CN102957584A - Home network equipment management method, control equipment and home network equipment - Google Patents
Home network equipment management method, control equipment and home network equipment Download PDFInfo
- Publication number
- CN102957584A CN102957584A CN2011102465599A CN201110246559A CN102957584A CN 102957584 A CN102957584 A CN 102957584A CN 2011102465599 A CN2011102465599 A CN 2011102465599A CN 201110246559 A CN201110246559 A CN 201110246559A CN 102957584 A CN102957584 A CN 102957584A
- Authority
- CN
- China
- Prior art keywords
- certificate
- home network
- network device
- equipment
- main equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 58
- 230000004044 response Effects 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 9
- 230000003993 interaction Effects 0.000 abstract 1
- 230000008569 process Effects 0.000 description 26
- 101000826116 Homo sapiens Single-stranded DNA-binding protein 3 Proteins 0.000 description 8
- 102100023008 Single-stranded DNA-binding protein 3 Human genes 0.000 description 8
- 241000269838 Thunnus thynnus Species 0.000 description 5
- 208000033748 Device issues Diseases 0.000 description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000011423 initialization method Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000004846 x-ray emission Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
- H04W84/20—Leader-follower arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a home network equipment management method, control equipment and home network equipment and belongs to the field of home networks. The method includes: the control equipment and the home network equipment are subjected to mutual authentication; and the control equipment receives a first certificate and a second certificate which are sent by master equipment, and sends the first certificate and the second certificate to the home network equipment. The home network equipment and the master equipment are subjected to mutual authentication for setup of trust relation to join in an equipment group, the master equipment issues the master equipment certificates for authentication to the home network equipment, and the certificates issued by the master equipment are used for guaranteeing safety in subsequent interaction between the master equipment and the home network equipment and among the home network equipment and other devices in the groups.
Description
Technical field
The present invention relates to field of home networks, particularly a kind of management method of home network device, control appliance and home network device.
Background technology
Development along with digital home, and the common numbers of consumption electronic product itself, increasing digitized amusement equipment and household appliances are just appearring in the family, and these amusement equipment and household appliances are connected into home network in wired or wireless mode, with functions such as the shared or mutual controls of realization content, it is the digital home network concept that industry is being conceived and striven for.The tissue of being devoted at present the exploitation of home network interworking standard mainly contains UPnP (Universal Plug and Play, UPnP), DLNA (Digital Living Network Alliance, DLNA), IGRS (Intelligent Grouping and Resource Sharing, resource-sharing cooperation with service) etc.Provided the concept of equipment group in the existing protocol, a plurality of equipment can form an equipment group.The equipment component is two types of peer device group and master-slave equipment groups, and the former is equal all devices and the latter has main equipment.Can realize the application such as editing equipment management of concentrating by the master-slave equipment group.
When practical application master-slave equipment group is carried out that household equipment control, management and media are shared etc. and used, need to consider some row safety problems.A problem that wherein will solve is: how new equipment builds up mutual trust with the main equipment of equipment group behind the home network and joins in the group if adding, so as to accept main equipment management and with group in other device securities exchange visits.UPnP has formulated a cover safety standard; CP (Control Point; use WPS (Wi-Fi Protected Setup when the control point) for the first time mutual with equipment; Wi-Fi protects setting) agreement is by PIN (the Personal Identification Number of user CP or equipment input the other side; the personal identification number) code is finished mutual trust; both sides preserve the other side's self-signed certificate, and CP is follow-up to be communicated by tls protocol with equipment.
After prior art was analyzed, the inventor found that prior art has following shortcoming at least:
In the prior art, CP and equipment can only be set up both sides' trusting relationship, when new equipment adds the equipment group, need to repeat the identical step that breaks the wall of mistrust and concern with CP, main equipment with other equipment, reciprocal process between the equipment is complicated, and the user need to repeatedly input PIN code, experiences relatively poor.
Summary of the invention
The embodiment of the invention provides a kind of management method, control appliance and home network device of home network device.Described technical scheme is as follows:
A kind of management method of home network device comprises:
Control appliance and home network device authenticate mutually;
After described mutual authentication is passed through, described control appliance receives First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Described control appliance sends to described home network device with described First Certificate and described the second certificate, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
A kind of management method of home network device, control appliance is main equipment, comprising:
Main equipment and home network device authenticate mutually;
After described mutual authentication is passed through, described main equipment sends to described home network device with First Certificate and the second certificate, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment.
