WO2014064947A1 - Procédé et système de détermination d'état de confiance entre dispositifs - Google Patents

Procédé et système de détermination d'état de confiance entre dispositifs Download PDF

Info

Publication number
WO2014064947A1
WO2014064947A1 PCT/JP2013/052282 JP2013052282W WO2014064947A1 WO 2014064947 A1 WO2014064947 A1 WO 2014064947A1 JP 2013052282 W JP2013052282 W JP 2013052282W WO 2014064947 A1 WO2014064947 A1 WO 2014064947A1
Authority
WO
WIPO (PCT)
Prior art keywords
viewing
list
network
public key
inter
Prior art date
Application number
PCT/JP2013/052282
Other languages
English (en)
Japanese (ja)
Inventor
淳也 榎本
Original Assignee
Enomoto Junya
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enomoto Junya filed Critical Enomoto Junya
Publication of WO2014064947A1 publication Critical patent/WO2014064947A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Definitions

  • the present invention relates to a method for determining a trust state between devices in a computer network.
  • Patent Document 1 describes a technique for operating a liquid crystal television from a mobile phone through a wireless LAN (paragraph 0035 of the same document).
  • connection processing between the liquid crystal television and the mobile phone is performed (paragraph 0146 of the same document).
  • the mobile phone (operating device) is connected to all the devices in the area unless otherwise specified.
  • the operating device can be operated.
  • an operating device that should operate a predetermined operated device may erroneously operate another operated device.
  • the trust state between the operating device and the operated device is registered in advance, and thereafter, the operation is permitted only between the trusted operating device and the operated device.
  • This invention makes it a subject to determine the trust state between apparatuses by 1 Way communication.
  • the present invention adopts the following configuration. That is, A method for determining a trust state between one device on a network and the other device, and storing the public key of the one device when the other device trusts the one device Means, the other device receives the data signed by the private key of the one device and sent to the network from the one device, and the other device applies the data by the public key.
  • This is an inter-device trust state determination method that determines that the one device is a trusted device when the signature verification is successful.
  • the trust state between devices can be determined by one-way communication from one device to the other device.
  • FIG. 5 It is a system configuration figure showing an embodiment of the present invention. It is explanatory drawing of the system shown in FIG. It is a block block diagram of the operating device SP shown in FIG.1 and FIG.2.
  • FIG. 3 is a block configuration diagram of the viewing device SK shown in FIGS. 1 and 2. It is a flowchart which shows the procedure which determines the trust state between viewing-and-listening apparatus SK and operating device SP.
  • FIG. 6 is a data structure diagram of the discovery packet Dp shown in FIG. 5.
  • FIG. 1 is a configuration diagram of a content viewing system according to an embodiment of the present invention.
  • a viewing device SK is connected to the television monitor MON.
  • the viewing device SK outputs a video signal and an audio signal to the monitor MON.
  • the viewing device SK performs wireless communication in accordance with Wi-Fi (Wireless Fidelity) with the operation device SP via an access point AP of a wireless LAN (Local Area Network).
  • Wi-Fi Wireless Fidelity
  • the access point AP is connected to a WAN (Wide Area Network) by wire.
  • the WAN is provided with a content server CS, and the controller device SP communicates with the content server CS via the AP.
  • the viewing device SK also communicates with the content server CS via the AP.
  • Communication between the operation device SP and the viewing device SK is permitted after confirming that the device is “trusted” and is performed via a logical communication path. Further, communication between the operating device SP and the content server CS and communication between the viewing device SK and the content server CS are also performed via a logical communication path.
  • the operating device SP controls the operation of the viewing device SK by wireless communication.
  • one operating device SP and one viewing device SK are illustrated, but actually, there are a plurality of operating devices SP within a communicable range through the access point AP.
  • the operation device SP1 may operate the viewing device SK1, or the operation device SP1 may operate the viewing device SK2.
  • the controller device SP2 may operate the viewing device SK1, and the controller device SP2 may operate the viewer device SK1.
  • a combination (pair) of the “trusted” operating device SP and the viewing device SK is previously set. Register.
