WO2023230979A1 - Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage - Google Patents

Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage Download PDF

Info

Publication number
WO2023230979A1
WO2023230979A1 PCT/CN2022/096796 CN2022096796W WO2023230979A1 WO 2023230979 A1 WO2023230979 A1 WO 2023230979A1 CN 2022096796 W CN2022096796 W CN 2022096796W WO 2023230979 A1 WO2023230979 A1 WO 2023230979A1
Authority
WO
WIPO (PCT)
Prior art keywords
noc
negotiation
identification code
key
message
Prior art date
Application number
PCT/CN2022/096796
Other languages
English (en)
Chinese (zh)
Inventor
包永明
吕小强
茹昭
张军
杨宁
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2022/096796 priority Critical patent/WO2023230979A1/fr
Publication of WO2023230979A1 publication Critical patent/WO2023230979A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Definitions

  • Figure 10 is a schematic structural diagram of a device for establishing an interoperability channel provided by another embodiment of the present application.
  • Figure 1 exemplarily shows a first device 110 and a second device 120, but the embodiment of the present application is not limited thereto.
  • the wireless communication system 100 may include multiple first devices and/or multiple second devices.
  • a first device may control multiple second devices, or a second device may receive multiple first devices.
  • the second device may refer to a smart home device such as a smart air conditioner or a smart TV
  • the first device may also refer to a terminal device that controls the smart home device, such as a mobile phone, a tablet computer, etc.
  • the first device can control the smart home device, for example, control to turn on the air conditioner, turn on the TV, control and adjust the air conditioner temperature or adjust the air conditioner mode, etc.
  • Figure 2 is a schematic flowchart of a method for establishing an interoperability channel provided by an embodiment of the present application. The method shown in Figure 2 is described from the perspective of interaction between the first device and the second device.
  • the first device and the second device may be, for example, the first device 110 and the second device 120 in FIG. 1 .
  • the certificate chain may include the RCAC of the first device and the second NOC, and the second NOC may include the public key corresponding to the second NOC.
  • the private key corresponding to the second NOC can only be stored in the second device.
  • the interoperability certificate chain of the second device may also be configured by other devices.
  • the device used to configure the interoperability certificate chain to the second device may be called a commissioning specialist (commissioner).
  • the CA certificate of the first device may refer to the RCAC certificate of the first device, or may refer to the ICAC certificate of the first device, which is not limited in this application embodiment.
  • the CA certificate of the first device included in the first data may refer to the ICAC certificate of the first device; if the first device When the device and the second device perform identity verification based on the secondary interoperability certificate chain, the CA certificate of the first device included in the first data may refer to the RCAC certificate of the first device.
  • the second device when the first device and the second device negotiate a shared key, the second device can return a temporary identity code to the first device. Therefore, in some embodiments, this second device is used to provide the first device with a temporary identity code.
  • the scheme in which a device returns a temporary identification code can also be called a scheme in which a temporary identification code is used.
  • the interoperability channel can be divided into different types according to the different ways in which the first device and the second device negotiate the shared key.
  • the first device and the second device negotiate a shared key based on the NOC, and the type of the corresponding interoperation channel is an NOC-based interoperation channel.
  • the key negotiation method supported by the first device may also be referred to as the type of interoperability establishment supported by the first device. Therefore, in some embodiments, the fourth message may also be called an interoperation session establishment request message, which is not limited by this application.
  • step S7050 the configuration between the first device and the second device ends, and the configuration channel exits.
  • the first device can generate a random number r1, and then use the private key corresponding to the first NOC to pair the first NOC, the first device's CA certificate (for example, the first device's ICAC), and the random number r1 Encrypt one or more of the following information to obtain the first signature sign1, and further obtain the first data.
  • the first data may include one or more of the following information: the first NOC, the CA certificate of the first device (for example, , ICAC of the first device), random number r1, first signature sign1.
  • the first device can encrypt the first data using the identification code of the first device.
  • the index corresponding to the identification code is a non-zero value or a non-full F value.
  • the first device can decrypt the second data using the private key corresponding to the first NOC, and use the second NOC (for example, the public key corresponding to the second NOC) to decrypt the second signature sign2 , to verify the identity of the second device.
  • the second NOC for example, the public key corresponding to the second NOC
  • the second device may send a third response to the first device, return an error code, and inform the first device that it needs to enter the temporary identity code returned by the second device for the first device.
  • step S8100 the second device generates a shared key based on the first NOC and the second NOC.
  • the second device after the second device decrypts the first data, it can use the public key corresponding to the first NOC to verify the first signature sign1 to verify the identity of the first device and the authenticity of the key pair of the first device.
  • the apparatus 900 further includes: an encryption module, configured to encrypt the first data according to the identification code of the first device.
  • the apparatus 1000 further includes: a verification module, configured to verify the first NOC using the CA certificate of the first device.
  • the second negotiation module further includes: a third receiving module, configured to receive a second message sent by the first device, where the second message is used to configure the first identity code.

