WO2018099285A1 - 物联网设备的烧录校验方法及装置、身份认证方法及装置 - Google Patents
物联网设备的烧录校验方法及装置、身份认证方法及装置 Download PDFInfo
- Publication number
- WO2018099285A1 WO2018099285A1 PCT/CN2017/111803 CN2017111803W WO2018099285A1 WO 2018099285 A1 WO2018099285 A1 WO 2018099285A1 CN 2017111803 W CN2017111803 W CN 2017111803W WO 2018099285 A1 WO2018099285 A1 WO 2018099285A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identity
- internet
- burning
- things
- private key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
Definitions
- the present invention relates to the field of data processing technology of the Internet of Things, and particularly to a method and device for verifying the burning of an Internet of Things device, and a method and device for authenticating the identity of the Internet of Things device, and an identity authentication system.
- the Internet of Things is the Internet connected to things. Therefore, the core and foundation of the Internet of Things is the Internet, which is an extended and extended network based on the Internet. Moreover, the client end of the Internet of Things extends and extends to any item and item for information exchange and communication, that is, things. Things meet.
- IoT devices For information interaction, each IoT device needs to use an identity to uniquely identify itself. In general, the identity and the device private used by the IoT device in communication The key is pre-programmed in the IoT device.
- the identity and device private keys between the IoT devices may be maliciously stolen because they may have some kind of association and are directly burned in the storage space of the IoT device. Further, when subsequent communication between the IoT devices is caused, there may be cases where the other devices pretend to be the IoT device to request the service from the Internet of Things service platform, which cannot guarantee the security of the Internet of Things service and the secure operation of the server platform side.
- the inventor found in the research process that if the identity and device private key are burned, the legality of the burning production line is verified by the burning verification device, and the verification is unified by the burning verification device. IoT devices are allocated, and the identity and device private keys are directly burned into the trusted execution environment when the IoT device is burned. Therefore, on the one hand, the programming verification device uniformly assigns the identity identifier and the device private key after verifying the burning production line, and on the other hand, the identity identifier and the device private key are also burned in the trusted execution environment to ensure the identity identification. And the security of the device private key.
- the IoT device when performing the identity authentication of the Internet of Things device, the IoT device is used to generate an authorization code, and the authorization code includes not only the device private key burned in the trusted execution environment, but also the platform-side identity authentication device.
- the generated random number which ensures that only the IoT device that initiated the IoT service request can pass the platform side.
- the identity authentication therefore, enhances the security of the IoT service and ensures the safe operation of the platform side.
- the present application provides a method for verifying the registration of the Internet of Things identity information and an authentication method for the identity of the Internet of Things device, which are used for identity identification and public and private use of the IoT device by the programming verification device.
- the method of key distribution is uniformly sent to the burning production line for burning into the trusted execution environment of the IoT device, thereby reducing the risk and possibility of identity identification and device private key being stolen; and, in the Internet of Things
- the identity authentication device on the platform side can verify the identity of the IoT device through the authorization code generated by the IoT device, and can also improve the security of the Internet of Things identity authentication.
- the application also provides a programming verification device, an identity authentication device and an identity authentication system for ensuring the implementation and application of the above method in practice.
- the present application discloses a method for verifying the burning of an Internet of Things device, which is applied to a burning and verifying device, and the method includes:
- the programming verification device receives a programming request sent by the burning production line, and the programming request is used to request the programming verification device to assign an identity identifier and a device key to the Internet of Things device to be burned;
- the key includes the device private key and the device public key;
- the programming verification device verifies whether the burning request is legal, and if yes, assigns an identity and a device key to the IoT device to be burned;
- the programming verification device sends the identity identifier and the device private key to the burning production line, so that the burning production line burns the identity identifier and the device private key to the corresponding Internet of Things device.
- the device key includes a device private key and a device public key. After the burn-in production line burns the identity identifier and the device private key to the corresponding IoT device, the method further includes:
- the programming verification device receives the burning result returned by the burning production line, wherein the burning result is used to indicate: a correspondence between the IoT device and the burned identity and the device private key;
- the programming verification device sends the programming result to the identity authentication device, so that the identity authentication device verifies whether the device private key of the Internet of Things device is legal according to the programming result when authenticating the Internet of Things device .
- the programming verification device sends the identity identifier and the device private key to the burn-in production line, so that the burn-in production line burns the identity identifier and the device private key to the corresponding Internet of Things.
- Equipment including:
- the burning verification device sends the identity identifier and the device private key to the burning production line, so that the burning production line burns the identity identifier and the device private key to the corresponding Internet of Things device.
- the IoT device has a separate storage space as a trusted execution environment.
- the present application discloses a method for burning an Internet of Things device, which is applied to a burn-in production line, and the method includes:
- the programming request is used to request the programming verification device to assign an identity identifier and a device key to the IoT device to be burned;
- the device key includes the device Private key and device public key;
- the burn-in result is used to indicate a correspondence between the IoT device and the burned identity and the device private key.
- the present application discloses an identity authentication method for an Internet of Things device.
- the method is applied to an identity authentication device in an identity authentication platform.
- the identity authentication platform is located in an identity authentication system, and the identity authentication system further includes: an Internet of Things service.
- the identity authentication device in response to the IoT device transmitting a request for generating a random number to the identity authentication device, the identity authentication device generates a random number according to the request identifier in the generated random number request; the IoT device has an independent storage space as a trusted execution environment in which the device private key and the identity of the IoT device are burned;
- the identity authentication device sends the random number to the Internet of Things device, so that the IoT device generates an authorization code according to the random number and the device private key, and initiates a service request to the Internet of Things service platform, the service
- the request includes: a service content and the authorization code
- the identity authentication device verifies whether the authorization code is legal
- the identity authentication device confirms that the identity of the IoT device is legal, and if not, the identity authentication device confirms that the identity of the IoT device is invalid.
- the authorization code includes: a device private key and the random number, and the identity authentication device verifies whether the authorization code is legal, in response to the IoT service platform transmitting the authorization code, including:
- the identity authentication device verifies whether the random number in the authorization code sent by the Internet of Things service platform is consistent with the generated random number, and whether the device private key is a burning result sent by the programming verification device.
- the device private key included in the device is included in the device.
- the method further includes:
- the identity authentication device sends a session key generation instruction to the Internet of Things service platform, where the session key generation instruction is used to instruct the Internet of Things service platform to generate a session key;
- the identity authentication device sends the session key returned by the Internet of Things service platform to the Internet of Things device,
- the IoT server platform and the IoT device communicate with the session key.
- the method further comprises:
- the identity authentication device deletes the burned identity or the device private key related burning result.
- the method further comprises:
- the identity authentication device deletes the identity and the device private key burned in the Internet of Things device.
- the application further includes a programming verification device for the Internet of Things device, the programming verification device comprising:
- a first receiving unit configured to receive a programming request sent by the burning production line, where the programming request is used to request the programming verification device to assign an identity identifier and a device key to the IoT device to be burned;
- the device key includes a device private key and a device public key;
- An allocating unit configured to allocate an identity identifier and a device key to the to-be-burned Internet of Things device if the result of the verification license unit is YES;
- the first sending unit is configured to send the identity identifier and the device private key to the burning production line, so that the burning production line burns the identity identifier and the device private key to the corresponding Internet of Things device.
- the device further comprises:
- a second receiving unit configured to receive a burning result returned by the burning production line, where the burning result is used to indicate: a correspondence between the IoT device and the burned identity and the device private key;
- a second sending unit configured to send the burning result to the identity authentication device, so that the identity authentication device verifies the device private key of the Internet of Things device according to the burning result when authenticating the Internet of Things device is it legal.
- the first sending unit is specifically configured to:
- the IoT device has a separate piece of storage space as a trusted execution environment.
