WO2022147843A1 - Procédé et appareil d'authentification d'accès - Google Patents

Procédé et appareil d'authentification d'accès Download PDF

Info

Publication number
WO2022147843A1
WO2022147843A1 PCT/CN2021/071140 CN2021071140W WO2022147843A1 WO 2022147843 A1 WO2022147843 A1 WO 2022147843A1 CN 2021071140 W CN2021071140 W CN 2021071140W WO 2022147843 A1 WO2022147843 A1 WO 2022147843A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud
zigbee
key
distribution network
random number
Prior art date
Application number
PCT/CN2021/071140
Other languages
English (en)
Chinese (zh)
Inventor
包永明
罗朝明
茹昭
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN202180080426.0A priority Critical patent/CN116547998A/zh
Priority to PCT/CN2021/071140 priority patent/WO2022147843A1/fr
Publication of WO2022147843A1 publication Critical patent/WO2022147843A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the embodiments of the present application relate to the field of communications, and in particular, to a method and an apparatus for access authentication.
  • Zigbee (Zigbee Protocol) technology is a wireless communication technology. Zigbee devices based on Zigbee technology can perform access authentication across different platforms.
  • a Zigbee network is constructed by the A platform gateway, the platform cloud corresponding to the A platform gateway is the A platform cloud, and the platform cloud corresponding to the manufacturer of the Zigbee device is the B platform cloud.
  • the present application provides an access authentication method and apparatus, which can realize cross-platform access authentication of Zigbee devices.
  • a first aspect provides an access authentication method, comprising: generating a second random number by a Zigbee device of Zifeng protocol; generating a second device-side key according to the second random number and a license key, the license key is the key stored in the Zigbee device and the device platform cloud of the Zigbee device; the second access authentication of the Zigbee device is performed according to the second device-side key.
  • an access authentication method including: a device platform cloud generating a first cloud key according to a first random number and a license key, wherein the device platform cloud belongs to the Zigbee device of the Zigbee protocol
  • the cloud server of the manufacturer, the license key is a key stored in the Zigbee device and the device platform cloud of the Zigbee device, the first random number is generated by the device platform cloud, or the first random number is A random number is obtained from the distribution network platform cloud, which is the cloud server corresponding to the distribution network platform gateway supporting the construction of Zigbee networks; the first connection of the Zigbee device is performed according to the first cloud key. Enter certification.
  • a method for access authentication including: a distribution network platform gateway receiving a second random number and a first device-side key sent by a Zigbee device of Zifeng protocol, wherein the distribution network platform gateway supports the construction of Zigbee network, the first device-side key is generated by the Zigbee device according to the first random number and the license key of the Zigbee device, and the second random number is used by the device platform cloud of the Zigbee device to determine the first Two cloud keys, the second cloud keys are used for the second access authentication of the Zigbee device;
  • the distribution network platform gateway sends a first access authentication request to the distribution network platform cloud, where the first access authentication request includes the second random number, or the first access authentication request includes the second random number number and the first device-side key, the first device-side key is used for the first access authentication of the Zigbee device by the device platform cloud, and the distribution network platform cloud is the distribution network platform The cloud server corresponding to the gateway.
  • an access authentication method including: acquiring device information of a Zigbee device with a Zigbee protocol, wherein the device information of the Zigbee device includes a device protocol type of the Zigbee device, the device of the Zigbee device The address identifier and the manufacturer identifier of the Zigbee device; the network distribution platform gateway is determined according to the device protocol type to which the Zigbee device belongs, wherein the distribution network platform gateway supports building a Zigbee network; Device information for Zigbee devices.
  • an access authentication apparatus configured to execute the method in the above-mentioned first aspect or each implementation manner thereof.
  • the apparatus includes functional modules for executing the methods in the above-mentioned first aspect or each implementation manner thereof.
  • an access authentication apparatus configured to execute the method in the second aspect or each of its implementations.
  • the apparatus includes functional modules for executing the methods in the second aspect or the respective implementation manners thereof.
  • an access authentication apparatus configured to execute the method in the third aspect or each of its implementations.
  • the apparatus includes functional modules for executing the methods in the third aspect or each of its implementations.
  • an access authentication apparatus configured to execute the method in the above-mentioned fourth aspect or each implementation manner thereof.
  • the apparatus includes functional modules for executing the methods in the fourth aspect or the respective implementation manners thereof.
  • an access authentication apparatus including a processor and a memory.
  • the memory is used for storing a computer program
  • the processor is used for calling and running the computer program stored in the memory to execute any one of the implementation manners of the first aspect to the fourth aspect or the method in each implementation manner thereof.
  • a chip for implementing any one of the above-mentioned first to fourth aspects or the method in each implementation manner thereof.
  • the chip includes: a processor for invoking and running a computer program from a memory, so that a device on which the device is installed executes any one of the above-mentioned first to fourth aspects or each of its implementations method.
  • a computer-readable storage medium for storing a computer program, the computer program causing a computer to execute the method in any one of the above-mentioned first to fourth aspects or each of its implementations.
  • a computer program product comprising computer program instructions, the computer program instructions causing a computer to perform the method in any one of the above-mentioned first to fourth aspects or the implementations thereof.
  • a thirteenth aspect provides a computer program that, when run on a computer, causes the computer to perform the method in any one of the above-mentioned first to fourth aspects or the implementations thereof.
  • the device protocol type field is defined in the OLA device format to indicate the protocol type corresponding to the OLA device.
  • the indicated protocol type is a Zigbee device
  • the network distribution platform gateway that supports the Zigbee protocol
  • the distribution network platform cloud and the device platform cloud corresponding to the Zigbee device perform access authentication for the Zigbee device, thereby enabling cross-platform access authentication.
  • FIG. 1 is a block diagram of a Zigbee device cross-platform access authentication system provided by an exemplary embodiment of the present application.
  • FIG. 2 to FIG. 10 are flowcharts of the access authentication method provided by the exemplary embodiment of the present application.
  • FIG. 11 is a schematic block diagram of an access authentication apparatus provided according to an embodiment of the present application.
  • FIG. 12 is a schematic block diagram of an access authentication apparatus provided according to an embodiment of the present application.
  • FIG. 13 is a schematic block diagram of an access authentication apparatus provided according to an embodiment of the present application.
  • FIG. 14 is a schematic block diagram of an access authentication apparatus provided according to an embodiment of the present application.
  • FIG. 15 is a schematic structural diagram of a computer device provided by an exemplary embodiment of the present application.
  • Zigbee is a low-power local area network protocol based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 standard. According to international standards, ZigBee technology is a short-range, low-power wireless communication technology.
  • IEEE Institute of Electrical and Electronics Engineers
  • beacon frame formats are specified, one is a conventional beacon frame, and the other is an enhanced beacon (Enhance Beacon) frame.
  • the difference between the enhanced beacon frame and the conventional beacon frame is that there are more Information Elements (Information Elements, IEs) fields in the variable (variable) data, and there are fewer Guaranteed Time Slots (GTS) fields and Pending Address field.
  • IEs Information Elements
  • GTS Guaranteed Time Slots
  • the information element field is further divided into header information elements (Header IEs) and payload information elements (Payload IEs);
  • the header information unit when the unit ID (Element ID) is 0, it means that the content is filled with the manufacturer-defined information, where the data length ranges from 0 to 127 bytes, and the first 3 bytes can be the supplier ( Vendor) Organizationally Unique Identifier (OUI), the remaining bytes can be customized according to the needs of the manufacturer.
  • the header information unit is filled with the first random number, the device identifier and the manufacturer identifier.