A kind of management method of home network device comprises:
Home network device and control appliance authenticate mutually;
After described mutual authentication is passed through, described home network device receives First Certificate and the second certificate from described control appliance, use described First Certificate and described the second certificate to add the equipment group, and use the equipment in described First Certificate and the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
A kind of control appliance comprises:
Authentication module is used for mutually authenticating with home network device;
Receiver module, be used for after described mutual authentication is passed through, receive First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Sending module, be used for described First Certificate and described the second certificate are sent to described home network device, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
A kind of control appliance comprises:
Authentication module is used for mutually authenticating with home network device;
Sending module, be used for after described mutual authentication is passed through, First Certificate and the second certificate are sent to described home network device, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment.
A kind of home network device, described home network device comprises:
Authentication module is used for mutually authenticating with control appliance;
Receiver module is used for receiving First Certificate and the second certificate from described control appliance after described mutual authentication is passed through;
Adding equipment pack module is used for using described First Certificate and described the second certificate to add the equipment group at described main equipment place;
Communication module is used for using the equipment of described First Certificate and the second certificate and described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
By home network device and main equipment mutually authenticate to break the wall of mistrust relation and add the equipment group, by main equipment be home network device issue for the authentication the main equipment certificate, between follow-up main equipment and this home network device, the mutual certificate of all issuing with main equipment in home network device and other groups between the equipment guarantees safety, owing to the certificate from equipment all is that main equipment is issued, then when the equipment in this home network device and the equipment group communicates, can be by the certificate that uses main equipment the to issue relation of verifying to break the wall of mistrust, in this process, do not need user's again participation, do not need to utilize between the equipment in home network device and this equipment group content such as facility information to carry out complicated mutual authentication yet, simplified the reciprocal process between the equipment.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention;
Fig. 2 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention;
Fig. 3 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention;
Fig. 4 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention;
Fig. 5 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention;
Fig. 6 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Fig. 7 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Fig. 8 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Fig. 9 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Figure 10 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Figure 11 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Figure 12 is the structural representation of a kind of control appliance of providing of the embodiment of the invention;
Figure 13 is the structural representation of a kind of home network device of providing of the embodiment of the invention;
Figure 14 is the structural representation of a kind of home network device of providing of the embodiment of the invention;
Figure 15 is the structural representation of a kind of home network device of providing of the embodiment of the invention;
Figure 16 is the structural representation of a kind of home network device of providing of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Before introducing the management method of home network device provided by the invention, at first rudimentary knowledge of the present invention is carried out concise and to the point introduction:
Having defined two kinds of logic entity: CP of CP (Control Point, control point) and Device (UPnP equipment) in the UPnP standard uses UPnP agreements and devices communicating and equipment is controlled; And between CP and the CP, can not be by the directly mutually control of UPnP agreement between equipment and the equipment.
Similarly, also define two logic entities of client and equipment in the IGRS agreement, be similar to CP and equipment among the UPnP in the behavior.This framework has been realized distributed network, and a plurality of CP/ clients and a plurality of equipment namely may be arranged in the home network, and does not have the concept of control centre's equipment.
Fig. 1 is the flow chart of the security initialization method of a kind of home network device of providing of the embodiment of the invention, the method can be applied among UPnP or the IGRS, present embodiment describes as an example of the UPnP standard example, under this kind standard, executive agent is control appliance, be specially the control point, referring to Fig. 1, the method comprises:
101, control point and home network device authenticate mutually;
In the present embodiment, in the process that control point and home network device authenticate mutually, its authentication information can comprise PIN code or keeper's account information of home network device.Be that authentication information is fed back to home network device in the control point by control appliance, so that home network device authenticates the control point according to authentication information, and return authentication result, the control point authenticates home network device according to authentication result, its verification process is prior art, does not repeat them here.In addition, those skilled in the art can know, PIN code or keeper's account information of the home network device that the control point can be by receiving user's input are obtained authentication information.
102, after described mutual authentication is passed through, described control appliance receives First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Those skilled in the art can know that the control point can obtain the facility information of home network device, and after authentication is passed through mutually, this facility information are sent to the main equipment of equipment group.Facility information comprises following any one at least: device identification, PKI, equipment Serial Number, UUID, identification of the manufacturer and the date of production etc.
Can comprise PKI in the facility information, also can not comprise PKI, when family's network equipment has the ability that produces PKI, when receiving the IGRS order at control point, can generate a pair of PKI and private key, and PKI is included in sends to the control point in the facility information, be transmitted to again the main equipment of equipment group by the control point; And when family's network equipment does not have the ability that produces PKI, do not comprise PKI in the facility information, control point and main equipment are set up escape way (TLS (Transport Layer Security for example, the safe transmission layer protocol)), main equipment generates a pair of PKI and private key, and private key sent to the control point by described escape way, by the control point this private key is sent to home network device.
