Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
• • G—PHYSICS
  • G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
  • G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
  • G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
  • H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/80—Wireless

Definitions

• Method and device for managing a request for pairing a first item of equipment with a second item of equipment is described.
• the present invention relates to a method of managing a request for pairing a first device with a second device.
• It also relates to a device for managing a pairing request implementing the aforementioned method.
• the invention applies in particular to equipment communicating by means of radio waves, in a professional context, for example in meeting rooms or offices, but also in a domestic context.
• the pairing phase between two devices can be initiated in different ways.
• the pairing phase can be started by a user action such as pressing a button, switching on the equipment, or entering a PIN code.
• the devices are vulnerable to attacks that compromise the security of subsequent exchanges between the devices.
• a third party can observe the exchanges between the two devices and generate the security key that will be used in the subsequent exchanges between the devices.
• third-party equipment operated by a malicious user may pair up with an access point, without legitimate equipment noticing.
• equipment seeking to pair with its access point can connect to a malicious access point without the user of the equipment being notified.
• the invention proposes to improve this situation by securing the pairing requests between the devices.
• the invention relates, according to a first aspect, to a method for managing a request for pairing from a first device to a second device, implemented by a device for managing a request for pairing. configured to communicate with the first device via an optical communication channel.
• the management process includes:
• the first equipment and the management device establishing an optical communication channel, the messages exchanged between them are difficult to intercept by a third party.
• an optical communication channel is created when a photoreceptor receives a signal from a light source.
• the photoreceptor In order for the optical communication channel to be created, the photoreceptor must be located in the illumination area of the light source. No obstacle, such as a wall, should be located between the light source and the photoreceptor. If an obstacle is present between the light source and the photoreceptor, the optical communication channel cannot be established.
• a photoreceptor on board the device for managing a pairing request must be in the lighting zone of a light source.
• embedded in the first device and a photoreceptor embedded in the first device must be in the lighting zone of a light source embedded in the management device.
• the communication between the device for managing a pairing request and the first equipment item is secure, and in particular with respect to communications carried out via radio waves, this type of wave being omnidirectional.
• the pairing is implemented.
• the management device sends the first device security keys associated with the second device. These security keys will be used for the encryption and authentication of subsequent communications between the first device and the second device.
• the management device has a list, for example stored in memory, with the security keys of the equipment to which it is connected, in particular of the second equipment.
• the first item of equipment and the second item of equipment exchange the security keys via said management device.
• the management device receives from the second device, the security key to be transmitted to the first device.
• the management device is configured to communicate with the second equipment item via a wired communication channel.
• the exchanges between the management device and the second item of equipment are secure.
• the relative positioning of the management device and of the second equipment item has no constraints, and their installation is flexible.
• the management device and the second equipment can be positioned in different rooms.
• the management device and the second equipment can be located remotely. Consequently, the first item of equipment and the first item of equipment can be located remotely, the pairing between them being implemented in a secure manner via the management device.
• the management device is configured to communicate with the second equipment item via an optical communication channel.
• This embodiment has the advantage of avoiding the installation of wires while ensuring secure communications between the management device and the second equipment.
• the data representative of the identity of the first device include a certificate associated with the first device.
• the pairing request includes the certificate associated with the first device.
• the data representative of the identity of the first equipment item furthermore comprises a series of data representative of a fingerprint uniquely identifying said first equipment item.
• the pairing request includes a fingerprint uniquely identifying the first device, in addition to the certificate.
• the pairing request includes either the certificate or the fingerprint identifying the first device.
• the management method comprises recording the certificate received in association with the imprint received.
• the certificate and the fingerprint are saved in a database.
• This database can be in the management device or linked to the management device.
• the series of data representative of the fingerprint is generated by the first equipment item, prior to the transmission of the pairing request to the management device.
• the fingerprint (and the series of data representative of the fingerprint) can be generated each time a pairing request is going to be sent to the management device.
• This footprint uniquely representing the first device is identical for each generation and remains constant over time.
• the imprint generated is an optical imprint, the generation of the imprint comprising the illumination of a transparent surface located in the first equipment, the imprint corresponding to a single image generated by the illumination of said surface.
• said at least one verification of the data identifying the first device comprises verifying the possession of a private key associated with the certificate, by the first device.
