TW202029686A - Device identifying method, identifying device, and device pairing method - Google Patents
Device identifying method, identifying device, and device pairing method Download PDFInfo
- Publication number
- TW202029686A TW202029686A TW109100745A TW109100745A TW202029686A TW 202029686 A TW202029686 A TW 202029686A TW 109100745 A TW109100745 A TW 109100745A TW 109100745 A TW109100745 A TW 109100745A TW 202029686 A TW202029686 A TW 202029686A
- Authority
- TW
- Taiwan
- Prior art keywords
- identification
- member device
- public key
- candidate member
- candidate
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/47—Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/005—Discovery of network devices, e.g. terminals
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
相關申請的交叉引用:Cross-references to related applications:
本申請要求2018年01月11日遞交的申請號為62/616,040的美國臨時案的優先權,在此合併參考該申請案的全部內容。This application claims the priority of the U.S. Provisional Application No. 62/616,040 filed on January 11, 2018, and the entire content of the application is incorporated herein by reference.
本申請涉及一種裝置識別方法、識別裝置以及裝置配對方法。This application relates to a device identification method, an identification device, and a device pairing method.
近年來,諸如藍芽(bluetooth)的短距離無線通訊算法非常流行。這樣的算法能夠很容易地在兩個不同的裝置(device)之間建立連接。但是,這些算法的配對(pairing)方法存在一些缺點。In recent years, short-range wireless communication algorithms such as bluetooth have become very popular. Such an algorithm can easily establish a connection between two different devices. However, the pairing methods of these algorithms have some disadvantages.
第1圖是示出相關的藍芽裝置配對方法的操作的示意圖。如第1圖所示,如果行動電話100想要與多個其它裝置(諸如揚聲器(speaker)S_Y和顯示器(display)D_Y)進行配對,則行動電話100必須與揚聲器S_Y和顯示器D_Y一對一(on by one)地配對。必須為每個被配對的裝置重複進行配對的整個過程,因此,如果用戶希望將行動電話100與多個裝置進行配對,則會浪費大量時間。Fig. 1 is a schematic diagram showing the operation of the related Bluetooth device pairing method. As shown in Figure 1, if the
此外,如第1圖所示,用戶在與揚聲器S_Y和顯示器D_Y配對的同時可能會將行動電話100與諸如揚聲器S_N或顯示器D_N之類的錯誤(wrong)裝置進行配對,因此,存儲在行動電話110中的資料可能會在其他人的裝置上進行播放。更糟糕的是,如果行動電話100與錯誤裝置配對,則存儲在行動電話110中的資料可能會被竊取。In addition, as shown in Figure 1, the user may pair the
本申請的目的之一是提供一種裝置識別方法(device identifying method)和識別裝置,其能夠通過識別裝置識別候選成員裝置(candidate member device)是否屬於裝置集合(device set)。One of the objectives of the present application is to provide a device identifying method (device identifying method) and an identifying device, which can identify whether a candidate member device (candidate member device) belongs to a device set through the identifying device.
本申請的目的是提供一種裝置識別方法,用於通過識別裝置來識別候選成員裝置是否屬於裝置集合。該裝置集合包括至少一個成員裝置(member device)。該方法包括:(a)在該識別裝置和該至少一個成員裝置中的第一成員裝置之間建立連接,以從該第一成員裝置獲取集合ID(set ID)和至少一個識別密鑰;(b)根據該集合ID發現(discover)候選成員裝置;(c)根據該識別密鑰生成識別資料,並將該識別資料發送給該候選成員裝置;以及,(d)根據針對該識別資料的比較結果確定該候選成員裝置是否屬於該裝置集合。The purpose of this application is to provide a device identification method for identifying whether a candidate member device belongs to a device set by identifying a device. The device set includes at least one member device. The method includes: (a) establishing a connection between the identification device and a first member device of the at least one member device to obtain a set ID and at least one identification key from the first member device; ( b) Discover the candidate member device based on the set ID; (c) Generate identification data based on the identification key and send the identification data to the candidate member device; and (d) According to the comparison of the identification data As a result, it is determined whether the candidate member device belongs to the device set.
本申請的另一目的是提供一種識別裝置,其能夠識別候選成員裝置是否屬於裝置集合,該裝置集合包括至少一個成員裝置,以及,該識別裝置包括處理電路,該處理電路被配置為執行至少一段程式碼以執行以下操作:(a)在該識別裝置和該至少一個成員裝置中的第一成員裝置之間建立連接,以從該第一成員裝置獲取集合ID和至少一個識別密鑰;(b)根據該集合ID發現候選成員裝置;(c)根據該識別密鑰生成識別資料,並將該識別資料發送給該候選成員裝置;以及,(d)根據針對該識別資料的比較結果確定該候選成員裝置是否屬於該裝置集合。Another object of the present application is to provide an identification device that can identify whether a candidate member device belongs to a device set, the device set includes at least one member device, and the identification device includes a processing circuit configured to execute at least one Program code to perform the following operations: (a) establish a connection between the identification device and a first member device of the at least one member device to obtain a set ID and at least one identification key from the first member device; (b) ) Discover the candidate member device based on the set ID; (c) Generate identification data based on the identification key and send the identification data to the candidate member device; and (d) Determine the candidate based on the comparison result of the identification data Whether the member device belongs to the device set.