  • the device that supports the Zigbee protocol is a Zigbee device, and the Zigbee device corresponds to a unique installation code (Install Code).
  • the Zigbee gateway needs to obtain the installation code of the Zigbee device, so as to connect the Zigbee device to the Zigbee network created by the Zigbee gateway.
  • the installation code of the Zigbee device is obtained by scanning the QR code of the Zigbee device with the mobile phone or manually inputting the mobile phone, and then the mobile phone sends the installation code to the Zigbee gateway, which requires more human interaction.
  • the Zigbee device may be an open link association (Open link Association, OLA) device, and the information of the OLA device may be in a specific format.
  • OLA Open link Association
  • a device protocol type field may be added to the format to indicate the protocol type to which the OLA device belongs, for example, the Zigbee protocol type or other protocol types.
  • FIG. 1 shows a block diagram of a Zigbee device cross-platform access authentication system provided by an exemplary embodiment of the present application.
  • the system may include: Zigbee device 12 , distribution network platform gateway 141 , distribution network platform cloud 142 and device platform cloud 16 .
  • the Zigbee device 12 is a device that supports the Zigbee technology and can access the Zigbee network.
  • the Zigbee device 12 is a smart device (such as VR (Virtual Reality, virtual reality) glasses, a smart wearable device, etc.), a terminal device, or other device with network access capability, which is not limited in this embodiment of the present application.
  • the Zigbee device cross-platform access authentication system when the Zigbee device cross-platform access authentication system is applied to smart home life, the Zigbee device 12 can be smart TV, smart speaker, smart air conditioner, smart light, smart doors and windows, smart curtains, smart sockets, etc. home equipment.
  • Zigbee device 12 there is one Zigbee device 12, or there are multiple Zigbee devices 12, which are not limited in this embodiment of the present application.
  • the number of Zigbee devices 12 can be combined with application requirements or can be managed by the distribution network platform gateway 141. The maximum number of devices, etc. are determined.
  • the Zigbee device 12 is configured to access the network by the distribution network platform gateway 141 , and the cloud server corresponding to the distribution network platform gateway 141 is the distribution network platform cloud 142 .
  • the distribution network platform gateway 141 and the distribution network platform cloud 142 are connected through a wired or wireless network.
  • the distribution network platform gateway 141 refers to a device capable of configuring a Zigbee network.
  • the network distribution platform gateway 141 may be a server, a terminal device, a router, a terminal device, a mobile phone, a tablet computer, a wearable device, or any other device capable of configuring network access, which is not limited in this embodiment of the present application, and practical application , the implementation form of the distribution network platform gateway 141 can be determined in combination with the application scenario of the Zigbee device cross-platform access authentication system.
  • the distribution network platform gateway 141 can be implemented as a router, a terminal device, a mobile phone, a tablet computer, a wearable device, and the like.
  • the number of distribution network platform gateways 141 may be one or multiple, which is not limited in this embodiment of the present application. Generally, for the consideration of resource saving and other aspects, the number of distribution network platform gateways 141 is one. .
  • the Zigbee device 12 is developed based on the device platform cloud 16 , and the license key Kc of the Zigbee device 12 is stored in the device platform cloud 16 .
  • the distribution network platform cloud 142 sends the information required in the access authentication process of the Zigbee device 12 to the device platform cloud 16; or, forwards the information required in the access authentication process of the Zigbee device 12 to the distribution network platform gateway 141. information.
  • the above-mentioned distribution network platform cloud 142 and device platform cloud 16 are cloud computing resource pools in the field of cloud technology, and multiple types of virtual resources are deployed in the resource pools for external customers to choose and use.
  • the cloud computing resource pool mainly includes: computing devices (which are virtualized machines, including operating systems), storage devices, and network devices. It can be an independent physical server, or a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, intermediate Cloud servers for basic cloud computing services such as software services, domain name services, security services, Content Delivery Network (CDN), and big data and artificial intelligence platforms.
  • CDN Content Delivery Network
  • the system may further include a control device 18, and the distribution network platform gateway 141 and the control device 18 are connected through a wired or wireless network.
  • the control device 18 is a device for the user to operate to control the distribution network platform gateway 141 .
  • the user can activate the distribution network platform gateway 141 by using the application program (Application) on the control device 18 .
  • the control device 18 can be implemented as a terminal device, a mobile phone, a tablet computer, a wearable device, and the like.
  • FIG. 2 shows a flowchart of an access authentication method provided by an exemplary embodiment of the present application. The method can be applied to the Zigbee device cross-platform access authentication system as shown in FIG. 1 .
  • a Zigbee device is a device that supports the Zigbee technology and can access a Zigbee network.
  • Zigbee devices include various types of household equipment (such as electric lights), industrial assets (such as inspection equipment in hospitals), and the like.
  • the device platform cloud is the cloud server corresponding to Zigbee device development. That is, the device platform cloud is the cloud server corresponding to the manufacturer to which the Zigbee device belongs.
  • the distribution network platform gateway supports the construction of a Zigbee network.
  • the distribution network platform cloud is the cloud server corresponding to the distribution network platform gateway.
  • the access authentication process of the Zigbee device may include a first access authentication process and a second access authentication process, wherein the first access authentication process is a device platform cloud authentication process.
  • the Zigbee device is authenticated, that is, the cloud authentication device.
  • the second access authentication process is that the Zigbee device authenticates the device platform cloud, that is, the device authentication cloud.
  • the Zigbee device in the first access authentication process, can generate the first device-side key according to the first random number and the Zigbee device license key, and the device platform cloud can generate the first device-side key according to the first random number and the license key.
  • Cloud key, the first device-side key and the first cloud key can be used for the first access authentication.
  • the first random number may be generated by a device cloud platform, or may also be generated by a distribution network platform cloud, which is not limited in this application.
  • the Zigbee device can generate a second device-side key according to the second random number and the license key, and the device platform cloud can generate a second cloud key according to the second random number and the license key.
  • the second device-side key and the second cloud key can be used for the second access authentication.
  • FIG. 2 shows a schematic interaction diagram of performing the first access authentication first and then performing the second access authentication process.
  • the distribution network platform gateway and the Zigbee device have established a secure connection based on the authentication end trust center link key (Trust Center Link Key, TCLK), wherein TCLK is based on the installation code (Install Code). Code) and the key generated by the license key Kc.
  • TCLK Trust Center Link Key
  • TCLK AES-MMO (Install Code).
  • the method includes at least part of the following:
  • the Zigbee device generates a second random number R2.
  • the Zigbee device generates a first device-side key according to the first random number R1 and the license key of the Zigbee device.
  • the Zigbee device stores the first device-side key in the attribute of the custom cluster.
  • the custom cluster includes at least one attribute (Attribute), which is a data entity that reflects the state or property of the Zigbee device.
  • attribute is used to store the device-side key corresponding to the Zigbee device.
  • the access type of the custom cluster is return after write.
  • the Zigbee device uses a key generation algorithm to process the first random number R1 and the license key Kc to generate the first device-side key Auth1.
  • the key generation algorithm is a symmetric encryption algorithm, and the key generation algorithm includes: an Advanced Encryption Standard (Advanced Encryption Standard, AES)-MMO (Matyas-Meyer-Oseas) hash algorithm.
  • AES Advanced Encryption Standard
  • MMO Mobile Multimedial-MMO
  • Auth1 AES-MMO(Kc
  • the Zigbee device sends the second random number R2 and the first device-side key Auth1 to the distribution network platform gateway.
  • the distribution network platform gateway sends a first access authentication request to the distribution network platform cloud, where the first access authentication request includes the second random number R2 and the first device-side key Auth1.