• the pairing request is authorized if the first device has said private key.
• the first device pairing request is authorized, if the first device has proof of possession of the private key associated with said certificate.
• the verification of the possession of the private key comprises:
• said at least one verification of the data identifying the first equipment item comprises verifying whether the received certificate was issued by a predetermined certification authority.
• the pairing request is authorized if the result of the check is positive
• the predetermined certification authority belongs to a list of trusted certification authorities stored in the management device.
• said at least one verification of the data identifying the first device comprises checking whether the first device associated with the certificate received is authorized to implement pairing.
• the verification comprises consulting, in a database, data associated with the certificate, and determining, as a function of the data associated with the certificate, whether the first item of equipment associated with the certificate is authorized for pairing via the management device.
• said at least one check comprises checking whether the fingerprint has been received previously in association with a certificate different from said certificate received in the pairing request.
• the management device determines whether the pairing request can be authorized or must be refused. According to embodiments, one or more of the checks presented above are implemented.
• the pairing request is refused if the first device does not have the private key associated with the certificate (for example if the management device sends random data to the first device so that it encrypts it with the private key associated with the certificate. certificate then that the decryption of the encrypted data sent back fails using the public key contained in the certificate sent previously), or if the certification authority has not been previously declared as valid or if the fingerprint received has been previously received in association with a certificate different from said certificate received in the pairing request.
• the pairing request is authorized if the first device has the private key associated with the certificate (for example if the random data encrypted in the response of the first device to the challenge addressed by the management device) can be decrypted. with the public key of the certificate, and / or if the certification authority has been declared beforehand as valid and / or if the fingerprint received has not been previously received in association with a certificate different from the certificate received in the request pairing.
• the management method comprises determining an area where the first item of equipment is located, and modifying the lighting of at least one light source of the management device, in order to visually identify said area where the first item of equipment. is located.
• the light sources of the management device are configured to illuminate the area where the first device is located.
• a device making a pairing request can be identified visually.
• the management method comprises modifying the lighting of at least one light source of the management device, to visually indicate whether the pairing request has been authorized or refused.
• different colors can be selected for the light emitted by at least one light source of the management device to indicate whether the pairing request has been allowed or denied.
• the management method further comprises receiving an identity datum identifying the user of the first equipment item and verifying the identity of the user as a function of said identity data received.
• This feature adds security to the exchanges between the devices.
• the management method further comprises the transmission of at least a second pairing request to a third device connected by a wired connection to the management device.
• the management method further comprises the transmission of at least a second pairing request to a third item of equipment linked by an optical connection to the management device.
• the present invention relates, according to a second aspect, to a device for managing a request for pairing from a first device to a second device.
• the management device is configured to communicate with the first device via an optical communication channel, and comprises:
• a reception module configured to receive, via the optical communication channel, a pairing request comprising data representative of the identity of the first device
• an authorization module configured to authorize or refuse the pairing request depending on the result of said at least one verification carried out on the data representative of the identity of the first device
• a transmission module configured to transmit, via the optical communication channel, a security key to the first device, if the pairing request is authorized.
• the transmission module is further configured to transmit to the first device a first piece of data generated randomly on receipt of the pairing request.
• the management device comprises a verification module configured to verify whether the first equipment item has the private key associated with the certificate.
• the verification module is configured for:
• the verification module is further configured to verify whether the received certificate was issued by a predetermined certification authority.
• the verification module is further configured to verify whether the first item of equipment associated with the received certificate is authorized to implement pairing.
• the verification module is configured to consult, in a database, data associated with said certificate, and to determine, as a function of the data associated with said certificate, whether the certificate is authorized for pairing via said management device.
• the verification module is configured to verify whether the fingerprint has been received previously in association with a certificate different from said certificate received in the pairing request.
• the management device further comprises a determination module configured to determine an area where the first equipment item is located, and a lighting modification module configured to modify the lighting of at least one light source of the device. management device, to visually identify said zone where the first item of equipment is located.
• the lighting modification module is configured to modify the lighting of at least one light source of the management device, to visually indicate whether the pairing request has been accepted or refused
• the management device further comprises a second verification module configured to verify the identity of the user of the first equipment item.
• the management device further comprises a transmission module configured for the transmission of at least one second pairing request to a third device connected by a wired connection to the management device.