- the application also includes a burning device for an Internet of Things device, the device comprising:
- a third sending unit configured to send a programming request to the programming verification device, where the programming request is used to request the programming verification device to allocate an identity identifier and a device key for the Internet of Things device to be burned;
- the device key includes a device private key and a device public key;
- a burning unit configured to burn the identity identifier and the device private key into the Internet of Things device in response to the burning verification device transmitting the identity and the device key;
- And returning a result unit configured to return a burning result to the burning verification device, where the burning result is used to indicate a correspondence between the IoT device and the burned identity and the device private key.
- the application further includes an identity authentication device of the Internet of Things device, the identity authentication device is integrated on the identity authentication platform, the identity authentication platform is located in the identity authentication system, and the identity authentication system further includes: an Internet of Things service platform and An IoT device, the IoT service platform is configured to provide an IoT service to the IoT device; the identity authentication device includes:
- the IoT device has an independent storage space As a trusted execution environment, the device execution key and the identity identifier of the IoT device are burned in the trusted execution environment;
- Transmitting a random number unit configured to send the random number to the IoT device, so that the IoT device generates an authorization code according to the random number and the device private key, and initiates a service request to the Internet of Things service platform, where
- the service request includes: a service content and the authorization code;
- a verification authorization code unit configured to send the authorization code to the identity authentication device in response to the Internet of Things service platform, to verify whether the authorization code is legal;
- a first confirming unit configured to confirm that the identity of the IoT device is legal if the result of the verifying the authorization code unit is YES;
- a second confirming unit configured to confirm that the identity of the IoT device is illegal if the result of the verifying the authorization code unit is negative.
- the verification authorization code unit includes:
- a verification subunit configured to check whether a random number in the authorization code sent by the Internet of Things service platform is consistent with a random number generated by the generated random number unit, and whether the device private key is the The device private key included in the burning result sent by the programming verification device.
- the device further comprises:
- a fourth sending unit configured to send a session key generation instruction to the Internet of Things service platform, where the session key generation instruction is used to instruct the Internet of Things service platform to generate a session key
- a fifth sending unit configured to send the session key returned by the Internet of Things service platform to the IoT device, so that the IoT device and the IoT server platform use the session key to communicate.
- the device further comprises:
- a first deleting unit configured to delete the burned identity or the device private key related burning result if the identity identifier or the device private key is leaked from the trusted execution environment.
- the device further comprises:
- a second deleting unit configured to delete the identity and the device private key burned in the Internet of Things device if the identity identifier or the device private key is leaked from the trusted execution environment.
- the application further includes an identity authentication system for an Internet of Things device, the identity authentication system including an identity authentication platform, an Internet of Things device, and an Internet of Things service platform;
- the identity authentication platform includes: the foregoing burning verification device, and the foregoing identity authentication device.
- the present application includes the following advantages:
- the burning production line burns the Internet of Things device
- the production license of the burning production line is verified by the burning verification device, and if the verification passes through the Internet of Things.
- the device assigns the identity identifier and the corresponding device public key and the device private key, and the identity identifier and the device private key are both burned in the trusted execution environment of the IoT device, so that the security of the burning IoT device is greatly increased.
- the burning production line can also request the identification of the IoT device and the device public private key in batches from the burning verification device, thereby improving the efficiency of burning.
- the programming verification device sends the burned result to the identity authentication device for storage, thereby registering the burned IoT device, which causes the subsequently registered object. It is possible for the networked device to successfully verify the identity and improve the security of the authentication process of the subsequent IoT device.
- Mr. Cost initiates the request identifier of the IoT service request, and then requests the identity authentication device to generate a random number according to the request identifier, and the IoT device generates the random number according to the identity authentication device.
- the unique authorization code ensures that only the IoT device that initiated the IoT request can pass the verification of the identity authentication device. Therefore, the security of the authentication is also improved, thereby ensuring the security of the Internet of Things service.
- FIG. 1 is an architectural diagram of a burning scenario of identity information of an Internet of Things device of the present application
- FIG. 2 is a flow chart of an embodiment of a method for burning a verification of an Internet of Things device of the present application
- FIG. 3 is an architectural diagram of an identity authentication scenario of an Internet of Things device of the present application.
- FIG. 4 is a flowchart of an embodiment of an identity authentication method of an Internet of Things device of the present application
- FIG. 5 is a structural block diagram of an embodiment of a programming verification device of the present application.
- FIG. 6 is a structural block diagram of an identity authentication apparatus of the present application.
- IoT devices Refers to devices that interact with information in the Internet of Things (IoT), such as smart appliances.
- IoT Internet of Things
- the identity of the IoT device can uniquely identify the IoT device in the Internet of Things.
- the Trusted Execution Environment is a secure area on the main processor of an IoT device that guarantees the security, confidentiality, and integrity of the code and data stored in the secure area.
- the device key including the device public key and the device private key, the device public key and the device private key are symmetrically used.
- the server side uses the device public key to decrypt the data; otherwise, the server When the side encrypts the data using the device public key, the IoT device decrypts using the device private key.
- FIG. 1 it is a scenario architecture diagram of a method for verifying the burning of an Internet of Things device in an actual application in the embodiment of the present application.
- the manufacturer of the IoT device needs to burn the device information of the IoT device.
- the assembly line used by the manufacturer to burn the IoT device is called the burn-in production line.
- the burning production line 102 in FIG. 1 can send a burning license pre-agreed with the burning verification device, and send it to the burning verification device 101 in FIG. 1 through the programming request, requesting the burning verification device 101.
- the IoT device 103 to be burned is assigned an identity, a device public key, and a device private key.
- the identity identifier can uniquely identify the Internet of Things device in the Internet of Things, the device public key Symmetrical use with the device private key.
- the server side uses the device public key to decrypt the data; otherwise, when the server side uses the device public key to encrypt the data, the IoT device uses the device.
- the private key is decrypted.
- the burning and verifying device will verify the burning license, and if it is legal, assign the identity and the device public key and private key to the IoT device to be burned, and send it to the burning production line.
- the production line burns the identity and device private key to the IoT device.
- the logistics network equipment will return the burning result, for example, which IoT device burns the information of the device private key, to the burning production line, burn the production line and send the burning result to the burning.
- the verification device 101 is recorded.
- the burn-in verification device 101 can also transmit the burn-in result to the identity authentication device 104 to register the successfully-written IoT device at the identity authentication device 104.
- FIG. 2 a flowchart of an embodiment of a method for verifying the burning of an Internet of Things device of the present application is shown.
- the embodiment may include the following steps:
- Step 201 The burn-in production line sends a burn-in request to the burn-in verification device.
- the burn-in license can be carried in the burn-in request and sent to the burn-in verification device, and the burn-in request is used to request the burn-in school.
- the inspection device assigns an identity, a paired device public key, and a device private key to the IoT device to be burned.
- the burning license is a serial number for burning the production line to the IoT device, and the serial number can be composed of characters and/or numbers, for example, “AKJ20151012”, etc., “AKJ” can indicate burning. Record the manufacturer's code, "20151012" is used to indicate time and so on.
- the burning verification device can pre-store the legal burning license "AKJ1234" of the burning production line, so as to verify the legality of the received burning license.
- a plurality of IoT devices can be applied for the identification of the identity and the device key in batches, so that the programming between the burning verification device and the burning production line can be reduced.
- the allocation of bulk IoT devices is realized in the case of the number of communications; of course, the request for identity and device key can also be requested for an IoT device in the burning request.
- Step 202 The burning verification device verifies whether the burning request is legal. If yes, the process proceeds to step 203.
- the verification verification device can implement the verification of the legality of the burning request by verifying the legality of the burning license in the burning request, for example, according to the pre-stored burning license, the received verification
- the burning licenses sent by the burning production line are compared. If they are consistent, the burning license in the burning request is considered to be legal. If it is inconsistent, it is considered illegal.
- the burn-in verification device can use a separate database to store the burn-in license, for example, to save the correspondence between each manufacturer and the separately permitted burn-in license. For example, the burning license number extracted from the burning request by the programming verification device is "AKJ1234", and the burning request is the burning of the burning manufacturer whose code is "AKJ".