103, the control point sends to described home network device with described First Certificate and described the second certificate, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
Fig. 2 is the flow chart of the security initialization method of a kind of home network device of providing of the embodiment of the invention, and the method can be applied among UPnP or the IGRS, and present embodiment describes as an example of the IGRS standard example, under this kind standard, executive agent is main equipment, and referring to Fig. 2, the method comprises:
201, main equipment and home network device authenticate mutually;
202, after this mutually authenticates and passes through, described main equipment sends to described home network device with First Certificate and the second certificate, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment.
Fig. 3 is the flow chart of the security initialization method of a kind of home network device of providing of the embodiment of the invention, the method can be applied among UPnP or the IGRS, and the executive agent of this embodiment is home network device, referring to Fig. 3, control appliance is the main equipment of control point or equipment group, and the method comprises:
301, home network device and control appliance authenticate mutually;
302, after mutual authentication is passed through, described home network device receives First Certificate and the second certificate from described control appliance, use described First Certificate and described the second certificate to add the equipment group, and use the equipment in described First Certificate and the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment.
In the present embodiment, when in family's network equipment and the network issue other devices communicatings of certificate by same main equipment the time, can use the certificate information of the main equipment of preservation to verify the certificate of other equipment, all be that main equipment is issued between the equipment of certificate and can directly be trusted each other.Particularly, the PKI that can comprise main equipment in the certificate information of the main equipment that home network device is preserved, when connecting (such as TLS) acquisition the other side certificate with other equipment, can use the signing messages of this public key verifications the other side certificate, learn that thus its certificate also is that main equipment is issued.Other equipment also can make and authenticate in a like fashion this new equipment.
By home network device and main equipment mutually authenticate to break the wall of mistrust relation and add the equipment group, by main equipment be home network device issue for the authentication the main equipment certificate, between follow-up main equipment and this home network device, the mutual certificate of all issuing with main equipment in home network device and other groups between the equipment guarantees safety, owing to the certificate from equipment all is that main equipment is issued, then when the equipment in this home network device and the equipment group communicates, can be by the certificate that uses main equipment the to issue relation of verifying to break the wall of mistrust, in this process, do not need user's again participation, do not need to utilize between the equipment in home network device and this equipment group content such as facility information to carry out complicated mutual authentication yet, simplified the reciprocal process between the equipment.
Fig. 4 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention, in the present embodiment, only take applied environment as UPnP, executive agent describes as the control point as example, comprise the equipment group in this home network, the equipment group comprises control point, main equipment and a plurality of from equipment, an existing home network device adds this network, and referring to Fig. 4, the method comprises:
401: home network device is reached the standard grade, and sends SSDP alive multicast message, and this SSDP alive multicast message carries the UUID (Universally Unique Identifier, general unique identifier) of home network device;
In the present embodiment, home network device sends SSDP alive multicast message in home network, and this message is the equipment on-line message, is used for this home network device of notice control point and reaches the standard grade.
402: when the control point receives SSDP alive multicast message, the UUID that carries by SSDP alive multicast message judges whether this home network device has added this home network;
If not, execution in step 403;
If so, finish.
In the present embodiment, a list of devices that has added home network is preserved at the control point, can comprise the UUID, device name of equipment etc. in the tabulation.Particularly, this step 402 comprises: judge in the list of devices at control point whether comprise this UUID, if, illustrate that then this home network device registers at the control point, be the existing device in the home network, if not, illustrate that then this home network device does not add this home network, be new log equipment.
403: when family's network equipment did not add this home network, the control point sent the IGRS control command to home network device;
Alternatively, this IGRS control command is HTTP POST message, and this IGRS control command is carried keeper's account information.
404: home network device returns the response of refusal command request to the control point, the home network device authentication information is carried in this response;
In the present embodiment since this moment home network device and the control point relation that also do not break the wall of mistrust, then home network device can return the response of refusing command request;
For example, this response can be " 401 Unauthorized ", and alternatively, following information is carried in this response: random value RAND, challenging value CHAL, device authentication information A TUN, session key resource SKEY, set of algorithms ALGO and authentication information type TYPE.