• the characteristics of the management method and of the management device below can be taken in isolation or in combination with each other.
• the present invention relates, according to a third aspect, to a gateway comprising a management device according to the invention.
• the present invention relates, according to a fourth aspect, to a computer program capable of being implemented on a management device, the program comprising code instructions for the implementation of the steps of the management method in accordance with the invention. , when executed by a processor.
• the present invention relates, according to a fifth aspect, to an information medium readable by a processor in a management device, on which is recorded a computer program comprising code instructions for implementing the steps of the management method. according to the invention, when it is executed by the processor.
• the management device, the gateway, the computer program and the information medium have characteristics and advantages similar to those described above in relation to the management method.
• FIG. 2 is a diagram showing the first equipment, the second equipment and a management device according to one embodiment of the invention
• FIG. 3 illustrates the steps of the management method in accordance with one embodiment of the invention
• FIG. 4a illustrates a hardware architecture that can implement the management method according to the invention
• FIG. 4b is a functional representation of a management device according to one embodiment of the invention.
• Figure 1 shows a set of equipment 10-13 configured to implement communications by radio waves.
• These devices 10-13 can form a local network 100 or a LAN type network (for "Local Area Network”), such as a residential network or a business network.
• a LAN type network for "Local Area Network”
• One of the items of equipment is an access gateway 13 allowing access of the items of equipment 11-12 of the local network 100 to a wide area communications network 200 or a WAN type network (for "Wide Area Network”), such as the Internet.
• the local network 100 is formed by a mobile telephone terminal 10, a surveillance camera 11, a laptop computer 12 and an access gateway 13. Other equipment (not shown) can be part of the system.
• local network 100 such as a tablet, a printer, an audio speaker, a television decoder, a television set, a games console, a household appliance, a sensor (for temperature, light, humidity, etc. ) or any other connected object, i.e. any object configured to send or receive information via a communication network.
• These items of equipment can communicate with each other by means of radio waves, via the local network 100 or via bidirectional exchanges.
• the devices 10-13 use for example the IP protocol (for “Internet Protocol”) to communicate with each other and to communicate with the extended network 200. They can also communicate with each other according to wireless communication standards such as WiFi, Bluetooth or others.
• IP protocol for “Internet Protocol”
• WiFi Wireless Fidelity
• Bluetooth Wireless Fidelity
• the access gateway 13 is configured to allow the devices 10-12 to send requests to a server 20 in the wide area network 200 and to receive in return responses from the server 20.
• the server 20 is a server providing content, such as audio or video content, electronic messages or websites.
• At least one of the devices 10-13 is configured to establish an optical communication channel C01 with a light source 30.
• a single light source 30 is shown in FIG. 1. Of course, the number of light sources can be different.
• the first item of equipment 10 comprises an optical emitter and a photoreceptor.
• the first device 10 is a mobile telephone terminal of the "Smartphone" type.
• the other items of equipment 11, 12, 13 are in this example a surveillance camera 11, a laptop computer 12 and an access gateway 13 and are respectively connected to the light source 30 via wire links CL3, CL2, CL1.
• all of the equipment is linked to the light source via optical means.
• each item of equipment communicates with the management device via an optical communication channel.
• FIG. 2 schematically represents a first device 10, a second device 13 and a light source 30.
• the first device 10 is a mobile telephone terminal and the second device 13 is an access gateway 13.
• the light source 30 is for example a light-emitting diode (LED) lamp or a light providing localized lighting, known as a “light spot”.
• the light source 30 is configured, in addition to to emit light for the primary purpose of illuminating, to emit information by means of the light.
• the light source 30 is configured to emit information according to Li-Fi technology (for "Light Fidelity”) or equivalent technologies. Using Li-Fi technology, the data is encoded and transmitted according to a modulation of the amplitude of the light signal.
• the light source 30 can include several light emitting diodes or LEDs.
• the diodes electroluminescent lamps may have the same color or different colors.
• the colors of the light emitting diodes can be used for visual information of the users of the equipment. For example, as will be described below, diodes of one color may emit light during the implementation of a pairing request, or upon the success or failure of a pairing request. pairing, etc.
• the light emitting diodes form an optical emitter EO_30.