- the burning verification device can find the burning license number corresponding to "AKJ" from the database as "AKJ1234". In this case, it is considered legal. If it is inconsistent, it is considered illegal.
- the programming verification device can refuse to burn the burning request sent by the production line, and no longer assign the identity and the device public key and the private key to the IoT device to be burned.
- Step 203 The programming verification device allocates an identity identifier and a device key to the IoT device to be burned.
- the programming verification device then assigns a unique identity to the IoT device to be burned, and a pair of device keys, including the device public key and the device private key.
- the programming verification device may randomly generate different serial numbers for each IoT device according to a method for producing a unique serial number, or assign a different serial number to each IoT device according to a preset manner.
- the programming verification device may maintain an identity information table in which a batch of identity identifiers to be assigned and device keys corresponding to the respective identity identifiers (including device public keys and The device private key), the programming verification device can sequentially obtain the identity and the device key from the information table to be allocated to the Internet of Things device.
- the burn-in production line can send the burn-in request to the burn-in verification device by means of digital signature, and the burn-in verification device can also verify the signature after receiving the burn-in request for digital signature.
- Information if legal, considers the burning license to be legal.
- Step 204 The programming verification device sends the identity identifier and the device private key to the burning production line.
- the programming verification device After the identity verification device, the device public key, and the device private key are assigned, the programming verification device sends the identity identifier and the device private key to the burning production line.
- Step 205 The burning production line burns the identity identifier and the device private key to the corresponding Internet of Things device.
- the burning production line can burn the identity and device private key into the IoT device.
- the programming verification device can burn the identity identifier and the device private key to a separately divided piece as a trusted execution environment.
- the Trusted Execution Environment is a security zone on the main processor of the IoT device, which ensures the security, confidentiality, and integrity of the code and data loaded into the security zone.
- TEE provides an isolated execution environment that provides security features including isolated execution, integrity of trusted applications, confidentiality of trusted data, and secure storage.
- Step 206 The burn-in production line sends the burned result to the burn-in verification device.
- the programming result of which identity and device private key is burned in the IoT device is sent to the programming verification device.
- the burning result can be, for example, the identity of the burning in the Internet of Things device A is "123456789", and the private key of the device is "XKNHJH”.
- Step 207 The programming verification device sends the burning result to the identity authentication device.
- the programming verification device then sends the burning result to the identity authentication device, and the identity authentication device saves the burning result, thereby registering the successfully-written IoT device on the platform side.
- the production license of the burning production line is verified by the burning verification device, and if the verification passes, The IoT device assigns the identity and the corresponding device public key and device private key, and the identity and device private key are burned in the trusted execution environment of the IoT device, so that the security of the burning IoT device is greatly improved.
- the addition and simultaneous burning of the production line can also request the identity of the IoT device and the device public and private key in batches from the programming verification device, thereby improving the efficiency of programming.
- the programming verification device sends the burned result to the identity authentication device for storage, thereby registering the burned IoT device, which causes the subsequently registered object. It is possible for the networked device to successfully verify the identity and improve the security of the authentication process of the subsequent IoT device.
- the identity authentication system may include: an Internet of Things service platform 301, an identity authentication platform 302, and an Internet of Things device 303.
- the identity authentication platform 302 may include: an identity authentication device 104 and a burning verification device 101, and an Internet of Things.
- the Internet of Things service platform 301 may be a third-party platform capable of providing the Internet of Things (IoT) service to the Internet of Things device 103, such as a shopping platform capable of communicating with the Internet of Things device 103 to implement online ordering of the Internet of Things device 103, etc., etc., and the Internet of Things
- the device 103 may be a smart home appliance produced by a smart home appliance manufacturer, such as a smart refrigerator, etc., and may initiate a service request for online purchase of the food to the Internet of Things service platform 301 in the event that a certain food stored in the box is detected to be missing.
- the identity authentication platform 302 verifies the identity of the Internet of Things device 103 when the IoT device 303 requests the Internet of Things service from the Internet of Things service platform 301, and allows the Internet of Things service platform 301 if its identity is legal. Provide IoT services to IoT devices.
- FIG. 4 Based on the scenario architecture diagram shown in FIG. 3, with reference to FIG. 4, a flowchart of an embodiment of a method for identity authentication of an Internet of Things device is shown.
- the method is applied to an identity authentication device in an identity authentication platform.
- the authentication platform is located in the identity authentication system, and the identity authentication system further includes: an Internet of Things service platform and an Internet of Things device, where the Internet of Things service platform is used to provide the Internet of Things service to the Internet of Things device; the embodiment may include the following step:
- Step 400 In response to the burning verification device transmitting the burning result, the identity verification device saves the correspondence between the IoT device and the burned identity and the device private key.
- the programming verification device after the programming verification device receives the burning result returned by the burning production line, the programming result is sent to the identity verification device connected thereto, and the identity verification device can save the burning result.
- the burning result includes the identity of the IoT device and the correspondence between the private keys of the device burned on the IoT device.
- this step can also be performed at any step before the identity verification device performs verification on the IoT device in step 408, and the order does not affect the implementation of the embodiment.
- Step 401 The IoT device reads the identity identifier from the trusted execution environment, and generates a request identifier for identifying the IoT device request for the IoT device.
- the IoT device reads the burned identity from the trusted execution environment, so as to subsequently generate an authorization code corresponding to the identity for itself.
- the IoT device can generate a request identifier (sid) for the IoT service request.
- the request identifier can uniquely identify an IoT service request initiated by the IoT device, for example, A string or serial number consisting of letters and/or numbers.
- Step 402 The Internet of Things device sends a request for generating a random number to the identity authentication device in the identity authentication platform, where the random number request includes the request identifier.
- the IoT device carries the generated request identifier in the generated random number request and sends it to the identity authentication device in the identity authentication platform, and the generated random number request is simultaneously used to request the identity authentication device to generate a request for the current IoT service request. random number.
- Step 403 The identity authentication device generates a random number according to the request identifier.
- the identity authentication device After receiving the request for generating a random number sent by the Internet of Things device, the identity authentication device generates a random number for the IoT device according to the request identifier. Specifically, the random number may be generated by using a clock by requesting an identifier + a timestamp. For example, AJKBJ010-20160508, "AJKBJ010" is a request identifier, which is used to uniquely identify an Internet of Things request initiated by one device, and "20160508" For time.
- Step 404 The identity authentication device sends the generated random number to the Internet of Things device.
- the identity authentication device resends the generated random number to the Internet of Things device.
- Step 405 The IoT device generates an authorization code corresponding to the identity identifier according to the random number and the device private key.
- the IoT device generates an authorization code for the IoT service request based on the received random number and the device private key read from the trusted execution environment.
- the authorization code includes a device private key, a request identifier, and a random number information, and can be used to identify an Internet of Things device that currently initiates an IoT service request. Legality of preparation.
- Step 406 The IoT device initiates a service request to the Internet of Things service platform, where the service request may include: a service content and an authorization code.
- the IoT device After the authorization code is generated, the IoT device initiates a service request to the Internet of Things service platform, where the service request carries the service content required by the IoT service platform, and the generated authorization code.
- the authorization code may be digitally signed and then transmitted by using the public key of the Internet of Things service platform, and the service content is used to indicate that the Internet of Things device needs the Internet of Things service provided by the Internet of Things service platform to itself, for example, may be a certain A smart refrigerator that purchases goods online from the IoT service platform.
- Step 407 The Internet of Things service platform sends an authorization code in the service request to the identity recognition device.
- the Internet of Things service platform After receiving the service request, the Internet of Things service platform can decrypt it through its own private key to obtain the authorization code and service content.
- the authorization code needs to be sent to the identity authentication device for identity authentication of the IoT device.
- Step 408 The identity authentication device verifies whether the authorization code is legal. If yes, the process proceeds to step 409. If not, the process proceeds to step 410.