After CP receives above-mentioned response, can according to the set of algorithms of response indicating, at first check the AUTN value of home network device whether correct by the PIN/ADMIN value of RAND and acquisition; Then, use the PIN/ADMIN of the home network device of CHAL in the above-mentioned message and acquisition to calculate authentication result RES, again send control command and carry therein authentication result RES.In addition, CP also needs to calculate key EKey and the IKey of the follow-up use of this session with the SKEY in the response.Wherein, Ekey is used for authenticating by rear CP and home network device coded communication data, and Ikey is for the integrity protection of CP after this step and home network device communication data.
The information of carrying in this response specifically is used for:
1) random value RAND, home network device use this random value and PIN code/keeper's account information to calculate and generate the home network device authentication information.After CP is known equipment PIN code/keeper's account information, adopt the algorithm in the set of algorithms that the PIN code of this random value and equipment/Administrator account's information is calculated, obtain the authentication information of home network device, according to this authentication information home network device is authenticated.
2) challenging value CHAL, this challenging value are random number, and home network device authenticates CP with this challenging value.CP uses the PIN code of this challenging value and home network device/keeper's account information to calculate authenticated client information, and is carrying when home network device is retransmitted control command.
3) home network device authentication information ATUN, home network device use RAND and PIN code/keeper's account information to calculate this home network device authentication information ATUN.After CP is known equipment PIN code/keeper's account information, can authenticate home network device with RAND calculating.Then CP compares with the ATUN that calculates and the ATUN value of reception by calculating the ATUN value, if consistent, then home network device is by authentication.
4) session key resource SKEY is not intercepted and decodes by the third party with the information of communicating by letter between the home network device for the protection of CP.The material SKEY2 that wherein comprises the material SKEY1 that calculates encryption key and calculate the message integrity key calculates the resource of the key (encryption key EKey, message integrity key IKey) of this session back for home network device and CP.
5) set of algorithms ALGO, set of algorithms is used to indicate the method for calculating authentication information, and the algorithm of session encryption.For example, use the hashing algorithm such as the message authentication mechanisms such as MAC, HMAC or MD5, SHA1, SHA256 or use the DEAs such as AES, 3DES.
6) authentication information type TYPE is used for distinguishing authentication information, and authentication information can be PIN code, keeper's account or other information, and the value of this authentication information type can be " PIN " or " ADMIN ".In the reality, home network device determines what is worth to authenticate the client with according to the configuring condition that dispatches from the factory of oneself, PIN or Admin account information can be presented in verification process on the home network device screen, and perhaps the user goes the label on the physical equipment to find this information; In the upper input of client's UI (User Interface, user interface), UI can be display screen behind user's reading out data.
In addition, home network device also needs oneself to calculate and preserve the session key of using after a while, and is used for whether correct check code (XRES) of authentication information that check CP returns.In the reality, this step also can again operation after receiving the CP answer.
405: the control point receives response, according to response home network device is authenticated, and authentication by the time send command request information to home network device, carry authentication in this command request information and pass through information;
In the present embodiment, authentication comprises PIN code or administrator's information of home network device by information.Particularly, when home network device networks, the PIN code of this home network device of interface input that the user can provide at the control point is in order to add home network device in the management, perhaps, the interface input keeper user profile that the user can provide at the control point, through authentication calculations, this control point of notice home network device is the legal control appliance in the network.
Illustrate, the method that the authentication information of replying according to above-mentioned response and CP authenticates can be as follows:
When CP receives response, algorithm according to appointment in the response calculates random value, if what obtain in the AUTN that calculates and the response is consistent, can assert that then home network device is believable, authentication authorization and accounting equipment passes through, to home network device return authentication RES as a result, be used for home network device authentication control point.
EKey=SHA1(SKEY1||PIN)
IKey=SHA1(SKEY2||PIN)
Those skilled in the art can know that SHA1 is a kind of hash (Hash) algorithm, || expression is with SKEY1 and the splicing of PIN numerical value.
406: when home network device receives command request information, the control point is authenticated by information according to the authentication of carrying in the command request information, and authentication by the time pass through information to control point feedback authentication;
Particularly, this home network device receives authentication by after the information, carrying out preset algorithm according to authentication by information calculates, calculate XRES or compare the RES value of carrying in the message with the XRES that calculates before, think that if the two is identical the control point is believable, i.e. control point authentication is passed through.Home network device returns the response message of this order to the control point.This moment, control point and home network device were obtained mutual trust, and home network device is obeyed the control at control point fully.The session of back will be encrypted by the EKey that both sides know, IKey verifies message integrity.
Above-mentioned steps 401 to 406 is the mutual authentication process between home network device and the control point, between home network device and the control point by this verification process relation of gaining credit, need to prove, algorithm in this verification process and home network device and control point mutual, be prior art, do not repeat them here.