Abstract

L'invention concerne un procédé et un appareil d'établissement d'un canal d'interopérabilité, ainsi qu'une puce et un support de stockage. Le procédé comprend : la négociation par un premier dispositif avec un second dispositif d'une clé partagée selon un premier certificat d'interopérabilité de nœud du premier dispositif ; l'établissement par le premier dispositif et le second dispositif d'un canal d'interopérabilité basé sur une clé partagée ; et l'envoi par le premier dispositif d'une instruction de commande au second dispositif au moyen du canal d'interopérabilité de façon à commander le second dispositif, le premier dispositif étant un dispositif terminal et le second dispositif étant un dispositif de véhicule. Dans des modes de réalisation de la présente demande, le premier dispositif et le second dispositif peuvent négocier, sur la base du certificat d'interopérabilité de nœud, la clé partagée correspondant au canal d'interopérabilité, de sorte que la sécurité et la fiabilité de communication du canal d'interopérabilité sont assurées et la commande de sécurité du premier dispositif sur le second dispositif est obtenue. La négociation de la clé partagée sur la base du certificat d'interopérabilité de nœud permet de faciliter la réduction du risque de divulgation de la clé partagée.
PCT/CN2022/096796 2022-06-02 2022-06-02 Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage WO2023230979A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/096796 WO2023230979A1 (fr) 2022-06-02 2022-06-02 Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/096796 WO2023230979A1 (fr) 2022-06-02 2022-06-02 Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage

Publications (1)

Publication Number Publication Date
WO2023230979A1 true WO2023230979A1 (fr) 2023-12-07

Family

ID=89026774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/096796 WO2023230979A1 (fr) 2022-06-02 2022-06-02 Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage

Country Status (1)

Country Link
WO (1) WO2023230979A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309910A (zh) * 2018-10-30 2019-02-05 深圳市元征科技股份有限公司 通信数据传输方法、系统、设备及计算机可读存储介质
CN109842862A (zh) * 2017-11-29 2019-06-04 通用汽车环球科技运作有限责任公司 在车辆中建立安全短程无线通信连接
CN111194028A (zh) * 2019-11-05 2020-05-22 储长青 一种基于车辆的安全控制方法
US20210367767A1 (en) * 2020-05-21 2021-11-25 Marvell Asia Pte. Ltd. Methods and systems for secure network communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109842862A (zh) * 2017-11-29 2019-06-04 通用汽车环球科技运作有限责任公司 在车辆中建立安全短程无线通信连接
CN109309910A (zh) * 2018-10-30 2019-02-05 深圳市元征科技股份有限公司 通信数据传输方法、系统、设备及计算机可读存储介质
CN111194028A (zh) * 2019-11-05 2020-05-22 储长青 一种基于车辆的安全控制方法
US20210367767A1 (en) * 2020-05-21 2021-11-25 Marvell Asia Pte. Ltd. Methods and systems for secure network communication

Similar Documents

Publication Publication Date Title
WO2019153701A1 (fr) Procédé et appareil d'obtention d'identification de dispositif
US11736304B2 (en) Secure authentication of remote equipment
CN110235424A (zh) 用于在通信系统中提供和管理安全信息的设备和方法
US9755824B2 (en) Power line based theft protection of electronic devices
CN105472192A (zh) 实现控制安全授权和分享的智能设备、终端设备及方法
US11019489B2 (en) Automatically connecting to a secured network
CN112449323B (zh) 一种通信方法、装置和系统
CN111355684B (zh) 一种物联网数据传输方法、装置、系统、电子设备及介质
US10708769B2 (en) Cloud assisted accessory pairing
WO2022160124A1 (fr) Procédé et appareil de gestion d'autorisation de service
WO2023279897A1 (fr) Procédé et système de liaison sécurisée, support de stockage et appareil électronique
WO2021022406A1 (fr) Procédé et dispositif d'authentification d'identité
CN113301537B (zh) 用于建立通信连接的方法、装置、电子设备以及存储介质
WO2023279283A1 (fr) Procédé pour établir des communications sécurisées de véhicule, et véhicule, terminal et système
WO2022041151A1 (fr) Procédé de vérification de dispositif, dispositif et nuage
WO2023230979A1 (fr) Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage
CN114785532B (zh) 一种基于双向签名认证的安全芯片通信方法及装置
WO2023230983A1 (fr) Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage
CN113141333A (zh) 入网设备的通信方法、设备、服务器、系统及存储介质
WO2023230975A1 (fr) Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage
WO2022094936A1 (fr) Procédé d'accès, dispositif, et dispositif de plateforme en nuage
CN113455032B (zh) 通信方法、通信装置及计算机可读介质
KR20210060282A (ko) 하드웨어 보안 모듈을 이용한 클라우드를 통한 IoT(Internet of Thing) 디바이스 인증 시스템 및 방법
EP4184857A1 (fr) Procédé de couplage de noeuds bluetooth et appareil associé
WO2023240587A1 (fr) Procédé et appareil de configuration de permissions de dispositif, et dispositif terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22944309

Country of ref document: EP

Kind code of ref document: A1