本申請的又一目的是提供一種裝置配對方法,用於確定識別裝置是否應該(should)與候選成員裝置配對,以及,該裝置配對方法包括:(a)在該識別裝置和裝置集合的至少一個成員裝置中的第一成員裝置之間建立連接,以從該第一成員裝置獲取集合ID和至少一個識別密鑰;(b)根據該集合ID發現候選成員裝置;(c)根據該識別密鑰生成識別資料,並將該識別資料發送給該候選成員裝置;(d)根據針對該識別資料的比較結果確定該候選成員裝置是否屬於該裝置集合;以及,(e)當該候選成員裝置屬於該裝置集合時,該識別裝置和該候選成員裝置進行配對;而當該候選成員裝置不屬於該裝置集合時,該識別裝置不和該候選成員裝置進行配對。Another object of the present application is to provide a device pairing method for determining whether an identification device should be paired with a candidate member device, and the device pairing method includes: (a) at least one of the identification device and the device set A connection is established between the first member devices among the member devices to obtain the set ID and at least one identification key from the first member device; (b) find candidate member devices according to the set ID; (c) according to the identification key Generate identification data, and send the identification data to the candidate member device; (d) determine whether the candidate member device belongs to the device set according to the comparison result of the identification data; and (e) when the candidate member device belongs to the device set; When the device is set, the identification device and the candidate member device are paired; and when the candidate member device does not belong to the device set, the identification device and the candidate member device are not paired.
鑒於上述實施例,成員裝置能夠很容易被發現並且能夠在配對之前被嚴格認證,因此,可以確保使用者的裝置與可靠的裝置配對。In view of the above-mentioned embodiments, the member devices can be easily discovered and can be strictly authenticated before pairing. Therefore, it can be ensured that the user's device is paired with a reliable device.
本領域技術人員在閱讀附圖所示優選實施例的下述詳細描述之後,可以毫無疑義地理解本發明的這些目的及其它目的。Those skilled in the art can understand these and other objects of the present invention without any doubt after reading the following detailed description of the preferred embodiments shown in the drawings.
在以下描述中,一些實施例被提供,以解釋本申請的概念。請注意,實施例中的每個元件可以被實現為硬體(例如,電路或裝置)或固件(例如,裝有至少一段程式的處理器)。而且,每個實施例中的元件可以被分離為更多的元件或被集成為更少的元件。另外,說明書中的術語“第一”、“第二”僅用於指示元件或步驟是不同的,而不是表示其順序。In the following description, some embodiments are provided to explain the concept of the present application. Please note that each element in the embodiment can be implemented as hardware (for example, a circuit or device) or firmware (for example, a processor equipped with at least one program). Moreover, the elements in each embodiment may be separated into more elements or integrated into fewer elements. In addition, the terms "first" and "second" in the specification are only used to indicate that elements or steps are different, rather than indicating their order.
第2圖是根據本申請一實施例示出的一種裝置配對方法的操作的示意圖。如第2圖所示,裝置集合(device set)DS包括至少一個成員裝置(member device)。在該實施例中,裝置集合DS包括一個以上的成員裝置MD_1,MD_2…MD_n。成員裝置MD_1,MD_2…MD_n可以是任何類型的裝置,例如揚聲器、顯示器,電視、行動電話、可擕式電腦或平板電腦。裝置集合DS的成員裝置MD_1,MD_2…MD_n具有(comprise)相同的集合(set)ID(在此示例中被示例為ID_1)。此外,裝置集合DS的成員裝置MD_1,MD_2…MD_n分別具有用於其自身的不同的集合公開密鑰(different set public keys)。例如,成員裝置MD_1具有集合公開密鑰PUK_1,成員裝置MD_2具有集合公開密鑰PUK_2,成員裝置MD_n具有集合公開密鑰PUK_n。此外,成員裝置MD_1,MD_2…MD_n中的每一個還具有其它成員裝置的集合公開密鑰。換句話說,成員裝置MD_1,MD_2…MD_n中的每一個包括所有的(all)集合公開密鑰PUK_1…PUK_n。Figure 2 is a schematic diagram showing the operation of a device pairing method according to an embodiment of the present application. As shown in Figure 2, the device set DS includes at least one member device. In this embodiment, the device set DS includes more than one member device MD_1, MD_2...MD_n. The member devices MD_1, MD_2...MD_n can be any type of device, such as speakers, monitors, TVs, mobile phones, portable computers or tablets. The member devices MD_1, MD_2...MD_n of the device set DS have (comprise) the same set ID (illustrated as ID_1 in this example). In addition, the member devices MD_1, MD_2...MD_n of the device set DS each have different set public keys (different set public keys) for themselves. For example, the member device MD_1 has the collective public key PUK_1, the member device MD_2 has the collective public key PUK_2, and the member device MD_n has the collective public key PUK_n. In addition, each of the member devices MD_1, MD_2...MD_n also has the collective public keys of other member devices. In other words, each of the member devices MD_1, MD_2...MD_n includes all (all) set public keys PUK_1...PUK_n.