407: the authentication that receives home network device feedback when the control point is during by information, and control point notice home network device generates a pair of PKI and private key, and to home network device transmission group announcement message;
Wherein, the main equipment information of Portable device group information and this equipment group in this group announcement message; The equipment group information that home network device can provide according to the control point and the main equipment information of equipment group add the equipment group.The main equipment information of this equipment group information and this equipment group can also be carried by group announcement message and main equipment announcement message respectively, then in the step 407 during to home network device transmission group announcement message, can also comprise: send the main equipment announcement message to home network device.
408: home network device sends to the control point with PKI;
After the control point receives PKI, can send SSDP Search multicast message, by this multicast message, find main equipment, and set up safety corridor with this main equipment, mutual between follow-up control point and the main equipment can transmit by this safety corridor.
In the present embodiment, PKI is carried in the facility information and sends, and facility information comprises following any one at least: device identification, PKI, equipment Serial Number, UUID, identification of the manufacturer and the date of production etc.
409: the control point receives PKI, and PKI is transmitted to main equipment;
In the present embodiment, the control point is as the control appliance in the home network, and home network device between mutual authentication pass through after, the information of can carrying out between home network device and main equipment is transmitted.
410: main equipment receives PKI, and generates First Certificate according to the PKI of home network device and the signing messages of main equipment, and First Certificate, the second certificate are sent to the control point;
Those skilled in the art can be known, the signing messages of PKI and main equipment is the necessary component that generates First Certificate, in generative process, can also there be facility information to comprise the participations such as device identification, equipment Serial Number, UUID, identification of the manufacturer or the date of production.
411: the control point receives First Certificate, the second certificate, and First Certificate and the second certificate are transmitted to home network device;
Above-mentioned steps 407-411 is main equipment generation First Certificate and the process that First Certificate is presented to home network device, in the present embodiment, home network device is to possess the equipment that generates PKI and private key ability, therefore generate a pair of PKI and private key by home network device, and in another embodiment, when family's network equipment is when not possessing the equipment that generates PKI and private key ability, can generate PKI and private key by main equipment, main equipment generates First Certificate according to the PKI of described home network device and the signing messages of described main equipment, and with First Certificate, private key and the second certificate send to the control point, transmit these information by the control point to home network device.Particularly, the main equipment of control point and equipment group is set up safety corridor, generate PKI and private key by main equipment, and according to the PKI of described home network device and the signing messages generation First Certificate of described main equipment, and by safety corridor First Certificate, the second certificate and private key are issued the control point, and by the control point First Certificate, the second certificate and private key are transmitted to home network device, make its preservation and in the communicating by letter of follow-up and other equipment, use.
Need to prove, no matter use above-mentioned which kind of scheme, First Certificate all is that main equipment is issued, and has namely carried the signing messages of main equipment in the First Certificate, those skilled in the art can know that this signing messages is that main equipment uses the private key of oneself to the signature of this certificate.This First Certificate is used for using when communicate by letter with any device security of equipment group in the home network device back.
412: home network device uses First Certificate and the second certificate to add the equipment group at main equipment place;
In verification process, the control point notifies the main equipment information of equipment group and equipment group to home network device, and wherein, the equipment group identifies by group ID.
Particularly, home network device adds the equipment group and comprises: use First Certificate and described main equipment to set up safety and be connected, and by the request of described safety connection to the described main equipment of described main equipment transmission adding place equipment group, so that described main equipment uses the described home network device of described the second certificate verification, when authentication is passed through, receive the response of the described equipment group of adding of described main equipment transmission.
Its concrete steps are:
1) home network device receives the group announcement message of main equipment, checks according to the group ID in this group announcement message and the group ID that receives in verification process, being checked and control point appointment consistent.
2) home network device is set up safety corridor (such as TLS) to main equipment, set up at safety corridor and to finish the certificate exchange process in the process, be that home network device sends to main equipment with First Certificate, and receiving the second certificate that main equipment sends, the second certificate that the second certificate that home network device can be received by comparison and control appliance are before transmitted authenticates the identity of main equipment;
3) home network device sends to main equipment and adds the request of described equipment group, with request adding equipment group;
4) main equipment namely uses the PKI of the second certificate can identify the signing messages that main equipment uses private key to generate in the First Certificate according to the second certificate verification home network device, and the certificate that identifies home network device is that main equipment is signed and issued;
5) when the authentication home network device passed through, main equipment returned the response of this message, and the indication home network device successfully adds the equipment group.