• the light source 30 comprises an optical receiver or photoreceptor RO_30 for receiving light signals coming from light sources of the equipment 10-13.
• the RO_30 photoreceptor is configured to demodulate the received signal and obtain the data which has been transmitted. For the RO photoreceptor to receive data, it must be located in the illumination area of the light source emitting the data.
• the light source 30 further comprises a CTRL_30 control module comprising electronic circuits configured to implement the method for managing a pairing request according to the invention. This method will be described below with reference to FIG. 3.
• the light source 30 forms a device for managing a pairing request.
• This management device 30 can be integrated into a piece of equipment, for example the access gateway 13 or more, where the equipment 10-13 can be independent as shown in Figure 1 where the management device is a light spot.
• management device In the embodiment shown, the terms management device, light source and light spot correspond to the same device 30.
• the second item of equipment 13 is connected to the light spot 30 by means of a wired connection.
• this wired connection is of the Ethernet or CPL type (for “Line Carrier Current”).
• the first item of equipment 10 comprises an optical transmission module or optical transmitter EO_10, and an optical reception module, optical receiver or photoreceptor RO_10. It will be noted that in order for the first device 10 and the light spot 30 to be able to establish a communication channel C01, the photoreceptor RO_30 of the light spot 30 must be located in the lighting zone of the optical transmitter EO_10 of the first device 10 and the RO_10 photoreceptor of the first equipment 10 must be in the lighting zone of the optical emitter EO_30 of the light spot 30.
• lighting zone of an optical emitter is meant the zone receiving the light beams emitted by the optical emitter, or the zone in which an optical receiver can receive the light beams emitted by the optical emitter.
• the first equipment further comprises a transmitter and a radio receiver E / R_R_10 allowing radio communication (or communication by means of radio waves) with other equipment 11 -13, and in this embodiment shown, with the second equipment 13.
• the second equipment 13 also comprises a transmitter and a radio receiver E / R_R_13 allowing radio communication (or communication by means of radio waves) with other equipment 10-12, and in this embodiment shown, with the first equipment 10.
• the items of equipment 10, 13 and the light spot 30 are provided with communication interfaces (not illustrated) configured for the implementation of the aforementioned communications.
• the first item of equipment 10 comprises a first interface suitable for implementing optical communications and a second interface suitable for implementing radio communications.
• the light spot 30 comprises a first interface suitable for implementing optical communications and a second interface suitable for implementing wired communications.
• the second device 20 comprises a first interface suitable for implementing wired communications and a second interface suitable for implementing radio communications.
• the second item of equipment 20 comprises a third interface suitable for implementing communications with the extended communications network 200. In particular, this third interface allows devices 10-12 of the local area network 100 to issue requests to servers 40 in the wide area network and to receive responses.
• FIG. 3 illustrates the steps of the process for managing a pairing request from the first device 10 to the second device 13, according to one embodiment.
• the management method is implemented by the management device 30, the management device being in one embodiment a light spot.
• the management device 30 receives E10 a pairing request from the first device 10.
• the pairing request R1 is received by the management device 30 via an optical communication channel C01 ( Figures 1 and 2).
• the pairing request includes data representative of the DATJD identity of the first device 10.
• the data representative of the DATJD identity of the first device 10 make it possible to uniquely identify this first device 10.
• the data representative of the identity of the first device 10 includes a CERT certificate associated with the first device 10.
• the CERT certificate was generated beforehand for this first device by a certification authority, in association with a public key K2.
• This public key K2 is contained in the CERT certificate and is used to decrypt the data encrypted with the private key K1.
• a public key and a private key are associated with the CERT certificate.
• the management device 30 comprises a list of trusted certification authorities, including the certification authority that generated the CERT certificate associated with the first equipment 10.
• This list of certification authorities may be updated.
• the pairing request R1 addressed to the management device 30 includes the CERT certificate associated with the first device.
• the data representative of the DATJD identity further comprises a PUF fingerprint uniquely identifying the first device 10.
• the pairing request R1 includes the CERT certificate and the PUF fingerprint uniquely identifying the first device 10.
• the PUF footprint can be defined as a series of data that uniquely identifies the first device. This fingerprint is generated E0 by the first device prior to the transmission of a pairing request. It is identical for each generation and remains constant over time.