- the identity authentication device After receiving the authorization code, the identity authentication device verifies the information such as the device private key, the random number, and the request identifier included in the authorization code. Specifically, for the device private key, the identity authentication device may check whether the device private key is a device private key corresponding to the identity of the IoT device that has been sent to the self-programming device by the programming verification device, that is, the device private key corresponds to Whether the IoT device is registered at the identity authentication device; for the random number, the identity authentication device verifies whether it is consistent with the random number generated in step 403; and for the request identifier, whether it is the same as the one received in step 402 The request identifier sent by the IoT device can be consistent.
- Step 409 The identity authentication device confirms that the identity of the Internet of Things device is legal.
- step 409 is performed.
- Step 410 The identity authentication device confirms that the identity of the Internet of Things device is illegal.
- the identity of the IoT device is not legal. In practical applications, if one of the device private key, the random number, or the request identifier does not pass the verification, it can be confirmed that the identity of the IoT device is not legal, which can further improve the security of the identity verification.
- the packet may be further included.
- Step B The identity verification device sends a session key generation instruction to the Internet of Things service platform, where the session key generation instruction is used to instruct the Internet of Things service platform to generate a session key.
- the authentication device After verifying that the identity of the IoT device is legal, the authentication device will send an instruction to generate an session key to the IoT service platform, triggering the IoT service platform to generate a session key, which can be used for subsequent and IoT devices. Secure communication between.
- Step C The identity verification device sends the session key returned by the Internet of Things service platform to the IoT device.
- the IoT service platform sends the session key to the identity verification device, and the identity verification device sends the session key to the IoT device that has verified its identity.
- the identity verification device may encrypt the session key after using the device public key of the Internet of Things device and then send the session key.
- Step D The Internet of Things device and the Internet of Things service platform use the session key to communicate.
- the IoT device then decrypts the encrypted session key with its own device private key, thereby obtaining a session key for communication with the IoT service platform.
- the Internet of Things service platform can provide its requested IoT service to the IoT device through the established secure communication.
- the embodiment may further include: after step 409 or step 410:
- Step F In the case that the identity identifier or device private key is leaked from the trusted execution environment, the identity authentication device deletes the burned identity or the device private key related burning result.
- the identity or device private key burned in the IoT device is leaked.
- the identity and device private key are no longer secure, then the identity authentication is performed.
- the device deletes the burned result related to the saved identity or the device private key.
- the embodiment may further include: after step 409 or step 410:
- Step G In the case that the identity identifier or the device private key is leaked from the trusted execution environment, the identity authentication device deletes the identity and the device private key burned in the Internet of Things device.
- the identity authentication device may also delete the leaked identity and the device private key that are burned in the Internet of Things device.
- the MR initiates the request identifier of the IoT service request, and then requests the identity authentication device to generate a random number according to the request identifier, and the IoT device returns according to the identity authentication device.
- the random number is used to generate a unique authorization code, so as to ensure that only the IoT device that initiates the IoT request can pass the verification of the identity authentication device, thereby improving the security of the authentication compared with the prior art. Thereby ensuring the security of the Internet of Things service.
- the present application further provides an embodiment of a device for burning and verifying an IoT device.
- the programming verification device can include:
- the receiving unit 501 is configured to receive a programming request sent by the burning production line, where the programming request is used to request the programming verification device to assign an identity identifier and a device key to the IoT device to be burned;
- the device key includes the device private key and the device public key.
- the verification license unit 502 is configured to verify whether the burning request is legal.
- the allocating unit 503 is configured to allocate an identity identifier and a device key to the IoT device to be burned if the result of the verification license unit is YES.
- the first sending unit 504 is configured to send the identity identifier and the device private key to the burning production line, so that the burning production line burns the identity identifier and the device private key to the corresponding Internet of Things device. in.
- the programming verification device may further include:
- the second sending unit 505 is configured to send the burning result returned by the burning production line to the identity authentication device, where the burning result is used to indicate: between the Internet of Things device and the burned identity and the device private key Correspondence.
- the burning production line burns the IoT device
- the production license of the burning production line is verified by the burning verification device, and if the verification passes, the device is allocated for the IoT device.
- the identity and the corresponding device public key and device private key, and the identity and device private key are burned in the trusted execution environment of the IoT device, which greatly increases the security of the burning IoT device and simultaneously burns
- the recording line can also request the identity of the IoT device and the device public and private key in batches from the burning verification device, thus also improving the efficiency of burning.
- the programming verification device sends the burned result to the identity authentication device for storage, thereby registering the burned IoT device, which causes the subsequently registered object. It is possible for the networked device to successfully verify the identity and improve the security of the authentication process of the subsequent IoT device.
- the present application further provides another embodiment of the device for burning the Internet of Things device.
- the programming is performed.
- the device can be integrated into the burning On the recording line, the burning device can include:
- a third sending unit configured to send a programming request to the programming verification device, where the programming request is used to request the programming verification device to allocate an identity identifier and a device key for the Internet of Things device to be burned;
- the device key includes a device private key and a device public key, and the burning unit is configured to: in response to the burning verification device send the identity and the device key, burn the identity identifier and the device private key to the object
- the return result unit is configured to return a burning result to the burning verification device, where the burning result is used to indicate: between the IoT device and the burned identity and the device private key Correspondence relationship.
- the present application further provides an apparatus for authenticating the IoT device identity.
- the identity authentication device is integrated on an identity authentication platform, where the identity authentication platform is located in an identity authentication system, where the identity authentication system further includes: an Internet of Things service platform and an Internet of Things device, where the Internet of Things service platform is used to The IoT device provides an Internet of Things service; the identity authentication device may include:
- Generating a random number unit 601, configured to generate a random number request according to the IoT device sending the random number request to the identity authentication device, and generate a random number according to the request identifier in the random number request;
- the IoT device has an independent block storage
- the space is a trusted execution environment in which the device private key and the identity of the IoT device are burned.
- Sending a random number unit 602 configured to send the random number to the Internet of Things device, so that the IoT device generates an authorization code according to the random number and the device private key, and initiates a service request to the Internet of Things service platform,
- the service request includes: a service content and the authorization code.
- the verification authorization code unit 603 is configured to verify whether the authorization code is legal in response to the IoT service platform sending the authorization code to the identity authentication device.
- the verification authorization code unit 603 can include:
- a verification subunit configured to check whether a random number in the authorization code sent by the Internet of Things service platform is consistent with a random number generated by the generated random number unit, and whether the device private key is the The device private key included in the burning result sent by the programming verification device.
- the first confirming unit 604 is configured to confirm that the identity of the Internet of Things device is legal if the result of the verification authorization code unit is YES.
- the second confirming unit 605 is configured to confirm that the identity of the Internet of Things device is illegal if the result of the verification authorization code unit is negative.
- the identity authentication apparatus may further include:
- a fourth sending unit configured to send a session key generation instruction to the Internet of Things service platform, where the session key generation instruction is used to instruct the Internet of Things service platform to generate a session key
- the fifth sending unit uses Transmitting a session key returned by the Internet of Things service platform to the IoT device, so that the IoT device and the IoT server platform communicate using the session key.
- the identity authentication apparatus may further include:
- a first deleting unit configured to delete the burned identity or the device private key related burning result if the identity identifier or the device private key is leaked from the trusted execution environment.
- the identity authentication apparatus may further include:
- a second deleting unit configured to delete the identity and the device private key burned in the Internet of Things device if the identity identifier or the device private key is leaked from the trusted execution environment.
- the MR initiates the request identifier of the IoT service request, and then requests the identity authentication device to generate a random number according to the request identifier, and the IoT device returns according to the identity authentication device.
- the random number is used to generate a unique authorization code, so as to ensure that only the IoT device that initiates the IoT request can pass the verification of the identity authentication device, thereby improving the security of the authentication compared with the prior art. Thereby ensuring the security of the Internet of Things service.