  • the operation device SP is obtained by installing a predetermined application (application) on a smartphone having a Wi-Fi interface.
  • the viewing device SK is housed in a stick-shaped housing having the same size as a commercially available USB memory.
  • the stick has a width of about 23 mm and a length of about 65 mm.
  • This chassis has a built-in Wi-Fi interface and an HDMI (High-Definition Multimedia Interface) terminal for video / audio output.
  • the operating device SP has the configuration shown in FIG.
  • the operating device (smart phone) SP includes computer components, executes an OS (Operating System) on various hardware (H / W), and further executes various application programs (applications) on the OS. ).
  • OS Operating System
  • applications application programs
  • the operating device SP includes, as hardware, a processing device that realizes various functions by executing a program, and a storage device that stores information processed by the processing device. Moreover, it has the input device for a user to input information, and the display apparatus which displays information to a user. Further, a communication device for communicating with the viewing device SK is provided.
  • the input device is a touch panel or a voice input device
  • the display device is a liquid crystal display.
  • the communication device is a Wi-Fi interface as described above.
  • the operation application and other applications are started.
  • Various operations of the operation device SP are executed by the processing device executing the operation application.
  • the storage device of the operating device SP stores the public key of the viewing device SK that has a “trusted” relationship with the operating device SP.
  • the viewing device SK also includes a computer component, executes an OS (Operating System) on various hardware (H / W), and further executes various application programs (applications) on the OS. .
  • OS Operating System
  • applications application programs
  • Hardware includes a processing device that realizes various functions by executing a program, and a storage device that stores information processed by the processing device. Also, an input interface (input I / F) for connecting an input device and a display interface (display I / F) for connecting a display device are provided. Further, a communication device for communicating with the operation device SP is provided.
  • the input I / F is a USB terminal and is provided mainly for the purpose of connecting a USB device during maintenance.
  • the display I / F is an HDMI terminal
  • the communication device is a Wi-Fi interface.
  • viewing apps and other apps are launched.
  • various operations of the viewing device SK are performed.
  • the viewing device SK continues to periodically send out discovery packets Dp to all operating devices SP connected to the access point AP.
  • Each operating device SP connected to the AP receives the discovery packet Dp.
  • All the operation devices SP execute the same process.
  • each operation device SP receives the discovery packet Dp from the plurality of viewing devices SK.
  • the discovery packet Dp has a data structure shown in FIG. That is, the discovery packet Dp includes “StickID”, “Stick name”, “IP_Address”, and “MSG”. “MSG” is message data generated by the viewing device SK and includes “C_Mode”, “Reserve”, and “P_Code”.
  • “StickID” is a terminal unique ID of the viewing device SK, and when the “Stick name” is not assigned or when the “Stick name” is duplicated with other viewing devices, the operation device SP is the viewing device SK. Used to identify It is assumed that “StickID” is generated before shipment of the viewing device SK and embedded in the storage unit of the viewing device SK in advance.
  • “Stick name” indicates the name of the viewing device SK.
  • the “Stick name” can be arbitrarily given by the user of the viewing device SK, and when there are a plurality of viewing devices SK connected to the AP, the user of the operating device SP knows each viewing device SK. This is to display the name easily.
  • the “Stick name” may be changed by the user of the viewing device SK, and is not always the same name. Therefore, it is not always possible to uniquely identify the viewing device SK by “Stick name”.
  • IP_Address indicates the current IP address of the viewing device SK, and is used as information for connecting the operation device SP to the viewing device SK.
  • the IP address may change depending on the network environment.
  • C_Mode is a flag indicating whether the connection to the viewing device SK in the Wi-Fi network should be a BBS connection or a Wi-Fi direct connection. This flag is used as information for the user application of the controller device SP to know which connection mode should be connected to the viewing device SK.
  • the configuration of the BBS connection via the access point AP is shown in FIG. 1, but the communication between the viewing device SK and the operation device SP may be performed by Wi-Fi direct connection.