  • the first access authentication request may also include a device address identifier of the Zigbee device, and the device address identifier of the Zigbee device is used to identify the medium access control (Medium Access Control, MAC) layer of the Zigbee device.
  • the device address identifier is used to uniquely identify a Zigbee device, and the device address identifier can be a 64-bit address.
  • the device address is identified as an Extended Unique Identifier (EUI).
  • EUI Extended Unique Identifier
  • the first access authentication request may further include a company identifier (Company Identifier, CID) of the Zigbee device, where the manufacturer identifier is used to identify the manufacturer to which the Zigbee device belongs, and the manufacturer identifier may be 3 bytes.
  • CID Company Identifier
  • the distribution network platform cloud determines the device platform cloud corresponding to the Zigbee device to the device platform cloud according to the manufacturer identifier in the first access authentication request, and further sends a second access authentication request to the device platform cloud, so
  • the second access authentication request includes the second random number R2 and the first device-side key.
  • the second access authentication request may further include a device address identifier of the Zigbee device, where the device address identifier of the Zigbee device is used to identify the MAC address of the Zigbee device.
  • the device address is identified as EUI.
  • the device platform cloud determines the license key Kc of the Zigbee device according to the device address identifier in the second access authentication request, and further generates a first cloud key Auth1 according to the first random number and the license key '.
  • the device platform cloud uses a key generation algorithm to process the first random number R1 and the license key Kc to generate the first cloud-end key Auth1'.
  • the key generation algorithm is a symmetric encryption algorithm, and the key generation algorithm includes: an Advanced Encryption Standard (Advanced Encryption Standard, AES)-MMO (Matyas-Meyer-Oseas) hash algorithm.
  • AES Advanced Encryption Standard
  • Auth1' AES-MMO(Kc
  • the device platform cloud performs the first access authentication according to the first cloud key Auth1' and the first device-side key Auth1 in the authentication of the second access request.
  • the authentication fails.
  • a second cloud key Auth2' is generated according to the second random number R2 and the license key.
  • the device platform cloud sends the second cloud key Auth2' and the authentication result of the second access authentication to the distribution network platform cloud.
  • the distribution network platform cloud sends the second cloud key Auth2' and the authentication result of the second access authentication to the distribution network platform gateway.
  • the distribution network platform gateway adds the Zigbee device to the device blacklist.
  • the device blacklist is used to record the devices that fail to configure the network.
  • the Zigbee devices in the device blacklist are removed from the Zigbee network constructed by the distribution network platform gateway.
  • the distribution platform gateway after the authentication fails removes the Zigbee device from the Zigbee network.
  • the distribution network platform gateway sends the second cloud key Auth2' to the Zigbee device.
  • the write request sent by the distribution network platform gateway to the custom cluster of the Zigbee device the write request carries the second cloud key Auth2'.
  • the Zigbee device has obtained the second cloud key Auth2'.
  • a second device-side key Auth2 is generated according to the second random number R2 and the license key Kc.
  • the Zigbee device stores the second device-side key in the attribute of the custom cluster.
  • the custom cluster includes at least one attribute (Attribute), and the attribute is a data entity that reflects the state or property of the Zigbee device.
  • the attribute is used to store the device-side key corresponding to the Zigbee device.
  • the access type of the custom cluster is return after write.
  • S212 Perform second access authentication according to the second device-side key Auth2 and the second cloud key Auth2'.
  • S213 Send the authentication result of the second access authentication to the network distribution platform gateway.
  • S213 is executed.
  • first indication information is sent to the distribution network platform gateway, which is used to instruct the Zigbee device to leave the Zigbee network.
  • the distribution network platform gateway adds the Zigbee device to the device blacklist in the case that the authentication fails.
  • the distribution network platform gateway and the Zigbee device establish a normal connection.
  • the updated TCLK is used to encrypt application support layer (Application Support Sublayer, APS) data transmission.
  • application support layer Application Support Sublayer, APS
  • FIG. 3 shows a schematic interaction diagram of performing the second access authentication first and then performing the first access authentication process.
  • the network distribution platform gateway and the Zigbee device have established a secure connection based on TCLK, where TCLK is a key generated based on the first random number and the license key.
  • the method includes at least part of the following:
  • the Zigbee device generates a second random number R2.
  • the Zigbee device generates a first device-side key according to the first random number R1 and the license key of the Zigbee device.
  • the Zigbee device sends the second random number R2 and the first device-side key to the distribution network platform gateway.
  • S23 may also only send the second random number R2, and when the authentication result of the second access authentication is that the authentication is successful, then send the first device-side key.
  • the distribution network platform gateway sends a first access authentication request to the distribution network platform cloud, where the first access authentication request includes the second random number R2.
  • the first access authentication request may further include a device address identifier of the Zigbee device.
  • the first access authentication request may further include the manufacturer identifier of the Zigbee device.
  • the network distribution platform cloud determines the device platform cloud corresponding to the Zigbee device to the device platform cloud according to the manufacturer identifier in the first access authentication request, and further sends a second access authentication request to the device platform cloud, where The second access authentication request includes the second random number R2.
  • the second access authentication request may further include a device address identifier of the Zigbee device.
  • the device platform cloud generates a second cloud key Auth2' according to the second random number R2 and the license key.
  • the device platform cloud sends the second cloud key Auth2' to the distribution network platform cloud.
  • the distribution network platform cloud sends the second cloud key Auth2' to the distribution network platform gateway.
  • the distribution network platform gateway sends the second cloud key Auth2' to the Zigbee device.
  • the distribution network platform gateway sends a write request to the custom cluster of the Zigbee device, and the write request carries the second cloud key Auth2'.
  • the Zigbee device has obtained the second cloud key Auth2'.
  • a second device-side key Auth2 is generated according to the second random number R2 and the license key Kc.
  • S227 Perform second access authentication according to the second device-side key Auth2 and the second cloud key Auth2'.
  • first indication information is sent to the distribution network platform gateway, which is used to instruct the Zigbee device to leave the Zigbee network.
  • S229 Send the authentication result of the second access authentication to the network distribution platform gateway.
  • the Zigbee device executes S229.
  • the distribution network platform gateway when the authentication is successful, sends a third access authentication request to the distribution network platform cloud, where the third access authentication request includes the first device-side key Auth1.
  • the third access authentication request may further include a device address identifier of the Zigbee device.
  • the third access authentication request may further include the manufacturer identifier of the Zigbee device.
  • the distribution network platform cloud sends a fourth access authentication request to the device platform cloud, where the fourth access authentication request includes the first device-side key Auth1.
  • the device platform cloud generates a first cloud key Auth1' according to the first random number R1 and the license key.
  • the device platform cloud performs first access authentication according to the first cloud key Auth1' and sending the first device-side key Auth1.
  • the device platform cloud sends the authentication result of the first access authentication to the distribution network platform cloud.
  • the distribution network platform cloud sends the authentication result of the first access authentication to the distribution network platform gateway.
  • the network distribution platform gateway adds the Zigbee device to the device blacklist.
  • the Zigbee devices in the device blacklist are removed from the Zigbee network constructed by the distribution network platform gateway.
  • the updated TCLK is used to encrypt the data transmission of the APS.
  • the distribution network platform gateway sends a first request to the distribution network platform cloud, where the first request is used to request an installation code and a first random number of the Zigbee device.