Need to prove that after family's network equipment added the equipment group, main equipment was obtained the control to home network device; Those skilled in the art can know that main equipment is after the control that obtains home network device, for home network device issues initial configuration information;
413: when in family's network equipment and the equipment group from devices communicating the time, use First Certificate and the second certificate and should verify from equipment, when checking by the time, with this from the equipment relation of breaking the wall of mistrust.
Particularly, use the described First Certificate from equipment of described First Certificate checking, when described First Certificate from equipment was consistent with the signing messages the described First Certificate, then described First Certificate from equipment was that described main equipment is issued, and checking is passed through.
Wherein, home network device with can be by being connected safety corridor (such as TLS) to obtain the other side's certificate and to verify the signing messages of the other side's certificate from equipment, learn that thus its certificate also is that main equipment is issued, other equipment also can make and authenticate in a like fashion this home network device.
By home network device and control point mutually authenticate to break the wall of mistrust relation and add the equipment group, main equipment by the equipment group is that home network device is issued the main equipment certificate for authentication, between follow-up main equipment and this home network device, the mutual certificate of all issuing with main equipment in home network device and other groups between the equipment guarantees safety, owing to the certificate from equipment all is that main equipment is issued, then when the equipment in this home network device and the equipment group communicates, can be by the certificate that uses main equipment the to issue relation of verifying to break the wall of mistrust, in this process, do not need user's again participation, do not need to utilize between the equipment in home network device and this equipment group content such as facility information to carry out complicated mutual authentication yet, simplified the reciprocal process between the equipment.
Fig. 5 is the flow chart of the management method of a kind of home network device of providing of the embodiment of the invention, in the present embodiment, only take applied environment as the IGRS agreement, executive agent describes as main equipment as example, comprise in this home network that equipment group, equipment group comprise main equipment and a plurality of from equipment, an existing home network device adds this network, referring to Fig. 5, the method comprises:
501: home network device is reached the standard grade, and sends SSDP alive multicast message, and this SSDP alive multicast message carries the UUID of home network device;
After family's network equipment was reached the standard grade, the user can input PIN code or keeper's account information, so that main equipment authenticates new equipment by this information.The detailed process of this step is similar to step 201, repeats no more.
502: home network device and main equipment authenticate mutually;
Mutually process of authentication and step 401 do not repeat them here to 406 similar.
503: when mutual authentication was passed through, main equipment notice home network device generated a pair of PKI and private key, and to home network device transmission group announcement message;
504: home network device sends to main equipment with PKI;
505: main equipment receives PKI, and generates First Certificate according to the PKI of described home network device and the signing messages of described main equipment, and First Certificate, the second certificate are sent to home network device;
In the present embodiment, home network device is to possess the equipment that generates PKI and private key ability, therefore generate a pair of PKI and private key by home network device, and in another embodiment, when family's network equipment is when not possessing the equipment that generates PKI and private key ability, can generate PKI and private key by main equipment, main equipment generates First Certificate according to the PKI of described home network device and the signing messages of described main equipment, and First Certificate, private key and the second certificate are sent to home network device.
506: home network device adds the equipment group.
This step and step 412 are similar, do not repeat them here.
The difference of this embodiment and embodiment shown in Figure 4 is that the main equipment in the present embodiment has comprised the function at control point, therefore, in the present embodiment, need not by authenticating between control point and the home network device, but is undertaken by main equipment.
By home network device and main equipment mutually authenticate to break the wall of mistrust relation and add the equipment group, by main equipment be home network device issue for the authentication the main equipment certificate, between follow-up main equipment and this home network device, the mutual certificate of all issuing with main equipment in home network device and other groups between the equipment guarantees safety, owing to the certificate from equipment all is that main equipment is issued, then when the equipment in this home network device and the equipment group communicates, can be by the certificate that uses main equipment the to issue relation of verifying to break the wall of mistrust, in this process, do not need user's again participation, do not need to utilize between the equipment in home network device and this equipment group content such as facility information to carry out complicated mutual authentication yet, simplified the reciprocal process between the equipment.
Fig. 6 is the structural representation of a kind of control appliance of providing of the embodiment of the invention.Referring to Fig. 6, this control appliance comprises:
Authentication module 601 is used for mutually authenticating with home network device;
Receiver module 602, be used for after described mutual authentication is passed through, receive First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Sending module 603, be used for described First Certificate and described the second certificate are sent to described home network device, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
Referring to Fig. 7, described authentication module 601 comprises:
The first receiving element 601a, the equipment that is used for the receiving described home network device notice of reaching the standard grade;
The first transmitting element 601b, be used for sending to described home network device PIN code or keeper's account information of described home network device, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
Referring to Fig. 8, described control appliance also comprises:
Acquisition module 604, after being used for described mutual authentication and passing through, described control appliance obtains a pair of PKI that described home network device generates and the PKI in the private key;
Described sending module 603 also is used for described PKI is sent to described main equipment;
Described receiver module 602 specifically is used for receiving described main equipment according to the First Certificate of the signing messages generation of described PKI and described main equipment, and receives described the second certificate.
