WO2023230979A1 - Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage - Google Patents
Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage Download PDFInfo
- Publication number
- WO2023230979A1 WO2023230979A1 PCT/CN2022/096796 CN2022096796W WO2023230979A1 WO 2023230979 A1 WO2023230979 A1 WO 2023230979A1 CN 2022096796 W CN2022096796 W CN 2022096796W WO 2023230979 A1 WO2023230979 A1 WO 2023230979A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- noc
- negotiation
- identification code
- key
- message
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 165
- 238000004891 communication Methods 0.000 claims abstract description 53
- 230000004044 response Effects 0.000 claims description 54
- 238000004590 computer program Methods 0.000 claims description 26
- 230000015654 memory Effects 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 10
- 230000008569 process Effects 0.000 description 13
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000004378 air conditioning Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000001356 surgical procedure Methods 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Definitions
- Figure 10 is a schematic structural diagram of a device for establishing an interoperability channel provided by another embodiment of the present application.
- Figure 1 exemplarily shows a first device 110 and a second device 120, but the embodiment of the present application is not limited thereto.
- the wireless communication system 100 may include multiple first devices and/or multiple second devices.
- a first device may control multiple second devices, or a second device may receive multiple first devices.
- the second device may refer to a smart home device such as a smart air conditioner or a smart TV
- the first device may also refer to a terminal device that controls the smart home device, such as a mobile phone, a tablet computer, etc.
- the first device can control the smart home device, for example, control to turn on the air conditioner, turn on the TV, control and adjust the air conditioner temperature or adjust the air conditioner mode, etc.
- Figure 2 is a schematic flowchart of a method for establishing an interoperability channel provided by an embodiment of the present application. The method shown in Figure 2 is described from the perspective of interaction between the first device and the second device.
- the first device and the second device may be, for example, the first device 110 and the second device 120 in FIG. 1 .
- the certificate chain may include the RCAC of the first device and the second NOC, and the second NOC may include the public key corresponding to the second NOC.
- the private key corresponding to the second NOC can only be stored in the second device.
- the interoperability certificate chain of the second device may also be configured by other devices.
- the device used to configure the interoperability certificate chain to the second device may be called a commissioning specialist (commissioner).
- the CA certificate of the first device may refer to the RCAC certificate of the first device, or may refer to the ICAC certificate of the first device, which is not limited in this application embodiment.
- the CA certificate of the first device included in the first data may refer to the ICAC certificate of the first device; if the first device When the device and the second device perform identity verification based on the secondary interoperability certificate chain, the CA certificate of the first device included in the first data may refer to the RCAC certificate of the first device.
- the second device when the first device and the second device negotiate a shared key, the second device can return a temporary identity code to the first device. Therefore, in some embodiments, this second device is used to provide the first device with a temporary identity code.
- the scheme in which a device returns a temporary identification code can also be called a scheme in which a temporary identification code is used.
- the interoperability channel can be divided into different types according to the different ways in which the first device and the second device negotiate the shared key.
- the first device and the second device negotiate a shared key based on the NOC, and the type of the corresponding interoperation channel is an NOC-based interoperation channel.
- the key negotiation method supported by the first device may also be referred to as the type of interoperability establishment supported by the first device. Therefore, in some embodiments, the fourth message may also be called an interoperation session establishment request message, which is not limited by this application.
- step S7050 the configuration between the first device and the second device ends, and the configuration channel exits.
- the first device can generate a random number r1, and then use the private key corresponding to the first NOC to pair the first NOC, the first device's CA certificate (for example, the first device's ICAC), and the random number r1 Encrypt one or more of the following information to obtain the first signature sign1, and further obtain the first data.
- the first data may include one or more of the following information: the first NOC, the CA certificate of the first device (for example, , ICAC of the first device), random number r1, first signature sign1.
- the first device can encrypt the first data using the identification code of the first device.
- the index corresponding to the identification code is a non-zero value or a non-full F value.
- the first device can decrypt the second data using the private key corresponding to the first NOC, and use the second NOC (for example, the public key corresponding to the second NOC) to decrypt the second signature sign2 , to verify the identity of the second device.
- the second NOC for example, the public key corresponding to the second NOC
- the second device may send a third response to the first device, return an error code, and inform the first device that it needs to enter the temporary identity code returned by the second device for the first device.
- step S8100 the second device generates a shared key based on the first NOC and the second NOC.
- the second device after the second device decrypts the first data, it can use the public key corresponding to the first NOC to verify the first signature sign1 to verify the identity of the first device and the authenticity of the key pair of the first device.
- the apparatus 900 further includes: an encryption module, configured to encrypt the first data according to the identification code of the first device.
- the apparatus 1000 further includes: a verification module, configured to verify the first NOC using the CA certificate of the first device.
- the second negotiation module further includes: a third receiving module, configured to receive a second message sent by the first device, where the second message is used to configure the first identity code.