  • the first request may be referred to as an installation code request.
  • the first request may include a device address identifier of the Zigbee device.
  • the first request may include the manufacturer identifier of the Zigbee device.
  • the distribution network platform cloud determines a device platform cloud corresponding to the Zigbee device according to the manufacturer identifier in the first request, and further sends an installation code request to the device platform cloud.
  • the installation code request may include a device address identifier of the Zigbee device.
  • the installation code request may include the manufacturer identification of the Zigbee device.
  • the device platform cloud determines the installation code of the Zigbee device according to the device address identifier, and generates a first random number R1.
  • the device platform cloud sends the installation code of the Zigbee device and the first random number to the distribution network platform cloud.
  • the distribution network platform cloud sends the installation code of the Zigbee device and the first random number to the distribution network platform gateway.
  • the distribution network platform gateway sends the first random number to the Zigbee device.
  • the installation code of the Zigbee device may be obtained from the Zigbee device, for example, the terminal device may obtain the device information of the Zigbee device from the Zigbee device, for example, by scanning the code of the Zigbee device
  • the device information of the Zigbee device may include an installation code.
  • the terminal device may send the device information of the Zigbee device to the distribution network platform gateway, so that the distribution network platform gateway can learn the installation code of the Zigbee device.
  • the terminal device may correspond to the control device 18 in the foregoing.
  • the distribution network platform gateway sends a first request to the distribution network platform cloud, where the first request is used to request a first random number.
  • the first request may be referred to as a random number request.
  • the first request may include a device address identifier of the Zigbee device.
  • the first request may include the manufacturer identifier of the Zigbee device.
  • the distribution network platform cloud generates a first random number R1.
  • the distribution network platform cloud determines the device platform cloud corresponding to the Zigbee device according to the manufacturer identifier in the first request, and further sends the first random number R1 and the device address identifier of the Zigbee device to the device platform cloud.
  • the device platform cloud establishes a corresponding relationship between the first random number R1 and the Zigbee device.
  • the distribution network platform cloud sends a first random number to the distribution network platform gateway.
  • the distribution network platform gateway sends the first random number to the Zigbee device.
  • a terminal device acquires device information of the Zigbee device.
  • the device information of the Zigbee device includes a device protocol type of the Zigbee device (for example, indicating Zigbee), a device address identifier of the Zigbee device, and a manufacturer identifier of the Zigbee device.
  • the device information of the Zigbee device may include an installation code of the Zigbee device.
  • the installation code of the Zigbee device may be the PIN code of the Zigbee device.
  • the terminal device determines the corresponding network distribution platform gateway according to the protocol type corresponding to the Zigbee device, wherein the network distribution platform gateway supports the protocol type corresponding to the Zigbee device, for example, if the protocol type indicates Zigbee, the network distribution platform gateway supports Build a Zigbee network.
  • the terminal device sends the device information of the Zigbee device to the network distribution platform gateway, so that the network distribution platform gateway can learn the device information of the Zigbee device.
  • CID is used to represent the manufacturer's identity
  • R1 to represent the first random number
  • EUI to represent the device address identifier
  • R2 to represent the second random number
  • Kc to represent the license key
  • Install Code to represent the device-side installation code
  • Install Code' to represent Authenticator installation code
  • TCLK represents the device-side trust center link key
  • TCLK' represents the authenticator's trust center link key
  • Network Key represents the network key
  • Auth1 represents the first device-side key
  • Auth1' represents the first cloud key
  • Auth2 represents the second device-side key
  • Auth2' represents the second cloud key for exemplary description.
  • FIG. 6 shows a flowchart of an access authentication method provided by an exemplary embodiment of the present application.
  • the method can be applied to the Zigbee device cross-platform access authentication system as shown in FIG. 1 , and the method includes:
  • the distribution network platform gateway builds a Zigbee network
  • the control device obtains the out-of-band information of the Zigbee device, which corresponds to the preceding device information;
  • the user scans the QR code through the APP to obtain the out-of-band information of the Zigbee device.
  • the device information of the Zigbee device may include the following information:
  • Protocol field used to indicate the device protocol type
  • the MAC field can be the EUI information of the Zigbee device
  • CATID the field is used to indicate the manufacturer identification of the Zigbee device, such as CID
  • the Zigbee device generates a broadcast beacon frame (Beacon);
  • control device sends the device information to the distribution network platform gateway.
  • the user sends the CID
  • the distribution network platform gateway stores CID
  • the distribution network platform gateway performs Permit Join
  • the distribution network platform gateway starts scanning
  • the Zigbee device sends the Beacon broadcast request channel by channel;
  • the distribution network platform gateway returns a Beacon reply
  • the Zigbee device sends an association request to the distribution network platform gateway;
  • the distribution network platform gateway returns an association response to the ZIGBEE device
  • the distribution network platform gateway sends a request for obtaining the installation code to the distribution network platform cloud, carrying the data CID
  • the distribution network platform cloud obtains the equipment cloud platform of the corresponding manufacturer through the CID;
  • the device platform cloud queries the Install Code according to the EUI, and generates the first random number R1;
  • the device platform cloud returns a response to the distribution network platform cloud, carrying the data Install Code and R1;
  • the distribution network platform cloud returns a response to the distribution network platform gateway, carrying the data Install Code and R1;
  • the distribution network platform gateway gets the Install Code, it generates TCLK according to the Install Code;
  • TCLK AES-MMO(Install Code);
  • the Zigbee device generates TCLK' according to the installation code.
  • TCLK' AES-MMO(Install Code);
  • the distribution network platform gateway establishes a secure connection based on TCLK and TCLK' with the Zigbee device, and the distribution network platform gateway encrypts (Network Key) through TCLK' and sends the encrypted data to the Zigbee device;
  • the Zigbee device does not have the Install Code consistent with the device platform cloud, it cannot access the network established by the distribution network platform gateway; only the Zigbee device has the Install Code consistent with the device platform cloud, the Zigbee device can get the correct Network Key;
  • the Zigbee device sends a device announcement broadcast.
  • Device announcement (Device announce) broadcast is used to indicate that Zigbee devices are connected to the Zigbee network constructed by the distribution network platform gateway;
  • the distribution network platform gateway obtains the customized cluster information of the Zigbee device, and the access type of the cluster is write-return (W*R), and the distribution network platform gateway sends a request to write R1 to the customized cluster of the Zigbee device ;
  • the Zigbee device returns Auth1
  • the distribution network platform gateway sends an authentication request to the distribution network platform cloud, carrying the CID
  • the distribution network platform cloud obtains the equipment cloud platform of the corresponding manufacturer through the CID;
  • the distribution network platform cloud sends an authentication request to the device platform cloud, carrying the data Auth1
  • R2), if it is not equal, then the authentication fails Auth2 illegal value;
  • the device platform cloud returns the authentication result and Auth2 to the distribution network platform cloud;
  • the distribution network platform cloud returns the authentication result and Auth2 to the distribution network platform gateway;
  • the network distribution platform gateway determines that the cloud authentication device fails, adds the Zigbee device to the device blacklist, and removes the Zigbee device from the network; the cloud authentication device succeeds, write Auth2 to the manufacturer-defined Cluster2, and the type is R*W for example;
  • R2), if Auth2' Auth2 authentication succeeds, otherwise fails;
  • the Zigbee device returns the authentication result
  • the device authentication cloud fails, the network distribution platform gateway adds the Zigbee device to the device blacklist and removes the Zigbee device from the network.
  • the updated TCLK is used to encrypt the data transmission of the APS.
  • the installation code of the Zigbee device is obtained from the device cloud platform.
