method described in claim 4, wherein, in response to showing specified application provider and authorized agency's equipment The association of device identifier is requested, and registration meter apparatus updates device registry, so as to the specified application provider It identifies into for one at least one application provider described in authorized agency's equipment.

6. any method according to claim 1 or in 2, wherein the authentication information includes for authenticating received from generation Manage the key information of the message of equipment.

7. any method according to claim 1 or in 2, wherein the certification includes agent equipment and registration meter apparatus Between be mutually authenticated.

8. a kind of registration meter apparatus communicated for establishing trust between agent equipment and application provider, comprising:

It is configured to store the storage circuit of device registry, the device registry includes for uniquely authenticating at least one The authentication information of agent equipment；

It is configured to receive the telecommunication circuit of the certification request of the device identifier of authorized agency's equipment from agent equipment；And

The equipment for being configured to utilize the agent equipment for being identified by the device identifier specified by certification request is infused Volume table authentication information come implement agent equipment certification and registration meter apparatus and application provider between certification processing Circuit；

Wherein, if certification be successfully, telecommunication circuit be configured to agent equipment and application provider at least its One of transmission apply key information, between agent equipment and application provider implement trust communication.

9. a kind of registration meter apparatus communicated for establishing trust between agent equipment and application provider, comprising:

For storing the storage unit of device registry, the device registry includes for uniquely authenticating at least one agency The authentication information of equipment；

For receiving the communication component of the certification request of the device identifier of authorized agency's equipment from agent equipment；And

For utilizing the device registry of the agent equipment for being identified by the device identifier specified by certification request Authentication information come implement agent equipment certification and registration meter apparatus and application provider between certification processing component；

Wherein, if certification be successfully, communication component be configured to agent equipment and application provider at least its One of transmission apply key information, between agent equipment and application provider implement trust communication.

10. a kind of established for agent equipment using the registration meter apparatus for the device registry for keeping agent equipment is provided with application The method of the trust communication of device, wherein the agent equipment is configured to store the device identifier and use of agent equipment In the authentication information of uniquely authentication proxy's equipment；And wherein the registration table device is configured to registering meter apparatus and answering Implement certification between device with providing；It the described method comprises the following steps:

(a) to the certification request of registration meter apparatus transmission designated equipment identifier；

(b) certification is implemented for registration meter apparatus using the authentication information stored by agent equipment；And

If (c) certification is successfully, to apply key information from meter apparatus reception is registered, and using using key information reality Grant the trust communication of application provider.

11. according to the method described in claim 10, wherein, the activation in response to agent equipment is automatically passed to registration meter apparatus Send certification request.

12. any method in 0 or 11 according to claim 1, wherein without user interaction automatically to It registers meter apparatus and transmits certification request.

13. any method in 0 or 11 according to claim 1, wherein the certification including the use of the authentication information and What the registration table authentication information for authenticating registration meter apparatus carried out between registration meter apparatus and agent equipment is mutually authenticated.

14. any method in 0 or 11 according to claim 1, wherein the authentication information is stored in agent equipment In protected section.

15. any method in 0 or 11 according to claim 1, wherein the trust communication includes agent equipment and answer With the direct communication provided between device without the communication by registration meter apparatus.

16. any method in 0 or 11 according to claim 1, wherein the trust communication is including the use of applying key The coded communication of information encryption.

17. any method in 0 or 11 according to claim 1, wherein the agent equipment, which is configured to store, to be identified The registration table address of meter apparatus is registered, and transmits certification request to the registration meter apparatus identified by registration table address.

18. a kind of registration meter apparatus for using the device registry for keeping agent equipment establish with application provider by The agent equipment of communication is trusted, wherein the registration table device is configured between registration meter apparatus and application provider in fact Certification is applied, the agent equipment includes:

It is configured to store the device identifier of agent equipment and the storage for the uniquely authentication information of authentication proxy's equipment Circuit；

It is configured to the telecommunication circuit of the certification request to registration meter apparatus transmission designated equipment identifier；And

Wherein, telecommunication circuit, which is configured to receive in the case of successful certification, applies key information from registration meter apparatus, And it is configured to communicate using using key information implementation with the trust of application provider.

19. a kind of registration meter apparatus for using the device registry for keeping agent equipment establish with application provider by The agent equipment of communication is trusted, wherein the registration table device is configured between registration meter apparatus and application provider in fact Certification is applied, the agent equipment includes:

Device identifier for storage agent equipment and the storage unit for the uniquely authentication information of authentication proxy's equipment；

Communication component for from the certification request to registration meter apparatus transmission designated equipment identifier；And

Wherein, communication component, which is configured to receive in the case of successful certification, applies key information from registration meter apparatus, And it is configured to communicate using using key information implementation with the trust of application provider.