  • “Reserve” is a reserved area for future expansion.
  • P_Code is data signed with the private key of the viewing device SK that is the transmission source, and is used to determine whether the operating device SP is in a “trusted” relationship with the viewing device SK that is the transmission source. .
  • the controller device SP receives the discovery packet Dp sent from the viewing device SK (S1), and extracts message data MSG (S2). Subsequently, the controller device SP verifies the signature of P_Code included in the extracted message data MSG with the public key registered in the storage device of the own device in advance (S3, S4).
  • the public key (verification key) of the viewing device SK corresponding to the private key (signature key) of the viewing device SK is the operating device. It is registered in advance in the SP storage device.
  • the controller device SP adds the viewing device SK that has been successfully verified (“trusted” viewing device SK) to the registered online SK list (S5).
  • the registered online SK list In the registered online SK list, the Stick name, StickID, and IP_Address of the viewing device SK are associated and registered. These pieces of information are acquired from the received discovery packet Dp.
  • the registered online SK list is held in the storage device.
  • the controller device SP adds the viewing device SK that failed to be verified (the viewing device SK that is not “trusted”) to the unregistered SK list (S6).
  • the unregistered SK list the Stick name, StickID, and IP_Address of the viewing device SK are registered in association with each other. These pieces of information are acquired from the received discovery packet Dp.
  • a registered offline SK list can be generated by listing the StickID and the Stick name associated with the remaining public key except for the public key. That is, it is possible to generate a list of viewing devices SK that are “trusted” but are currently offline.
  • the controller device SP reads the registered online SK list from the storage device and displays the list on the display device.
  • the operation device SP receives selection of one viewing device SK from the list displayed on the display device, the operation device SP starts predetermined communication with the viewing device SK in order to operate the selected viewing device SK.
  • the controller device SP reads the unregistered SK list from the storage device and displays the list on the display device.
  • the operation device SP receives selection of one viewing device SK from the list displayed on the display device, the operation device SP makes a predetermined connection with the viewing device SK in order to place the selected viewing device SK in a “trusted” state. Start communication.
  • the controller device SP reads the offline SK list from the storage device and displays the list on the display device. By confirming the display, the user can know that the viewing device SK owned by the user is not currently connected to the network or is not turned on. Further, it is possible to improve convenience such as making it possible to use the offline viewing device SK again by using a screen like a wizard.
  • the operating device SP stores in advance the public key of the viewing device SK that is “trusted”, and then verifies the signature of the data received from the viewing device SK using the public key. Thus, it is determined whether or not the viewing device SK is “trusted”, so that the trust state between the devices can be determined by 1-way communication from the viewing device SK to the operation device SP.
  • the present invention is not limited to the above embodiment.
  • the trust state between the viewing device SK and the operation device SP is determined.
  • the present invention is not limited to this, and is used when determining the trust state between one device and the other device. Can do.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Le but de l'invention est de déterminer l'état de confiance entre dispositifs par une communication à une voie. Ce procédé permet de déterminer l'état de confiance entre un premier dispositif (SK) et un second dispositif (SP) sur un réseau; si le premier dispositif (SK) est digne de confiance, le second dispositif (SP) comprend une clé publique du premier dispositif (SK) dans un moyen de stockage en vue d'une utilisation future. Ensuite, si le second dispositif (SP) reçoit des données signées par une clé privée du premier dispositif (SK) et transmises dudit premier dispositif (SK) au réseau, et réussit à vérifier la signature appliquée aux données à l'aide de la clé publique susmentionnée, le second dispositif (SP) détermine alors que le premier dispositif (SK) est un dispositif de confiance.
PCT/JP2013/052282 2012-10-26 2013-01-31 Procédé et système de détermination d'état de confiance entre dispositifs WO2014064947A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012-237315 2012-10-26
JP2012237315A JP2014087035A (ja) 2012-10-26 2012-10-26 装置間信頼状態判定方法及びシステム