  • the installation code of the Zigbee device is obtained from the Zigbee device.
  • the specific acquisition method please refer to FIG. 5 Detailed description of examples.
  • FIG. 7 shows a flowchart of an access authentication method provided by an exemplary embodiment of the present application.
  • the method can be applied to the Zigbee device cross-platform access authentication system as shown in FIG. 1 .
  • the following steps of the method are adjusted:
  • the device information of the Zigbee device may include the following information:
  • Protocol field used to indicate the device protocol type
  • the MAC field can be the EUI information of the Zigbee device
  • CATID the field is used to indicate the manufacturer identification of the Zigbee device, such as CID
  • the installation code may be the PIN code of the Zigbee device.
  • control device sends the CID
  • the distribution network platform gateway sends an R1 request to the distribution network platform cloud, carrying the data CID
  • the device platform cloud establishes a corresponding relationship between the EUI and the R1.
  • the Zigbee device obtains R1 before the Zigbee device and the distribution network platform gateway establish a TCLK-based secure connection.
  • the Zigbee device obtains R1 before the Zigbee device and the distribution network platform gateway establish After TCLK based secure connection.
  • the first access authentication is before the second access authentication.
  • the first access authentication is after the second access authentication, that is, the device authenticates the cloud first. The device is authenticated by the cloud.
  • the distribution network platform gateway obtains the customized cluster (Cluster) information of the Zigbee device, the access type of the Cluster is write-return (W*R), and the distribution network platform gateway sends a request to write R1 to the customized Cluster1 of the Zigbee device;
  • the Zigbee device returns Auth1
  • the distribution network platform gateway sends an authentication request to the distribution network platform cloud, carrying the CID
  • the distribution network platform cloud obtains the equipment cloud platform of the corresponding manufacturer through the CID;
  • the distribution network platform cloud sends an authentication request to the device platform cloud, carrying the data EUI
  • the device platform cloud returns Auth2 to the distribution network platform cloud
  • the distribution network platform cloud returns Auth2 to the distribution network platform gateway;
  • the distribution network platform gateway writes Auth2 to the manufacturer-defined Cluster2, for example, the type is R*W;
  • R2), if Auth2' Auth2 authentication succeeds, otherwise fails;
  • the first indication information can also be sent to indicate leaving the Zigbee network
  • the distribution network platform gateway receives the first indication information of the Zigbee device, and adds the Zigbee device to the device blacklist.
  • the authentication is successful, and the Zigbee device determines to return the authentication result
  • the Zigbee device returns the authentication result
  • the device authentication cloud succeeds, the distribution network platform gateway sends an authentication request to the distribution network platform cloud, carrying the data CID
  • the distribution network platform cloud sends to the corresponding device platform cloud according to the CID.
  • the distribution network platform cloud sends an authentication request to the corresponding device platform cloud according to the CID, carrying the data EUI
  • the device platform cloud determines the Kc of the device according to the EUI, and generates Auth1' according to the first random number R1 and Kc.
  • the first access authentication is performed according to Auth1 and Auth1'. If the two are equal, it is determined that the authentication is successful, otherwise, it is determined that the authentication fails.
  • the distribution network platform cloud returns the authentication result of the first access authentication to the distribution network platform gateway.
  • the cloud authentication device fails, then the Zigbee device is added to the device blacklist, and the Zigbee device is removed from the network.
  • the cloud authenticates the device, updates the TCLK, and establishes a normal connection.
  • the updated TCLK is used to encrypt the data transmission of the APS.
  • FIG. 11 shows a structural block diagram of an access authentication apparatus provided by an exemplary embodiment of the present application.
  • the apparatus can be implemented as a Zigbee device, or be implemented as a part of a Zigbee device.
  • the apparatus 1000 includes:
  • a processing unit 1010 configured to generate a second random number
  • the license key being a key stored in the Zigbee device and the device platform cloud of the Zigbee device
  • the second access authentication of the Zigbee device is performed according to the second device-side key.
  • the apparatus 1000 further includes:
  • a communication unit configured to receive the first random number sent by the distribution network platform gateway, wherein the distribution network platform gateway supports the construction of a Zigbee network;
  • the processing unit 1010 is further configured to: generate a first device-side key according to the first random number and the license key, where the first device-side key is used for first access authentication of the Zigbee device .
  • the apparatus 1000 further includes:
  • a communication unit configured to receive a random number write request sent by the network distribution platform gateway to the custom cluster of the Zigbee device, where the random number write request carries the first random number.
  • processing unit 1010 is further configured to:
  • the first random number and the license key are processed to generate the first device-side key.
  • the first key generation algorithm includes: an AES-MMO hash algorithm.
  • the apparatus 1000 further includes:
  • a communication unit configured to send the second random number and the first device-side key to the device platform cloud through the distribution network platform gateway and the distribution network platform cloud, wherein the distribution network platform cloud is the The cloud server corresponding to the distribution network platform gateway, the second random number is used for the device platform cloud to generate a second cloud key, and the second cloud key is used for the second access authentication of the Zigbee device.
  • the apparatus 1000 further includes:
  • a communication unit configured to receive the authentication result of the first access authentication and the second cloud key sent by the network distribution platform gateway in the case that the authentication result of the first access authentication is authentication successful,
  • the authentication result of the first access authentication is determined by the device cloud platform according to the first device-side key and the first cloud key
  • the first cloud key is determined by the device cloud platform according to the The first random number and the license key are generated.
  • processing unit 1010 is further configured to:
  • the authentication result of the second access authentication is determined according to the second device-side key and the second cloud key.
  • the apparatus 1000 further includes:
  • a communication unit configured to send the authentication result of the second access authentication to the network distribution platform gateway.
  • the apparatus 1000 further includes:
  • a communication unit configured to send the second random number to the device platform cloud of the Zigbee device through the distribution network platform gateway and the distribution network platform cloud, wherein the distribution network platform cloud corresponds to the distribution network platform gateway the cloud server, the second random number is used for the device platform cloud to generate a second cloud key, and the second cloud key is used for the second access authentication of the Zigbee device.
  • the apparatus 1000 further includes:
  • a communication unit configured to receive the second cloud key sent by the distribution network platform gateway.
  • the apparatus 1000 further includes:
  • a communication unit configured to receive a write request sent by the distribution network platform gateway to the custom cluster of the Zigbee device, where the write request carries the second cloud key.
  • processing unit 1010 is further configured to:
  • the authentication result of the second access authentication is determined according to the second device-side key and the second cloud key.
  • the apparatus 1000 further includes:
  • a communication unit configured to send the authentication result of the second access authentication to the network distribution platform gateway.
  • the apparatus 1000 further includes:
  • a communication unit configured to send the authentication result of the second access authentication to the network distribution platform gateway when the authentication result of the second access authentication is authentication success.
  • processing unit 1010 is further configured to:
  • the apparatus 1000 further includes:
  • a communication unit configured to send first indication information to the distribution network platform gateway, where the first indication information is used to indicate
  • the first device-side key is stored in a custom cluster of the Zigbee device, and the second device-side key is stored in the custom cluster of the Zigbee device, so The access type of the described custom cluster is return after write.
  • processing unit 1010 is further configured to:
  • the second random number and the license key are processed to generate the second device-side key.
  • the second key generation algorithm includes: an AES-MMO hash algorithm.