20. a kind of establish and act on behalf of using the registration meter apparatus for the device registry for keeping agent equipment for application provider Equipment trust communication method, wherein the registration table device be configured to registration meter apparatus and application provider it Between implement certification, which comprises

(a) device identifier of the agent equipment authenticated using device registry is received from registration meter apparatus, it is described Certification includes registration meter apparatus checks the identity of agent equipment and verify the agent equipment to be trusted agent equipment；

(b) it is received from registration meter apparatus and applies key information, for implementing to communicate with the trust of agent equipment；And

21. according to the method for claim 20, include the steps that registration meter apparatus transmission association request, it is described to answer Use association request designated identification go out application provider application identifier and by as implement with application provider by The device identifier trusted the agent equipment communicated and be registered in the agent equipment in device registry.

22. according to the method for claim 20, including the steps that receiving device association request, the equipment association request table The device identifier of bright authorized agency's equipment and by the user identifier of user associated with authorized agency's equipment.

23. according to the method for claim 22, include the steps that registration meter apparatus transmission association request, it is described to answer Use association request request in equipment association request specify authorized agency's facility registration in device registry using as with In the agent equipment that implementation is communicated with the trust of application provider.

24. according to the method for claim 20, wherein the trust communication includes agent equipment and application provider Between direct communication without by registration meter apparatus communication.

25. according to the method for claim 20, wherein the trust communication is including the use of application key information encryption Coded communication.

26. according to the method for claim 20, coming including the use of the data in trust communicates received from agent equipment The step of executing application.

27. a kind of trust that the registration meter apparatus for using the device registry for keeping agent equipment is established with agent equipment The application provider of communication, wherein the registration table device is configured between registration meter apparatus and application provider in fact Certification is applied, the application provider includes:

It is configured to receive the device identifier of the agent equipment authenticated using device registry from registration meter apparatus And the telecommunication circuit using key information for implementing to communicate with the trust of agent equipment, the certification include registration table It is trusted agent equipment that device, which checks the identity of agent equipment and verifies the agent equipment,；

Wherein, telecommunication circuit is configured to implement using the application key information received from registration meter apparatus and pass through device identification Accord with the trust communication of the agent equipment identified.

28. a kind of trust that the registration meter apparatus for using the device registry for keeping agent equipment is established with agent equipment The application provider of communication, wherein the registration table device is configured between registration meter apparatus and application provider in fact Certification is applied, the application provider includes:

For from registration meter apparatus receive the device identifier of agent equipment authenticated using device registry and The communication component using key information for implementing to communicate with the trust of agent equipment, the certification include registration meter apparatus Checking the identity of agent equipment and verifying the agent equipment is trusted agent equipment；

Wherein, communication component is configured to implement using the application key information received from registration meter apparatus and pass through device identification Accord with the trust communication of the agent equipment identified.

29. a kind of for being established between agent equipment and application provider using the registration meter apparatus of holding device registry The method of trust communication, the device registry includes the authentication information for uniquely authenticating at least one agent equipment； It the described method comprises the following steps:

(a) agent equipment transmits certification request, the device identifier of the certification request authorized agency equipment to registration meter apparatus；

(b) agent equipment obtains the generation for being identified by the device identifier specified by certification request from device registry Manage the authentication information of equipment；

(c) registration meter apparatus utilizes the authentication information obtained from device registry to implement the certification of agent equipment and registers meter apparatus Certification between application provider；And

If (d) authenticated successfully, registers meter apparatus and answered at least one of agent equipment and application provider transmission Implement trust communication between agent equipment and application provider with key information, and using using key information.

30. one kind is that agent equipment establishes trusted identities for the implementation any in 0-17 according to claim 1 and extremely The method of the trust communication of a few application provider, the described method comprises the following steps:

(a) registration meter apparatus is generated for uniquely the first authentication information of authentication proxy's equipment and for verifying agent equipment The second authentication information with the first authentication information；

(b) registration meter apparatus is embedded in the first authentication information in agent equipment and identifies the device identifier of agent equipment；With And

(c) agent equipment is transmitted to device identifier and the second authentication information the device registry for keeping agent equipment Meter apparatus is registered, the agent equipment at least one described application provider for being communicated.