The a pair of PKI that described receiver module 602 concrete First Certificate, the second certificate and described main equipments for receiving described main equipment transmission are described home network device generation and the private key of private key; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment;
Described sending module 603 concrete private keys for described First Certificate, the second certificate and described main equipment being described home network device generation send to described home network device.
The control appliance that present embodiment provides is specifically as follows the control point of equipment group, belongs to same design with embodiment of the method, and its specific implementation process sees embodiment of the method for details, repeats no more here.
Fig. 9 is the structural representation of a kind of control appliance of providing of the embodiment of the invention.Referring to Fig. 9, this control appliance comprises:
Authentication module 901 is used for mutually authenticating with home network device;
Sending module 902, be used for after described mutual authentication is passed through, First Certificate and the second certificate are sent to described home network device, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment.
Referring to Figure 10, described authentication module 901 specifically comprises:
The second receiving element 901a, the equipment that is used for the receiving described home network device notice of reaching the standard grade;
The second transmitting element 901b, be used for sending to described home network device PIN code or keeper's account information of described home network device, so that described home network device and described main equipment authenticate mutually according to PIN code or keeper's account information of described home network device.
Referring to Figure 11, described control appliance also comprises:
Acquisition module 903 is used for obtaining a pair of PKI of described home network device generation and the PKI of private key;
Described sending module 902 is concrete to be used for First Certificate that described main equipment is generated according to the signing messages of the PKI of described home network device and described main equipment, and described the second certificate sends to described home network device.
Described sending module 902 specifically is used to described home network device to generate PKI and private key, and described private key, the second certificate and First Certificate are sent to described home network device; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment.
Referring to Figure 12, described control appliance also comprises:
Equipment group authentication module 904, be used for when described main equipment receives the described equipment group of the adding request of described home network device transmission, use described the second certificate and described home network device to authenticate, after authentication is passed through, described home network device is joined described equipment group.
The control appliance that present embodiment provides is specifically as follows the main equipment of equipment group, belongs to same design with embodiment of the method, and its specific implementation process sees embodiment of the method for details, repeats no more here.
Figure 13 is the structural representation of a kind of home network device of providing of the embodiment of the invention.Control appliance is the main equipment of control point or equipment group, and referring to Figure 13, this home network device comprises:
Authentication module 1301 is used for mutually authenticating with control appliance;
Receiver module 1302 is used for receiving First Certificate and the second certificate from described control appliance after described mutual authentication is passed through;
Adding equipment pack module 1303 is used for using described First Certificate and described the second certificate to add the equipment group at described main equipment place;
Communication module 1304 is used for using the equipment of described First Certificate and the second certificate and described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
Referring to Figure 14, described authentication module 1301 comprises:
The 3rd transmitting element 1301a is for the notice of reaching the standard grade to described control appliance transmitting apparatus;
The 3rd receiving element 1301b is used for receiving PIN code or the keeper's account information that described control appliance returns, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
Referring to Figure 15, described home network device also comprises:
Sending module 1305 is used for sending a pair of PKI of described home network device generation and the PKI of private key to described control appliance;
Described receiver module 1302 is concrete to be used for receiving from described control appliance, the described First Certificate that is generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described the second certificate.
Described receiver module 1302 also be used for receiving First Certificate, the second certificate and main equipment that described control appliance sends be described home network device generate a pair of PKI and private key private key; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment.
Referring to Figure 16, described adding equipment pack module 1303 comprises:
Safety connects sets up unit 1303a, is used for using First Certificate and described main equipment to set up safety and is connected;
Add unit 1303b, be used for connecting the request that sends the described main equipment of adding place equipment group to described main equipment by described safety, so that described main equipment uses the described home network device of described the second certificate verification, when authentication is passed through, receive the response of the described equipment group of adding of described main equipment transmission.
Described communication module 1304 is concrete be used for when with described equipment group in devices communicating the time, use the equipment in described First Certificate and the second certificate and the described equipment group to verify, when verifying when passing through, communicate with equipment in the described equipment group.
Described communication module 1304 specifically is used for using described First Certificate to verify the First Certificate of the equipment in the described equipment group, and when the First Certificate of the equipment in the described equipment group was consistent with the signing messages in the described First Certificate, then checking was passed through.