Abstract
L'invention concerne un procédé et un appareil d'établissement d'un canal d'interopérabilité, ainsi qu'une puce et un support de stockage. Le procédé comprend : la négociation par un premier dispositif avec un second dispositif d'une clé partagée selon un premier certificat d'interopérabilité de nœud du premier dispositif ; l'établissement par le premier dispositif et le second dispositif d'un canal d'interopérabilité basé sur une clé partagée ; et l'envoi par le premier dispositif d'une instruction de commande au second dispositif au moyen du canal d'interopérabilité de façon à commander le second dispositif, le premier dispositif étant un dispositif terminal et le second dispositif étant un dispositif de véhicule. Dans des modes de réalisation de la présente demande, le premier dispositif et le second dispositif peuvent négocier, sur la base du certificat d'interopérabilité de nœud, la clé partagée correspondant au canal d'interopérabilité, de sorte que la sécurité et la fiabilité de communication du canal d'interopérabilité sont assurées et la commande de sécurité du premier dispositif sur le second dispositif est obtenue. La négociation de la clé partagée sur la base du certificat d'interopérabilité de nœud permet de faciliter la réduction du risque de divulgation de la clé partagée.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2022/096796 WO2023230979A1 (fr) | 2022-06-02 | 2022-06-02 | Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2022/096796 WO2023230979A1 (fr) | 2022-06-02 | 2022-06-02 | Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023230979A1 true WO2023230979A1 (fr) | 2023-12-07 |
Family
ID=89026774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/096796 WO2023230979A1 (fr) | 2022-06-02 | 2022-06-02 | Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2023230979A1 (fr) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109309910A (zh) * | 2018-10-30 | 2019-02-05 | 深圳市元征科技股份有限公司 | 通信数据传输方法、系统、设备及计算机可读存储介质 |
CN109842862A (zh) * | 2017-11-29 | 2019-06-04 | 通用汽车环球科技运作有限责任公司 | 在车辆中建立安全短程无线通信连接 |
CN111194028A (zh) * | 2019-11-05 | 2020-05-22 | 储长青 | 一种基于车辆的安全控制方法 |
US20210367767A1 (en) * | 2020-05-21 | 2021-11-25 | Marvell Asia Pte. Ltd. | Methods and systems for secure network communication |
-
2022
- 2022-06-02 WO PCT/CN2022/096796 patent/WO2023230979A1/fr unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842862A (zh) * | 2017-11-29 | 2019-06-04 | 通用汽车环球科技运作有限责任公司 | 在车辆中建立安全短程无线通信连接 |
CN109309910A (zh) * | 2018-10-30 | 2019-02-05 | 深圳市元征科技股份有限公司 | 通信数据传输方法、系统、设备及计算机可读存储介质 |
CN111194028A (zh) * | 2019-11-05 | 2020-05-22 | 储长青 | 一种基于车辆的安全控制方法 |
US20210367767A1 (en) * | 2020-05-21 | 2021-11-25 | Marvell Asia Pte. Ltd. | Methods and systems for secure network communication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019153701A1 (fr) | Procédé et appareil d'obtention d'identification de dispositif | |
US11736304B2 (en) | Secure authentication of remote equipment | |
CN110235424A (zh) | 用于在通信系统中提供和管理安全信息的设备和方法 | |
US9755824B2 (en) | Power line based theft protection of electronic devices | |
CN105472192A (zh) | 实现控制安全授权和分享的智能设备、终端设备及方法 | |
US11019489B2 (en) | Automatically connecting to a secured network | |
CN112449323B (zh) | 一种通信方法、装置和系统 | |
CN111355684B (zh) | 一种物联网数据传输方法、装置、系统、电子设备及介质 | |
US10708769B2 (en) | Cloud assisted accessory pairing | |
WO2022160124A1 (fr) | Procédé et appareil de gestion d'autorisation de service | |
WO2023279897A1 (fr) | Procédé et système de liaison sécurisée, support de stockage et appareil électronique | |
WO2021022406A1 (fr) | Procédé et dispositif d'authentification d'identité | |
CN113301537B (zh) | 用于建立通信连接的方法、装置、电子设备以及存储介质 | |
WO2023279283A1 (fr) | Procédé pour établir des communications sécurisées de véhicule, et véhicule, terminal et système | |
WO2022041151A1 (fr) | Procédé de vérification de dispositif, dispositif et nuage | |
WO2023230979A1 (fr) | Procédé et appareil d'établissement de canal d'interopérabilité et puce et support de stockage | |
CN114785532B (zh) | 一种基于双向签名认证的安全芯片通信方法及装置 | |
WO2023230983A1 (fr) | Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage | |
CN113141333A (zh) | 入网设备的通信方法、设备、服务器、系统及存储介质 | |
WO2023230975A1 (fr) | Procédé et appareil d'établissement de canal d'interfonctionnement, puce, et support de stockage | |
WO2022094936A1 (fr) | Procédé d'accès, dispositif, et dispositif de plateforme en nuage | |
CN113455032B (zh) | 通信方法、通信装置及计算机可读介质 | |
KR20210060282A (ko) | 하드웨어 보안 모듈을 이용한 클라우드를 통한 IoT(Internet of Thing) 디바이스 인증 시스템 및 방법 | |
EP4184857A1 (fr) | Procédé de couplage de noeuds bluetooth et appareil associé | |
WO2023240587A1 (fr) | Procédé et appareil de configuration de permissions de dispositif, et dispositif terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22944309 Country of ref document: EP Kind code of ref document: A1 |