  • the apparatus 1100 may be implemented as a device platform cloud, or may be implemented as a part of the device platform cloud.
  • the apparatus 1100 includes:
  • the processing unit 1110 is configured to generate the first cloud key according to the first random number and the license key, wherein the device platform cloud is the cloud server of the manufacturer to which the Zigbee device of the Zigbee protocol belongs, and the license key is stored in the cloud server.
  • the Zigbee device and the key in the device platform cloud of the Zigbee device, the first random number is generated by the device platform cloud, or the first random number is obtained from the distribution network platform cloud, so
  • the distribution network platform cloud is a cloud server corresponding to the distribution network platform gateway that supports the construction of Zigbee networks;
  • the first access authentication of the Zigbee device is performed according to the first cloud key.
  • the apparatus 1100 further includes:
  • a communication unit configured to receive a first access authentication request sent by the distribution network platform cloud, where the first access authentication request includes a second random number and a first device-side key, and the second random number is Generated by the Zigbee device, and the first device-side key is generated by the Zigbee device according to the first random number and the license key;
  • the processing unit 1110 is further configured to: generate a second cloud key according to the second random number and the license key, where the second cloud key is used for the second access authentication of the Zigbee device.
  • processing unit 1110 is further configured to:
  • the second cloud key is generated according to the second random number and the license key.
  • the apparatus 1100 further includes:
  • a communication unit configured to send the authentication result of the first access authentication and the second cloud key to the distribution network platform cloud.
  • the apparatus 1100 further includes:
  • a communication unit configured to receive a second random number sent by the distribution network platform cloud, where the second random number is generated by the Zigbee device;
  • the processing unit 1110 is further configured to: generate a second cloud key according to the second random number and the license key, where the second cloud key is used for the second access authentication of the Zigbee device.
  • the apparatus 1100 further includes:
  • a communication unit configured to send the second cloud key to the distribution network platform cloud.
  • the apparatus 1100 further includes:
  • a communication unit configured to receive a first access authentication request sent by the distribution network platform cloud, where the first access authentication request includes the first device-side key.
  • the apparatus 1100 further includes:
  • a communication unit configured to receive a first request sent by the distribution network platform cloud, where the first request is used to request the installation code and the first random number of the Zigbee device, or the first request is used to request all the first random number.
  • the apparatus 1100 further includes:
  • a communication unit configured to send the installation code of the Zigbee device and the first random number to the distribution network platform cloud, or send the first random number to the distribution network platform cloud.
  • the first request further includes: a device address identifier of the Zigbee device and a manufacturer identifier of the Zigbee device.
  • the apparatus 1200 may be implemented as a distribution network platform gateway, or may be implemented as a part of the distribution network platform gateway.
  • the apparatus 1200 includes:
  • the communication unit 1200 is configured to receive the second random number and the first device-side key sent by the Zigbee device of the Zifeng protocol, wherein the network distribution platform gateway supports the construction of a Zigbee network, and the first device-side key is the Zigbee network
  • the device is generated according to the first random number and the license key of the Zigbee device, the second random number is used for the device platform cloud of the Zigbee device to determine the second cloud key, and the second cloud key is used for a second access authentication for the Zigbee device; and
  • the distribution network platform cloud Send a first access authentication request to the distribution network platform cloud, where the first access authentication request includes the second random number, or the first access authentication request includes the second random number and the first A device-side key, where the first device-side key is used for the device platform cloud to perform first access authentication for the Zigbee device, and the distribution network platform cloud is a cloud server corresponding to the distribution network platform gateway.
  • the communication unit 1200 is further configured to:
  • the device cloud platform is determined according to the first device end key and the first cloud key, and the first cloud key is generated by the device cloud platform according to the first random number and the license key. of.
  • the communication unit 1200 is further configured to: send a write request to the custom cluster of the Zigbee device, where the write request carries the second cloud key.
  • the communication unit 1200 is further configured to: send the write to the custom cluster of the Zigbee device when the authentication result of the first access authentication is successful authentication ask.
  • the apparatus further includes:
  • a processing unit configured to add the Zigbee device to a device blacklist and remove the Zigbee device from the Zigbee network when the first authentication result is an authentication failure.
  • the communication unit 1200 is further configured to: in the case that the authentication result of the second access authentication is authentication failure, receive the first indication information sent by the Zigbee device, the The first indication information is used to instruct the Zigbee device to leave the Zigbee network;
  • the apparatus further includes:
  • the processing unit is configured to add the Zigbee device to the device blacklist.
  • the communication unit 1200 is further configured to: send a first request to the distribution network platform cloud, where the first request is used to request the installation code of the Zigbee device and the first request A random number, or the first request is for requesting the first random number.
  • the communication unit 1200 is further configured to: receive the installation code and the first random number of the Zigbee device sent by the distribution network platform cloud, or,
  • the first request further includes: a device address identifier of the Zigbee device and a manufacturer identifier of the Zigbee device.
  • the first access authentication request further includes a device address identifier of the Zigbee device and a manufacturer identifier of the Zigbee device.
  • FIG. 14 shows a structural block diagram of an access authentication apparatus provided by an exemplary embodiment of the present application.
  • the apparatus 1300 may be implemented as a control device, or may be implemented as a part of the control device.
  • the apparatus 1300 includes:
  • the communication unit 1310 is used to obtain the device information of the Zigbee device of the Zigbee protocol, wherein the device information of the Zigbee device includes the device protocol type of the Zigbee device, the device address identifier of the Zigbee device and the manufacturer identifier of the Zigbee device. ;
  • a processing unit 1320 configured to determine a distribution network platform gateway according to the device protocol type to which the Zigbee device belongs, wherein the distribution network platform gateway supports the construction of a Zigbee network;
  • the communication unit 1310 is further configured to: send the device information of the Zigbee device to the distribution network platform gateway.
  • the device address identifier of the Zigbee device includes a media access control MAC address of the Zigbee device.
  • the device information of the Zigbee device further includes: an installation code of the Zigbee device.
  • the installation code of the Zigbee device is the PIN code of the Zigbee device.
  • FIG. 15 shows a schematic structural diagram of a computer device (such as a Zigbee device, a distribution network platform gateway, or a device platform cloud) provided by an exemplary embodiment of the present application.
  • the computer device includes: a processor 101 , a receiver 102 , and a transmitter 103 , memory 104 and bus 105 .
  • the processor 101 includes one or more processing cores, and the processor 101 executes various functional applications and information processing by running software programs and modules.
  • the receiver 102 and the transmitter 103 may be implemented as a communication component, which may be a communication chip.
  • the memory 104 is connected to the processor 101 through the bus 105 .
  • the memory 104 may be configured to store at least one instruction, and the processor 101 may be configured to execute the at least one instruction, so as to implement various steps in the foregoing method embodiments.
  • memory 104 may be implemented by any type or combination of volatile or non-volatile storage devices including, but not limited to, magnetic or optical disks, electrically erasable programmable Read Only Memory (Electrically-Erasable Programmable Read Only Memory, EEPROM), Erasable Programmable Read Only Memory (EPROM), Static Random Access Memory (SRAM), Read Only Memory (Read-Only Memory, ROM), magnetic memory, flash memory, programmable read-only memory (Programmable Read-Only Memory, PROM).