識別裝置(identifying device)200用於執行本申請公開的裝置識別方法。識別裝置200可以是能夠執行裝置識別方法的任何裝置,例如智慧手錶、行動電話、膝上型電腦或平板電腦。在找到要識別的裝置(此後稱為候選成員裝置(candidate member device))之前,識別裝置200在識別裝置200和成員裝置MD_1,MD_2…MD_n中的成員裝置(例如,在本實施例中以成員裝置MD_1為例)之間建立連接。在建立連接之後,識別裝置200從成員裝置MD_1獲取(acquire)集合ID ID_1和成員裝置MD_1,MD_2 ... MD_n中的每一個的集合公開密鑰PUK_1 ... PUK_n。換句話說,識別裝置200從成員裝置MD_1獲取集合ID ID_1和集合公開密鑰PUK_1,PUK_2…PUK_n。除了集合ID ID_1和集合公開密鑰PUK_1,PUK_2…PUK_n外,識別裝置200還可以從成員裝置MD_1獲取其它的集合資訊(set information),例如成員裝置的位址(member device addresses)。The identifying device (identifying device) 200 is used to implement the device identifying method disclosed in this application. The
識別裝置200在接收到集合公開密鑰PUK_1,PUK_2…PUK_n之後,根據集合ID ID_1發現(discover)候選成員裝置MD_c。候選成員裝置MD_c屬於裝置集合DS,但是尚未與識別裝置200配對。因此,候選成員裝置MD_c也包括所述集合ID ID_1,從而,識別裝置200能夠發現它。在發現候選成員裝置MD_c之後,識別裝置200根據候選成員裝置MD_c的集合公開密鑰PUK_c生成識別資料D_i,並將識別資料D_i發送給候選成員裝置MD_c。如果候選成員裝置MD_c是裝置集合DS的成員裝置,則成員裝置MD_1也會包括集合公開密鑰PUK_c,以及,識別裝置200能夠從成員裝置MD_1獲取到該集合公開密鑰PUK_c。接下來,識別裝置200根據候選成員裝置MD_c對識別資料D_i的比較結果Re,確定候選成員裝置MD_c是否屬於裝置集合DS。在以下描述中將描述詳細步驟。After receiving the set public keys PUK_1, PUK_2...PUK_n, the
第3圖是根據本申請一實施例示出的一種裝置配對方法的步驟的示意圖。如第3圖所示,在步驟301中,成員裝置MD_1生成裝置集合DS的廣告(advertisements),從而,在步驟303中,識別裝置200能夠與成員裝置MD_1建立連接。在一實施例中,該連接為低能安全連接(Low Energy Secure Connection,LESC)。在步驟305中,識別裝置200執行配對過程(pairing procedure,諸如藍芽配對過程),從而,在步驟307中,識別裝置200和成員裝置MD_1能夠配對。接下來,在步驟309中,識別裝置200從成員裝置MD_1獲取集合ID ID_1及集合公開密鑰PUK_1,PUK_2…PUKn、集合公開密鑰PUK_c。Figure 3 is a schematic diagram showing the steps of a device pairing method according to an embodiment of the present application. As shown in FIG. 3, in
在步驟311中,候選成員裝置MD_c生成裝置集合DS的廣告,從而,在步驟313中,識別裝置200能夠發現候選成員裝置MD_c並與候選成員裝置MD_c建立連接。在一實施例中,該連接是低能安全連接(Low Energy Secure Connection,LESC)。在建立連接之後,識別裝置200在步驟315中執行認證(authentication)以識別候選成員裝置MD_c是否屬於裝置集合DS。如果不執行認證,則竊取或複製上述集合ID ID_1的裝置將被認為是裝置集合DS的成員裝置,並能夠與識別裝置200配對。如果在步驟315中通過認證,則候選成員裝置MD_c被確定為是裝置集合DS的成員裝置,從而,在步驟317中,識別裝置200能夠與候選成員裝置MD_c配對。In
在一實施例中,可以參考(refer)用於藍芽配對的帶外(out of band,OOB)認證來執行步驟315中的認證。更具體地,識別裝置200應用集合公開密鑰PUB_c對參考帶外(OOB)認證生成的資料進行編碼,以生成上述識別資料D_i。術語“參考”表示遵循帶外(OOB)認證的部分步驟,而不必是帶外(OOB)認證的所有步驟。換句話說,步驟315中的認證是基於本申請提供的經修改的(modified)帶外(OOB)認證而不是原來的(original)帶外(OOB)認證來執行的。In an embodiment, the out of band (OOB) authentication for Bluetooth pairing may be referred to to perform the authentication in
第4圖示出了用於藍芽配對的原來的帶外(OOB)認證的步驟的流程示意圖。第4圖的步驟包括:Figure 4 shows a schematic flow diagram of the original out-of-band (OOB) authentication steps used for Bluetooth pairing. The steps in Figure 4 include:
步驟401:Step 401:
識別裝置200設置ra為隨機數(random number),並設置rb = 0。The
步驟402:Step 402:
候選成員裝置MD_c設置rb為隨機數,並設置ra = 0。The candidate member device MD_c sets rb as a random number, and sets ra=0.
步驟403:Step 403:
識別裝置200通過函數Ca = f4(Pka,Pkb,ra,0)計算確認資料(confirm)Ca。其中,Pka是識別裝置200的公開密鑰,而Pkb是候選成員裝置MD_c的公開密鑰。PKa和PKb在OOB認證開始之前被交換。請注意,PKa和PKb是獨立于上述集合公開密鑰的且與裝置集合DS不相關。The
步驟404:Step 404:
候選成員裝置MD_c通過函數Cb = f4(Pka,Pkb,rb,0)計算確認資料Cb。The candidate member device MD_c calculates the confirmation data Cb through the function Cb = f4 (Pka, Pkb, rb, 0).