Publications (1)

Publication Number Publication Date
WO2014064947A1 true WO2014064947A1 (fr) 2014-05-01

Family

ID=50544331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/052282 WO2014064947A1 (fr) 2012-10-26 2013-01-31 Procédé et système de détermination d'état de confiance entre dispositifs

Country Status (2)

Country Link
JP (1) JP2014087035A (fr)
WO (1) WO2014064947A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002162899A (ja) * 2000-11-27 2002-06-07 Hitachi Ltd プログラム認証機能付き電子機器およびプログラム認証処理方法
JP2007512795A (ja) * 2003-12-01 2007-05-17 サムスン エレクトロニクス カンパニー リミテッド ホームネットワークシステム及びその管理方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002162899A (ja) * 2000-11-27 2002-06-07 Hitachi Ltd プログラム認証機能付き電子機器およびプログラム認証処理方法
JP2007512795A (ja) * 2003-12-01 2007-05-17 サムスン エレクトロニクス カンパニー リミテッド ホームネットワークシステム及びその管理方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TAKU KATOH ET AL.: "IEEE1394 Content Protection System", TOSHIBA REVIEW, vol. 54, no. 7, 1 July 1999 (1999-07-01), pages 34 - 37 *

Also Published As

Publication number Publication date
JP2014087035A (ja) 2014-05-12

Similar Documents

Publication Publication Date Title
KR102242413B1 (ko) 앱을 다운로드하는 방법 및 앱을 실행시키는 방법
US20210258309A1 (en) Inter-application delegated authentication
CA2910249C (fr) Synchronisation de donnees d'association de dispositifs parmi des dispositifs informatiques
US20150095933A1 (en) Device Pairing
US9043856B2 (en) Remote control of program receiving devices
KR102030549B1 (ko) 클라이언트 디바이스들과 제1 스크린 디바이스들 사이의 발견 및 연결 프로토콜들의 상호운용성
JP2015520436A (ja) ウェブクライアントがウェブサービスを提供するのを可能にすること
WO2016202200A1 (fr) Procédé et appareil de vérification de données et système de télévision intelligent
EP3101904B1 (fr) Liste blanche distribuée pour renouvellement de sécurité
CN108293199B (zh) 提供事件管理服务的电子装置和方法
EP2860624A1 (fr) Appareil terminal et procédé permettant de se connecter à un serveur virtuel dans une infrastructure de bureau virtuel
CN115103150A (zh) 音视频在线会议的接入方法、装置、设备及介质
US20150030012A1 (en) Communication device
JP2024016164A (ja) 情報処理方法および情報処理システム
US20150312512A1 (en) Switching tv channels using a mobile device and a set-top box
WO2014064947A1 (fr) Procédé et système de détermination d'état de confiance entre dispositifs
WO2018000635A1 (fr) Procédé et dispositif de configuration d'interface
KR101758139B1 (ko) Hdmi 동글에서 와이파이 상태를 관리하는 장치 및 방법
CN117650903A (zh) 被控设备和设备授权管理方法、及存储介质
CN114003433A (zh) 用于备份管理的方法、设备、介质和系统
JP2010257186A (ja) シンクライアントサーバ及びクライアント端末
KR20130036584A (ko) 암호화 제어 방법 및 이를 지원하는 네트워크 시스템과 단말기 및 단말기 운용 방법
JP2013098847A (ja) 電話システムとその電話端末、主装置、および設定方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13849468

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 18.08.2015 (FORM 1205A)

122 Ep: pct application non-entry in european phase

Ref document number: 13849468

Country of ref document: EP

Kind code of ref document: A1