- the embodiment of the present application further provides an identity authentication system for an Internet of Things device, where the identity authentication system may include an identity authentication platform, an Internet of Things device, and an Internet of Things service platform; wherein the identity authentication platform includes: the burning shown in FIG. The verification device and the identity authentication device shown in FIG. 6 are recorded.
- the IoT service platform After the IoT device initiates an IoT service request to the IoT service platform, the IoT service platform sends the authorization code in the service request to the identity authentication platform, and the identity authentication device in the identity authentication platform will The authorization code is verified to verify whether the identity of the Internet of Things device is legal.
- the embodiment implements identity authentication of the Internet of Things device by using an authorization code, and the authorization code is generated by the IoT device according to the device private key and the identity authentication device burned in the trusted execution environment. The random number is generated, so the possibility of being maliciously copied is greatly reduced, thereby improving the security of the authentication of the Internet of Things device and the security of the Internet of Things service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Multimedia (AREA)
- Software Systems (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Stored Programmes (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
Claims (19)
- 一种物联网设备的烧录校验方法,其特征在于,该方法应用于烧录校验装置上,该方法包括:烧录校验装置接收烧录产线发送的烧录请求,所述烧录请求用于请求所述烧录校验装置为待烧录的物联网设备分配身份标识和设备密钥;所述设备密钥包括设备私钥和设备公钥;烧录校验装置验证所述烧录请求是否合法,如果是,则为所述待烧录的物联网设备分配身份标识和设备密钥;烧录校验装置将所述身份标识和设备私钥发送至所述烧录产线,以便所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备。
- 根据权利要求1所述的方法,其特征在于,所述设备密钥包括设备私钥和设备公钥;在所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备后,还包括:烧录校验装置接收所述烧录产线返回的烧录结果,其中,烧录结果用于表示:物联网设备与其烧录的身份标识和设备私钥之间的对应关系;烧录校验装置将所述烧录结果发送至身份认证装置,以便所述身份认证装置在对所述物联网设备进行认证时,依据所述烧录结果验证物联网设备的设备私钥是否合法。
- 根据权利要求1所述的方法,其特征在于,所述烧录校验装置将所述身份标识和设备私钥发送至所述烧录产线,以便所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备,包括:所述烧录校验装置将所述身份标识和设备私钥发送至所述烧录产线,以便所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备的可信执行环境中,其中,所述物联网设备中具有独立的一块存储空间作为可信执行环境。
- 一种物联网设备的烧录方法,其特征在于,该方法应用于烧录产线上,包括:向烧录校验装置发送烧录请求,所述烧录请求中用于请求所述烧录校验装置为待烧录的物联网设备分配身份标识和设备密钥;所述设备密钥包括设备私钥和设备公钥;响应于所述烧录校验装置发送身份标识和设备密钥,将所述身份标识和设备私钥烧录至物联网设备中;向所述烧录校验装置返回烧录结果,所述烧录结果用于表示:物联网设备与其烧录 的身份标识和设备私钥之间的对应关系。
- 一种物联网设备的身份认证方法,其特征在于,该方法应用于身份认证平台中的身份认证装置上,所述身份认证平台位于身份认证系统中,所述身份认证系统还包括:物联网服务平台和物联网设备,所述物联网服务平台用于向所述物联网设备提供物联网服务;该方法包括:响应于物联网设备向所述身份认证装置发送生成随机数请求,所述身份认证装置依据所述生成随机数请求中的请求标识生成随机数;所述物联网设备中具有独立的一块存储空间作为可信执行环境,所述可信执行环境中烧录有该物联网设备的设备私钥和身份标识;所述身份认证装置将所述随机数发送至所述物联网设备,以便所述物联网设备依据所述随机数和设备私钥生成授权码,并向物联网服务平台发起服务请求,所述服务请求包括:服务内容和所述授权码;响应于所述物联网服务平台向所述身份认证装置发送所述授权码,所述身份认证装置验证所述授权码是否合法;如果是,则所述身份认证装置确认所述物联网设备的身份合法,如果否,则所述身份认证装置确认所述物联网设备的身份不合法。
- 根据权利要求5所述的方法,其特征在于,所述授权码包括:设备私钥和所述随机数,所述响应于所述物联网服务平台发送所述授权码,所述身份认证装置验证所述授权码是否合法,包括:所述身份认证装置校验所述物联网服务平台发送的、授权码中的随机数是否与生成的随机数是否一致,以及,所述设备私钥是否是烧录校验装置发送的烧录结果中包括的设备私钥。
- 根据权利要求5所述的方法,其特征在于,在所述物联网设备的身份合法的情况下,还包括:所述身份认证装置向所述物联网服务平台发送会话密钥生成指令,所述会话密钥生成指令用于指示所述物联网服务平台生成会话密钥;所述身份认证装置将所述物联网服务平台返回的会话密钥发送至所述物联网设备,以便所述物联网服务器平台和所述物联网设备采用所述会话密钥进行通信。
- 根据权利要求5所述的方法,其特征在于,还包括:在所述身份标识或设备私钥从所述可信执行环境中泄露的情况下,所述身份认证装置将泄露的身份标识或设备私钥相关的烧录结果进行删除。
- 根据权利要求5所述的方法,其特征在于,还包括:在所述身份标识或设备私钥从所述可信执行环境中泄露的情况下,所述身份认证装置将所述物联网设备中烧录的身份标识和设备私钥进行删除。
- 一种物联网设备的烧录校验装置,其特征在于,该烧录校验装置包括:第一接收单元,用于接收烧录产线发送的烧录请求,所述烧录请求用于请求所述烧录校验装置为待烧录的物联网设备分配身份标识和设备密钥;所述设备密钥包括设备私钥和设备公钥;验证许可证单元,用于验证所述烧录请求是否合法;分配单元,用于在所述验证许可证单元的结果为是的情况下,为所述待烧录的物联网设备分配身份标识和设备密钥;第一发送单元,用于将所述身份标识和设备私钥发送至所述烧录产线,以便所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备。
- 根据权利要求10所述的装置,其特征在于,还包括:第二接收单元,用于接收所述烧录产线返回的烧录结果,其中,烧录结果用于表示:物联网设备与其烧录的身份标识和设备私钥之间的对应关系;第二发送单元,用于将所述烧录结果发送至身份认证装置,以便所述身份认证装置在对所述物联网设备进行认证时,依据所述烧录结果验证物联网设备的设备私钥是否合法。
- 根据权利要求10所述的装置,其特征在于,所述第一发送单元,具体用于:将所述身份标识和设备私钥发送至所述烧录产线,以便所述烧录产线将所述身份标识和设备私钥烧录至对应的物联网设备的可信执行环境中,其中,所述物联网设备中具有独立的一块存储空间作为可信执行环境。
- 一种物联网设备的烧录装置,其特征在于,包括:第三发送单元,用于向烧录校验装置发送烧录请求,所述烧录请求中用于请求所述烧录校验装置为待烧录的物联网设备分配身份标识和设备密钥;所述设备密钥包括设备私钥和设备公钥;烧录单元,用于响应于所述烧录校验装置发送身份标识和设备密钥,将所述身份标识和设备私钥烧录至物联网设备中;返回结果单元,用于向所述烧录校验装置返回烧录结果,所述烧录结果用于表示:物联网设备与其烧录的身份标识和设备私钥之间的对应关系。
- 一种物联网设备的身份认证装置,其特征在于,所述身份认证装置集成于身份认证平台上,所述身份认证平台位于身份认证系统中,所述身份认证系统还包括:物联网服务平台和物联网设备,所述物联网服务平台用于向所述物联网设备提供物联网服务;所述身份认证装置包括:生成随机数单元,用于响应于物联网设备向所述身份认证装置发送生成随机数请求,依据所述随机数请求中的请求标识生成随机数;所述物联网设备中具有独立的一块存储空间作为可信执行环境,所述可信执行环境中烧录有该物联网设备的设备私钥和身份标识;发送随机数单元,用于将所述随机数发送至所述物联网设备,以便所述物联网设备依据所述随机数和设备私钥生成授权码,并向物联网服务平台发起服务请求,所述服务请求包括:服务内容和所述授权码;验证授权码单元,用于响应于所述物联网服务平台向所述身份认证装置发送所述授权码,验证所述授权码是否合法;第一确认单元,用于在所述验证授权码单元的结果为是的情况下,置确认所述物联网设备的身份合法;第二确认单元,用于在所述验证授权码单元的结果为否的情况下,确认所述物联网设备的身份不合法。
- 根据权利要求14所述的装置,其特征在于,所述验证授权码单元包括:校验子单元,用于校验所述物联网服务平台发送的、授权码中的随机数是否与所述生成随机数单元生成的随机数是否一致,以及,所述设备私钥是否是所述烧录校验装置发送的烧录结果中包括的设备私钥。
- 根据权利要求14所述的装置,其特征在于,还包括:第四发送单元,用于向所述物联网服务平台发送会话密钥生成指令,所述会话密钥生成指令用于指示所述物联网服务平台生成会话密钥;第五发送单元,用于将所述物联网服务平台返回的会话密钥发送至所述物联网设 备,以便所述物联网设备和所述物联网服务器平台采用所述会话密钥进行通信。
- 根据权利要求14所述的装置,其特征在于,还包括:第一删除单元,用于在所述身份标识或设备私钥从所述可信执行环境中泄露的情况下,将泄露的身份标识或设备私钥相关的烧录结果进行删除。
- 根据权利要求14所述的装置,其特征在于,还包括:第二删除单元,用于在所述身份标识或设备私钥从所述可信执行环境中泄露的情况下,将所述物联网设备中烧录的身份标识和设备私钥进行删除。