步驟405:Step 405:
識別裝置200將A、隨機數ra和確認資料Ca發送給候選成員裝置MD_c。其中,A是識別裝置200的位址(address)。The
步驟406:Step 406:
候選成員裝置MD_c將B、隨機數rb和確認資料Cb發送給識別裝置200。B是候選成員裝置MD_c的位址。The candidate member device MD_c sends B, the random number rb, and the confirmation data Cb to the
步驟407:Step 407:
識別裝置200還通過函數Cb = f4(Pka,Pkb,rb,0)計算確認資料Cb。核對(check)此Cb和接收到的Cb是否相同。如果相同,則繼續執行後面的步驟;否則,中止(認證失敗)。The
步驟408:Step 408:
候選成員裝置MD_c還通過函數Ca = f4(Pka,Pkb,ra,0)計算確認資料Ca。核對(check)此Ca和接收到的Ca是否相同。如果相同,則繼續執行後面的步驟;否則,中止(認證失敗)。The candidate member device MD_c also calculates the confirmation data Ca through the function Ca = f4 (Pka, Pkb, ra, 0). Check whether this Ca is the same as the received Ca. If they are the same, continue with the following steps; otherwise, abort (authentication failure).
步驟409:Step 409:
識別裝置200選擇隨機數Na,並將該隨機數Na發送給候選成員裝置MD_c。The
步驟410:Step 410:
候選成員裝置MD_c選擇隨機數Nb,並將該隨機數Nb發送給識別裝置200。The candidate member device MD_c selects a random number Nb, and sends the random number Nb to the
步驟411:Step 411:
執行認證階段2(Authentication Stage 2)。簡而言之,根據隨機數ra、rb、Na和Nb生成長期密鑰(long terms key),並且基於該長期密鑰執行認證。其它細節在用於藍芽配對的OOB認證的規範中已被定義,因此為簡潔起見,此處省略了其它細節。Perform Authentication Stage 2 (Authentication Stage 2). In short, a long term key (long terms key) is generated from random numbers ra, rb, Na, and Nb, and authentication is performed based on the long term key. Other details have been defined in the specification for OOB authentication for Bluetooth pairing, so for the sake of brevity, other details are omitted here.
如果認證通過,則候選成員裝置MD_c能夠與識別裝置200配對。相反,候選成員裝置MD_c將不能與識別裝置200配對。If the authentication is passed, the candidate member device MD_c can pair with the
第5圖是根據本申請一實施例示出的用於藍芽配對的經修改的帶外(OOB)認證的步驟的流程示意圖。上述識別資料D_i是基於修改後的帶外(OOB)認證生成的。第5圖中的步驟包括:FIG. 5 is a schematic flowchart of the modified out-of-band (OOB) authentication steps for Bluetooth pairing according to an embodiment of the present application. The above identification data D_i is generated based on the modified out-of-band (OOB) authentication. The steps in Figure 5 include:
步驟501:Step 501:
識別裝置200設置ra為隨機數,並設置rb = 0。The
步驟502:Step 502:
候選成員裝置MD_c設置rb為隨機數,並設置ra = 0。The candidate member device MD_c sets rb as a random number, and sets ra=0.
步驟503:Step 503:
識別裝置200通過函數Ca = f4(Pka,Pkb,ra,0)計算確認資料Ca。Pka是識別裝置200的公開密鑰,而Pkb是候選成員裝置MD_c的公開密鑰。PKa和PKb在OOB認證開始之前被交換。請注意,PKa和PKb是獨立于上述集合公開密鑰的且與裝置集合DS不相關。The
步驟505:Step 505:
識別裝置200利用候選成員裝置MD_c的集合公開密鑰Pub_c對確認資料Ca進行編碼,以生成編碼後的確認資料ECa。此外,識別裝置200對隨機數ra進行編碼以生成編碼後的隨機數Era。編碼後的確認資料ECa和編碼後的隨機數Era為上述識別資料D_i。The
步驟507:Step 507:
識別裝置200將識別資料Era和ECa發送給候選成員裝置MD_c。The
除對確認資料Ca和隨機數ra進行編碼外,還可以利用候選成員裝置MD_c的集合公開密鑰Pub_c對上述A(即識別裝置200的位址)進行編碼,以生成識別資料EA。In addition to encoding the confirmation data Ca and the random number ra, the set public key Pub_c of the candidate member device MD_c can also be used to encode the aforementioned A (that is, the address of the identification device 200) to generate the identification data EA.
步驟509:Step 509:
候選成員裝置MD_c還通過函數Ca = f4(Pka,Pkb,ra,0)計算確認資料Ca。此外,候選成員裝置MD_c利用集合公開密鑰Pub_c對識別資料ECa進行解碼,以生成解碼後的識別資料ECa。The candidate member device MD_c also calculates the confirmation data Ca through the function Ca = f4 (Pka, Pkb, ra, 0). In addition, the candidate member device MD_c uses the collective public key Pub_c to decode the identification material ECa to generate the decoded identification material ECa.
如果候選成員裝置MD_c生成的確認資料Ca與該解碼後的識別資料ECa相同,則執行後面的步驟。如果不相同,則認證失敗。If the confirmation data Ca generated by the candidate member device MD_c is the same as the decoded identification data ECa, the following steps are executed. If they are not the same, the authentication fails.