  • volatile or non-volatile storage devices including, but not limited to, magnetic or optical disks, electrically erasable programmable Read Only Memory (Electrically-Erasable Programmable Read Only Memory, EEPROM), Erasable Programmable Read Only Memory (EPROM), Static Random Access Memory (SRAM), Read Only Memory (Read-Only Memory, ROM), magnetic memory, flash memory, programmable read-only memory (Programmable Read-Only Memory, PROM).
  • the computer device includes a processor, a memory, and a transceiver (the transceiver may include a receiver for receiving information and a transmitter for transmitting information) and a transmitter.
  • the transceiver may include a receiver for receiving information and a transmitter for transmitting information
  • the computer device when the computer device is implemented as a Zigbee device,
  • the processor is used to generate a second random number; a second device-side key is generated according to the second random number and a license key, and the license key is stored in the Zigbee device and the Zigbee device.
  • the processor and transceiver in the computer device involved in the embodiments of the present application may perform the steps performed by the Zigbee device in any of the methods shown in the above-mentioned FIG. 2 to FIG. 10 , It will not be repeated here.
  • the computer device when the computer device is implemented as a distribution network platform gateway,
  • the transceiver is configured to receive the second random number and the first device-side key sent by the Zigbee device of the Zifeng protocol; and send the first access authentication request to the distribution network platform cloud, where the first access authentication request includes all the second random number, or the first access authentication request includes the second random number and the first device-side key.
  • the processor and transceiver in the computer device involved in the embodiments of the present application may perform any of the methods shown in the above-mentioned FIG. 2 to FIG. 10 , and the distribution network platform gateway The steps to be performed are not repeated here.
  • the computer device when the computer device is implemented as a device platform cloud,
  • the processor is configured to generate a first cloud key according to the first random number and the license key; and perform first access authentication of the Zigbee device according to the first cloud key.
  • the processors and transceivers in the computer device involved in the embodiments of the present application may perform any of the methods shown in the foregoing FIG. 2 to FIG. 10 . The steps are not repeated here.
  • the transceiver is used to obtain the device information of the Zigbee device of Zigbee protocol, wherein the device information of the Zigbee device includes the device protocol type of the Zigbee device, the device address identifier of the Zigbee device and the manufacturer identifier of the Zigbee device;
  • the processor is configured to determine a distribution network platform gateway according to the device protocol type to which the Zigbee device belongs, wherein the distribution network platform gateway supports building a Zigbee network;
  • the transceiver is further configured to send the device information of the Zigbee device to the distribution network platform gateway.
  • the processor and transceiver in the computer device involved in the embodiments of the present application may execute any of the methods shown in FIG. 2 to FIG. 10 above, and be executed by the control device or the terminal device. steps, which are not repeated here.
  • a computer-readable storage medium is also provided, and a computer program is stored in the computer-readable storage medium, and the computer program is loaded and executed by a processor to implement the methods provided by the foregoing method embodiments.
  • An access authentication method performed by a computer device.
  • a computer program product which, when running on the processor of the computer device, causes the network device to execute the access authentication method described in the above aspects.
  • a chip is also provided, the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a computer device, is used to implement the access authentication described in the above aspects method.
  • the processor in this embodiment of the present application may be an integrated circuit chip, which has a signal processing capability.
  • each step of the above method embodiments may be completed by a hardware integrated logic circuit in a processor or an instruction in the form of software.
  • the above-mentioned processor can be a general-purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other available Programming logic devices, discrete gate or transistor logic devices, discrete hardware components.
  • DSP Digital Signal Processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field Programmable Gate Array
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor.
  • the software modules can be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art.
  • the storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware.
  • the memory in this embodiment of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory may be a read-only memory (Read-Only Memory, ROM), a programmable read-only memory (Programmable ROM, PROM), an erasable programmable read-only memory (Erasable PROM, EPROM), an electrically programmable read-only memory (Erasable PROM, EPROM). Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory.
  • Volatile memory may be Random Access Memory (RAM), which acts as an external cache.
  • RAM Static RAM
  • DRAM Dynamic RAM
  • SDRAM Synchronous DRAM
  • SDRAM double data rate synchronous dynamic random access memory
  • Double Data Rate SDRAM DDR SDRAM
  • enhanced SDRAM ESDRAM
  • synchronous link dynamic random access memory Synchlink DRAM, SLDRAM
  • Direct Rambus RAM Direct Rambus RAM
  • the memory in the embodiment of the present application may also be a static random access memory (static RAM, SRAM), a dynamic random access memory (dynamic RAM, DRAM), Synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection Dynamic random access memory (synch link DRAM, SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, DR RAM) and so on. That is, the memory in the embodiments of the present application is intended to include but not limited to these and any other suitable types of memory.
  • Embodiments of the present application further provide a computer-readable storage medium for storing a computer program.
  • the computer-readable storage medium can be applied to the network device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding processes implemented by the network device in each method of the embodiments of the present application.
  • the computer program enables the computer to execute the corresponding processes implemented by the network device in each method of the embodiments of the present application.
  • the computer-readable storage medium can be applied to the mobile terminal/terminal device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding processes implemented by the mobile terminal/terminal device in each method of the embodiments of the present application. , and are not repeated here for brevity.
  • Embodiments of the present application also provide a computer program product, including computer program instructions.
  • the computer program product can be applied to the network device in the embodiments of the present application, and the computer program instructions cause the computer to execute the corresponding processes implemented by the network device in each method of the embodiments of the present application. Repeat.
  • the computer program product can be applied to the mobile terminal/terminal device in the embodiments of the present application, and the computer program instructions cause the computer to execute the corresponding processes implemented by the mobile terminal/terminal device in each method of the embodiments of the present application, For brevity, details are not repeated here.
  • the embodiments of the present application also provide a computer program.
  • the computer program can be applied to the network device in the embodiments of the present application.
  • the computer program When the computer program is run on the computer, it causes the computer to execute the corresponding processes implemented by the network device in each method of the embodiments of the present application. For the sake of brevity. , and will not be repeated here.
  • the computer program can be applied to the mobile terminal/terminal device in the embodiments of the present application, and when the computer program runs on the computer, the computer program is implemented by the mobile terminal/terminal device in each method of the embodiments of the present application.
  • the corresponding process for the sake of brevity, will not be repeated here.
  • the disclosed system, apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium.
  • the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution, and the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Procédé et appareil d'authentification d'accès. Le procédé fait appel aux étapes suivantes : un dispositif Zigbee générant un second nombre aléatoire; selon le second nombre aléatoire et une clé de licence, générant une seconde clé d'extrémité de dispositif, la clé de licence étant une clé stockée dans le dispositif Zigbee et un nuage de plateforme de dispositif du dispositif Zigbee; et réalisant une seconde authentification d'accès sur le dispositif Zigbee selon la seconde clé d'extrémité de dispositif.
PCT/CN2021/071140 2021-01-11 2021-01-11 Procédé et appareil d'authentification d'accès WO2022147843A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202180080426.0A CN116547998A (zh) 2021-01-11 2021-01-11 接入认证的方法和装置
PCT/CN2021/071140 WO2022147843A1 (fr) 2021-01-11 2021-01-11 Procédé et appareil d'authentification d'accès