- 一种物联网设备的身份认证系统,其特征在于,所述身份认证系统包括身份认证平台,物联网设备和物联网服务平台;其中,所述身份认证平台包括:权利要求10、11或12所述的烧录校验装置,和,权利要求14~18任意一项所述的身份认证装置。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2017367926A AU2017367926A1 (en) | 2016-12-02 | 2017-11-20 | Internet of things device burning verification method and apparatus, and identity authentication method and apparatus |
KR1020197015085A KR102437841B1 (ko) | 2016-12-02 | 2017-11-20 | 사물 인터넷 디바이스의 기록 및 검증 방법과 장치, 그리고 아이덴티티 인증 방법 및 장치 |
JP2019528911A JP7175269B2 (ja) | 2016-12-02 | 2017-11-20 | モノのインターネットデバイスの記録検証方法及び装置、ならびにid認証方法及び装置 |
CA3043259A CA3043259A1 (en) | 2016-12-02 | 2017-11-20 | Internet of things device burning verification method and apparatus, and identity authentication method and apparatus |
EP17876168.0A EP3550783B1 (en) | 2016-12-02 | 2017-11-20 | Internet of things device burning verification method and apparatus |
US16/428,060 US11050750B2 (en) | 2016-12-02 | 2019-05-31 | Recording and verification method and apparatus of internet of things device, and identity authentication method and apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611111241.9 | 2016-12-02 | ||
CN201611111241.9A CN108156126B (zh) | 2016-12-02 | 2016-12-02 | 物联网设备的烧录校验方法及装置、身份认证方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/428,060 Continuation US11050750B2 (en) | 2016-12-02 | 2019-05-31 | Recording and verification method and apparatus of internet of things device, and identity authentication method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018099285A1 true WO2018099285A1 (zh) | 2018-06-07 |
Family
ID=62241204
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/111803 WO2018099285A1 (zh) | 2016-12-02 | 2017-11-20 | 物联网设备的烧录校验方法及装置、身份认证方法及装置 |
Country Status (9)
Country | Link |
---|---|
US (1) | US11050750B2 (zh) |
EP (1) | EP3550783B1 (zh) |
JP (1) | JP7175269B2 (zh) |
KR (1) | KR102437841B1 (zh) |
CN (1) | CN108156126B (zh) |
AU (1) | AU2017367926A1 (zh) |
CA (1) | CA3043259A1 (zh) |
TW (2) | TWI818423B (zh) |
WO (1) | WO2018099285A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10868667B2 (en) * | 2018-11-06 | 2020-12-15 | GM Global Technology Operations LLC | Blockchain enhanced V2X communication system and method |
Families Citing this family (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10728029B1 (en) | 2018-03-09 | 2020-07-28 | Wells Fargo Bank, N.A. | Systems and methods for multi-server quantum session authentication |
US10812258B1 (en) | 2018-03-09 | 2020-10-20 | Wells Fargo Bank, N.A. | Systems and methods for quantum session authentication |
US11343087B1 (en) | 2018-03-09 | 2022-05-24 | Wells Fargo Bank, N.A. | Systems and methods for server-side quantum session authentication |
US10855454B1 (en) | 2018-03-09 | 2020-12-01 | Wells Fargo Bank, N.A. | Systems and methods for quantum session authentication |
US11025416B1 (en) | 2018-03-09 | 2021-06-01 | Wells Fargo Bank, N.A. | Systems and methods for quantum session authentication |
JP2019213085A (ja) * | 2018-06-06 | 2019-12-12 | ルネサスエレクトロニクス株式会社 | データ通信システム |
US11095439B1 (en) | 2018-08-20 | 2021-08-17 | Wells Fargo Bank, N.A. | Systems and methods for centralized quantum session authentication |
US10855453B1 (en) | 2018-08-20 | 2020-12-01 | Wells Fargo Bank, N.A. | Systems and methods for time-bin quantum session authentication |
US10855457B1 (en) | 2018-08-20 | 2020-12-01 | Wells Fargo Bank, N.A. | Systems and methods for single chip quantum random number generation |
US10540146B1 (en) | 2018-08-20 | 2020-01-21 | Wells Fargo Bank, N.A. | Systems and methods for single chip quantum random number generation |
US10552120B1 (en) * | 2018-08-20 | 2020-02-04 | Wells Fargo Bank, N.A. | Systems and methods for single chip quantum random number generation |
US11240013B1 (en) | 2018-08-20 | 2022-02-01 | Wells Fargo Bank, N.A. | Systems and methods for passive quantum session authentication |
CN109464075A (zh) * | 2018-12-07 | 2019-03-15 | 江苏美的清洁电器股份有限公司 | 扫地机器人的清扫控制方法及其装置和扫地机器人 |
CN111416791B (zh) * | 2019-01-04 | 2022-06-14 | 华为技术有限公司 | 数据传输方法、设备与系统 |
CN112560118A (zh) * | 2019-09-26 | 2021-03-26 | 杭州中天微系统有限公司 | 用于提供可重置的标识符的配置装置和配置方法 |
CN110856170B (zh) * | 2019-11-18 | 2022-12-06 | 中国联合网络通信集团有限公司 | 数据传输方法、装置及物联网通信系统 |
CN111131167B (zh) * | 2019-11-29 | 2022-04-05 | 中科曙光(南京)计算技术有限公司 | 基于hibe的物联网身份验证方法、装置 |
CN111246396B (zh) * | 2020-01-06 | 2021-11-09 | 杭州涂鸦信息技术有限公司 | 一种基于udp局域网的整机烧录方法及系统 |
US11271911B2 (en) * | 2020-02-26 | 2022-03-08 | Amera Lot Inc. | Method and apparatus for imprinting private key on IoT |
US10817590B1 (en) | 2020-02-26 | 2020-10-27 | Amera IoT Inc. | Method and apparatus for creating and using quantum resistant keys |
US11258602B2 (en) | 2020-02-26 | 2022-02-22 | Amera IoT Inc. | Method and apparatus for secure private key storage on IoT device |
US11256783B2 (en) | 2020-02-26 | 2022-02-22 | Amera IoT Inc. | Method and apparatus for simultaneous key generation on device and server for secure communication |
CN111400673B (zh) * | 2020-04-29 | 2021-06-11 | 广州紫为云科技有限公司 | 一种sdk部署的离线授权方法、装置及电子设备 |
CN111783068B (zh) * | 2020-06-03 | 2024-05-07 | 中移(杭州)信息技术有限公司 | 设备认证方法、系统、电子设备及存储介质 |
KR102252863B1 (ko) * | 2020-06-30 | 2021-05-14 | 윤성민 | 사물의 동일성 인증 시스템 및 그 방법 |
CN114079566B (zh) * | 2020-08-05 | 2024-09-20 | 阿里巴巴集团控股有限公司 | 物联网设备认证方法、设备及存储介质 |
CN112114828A (zh) * | 2020-09-11 | 2020-12-22 | 上海庆科信息技术有限公司 | 烧录产线扩展方法、装置、烧录管理平台及存储介质 |
CN112034807B (zh) * | 2020-09-11 | 2022-08-30 | 上海庆科信息技术有限公司 | 模组烧录授权追踪系统、模组烧录方法及装置 |