如果候選成員裝置MD_c確實是期望的(desired)成員裝置,則它也具有集合公開密鑰Pub_c,因此候選成員裝置MD_c生成的確認資料Ca與該解碼後的識別資料ECa相同。相反,如果候選成員裝置MD_c不是期望的成員裝置,則它不具有集合公開密鑰Pub_c,因此候選成員裝置MD_c生成的確認資料Ca和該解碼後的識別資料ECa不相同。If the candidate member device MD_c is indeed a desired member device, it also has the collective public key Pub_c, so the confirmation material Ca generated by the candidate member device MD_c is the same as the decoded identification material ECa. Conversely, if the candidate member device MD_c is not the desired member device, it does not have the collective public key Pub_c, so the confirmation material Ca generated by the candidate member device MD_c is different from the decoded identification material ECa.
類似地,候選成員裝置MD_c利用集合公開密鑰Pub_c對識別資料Era進行解碼,以生成解碼後的識別資料Era。該解碼後的識別資料Era將用於在後續步驟中生成長期密鑰(long terms keys),因此,如果候選成員裝置MD_c不具有集合公開密鑰Pub_c,則認證不通過。Similarly, the candidate member device MD_c uses the collective public key Pub_c to decode the identification data Era to generate the decoded identification data Era. The decoded identification data Era will be used to generate long terms keys in the subsequent steps. Therefore, if the candidate member device MD_c does not have the collective public key Pub_c, the authentication fails.
步驟511:Step 511:
識別裝置200選擇隨機數Na,並將該隨機數Na發送給候選成員裝置MD_c。The
步驟513:Step 513:
候選成員裝置MD_c選擇隨機數Nb,並將該隨機數Nb發送給識別裝置200。The candidate member device MD_c selects a random number Nb, and sends the random number Nb to the
步驟515:Step 515:
執行認證階段2。簡而言之,根據隨機數ra、rb、Na和Nb生成長期密鑰,並基於該長期密鑰執行認證。其它細節在用於藍芽配對的OOC認證的規範中被定義,因此為簡潔起見,此處省略了其它細節。Perform certification phase 2. In short, a long-term key is generated based on the random numbers ra, rb, Na, and Nb, and authentication is performed based on the long-term key. Other details are defined in the specifications for OOC authentication for Bluetooth pairing, so for the sake of brevity, other details are omitted here.
如果認證通過,則候選成員裝置MD_c可與識別裝置200配對。相反,候選成員裝置MD_c不能與識別裝置200配對。If the authentication is passed, the candidate member device MD_c may be paired with the
第5圖所示的實施例可以總結如下:根據候選成員裝置MD_c的集合公開密鑰Pub_c生成識別資料D_i的步驟包括:選擇隨機數(例如,步驟501中的隨機數ra);根據識別裝置的公開密鑰、候選成員裝置的公開密鑰和該隨機數,應用特定函數(例如,步驟503中的函數f4)來生成確認資料(例如,步驟503中的確認資料Ca);以及,利用該候選成員裝置的集合公開密鑰對該確認資料和該隨機數進行編碼,以生成上述識別資料。The embodiment shown in Figure 5 can be summarized as follows: the step of generating identification data D_i according to the set public key Pub_c of the candidate member device MD_c includes: selecting a random number (for example, the random number ra in step 501); The public key, the public key of the candidate member device, and the random number, apply a specific function (for example, the function f4 in step 503) to generate confirmation data (for example, the confirmation material Ca in step 503); and use the candidate The collective public key of the member device encodes the confirmation material and the random number to generate the aforementioned identification material.
比較第4圖中的步驟和第5圖中的步驟,第5圖中修改後的帶外(OOB)認證不包括計算確認資料Cb的步驟(步驟404),因此,不用執行諸如步驟407的相關步驟。但是,這些步驟也可以被包含在修改後的OOB認證中。Comparing the steps in Figure 4 with the steps in Figure 5, the modified out-of-band (OOB) authentication in Figure 5 does not include the step of calculating the confirmation data Cb (step 404), so there is no need to perform related steps such as
第6圖是根據本申請的另一實施例示出的一種裝置配對方法的操作的示意圖。如第6圖所示,裝置集合DS包括至少一個成員裝置。在該實施例中,裝置集合DS包括一個以上的成員裝置MD_1,MD_2…MD_n。成員裝置MD_1,MD_2…MD_n可以是任何類型的裝置,例如揚聲器、顯示器、電視、行動電話、可擕式電腦或平板電腦。裝置集合DS的成員裝置MD_1,MD_2…MD_n具有相同的集合ID(在此示例中以ID_1為例)。此外,成員裝置MD_1,MD_2…MD_n中的每一個包括集合私密密鑰(set privacy key)PVK。Fig. 6 is a schematic diagram showing the operation of a device pairing method according to another embodiment of the present application. As shown in Figure 6, the device set DS includes at least one member device. In this embodiment, the device set DS includes more than one member device MD_1, MD_2...MD_n. The member devices MD_1, MD_2...MD_n can be any type of device, such as speakers, monitors, TVs, mobile phones, portable computers or tablets. The member devices MD_1, MD_2...MD_n of the device set DS have the same set ID (in this example, ID_1 is taken as an example). In addition, each of the member devices MD_1, MD_2...MD_n includes a set privacy key (set privacy key) PVK.