• the imprint associated with the first device 10 is generated according to an unclonable physical function or PUF (for "Physical Unclonable Function” in English terminology).
• PUF Physical Unclonable Function
• Electronic components are all different in their physical structure. During the manufacture of electronic components physical variations occur, these variations make it possible to differentiate electronic components which are otherwise identical and manufactured at the same time by identical manufacturing processes.
• An unclonable physical function or PUF can be defined as a physical entity in an electronic component.
• the unclonable physical function or PUF is used for the generation of the PUF type imprint.
• the imprint is generated by means of an inclonable physical function or optical PUF present in the first equipment 10.
• An optical PUF is formed by a transparent material doped with light scattering particles. When light passes through this transparent surface, an image is generated by illuminating this surface. This surface being unique (or tiltable), the generated image is unique for each optical PUF and therefore for each device.
• the data series representative of the generated image forms the PUF imprint.
• the optical PUFs are located downstream of the optical transmitter.
• the generated image is related to imperfections of the optical lens of the optical transmitter.
• the PUF imprint is generated each time the first device 10 implements a transmission.
• the PUF imprint is generated each time a pairing request FÎ1 will be sent to the management device 30.
• the PUF imprint can only be generated during the first request to pair a device.
• the management device stores the footprint associated with the equipment in memory for carrying out the necessary checks during subsequent pairings.
• the management device When the management device receives a pairing request E10, it extracts the data identifying the first device 10. In this embodiment, the management device 30 extracts the CERT certificate and the PUF imprint uniquely identifying the first device. 10.
• the pairing request received includes only one of the above data identifying the first device.
• the management device 30 records the received CERT certificate in association with the received PUF imprint.
• the certificate and the fingerprint are recorded in the memory of the management device 30 or in a database connected to the management device 30.
• the database can be located in a server 20 connected to the control device.
• management 30 via the second device 13.
• the server can be connected directly to the management device or via a device other than the second device.
• the management device 30 receiving the pairing request R1 performs a verification E20 of the data identifying the first device 10.
• the verification implemented is different depending on the embodiments.
• the verification E30 may include:
• the verification E20 comprises at least one of the verification operations E21, E22, E23, E34 mentioned below. In addition, all combinations may be possible.
• the verification E20 comprises checking whether the first device 10 has the private key K1 associated with the CERT certificate, if the certification authority which issued the CERT certificate is present in a list of trusted certification authorities , check (not shown), if the first device associated with the certificate received CERT is authorized to implement a pairing and if the PUF imprint was previously received in association with a certificate different from the certificate received CERT in the pairing request R1 (checks E21, E22, E23 and E24).
• the checks consisting in verifying whether the device associated with the certificate received CERT is authorized to implement a pairing or whether the PUF imprint has been received previously in association with a different certificate can be implemented by consultation in a database, of data associated with the CERT certificate. Depending on the data associated with the certificate CERT, it can be determined whether the CERT certificate is authorized for pairing via the management device 30.
• the database can be the same database in which the received CERT certificates and PUF fingerprints are stored in association, or a different database.
• the data associated with the certificate include the certification authority issuing the certificate, a serial number contained in the certificate, the name of the user of the first device and an identifier of the management device. .
• the identifier of the management device can be an identifier of a meeting room in which the management device is placed.
• the management device 30 determines E30 whether the pairing request is authorized or refused.
• the pairing request is authorized E30.
• the verification E21 of the possession of the private key is implemented as follows.
• the management device 30, on receipt of the pairing request R1, randomly generates a piece of data and transmits it to the first device 10.
• the first device 10 encrypts this data and transmits it to the management device 30.
• the management device 30 decrypts the data. received using the public key associated with the CERT certificate, this public key being contained in the CERT certificate. If the data obtained corresponds to the data that it had previously generated and sent to the first device 10, the management device determines that the first device has the private key. If, on the contrary, the data obtained does not correspond to the data that it had previously generated and sent to the first device 10, the management device determines that the first device does not have the private key.
• the management device 30 sends a response E40, via the optical communication channel C01, to the first device 10 informing it of the authorization or refusal of the pairing request. Then, the management device 30 sends E50 to the first device 10 identification data for the second device 20, for example of the SSID type (for "Service Set Identifier") or a security key. These identification data for the second equipment 13 allow secure communications between the first equipment 10 and the second equipment 13 once the pairing has been implemented.