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/071140 WO2022147843A1 (fr) 2021-01-11 2021-01-11 Procédé et appareil d'authentification d'accès

Publications (1)

Publication Number Publication Date
WO2022147843A1 true WO2022147843A1 (fr) 2022-07-14

Family

ID=82357666

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/071140 WO2022147843A1 (fr) 2021-01-11 2021-01-11 Procédé et appareil d'authentification d'accès

Country Status (2)

Country Link
CN (1) CN116547998A (fr)
WO (1) WO2022147843A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735054A (zh) * 2015-02-06 2015-06-24 西安电子科技大学 数字家庭设备可信接入平台及认证方法
US20180367518A1 (en) * 2017-06-16 2018-12-20 Amazon Technologies, Inc. Device identification and authentication in a network
CN111163107A (zh) * 2020-01-03 2020-05-15 杭州涂鸦信息技术有限公司 一种zigbee的安全通信方法及系统
CN112152969A (zh) * 2019-06-27 2020-12-29 北京微云智联科技有限公司 物联网网关及物联网设备接入网关的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735054A (zh) * 2015-02-06 2015-06-24 西安电子科技大学 数字家庭设备可信接入平台及认证方法
US20180367518A1 (en) * 2017-06-16 2018-12-20 Amazon Technologies, Inc. Device identification and authentication in a network
CN112152969A (zh) * 2019-06-27 2020-12-29 北京微云智联科技有限公司 物联网网关及物联网设备接入网关的方法
CN111163107A (zh) * 2020-01-03 2020-05-15 杭州涂鸦信息技术有限公司 一种zigbee的安全通信方法及系统

Also Published As

Publication number Publication date
CN116547998A (zh) 2023-08-04

Similar Documents

Publication Publication Date Title
US20230084344A1 (en) Private cloud control
US11362898B2 (en) Network policy configuration
US11184768B2 (en) Methods and systems for automatically connecting to a network
US11184767B2 (en) Methods and systems for automatically connecting to a network
WO2019149097A1 (fr) Procédé et système pour appareil attendant une configuration de réseau pour accéder à un appareil de réseau de zone d'accès sans fil
WO2019011203A1 (fr) Procédé, dispositif et système d'accès de dispositif
CN112272958A (zh) 预关联状态下收到的网络地址策略信息
US20170238183A1 (en) Mac address-bound wlan password
JP6970256B2 (ja) ネットワーク環境におけるピア電子デバイスによるリモート電子デバイスの構成
WO2018045983A1 (fr) Procédé et dispositif de traitement d'informations, et système de réseau
US11564092B2 (en) Methods and systems for automatically connecting to a network
CN110139274A (zh) 一种蓝牙设备的鉴权方法、电子设备和可存储介质
CN110225516A (zh) 一种无线网络的连接方法及系统
CN118632247A (zh) Wlan多链路tdls密钥导出
CN110602693B (zh) 无线网络的组网方法和设备
WO2022147843A1 (fr) Procédé et appareil d'authentification d'accès
US20230107045A1 (en) Method and system for self-onboarding of iot devices
EP4092957A1 (fr) Systèmes et procédés de communication hors ligne poste à poste sécurisés et fiables
US20220174490A1 (en) System, method, storage medium and equipment for mobile network access
EP4187953A1 (fr) Procédé, appareil et système de communication
WO2022116110A1 (fr) Procédé et appareil d'authentification d'accès, dispositif et support de stockage
JP2008244945A (ja) 無線接続環境設定システム、無線接続環境設定サーバ、情報端末、及び、プログラム
WO2022217602A1 (fr) Procédé permettant d'établir une relation de liaison de dispositifs, et dispositif
WO2022104740A1 (fr) Procédé et appareil de mise à jour d'informations d'abonnement à un réseau non public
WO2023000318A1 (fr) Procédé de vérification d'adresse et dispositif correspondant

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 202180080426.0

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21916896

Country of ref document: EP

Kind code of ref document: A1