識別裝置200用於執行本申請中公開的裝置識別方法。識別裝置200可以是能夠執行裝置識別方法的任何裝置,例如智慧手錶、行動電話、膝上型電腦或平板電腦。在找到要識別的裝置(此後稱為候選成員裝置)之前,識別裝置200在識別裝置200和成員裝置MD_1,MD_2…MD_n中的成員裝置(在本實施例中以MD_1為例)之間建立連接。在建立連接之後,識別裝置200從成員裝置MD_1獲取集合ID ID_1和集合私密密鑰PVK。除了集合ID ID_1和集合私密密鑰PVK外,識別裝置200還可以從成員裝置MD_1獲取其它的集合資訊,例如成員裝置的位址。The
在接收到集合私密密鑰PVK之後,識別裝置200根據集合ID ID_1發現候選成員裝置MD_c。候選成員裝置MD_c屬於裝置集合DS,但是尚未與識別裝置200配對。因此,候選成員裝置MD_c也具有集合ID ID_1,從而,識別裝置200可以發現它。在發現候選成員裝置MD_c之後,識別裝置200從候選成員裝置MD_c接收編碼後的集合公開密鑰(encoded set public key)EPUK_c。編碼後的集合公開密鑰EPUK_c是通過利用集合私密密鑰PVK對候選成員裝置MD_c的集合公開密鑰PUK_c進行編碼而生成的。在接收到該編碼後的集合公開密鑰EPUK_c之後,識別裝置200利用集合私密密鑰PVK對編碼後的集合公開密鑰EPUK_c進行解碼,以獲取集合公開密鑰PUK_c。如果候選成員裝置MD_c是裝置集合DS的成員裝置,則其具有該集合私密密鑰PVK,因此識別裝置200通過利用集合私密密鑰PVK對編碼後的集合公開密鑰EPUK_c進行解碼能夠獲取正確的集合公開密鑰PUK_c。After receiving the set private key PVK, the
接下來,識別裝置200根據候選成員裝置MD_c的集合公開密鑰PUK_c生成識別資料D_i,並將識別資料D_i發送給候選成員裝置MD_c。如果候選成員裝置MD_c是裝置集合DS的成員裝置,則成員裝置MD_1也具有集合公開密鑰PUK_c。接下來,識別裝置200根據候選成員裝置MD_c對識別資料D_i的比較結果Re,確定候選成員裝置MD_c是否屬於裝置集合DS。在以下描述中將描述詳細步驟。Next, the
第7圖是根據本申請一實施例示出的一種裝置配對方法的步驟的示意圖。如第7圖所示,成員裝置MD_1生成裝置集合DS的廣告(步驟701),從而,在步驟703中,識別裝置200可與成員裝置MD_1建立連接。在一實施例中,該連接是低能安全連接(LESC)。在步驟705中,識別裝置200執行配對過程,例如藍芽配對過程,從而,在步驟707中,識別裝置200和成員裝置MD_1可配對。接下來,在步驟709中,識別裝置200從成員裝置MD_1獲得集合ID ID_1和集合私密密鑰PVK。Fig. 7 is a schematic diagram showing the steps of a device pairing method according to an embodiment of the present application. As shown in FIG. 7, the member device MD_1 generates an advertisement of the device set DS (step 701), and thus, in
在步驟711中,候選成員裝置MD_c生成裝置集合DS的廣告,從而,識別裝置200能夠發現候選成員裝置MD_c,並在步驟713中與候選成員裝置MD_c建立連接。在一實施例中,該連接是LESC。在建立連接之後,識別裝置200從候選成員裝置MD_c接收編碼後的集合公開密鑰EPUK_c,並利用集合私密密鑰PVK對編碼後的集合公開密鑰EPUK_c進行解碼,以獲取集合公開密鑰PUK_c(步驟715)。In
之後,在步驟717中執行認證,以識別候選成員裝置MD_c是否屬於裝置集合DS。如果不執行認證,則竊取或複製該集合ID ID_1的裝置將被認為是裝置集合DS的成員裝置,並可與識別裝置200配對。在步驟717中,如果認證通過,則候選成員裝置MD_c被確定為是裝置集合DS的成員裝置,從而,識別裝置200能夠在步驟719中與候選成員裝置MD_c配對。After that, authentication is performed in
在一實施例中,參考用於藍芽配對的OOB(帶外)認證來執行步驟717中的認證。更具體地,識別裝置200參考帶外(OOB)認證應用該集合公開密鑰PUB_c對生成的資料進行編碼,以生成上述識別資料D_i。術語“參考”表示遵循帶外(OOB)認證的部分步驟,而不是帶外(OOB)認證的所有步驟。換句話說,步驟717中的認證是基於本申請提供的經修改的帶外(OOB)認證而不是原來的帶外(OOB)認證執行的。In an embodiment, the authentication in
在一實施例中,識別資料D_i是遵循第5圖的實施例中所示的步驟產生的。即,識別資料D_i可以是步驟507中編碼後的確認資料ECa。上述描述示出了詳細的操作,因此為簡潔起見,此處省略細節描述。In one embodiment, the identification data D_i is generated following the steps shown in the embodiment in FIG. 5. That is, the identification data D_i may be the confirmation data ECa encoded in
鑒於上述實施例,能夠獲得裝置識別方法。該裝置識別方法能夠通過識別裝置200識別候選成員裝置MD_c是否屬於裝置集合DS。該裝置識別方法可以應用於裝置配對方法,並包括第8圖中的以下步驟:In view of the above embodiments, a device identification method can be obtained. The device identification method can identify whether the candidate member device MD_c belongs to the device set DS through the
步驟801:Step 801:
在識別裝置和上述成員裝置中的第一成員裝置(例如,第2圖中的成員裝置MD_1)之間建立連接,以從第一成員裝置獲取集合ID(例如,第2圖中的集合ID ID_1)和至少一個識別密鑰。A connection is established between the identification device and the first member device among the aforementioned member devices (for example, the member device MD_1 in Figure 2) to obtain the set ID from the first member device (for example, the set ID ID_1 in Figure 2) ) And at least one identification key.