• SSID type for "Service Set Identifier”
• the management device 30 can address a WPA (for "Wi-Fi Protected Access") type key to the gateway 13 (second device).
• WPA for "Wi-Fi Protected Access”
• the management device can send to the first item of equipment a security key associated with the management device, for example the key of the light spot.
• the first equipment 10 Once the first equipment 10 has the identification data of the second equipment 13, it can establish a connection with the second equipment 13 and send it its own identification data.
• the exchanges between the first item of equipment 10 and the management device 30 are implemented according to a Diffie-Hellman type protocol.
• the first item of equipment 10 and the management device 30 use the Diffie-Hellman protocol to calculate a key, called the session key.
• This session key is used for the exchanges between the first device 10 and the management device 30.
• the first device 10 sends to the management device 30, the pairing request R1 encrypted with the session key. calculated.
• the management device 30 sends to the first device 10, the identification data of the second device 13 encrypted with the session key.
• the exchanges between the first device 10 and the management device 30 necessary to verify the possession of the private key K1 associated with the CERT certificate by the first device 10 are implemented using the calculated session key.
• the management device includes in memory the identification data of the equipment to which it is connected.
• the identification data are obtained by the management device during the implementation of the method for managing a pairing request in order to be able to exchange the identification data between the first equipment and second equipment.
• the first device 10 and the second device can communicate via a radio communication channel CR1.
• a verification of an identity data item identifying the user of the first device 10 is implemented.
• This feature adds security to the exchanges between the devices.
• the first item of equipment and the second item of equipment can also communicate via the optical communication channel established between the first item of equipment and the management device and the wired communication channel between the management device and the second item of equipment.
• the management device operates as an intermediary between the first device and the second device.
• these communication channels having been used previously during the pairing phase, continue to be used subsequently during communication phases.
• the use of these communication channels can be very useful, for example for communications in environments where radio communications should be avoided, for example in hospitals, nurseries or the like.
• the first device 10 can either communicate with the second device via the radio communication channel CR1, or via the communication device. management 30, that is to say via the optical communication channel C01 and the wired communication channel CL1.
• the management device 30 can determine E100 the zone where the first equipment item is located. This information is determined by the RO_30 photoreceptor of the management device. Based on this information, the lighting of at least one light source of the management device (or light spot) 30 is modified E101 to visually identify the area where the first equipment 10 is located.
• a first group of light sources or LEDs may light up and a second group of light sources or LEDs may turn off so as to illuminate only the area where the first equipment 10 is located.
• a device initiating a pairing can be identified visually. Thanks to this feature an unauthorized user can be easily spotted.
• the color of the light emitted by the light spot may change depending on the result of the check E20. This feature makes it possible to visually indicate whether the pairing request has been accepted or refused.
• different colors can be selected for the light emitted by at least one light source of the management device 30 to indicate whether the pairing request has been accepted or refused.
• the management method when the pairing request is validated, further comprises the transmission of at least one second pairing request to a third device 11, 12 connected by a wired connection to the management device 30.
• the management device 30 includes a list of the items of equipment 11 -13 to which it is connected. Once the pairing request from the first device 10 is validated, the user of the first device 10 can select from the list at least one second device to initiate a pairing request.
• This new pairing request may not require the implementation of the checks implemented previously, for example if the new pairing request is transmitted in the same session. In this case, the pairing with the rest of the equipment is thus implemented quickly.
• the pairing with the second device 13 requested by the first device 10 authorized the pairing with the rest of the devices 11, 12 connected to the management device 30 is implemented automatically.
• FIG. 4a schematically illustrates a hardware architecture of a management device 30 capable of implementing the management method according to the invention.
• the management device 30 comprises an optical receiver or photoreceptor RO_30, an optical transmitter EO_30 and a control module CTRL_30.