CN112114829A (zh) * | 2020-09-11 | 2020-12-22 | 上海庆科信息技术有限公司 | 一种烧录管理方法、装置、平台及存储介质 |
CN112994893B (zh) * | 2021-02-08 | 2021-12-14 | 无锡众星微系统技术有限公司 | 芯片生产测试阶段的密钥烧录方法 |
CN115515012B (zh) * | 2021-06-07 | 2024-08-16 | 广州视源电子科技股份有限公司 | 一种密钥烧录方法、装置、电子设备板卡及存储介质 |
US11627465B2 (en) * | 2021-06-10 | 2023-04-11 | Cisco Technology, Inc. | Token-based access for internet-of-things devices in wireless wide area networks |
EP4114050A1 (de) * | 2021-06-30 | 2023-01-04 | Siemens Aktiengesellschaft | Überprüfung einer lizenz für die nutzung mindestens eines leistungsmerkmals in einem internet der dinge (iot)-gerät |
CN113676330B (zh) * | 2021-08-10 | 2023-08-01 | 上海瓶钵信息科技有限公司 | 一种基于二级密钥的数字证书申请系统及方法 |
CN113886801A (zh) * | 2021-09-07 | 2022-01-04 | 深圳数字电视国家工程实验室股份有限公司 | 设备数量统计方法、标识处理方法、装置及存储介质 |
CN113865023B (zh) * | 2021-09-26 | 2023-05-30 | 青岛海信日立空调系统有限公司 | 一种多联机空调系统 |
CN113949583B (zh) * | 2021-10-26 | 2022-12-23 | 重庆忽米网络科技有限公司 | 一种用于物联网设备接入的安全校验方法 |
CN114024757B (zh) * | 2021-11-09 | 2024-02-02 | 国网山东省电力公司电力科学研究院 | 基于标识密码算法的电力物联网边缘终端接入方法及系统 |
CN114205140B (zh) * | 2021-12-09 | 2023-04-11 | 四川启睿克科技有限公司 | 一种基于区块链的物联网设备可信统一标识生成方法 |
CN114598501A (zh) * | 2022-02-11 | 2022-06-07 | 阿里云计算有限公司 | 一种基于物联网的数据处理方法和装置 |
CN115297469B (zh) * | 2022-06-28 | 2024-03-22 | 青岛海尔科技有限公司 | 通信验证方法及系统 |
CN115277199A (zh) * | 2022-07-27 | 2022-11-01 | 启明信息技术股份有限公司 | 一种基于安全的行车记录仪私有协议传输系统及方法 |
CN115208698B (zh) * | 2022-09-15 | 2022-12-09 | 中国信息通信研究院 | 基于区块链的物联网身份认证方法和装置 |
CN117411718B (zh) * | 2023-11-22 | 2024-08-09 | 西南石油大学 | 基于数字油气田系统平台的匿名访问控制方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101873587A (zh) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | 一种无线通信装置及其实现业务安全的方法 |
CN102065430A (zh) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | 实现物联网终端安全接入的方法 |
CN102571702A (zh) * | 2010-12-22 | 2012-07-11 | 中兴通讯股份有限公司 | 物联网中的密钥生成方法、系统和设备 |
CN102833066A (zh) * | 2011-06-15 | 2012-12-19 | 中兴通讯股份有限公司 | 一种三方认证方法、装置及支持双向认证的智能卡 |
CN103281189A (zh) * | 2013-05-23 | 2013-09-04 | 无锡昶达信息技术有限公司 | 一种射频识别设备的轻量级安全协议认证系统及方法 |
CN103581153A (zh) * | 2012-08-08 | 2014-02-12 | 中国移动通信集团公司 | 物联网系统中的加密方法和装置 |
Family Cites Families (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5960085A (en) | 1997-04-14 | 1999-09-28 | De La Huerga; Carlos | Security badge for automated access control and secure data gathering |
US7587368B2 (en) | 2000-07-06 | 2009-09-08 | David Paul Felsher | Information record infrastructure, system and method |
US8380630B2 (en) | 2000-07-06 | 2013-02-19 | David Paul Felsher | Information record infrastructure, system and method |
US20060015904A1 (en) | 2000-09-08 | 2006-01-19 | Dwight Marcus | Method and apparatus for creation, distribution, assembly and verification of media |
JP4599812B2 (ja) | 2003-06-30 | 2010-12-15 | ソニー株式会社 | サービス提供システム、サービス提供サーバ、機器認証プログラム、記憶媒体、端末機器、機器認証サーバ、および公開鍵確認情報更新プログラム |
JP2005038411A (ja) | 2003-06-30 | 2005-02-10 | Sony Corp | 機器認証情報組込システム、端末機器、機器認証情報処理方法、機器認証情報処理プログラム、提供サーバ、機器認証情報提供方法、機器認証情報提供プログラム、及び記憶媒体 |
US9712486B2 (en) * | 2006-09-25 | 2017-07-18 | Weaved, Inc. | Techniques for the deployment and management of network connected devices |
US20100241852A1 (en) * | 2009-03-20 | 2010-09-23 | Rotem Sela | Methods for Producing Products with Certificates and Keys |
CN102036235A (zh) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | 一种用于身份认证的装置和方法 |
US9832019B2 (en) * | 2009-11-17 | 2017-11-28 | Unho Choi | Authentication in ubiquitous environment |
CN101924794B (zh) * | 2010-08-18 | 2015-07-15 | 厦门雅迅网络股份有限公司 | 一种基于互联网实时监视软件运行总量的方法 |
US10374863B2 (en) | 2012-12-05 | 2019-08-06 | Origin Wireless, Inc. | Apparatus, systems and methods for event recognition based on a wireless signal |
WO2014127429A1 (en) * | 2013-02-25 | 2014-08-28 | Lockstep Technologies | Decoupling identity from devices in the internet of things |
KR101452124B1 (ko) * | 2013-08-01 | 2014-10-16 | 덕성여자대학교 산학협력단 | 사물간 통신 네트워크에서 암호화 기반 기기 인증 및 세션키 생성 방법 |
WO2015056010A2 (en) * | 2013-10-17 | 2015-04-23 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
CN103532963A (zh) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | 一种基于物联网设备认证方法、装置和系统 |
EP2903204A1 (en) * | 2014-02-03 | 2015-08-05 | Tata Consultancy Services Limited | A computer implemented system and method for lightweight authentication on datagram transport for internet of things |
US9536060B2 (en) * | 2014-05-03 | 2017-01-03 | Clevx, Llc | Network information system with license registration and method of operation thereof |
TW201543253A (zh) * | 2014-05-06 | 2015-11-16 | Qatar Foundation | 身份驗證系統及方法 |
US9882877B2 (en) | 2014-05-12 | 2018-01-30 | Michael C. Wood | Transparent traffic control device and method for securing internet-connected devices |
CN105407111A (zh) * | 2014-06-13 | 2016-03-16 | 加一联创电子科技有限公司 | 耳机识别数据处理方法和系统 |
US20160128043A1 (en) * | 2014-10-30 | 2016-05-05 | Qualcomm Incorporated | Dynamic mobile ad hoc internet of things (iot) gateway |
GB2533348B (en) * | 2014-12-17 | 2021-07-07 | Arm Ip Ltd | Management of relationships between a device and a service provider |
US9762556B2 (en) * | 2015-01-09 | 2017-09-12 | Verisign, Inc. | Registering, managing, and communicating with IOT devices using domain name system processes |
TWI556618B (zh) * | 2015-01-16 | 2016-11-01 | Univ Nat Kaohsiung 1St Univ Sc | Network Group Authentication System and Method |