該識別密鑰可以是候選成員裝置MD_c的集合公開密鑰PUK_c,如第2圖的實施例,以及,該識別密鑰可以是集合私密密鑰PVK,如第6圖的實施例。The identification key may be the collective public key PUK_c of the candidate member device MD_c, as in the embodiment in FIG. 2, and the identification key may be the collective secret key PVK, as in the embodiment in FIG. 6.
步驟803:Step 803:
根據集合ID發現候選成員裝置。Discover candidate member devices based on the set ID.
步驟805:Step 805:
根據識別密鑰生成識別資料D_i,並將識別資料D_i發送給候選成員裝置。The identification data D_i is generated according to the identification key, and the identification data D_i is sent to the candidate member device.
例如,識別資料D_i可以是在步驟505中利用集合公開密鑰PUK_c對確認資料Ca進行編碼而生成的。For example, the identification material D_i may be generated by encoding the confirmation material Ca using the collective public key PUK_c in
步驟807:Step 807:
根據針對識別資料D_i的比較結果Re,確定候選成員裝置MD_c是否屬於裝置集合DS。According to the comparison result Re for the identification data D_i, it is determined whether the candidate member device MD_c belongs to the device set DS.
例如,比較結果Re可以是識別裝置200生成的確認資料Ca與候選成員裝置MD_c生成的確認資料Ca之間的比較結果,如在步驟509中生成的結果。For example, the comparison result Re may be a comparison result between the confirmation material Ca generated by the
上述描述示出了裝置識別方法的其它細節,因此,為簡潔起見,此處省略其它細節。The above description shows other details of the device identification method, and therefore, for the sake of brevity, other details are omitted here.
第9圖是根據本申請一實施例示出的一種裝置的結構的框圖,裝置900可以用作上述識別裝置200及成員裝置MD_1或候選成員裝置MD_c。如第9圖所示,裝置900包括存儲裝置(storage device)901、處理電路(processing circuit)903和通訊介面905。存儲裝置901存儲至少一段程式碼,以及,處理電路903執行該程式碼以執行上述步驟。通訊裝置903被配置為發送資料及接收資料。請注意,存儲裝置901可以是位於識別裝置200外部的存儲裝置,例如網路硬碟,而不僅限於位於裝置900中。FIG. 9 is a block diagram showing the structure of a device according to an embodiment of the present application. The
鑒於上述實施例,成員裝置能夠被很容易地找到並且在配對之前能夠被嚴格地認證,從而,可以確保使用者的裝置與可靠的裝置配對。In view of the above-mentioned embodiments, the member device can be easily found and can be strictly authenticated before pairing, thereby ensuring that the user's device is paired with a reliable device.
本領域技術人員將容易地觀察到,在保持本發明的教導的同時,可以對裝置和方法進行多種修改和變更。因此,以上公開內容應被解釋為僅由所附申請專利範圍的界限來限定。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。Those skilled in the art will readily observe that while maintaining the teachings of the present invention, various modifications and changes can be made to the device and method. Therefore, the above disclosure should be construed as being limited only by the limits of the scope of the appended application. The foregoing descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the scope of the patent application of the present invention shall fall within the scope of the present invention.
100:行動電話 D_N,D_Y:顯示器 S_N,S_Y:揚聲器 200:識別裝置 MD_c:候選成員裝置 MD_1,MD_2,…,MD_n:成員裝置 301,303,305,307,309,311,313,315,317:步驟 401,402,403,404,405,406,407,408,409,410,411:步驟 501,502,503,505,507,509,511,513,515:步驟 DS:裝置集合 701,703,705,707,709,711,713,715,717,719:步驟 801,803,805,807:步驟 900:裝置 901:存儲裝置 903:處理電路 905:通訊裝置100: mobile phone D_N, D_Y: display S_N, S_Y: speaker 200: identification device MD_c: Candidate member device MD_1,MD_2,…,MD_n: member device 301,303,305,307,309,311,313,315,317: steps 401,402,403,404,405,406,407,408,409,410,411: steps 501,502,503,505,507,509,511,513,515: steps DS: device collection 701,703,705,707,709,711,713,715,717,719: steps 801,803,805,807: steps 900: device 901: storage device 903: Processing Circuit 905: Communication device
第1圖是示出相關的藍芽裝置配對方法的操作的示意圖。 第2圖是根據本申請一實施例示出的一種裝置配對方法的操作的示意圖。 第3圖是根據本申請一實施例示出的裝置配對方法的步驟的示意圖。 第4圖是示出的用於藍芽配對的原來的(original)帶外(OOB)認證的步驟的流程示意圖。 第5圖是根據本申請一實施例示出的用於藍芽配對的經修改的帶外(OOB)認證的步驟的流程示意圖。 第6圖是根據本申請的另一實施例示出的一種裝置配對方法的操作的示意圖。 第7圖是根據本申請的另一實施例示出的一種裝置配對方法的步驟的示意圖。 第8圖是根據本申請的實施例示出的一種裝置識別方法的流程示意圖。 第9圖是根據本申請一實施例示出的一種裝置的結構的框圖。Fig. 1 is a schematic diagram showing the operation of the related Bluetooth device pairing method. Figure 2 is a schematic diagram showing the operation of a device pairing method according to an embodiment of the present application. Figure 3 is a schematic diagram showing the steps of a device pairing method according to an embodiment of the present application. Figure 4 is a schematic flow chart showing the steps of original out-of-band (OOB) authentication for Bluetooth pairing. FIG. 5 is a schematic flowchart of the modified out-of-band (OOB) authentication steps for Bluetooth pairing according to an embodiment of the present application. Fig. 6 is a schematic diagram showing the operation of a device pairing method according to another embodiment of the present application. Fig. 7 is a schematic diagram showing the steps of a device pairing method according to another embodiment of the present application. Figure 8 is a schematic flowchart of a device identification method according to an embodiment of the present application. Fig. 9 is a block diagram showing the structure of an apparatus according to an embodiment of the present application.