• This CTRL_30 control module comprises a communication bus 300 to which are connected:
• a processing unit 301 named in the figure CPU (for “Central Processing Unit”) and which may include one or more processors;
• non-volatile memory 302 for example ROM (for “Read Only Memory”), EEPROM (for “Electrically Erasable Read Only Memory”) or a Flash memory;
• Random Access Memory a random access memory 303 or RAM (standing for “Random Access Memory”);
• an input / output interface 304 named in the figure I / O (for “Input / Output”), for example keys or buttons, a screen, a keyboard, a mouse or other pointing device such as a touch screen or a remote control allowing a user to interact with the management device 30 via a graphical interface or man-machine interface; and
• Communication interfaces 305 suitable for exchanging data for example with the first device 10, with the second device 13, or with a database DB via a communication network 100, 200.
• These interfaces communication 305 are in particular configured to establish optical communication channels C01, radio communication channels CR1 or wired communication channels CL1, CL2, CL3.
• Random access memory 303 comprises registers suitable for recording the variables and parameters created and modified during the execution of a computer program comprising instructions for implementing the management method according to the invention.
• the instruction codes of the program stored in non-volatile memory 302 are loaded into RAM memory 303 for execution by the processing unit CPU 301.
• the non-volatile memory 302 is for example a rewritable memory of the EEPROM or Flash memory type which can constitute a medium within the meaning of the invention, that is to say which can comprise a computer program comprising instructions for the implementation of the. management method according to the invention.
• the rewritable memory can include, for example, a database in which CERT certificates are recorded in association with PUF fingerprints, or comprising a list of equipment linked to the management device 30, or a list of authorized certification authorities. This database can be updated as pairing requests are received.
• FIG. 4b is a functional representation of a device 30 for managing a pairing request according to one embodiment.
• These modules include in particular: a reception module 31 configured to receive, via the optical communication channel C01, a pairing request comprising data representative of the identity of the first device 10,
• an authorization module 32 configured to authorize or refuse the pairing request depending on the result of said at least one verification E20 implemented on the data representative of the identity of the first device 10, and
• a transmission module 33 configured to transmit, via the optical communication channel C01, a security key to the first device 10, if the pairing request is authorized.
• the transmission module 33 is further configured to transmit to the first device a first piece of data generated randomly on receipt of the pairing request R1.
• the management device comprises a verification module 34 configured for:
• checking whether the first device has the private key associated with the certificate for example by checking whether an encrypted data received can be decrypted with a public key contained in the certificate.
• the management device 30 can further comprise, depending on the embodiments:
• a determination module 35 configured to determine an area where the first equipment item is located, and a lighting modification module configured to modify the lighting of at least one light source of the management device, to visually identify said area where the first equipment is located, and / or a second verification module 36 configured for the identity of the user as a function of said identity datum received, and / or
• a transmission module 37 configured for the transmission of at least a second pairing request to a third device connected by a wired connection to the management device.
• the aforementioned modules and means are controlled by the processor of the processing unit 301. They can take the form of a program executable by a processor, or a material form (or “hardware”), such as a specialized integrated circuit (known in Anglo-Saxon terminology known as ASIC for “Application-Specific Integrated Circuit”), a system on chip (known in Anglo-Saxon terminology as SoC for “System On Chip”), or an electronic component of the programmable logic circuit type, such as than an FPGA type component (for “Field-Programmable Gâte Array”).
• ASIC Application-Specific Integrated Circuit
• SoC System On Chip
• the first equipment 10 also comprises a communication bus to which are connected a processing unit or microprocessor, a non-volatile memory, a random access memory or RAM, and a communication interface suitable in particular for exchanging data with the management device 30.
• first equipment 10 can for example send the management device 30 a request for pairing with a second equipment 13.
• the first equipment 10 can receive messages from the management device 30, for example to inform it if the request for pairing is accepted or refused or send it cryptographic keys.
• the management device 30 is integrated into the second device 13, this second device being, by way of non-limiting example, an access gateway.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=72709517

Family Applications (1)

Country Status (5)

Family Cites Families (3)

• 2020
  • 2020-06-19 FR FR2006407A patent/FR3111498A1/fr not_active Withdrawn
• 2021
  • 2021-06-07 US US18/002,352 patent/US20230239145A1/en active Pending
  • 2021-06-07 CN CN202180057587.8A patent/CN116057606A/zh active Pending
  • 2021-06-07 EP EP21739162.2A patent/EP4169009A1/de active Pending
  • 2021-06-07 WO PCT/FR2021/051022 patent/WO2021255363A1/fr unknown

Also Published As

Similar Documents

Legal Events