CN104598285A (zh) * | 2015-02-11 | 2015-05-06 | 北京京东方多媒体科技有限公司 | 烧录方法和烧录系统 |
US10083291B2 (en) * | 2015-02-25 | 2018-09-25 | Verisign, Inc. | Automating internet of things security provisioning |
CN104778383A (zh) * | 2015-04-17 | 2015-07-15 | 浪潮电子信息产业股份有限公司 | 一种基于国产处理器刀片服务器管理子卡的硬件加密方法 |
US10097529B2 (en) * | 2015-05-01 | 2018-10-09 | Samsung Electronics Co., Ltd. | Semiconductor device for controlling access right to server of internet of things device and method of operating the same |
US10063374B2 (en) * | 2015-05-31 | 2018-08-28 | Massachusetts Institute Of Technology | System and method for continuous authentication in internet of things |
CN105162772B (zh) * | 2015-08-04 | 2019-03-15 | 三星电子(中国)研发中心 | 一种物联网设备认证与密钥协商方法和装置 |
CN105468935A (zh) * | 2015-11-13 | 2016-04-06 | 福州瑞芯微电子股份有限公司 | 一种保证key安全烧录的方法、发送端、工具端及烧录端 |
US9849364B2 (en) | 2016-02-02 | 2017-12-26 | Bao Tran | Smart device |
US10252145B2 (en) | 2016-05-02 | 2019-04-09 | Bao Tran | Smart device |
US10887397B2 (en) * | 2016-07-28 | 2021-01-05 | Citrix Systems, Inc. | System and method for controlling internet of things devices using namespaces |
US10949722B2 (en) | 2017-10-24 | 2021-03-16 | 0Chain, LLC | Systems and methods of sustainability protocol using distributed blockchain application with IoT sensors |
JP7006345B2 (ja) | 2018-02-09 | 2022-02-10 | 富士通株式会社 | 通信制御方法、通信制御装置及び通信制御プログラム |
-
2016
- 2016-12-02 CN CN201611111241.9A patent/CN108156126B/zh active Active
-
2017
- 2017-08-11 TW TW111102779A patent/TWI818423B/zh active
- 2017-08-11 TW TW106127342A patent/TWI759322B/zh active
- 2017-11-20 AU AU2017367926A patent/AU2017367926A1/en not_active Abandoned
- 2017-11-20 JP JP2019528911A patent/JP7175269B2/ja active Active
- 2017-11-20 CA CA3043259A patent/CA3043259A1/en active Pending
- 2017-11-20 EP EP17876168.0A patent/EP3550783B1/en active Active
- 2017-11-20 KR KR1020197015085A patent/KR102437841B1/ko active IP Right Grant
- 2017-11-20 WO PCT/CN2017/111803 patent/WO2018099285A1/zh unknown
-
2019
- 2019-05-31 US US16/428,060 patent/US11050750B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101873587A (zh) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | 一种无线通信装置及其实现业务安全的方法 |
CN102571702A (zh) * | 2010-12-22 | 2012-07-11 | 中兴通讯股份有限公司 | 物联网中的密钥生成方法、系统和设备 |
CN102065430A (zh) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | 实现物联网终端安全接入的方法 |
CN102833066A (zh) * | 2011-06-15 | 2012-12-19 | 中兴通讯股份有限公司 | 一种三方认证方法、装置及支持双向认证的智能卡 |
CN103581153A (zh) * | 2012-08-08 | 2014-02-12 | 中国移动通信集团公司 | 物联网系统中的加密方法和装置 |
CN103281189A (zh) * | 2013-05-23 | 2013-09-04 | 无锡昶达信息技术有限公司 | 一种射频识别设备的轻量级安全协议认证系统及方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3550783A4 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10868667B2 (en) * | 2018-11-06 | 2020-12-15 | GM Global Technology Operations LLC | Blockchain enhanced V2X communication system and method |
Also Published As
Publication number | Publication date |
---|---|
EP3550783A1 (en) | 2019-10-09 |
TWI759322B (zh) | 2022-04-01 |
CA3043259A1 (en) | 2018-06-07 |
US20190289006A1 (en) | 2019-09-19 |
JP7175269B2 (ja) | 2022-11-18 |
US11050750B2 (en) | 2021-06-29 |
CN108156126A (zh) | 2018-06-12 |
TWI818423B (zh) | 2023-10-11 |
TW201822014A (zh) | 2018-06-16 |
EP3550783B1 (en) | 2023-04-19 |
KR102437841B1 (ko) | 2022-08-31 |
JP2020511016A (ja) | 2020-04-09 |
EP3550783A4 (en) | 2020-09-23 |
CN108156126B (zh) | 2020-12-08 |
AU2017367926A1 (en) | 2019-05-30 |
TW202223675A (zh) | 2022-06-16 |
KR20190088048A (ko) | 2019-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018099285A1 (zh) | 物联网设备的烧录校验方法及装置、身份认证方法及装置 | |
TWI719190B (zh) | 離線支付方法和裝置 | |
JP7181539B2 (ja) | 利用者識別認証データを管理する方法および装置 | |
US11539690B2 (en) | Authentication system, authentication method, and application providing method | |
WO2018050081A1 (zh) | 设备身份认证的方法、装置、电子设备及存储介质 | |
WO2018076365A1 (zh) | 密钥协商方法及装置 | |
WO2016107333A1 (zh) | 一种在线激活移动终端令牌的设备和系统的工作方法 | |
WO2017036146A1 (zh) | 授权访问方法以及使用该方法的设备 | |
TWI565286B (zh) | Machine certificate providing device, machine certificate providing system and machine certificate providing program product | |
WO2020062667A1 (zh) | 数据资产管理方法、数据资产管理装置及计算机可读介质 | |
KR102137122B1 (ko) | 보안 체크 방법, 장치, 단말기 및 서버 | |
US10439809B2 (en) | Method and apparatus for managing application identifier | |
CN108347428A (zh) | 基于区块链的应用程序的注册系统、方法和装置 | |
WO2017028595A1 (zh) | 支付验证方法、终端和服务器 | |
WO2018099407A1 (zh) | 账户认证登录方法及装置 | |
KR102070248B1 (ko) | 개인키의 안전 보관을 지원하는 사용자 간편 인증 장치 및 그 동작 방법 | |
KR102032210B1 (ko) | 개인 식별번호의 입력을 통한 간편 인증이 가능한 사용자 인증 처리 장치 및 그 동작 방법 | |
CN106714158B (zh) | 一种WiFi接入方法及装置 | |
TW201901508A (zh) | 用於登入的認證方法 | |
CN109460647B (zh) | 一种多设备安全登录的方法 | |
KR102053993B1 (ko) | 인증서를 이용한 사용자 인증 방법 | |
TWM552152U (zh) | 交易授權系統及推播伺服器 | |
CN114051244A (zh) | 一种终端侧设备与网络侧设备之间的认证方法、系统 | |
TWI723494B (zh) | 客戶端驗證系統及其驗證方法 | |
KR20240146469A (ko) | 디지털 콘텐츠에 대한 소유권을 검증하는 방법 및 그를 이용한 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17876168 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3043259 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 20197015085 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2019528911 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2017367926 Country of ref document: AU Date of ref document: 20171120 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2017876168 Country of ref document: EP Effective date: 20190702 |