801、803、805、807:步驟 801, 803, 805, 807: steps
Claims (21)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/243,082 | 2019-01-09 | ||
| US16/243,082 US11057776B2 (en) | 2018-01-11 | 2019-01-09 | Device identifying method, identifying device, and device pairing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW202029686A true TW202029686A (en) | 2020-08-01 |
| TWI727604B TWI727604B (en) | 2021-05-11 |
Family
ID=71546988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW109100745A TWI727604B (en) | 2019-01-09 | 2020-01-09 | Device identifying method, identifying device, and device pairing method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111432381B (en) |
| TW (1) | TWI727604B (en) |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7068789B2 (en) * | 2001-09-19 | 2006-06-27 | Microsoft Corporation | Peer-to-peer name resolution protocol (PNRP) group security infrastructure and method |
| JP4554968B2 (en) * | 2004-03-26 | 2010-09-29 | 株式会社日立製作所 | Wireless communication terminal device in ad hoc network |
| US8850191B2 (en) * | 2011-04-28 | 2014-09-30 | Netapp, Inc. | Scalable groups of authenticated entities |
| CN104509143B (en) * | 2012-06-20 | 2018-09-07 | 策安保安有限公司 | Bluetooth pairing system, method and apparatus |
| US20150312331A1 (en) * | 2014-04-25 | 2015-10-29 | Shinkuro, Inc. | System and Method for Group Collaboration Using a Distributed Network File Repository |
| US10198182B2 (en) * | 2015-05-31 | 2019-02-05 | Apple Inc. | Synchronization and verification groups among related devices |
| CN105722013A (en) * | 2016-02-02 | 2016-06-29 | 深圳市文鼎创数据科技有限公司 | Bluetooth pairing method and device |
| US10292189B2 (en) * | 2016-05-17 | 2019-05-14 | Mediatek Inc. | Method of network configuration for wireless access point |
-
2020
- 2020-01-09 CN CN202010021611.XA patent/CN111432381B/en active Active
- 2020-01-09 TW TW109100745A patent/TWI727604B/en active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111432381A (en) | 2020-07-17 |
| CN111432381B (en) | 2023-04-28 |
| TWI727604B (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10659454B2 (en) | Service authorization using auxiliary device | |
| US10182255B2 (en) | Method, terminal, and system for communication pairing of a digital television terminal and a mobile terminal | |
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| US8572375B2 (en) | Device pairing based on graphically encoded data | |
| US12041189B2 (en) | Method for storing and recovering key for blockchain-based system, and device therefor | |
| EP3180887B1 (en) | System and method for shared key agreement over untrusted communication channels | |
| US10305900B2 (en) | Establishing a secure connection between a master device and a slave device | |
| WO2019228270A1 (en) | Method and device for accessing wireless router and computer readable storage medium | |
| JP2013535860A (en) | Indirect device communication | |
| WO2017185511A1 (en) | Data processing method, device, and terminal | |
| US10097524B2 (en) | Network configuration method, and related apparatus and system | |
| WO2018049892A1 (en) | Data transmission method and apparatus, and terminal | |
| US20140215585A1 (en) | System and method for synchronizing connection credentials | |
| US20230161525A1 (en) | First communication device and non-transitory computer-readable medium storing computer-readable instructions for first communication device | |
| WO2022111016A1 (en) | Mobile network access system and method, and storage medium, and electronic device | |
| US20160028697A1 (en) | Method, system and device for establishing link | |
| WO2020220694A1 (en) | Router, network connection method and mobile terminal | |
| US11057776B2 (en) | Device identifying method, identifying device, and device pairing method | |
| US20140105394A1 (en) | System and method for enabling a host device to securely connect to a peripheral device | |
| US10242177B2 (en) | Wireless memory device authentication | |
| CN109075966B (en) | Communication security system and method | |
| TWI727604B (en) | Device identifying method, identifying device, and device pairing method | |
| US9622075B2 (en) | System and method for adaptive multifactor authentication | |
| US20220103350A1 (en) | Electronic device for selecting key to be used for encryption on basis of amount of information of data to be encrypted, and operation method of electronic device | |
| CN117041956A (en) | Communication authentication method, device, computer equipment and storage medium |