The home network device that present embodiment provides belongs to same design with embodiment of the method, and its specific implementation process sees embodiment of the method for details, repeats no more here.
The all or part of step that one of ordinary skill in the art will appreciate that realization above-described embodiment can be finished by hardware, also can come the relevant hardware of instruction to finish by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (32)
1. the management method of a home network device is characterized in that, comprising:
Control appliance and home network device authenticate mutually;
After described mutual authentication is passed through, described control appliance receives First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Described control appliance sends to described home network device with described First Certificate and described the second certificate, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
2. method according to claim 1 is characterized in that, control appliance and home network device authenticate mutually, specifically comprise:
The equipment that described control appliance the receives described home network device notice of reaching the standard grade, send PIN code or keeper's account information of described home network device to described home network device, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
3. method according to claim 1 and 2 is characterized in that, described control appliance receives First Certificate and the second certificate that described main equipment sends, and comprises before:
After described mutual authentication was passed through, described control appliance obtained a pair of PKI of described home network device generation and the PKI in the private key; Described method also comprises:
Described control appliance sends to described main equipment with described PKI;
Correspondingly, described control appliance receives First Certificate and the second certificate that described main equipment sends and comprises:
Described control appliance receives described main equipment according to the First Certificate of the signing messages generation of described PKI and described main equipment, and receives described the second certificate.
4. method according to claim 1 and 2 is characterized in that, First Certificate and the second certificate that described control appliance receives described main equipment transmission comprise:
First Certificate, the second certificate and described main equipment that described control appliance receives described main equipment transmission are a pair of PKI of described home network device generation and the private key in the private key; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment;
Described described First Certificate and described the second certificate are sent to described home network device, specifically comprise:
Described control appliance is that the private key that described home network device generates sends to described home network device with described First Certificate, the second certificate and described main equipment.
5. the management method of a home network device is characterized in that, control appliance is main equipment, comprising:
Main equipment and home network device authenticate mutually;
After described mutual authentication is passed through, described main equipment sends to described home network device with First Certificate and the second certificate, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment.
6. method according to claim 5 is characterized in that, main equipment and home network device authenticate mutually, specifically comprise:
The equipment that described main equipment the receives described home network device notice of reaching the standard grade, send PIN code or keeper's account information of described home network device to described home network device, so that described home network device and described main equipment authenticate mutually according to PIN code or keeper's account information of described home network device.
7. according to claim 5 or 6 described methods, it is characterized in that it is characterized in that, described main equipment sends to described home network device with First Certificate and the second certificate, comprises before:
After described mutual authentication was passed through, described control appliance obtained a pair of PKI of described home network device generation and the PKI in the private key;
Described main equipment is described to be sent to described home network device with First Certificate and the second certificate and comprises:
Described main equipment generates described main equipment according to the signing messages of the PKI of described home network device and described main equipment First Certificate, and described the second certificate sends to described home network device.
8. according to claim 5 or 6 described methods, it is characterized in that described main equipment sends to described home network device with First Certificate and the second certificate, specifically comprises:
Described main equipment is that described home network device generates PKI and private key, and described private key, the second certificate and First Certificate sent to described home network device, described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment.
9. arbitrary described method is characterized in that according to claim 5-8, and described method also comprises:
When described main equipment receives the described equipment group of the adding request of described home network device transmission, use described the second certificate and described home network device to authenticate, after authentication is passed through, described home network device is joined described equipment group.
10. the management method of a home network device is characterized in that, comprising:
Home network device and control appliance authenticate mutually;
After described mutual authentication is passed through, described home network device receives First Certificate and the second certificate from described control appliance, use described First Certificate and described the second certificate to add the equipment group, and use the equipment in described First Certificate and the second certificate and the described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
11. method according to claim 10 is characterized in that, described home network device and control appliance mutually authenticate and comprise:
Described home network device is to the described control appliance transmitting apparatus notice of reaching the standard grade, and receive PIN code or the keeper's account information that described control appliance returns, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
12. according to claim 10 or 11 described methods, it is characterized in that described home network device receives First Certificate and the second certificate from described control appliance, comprises before:
After described mutual authentication was passed through, described home network device sent a pair of PKI of described home network device generation and the PKI in the private key to described control appliance;
First Certificate and the second certificate that described home network device receives from described control appliance are specially:
Described home network device receives from described control appliance, the described First Certificate that is generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described the second certificate.
13. according to claim 10 or 11 described methods, it is characterized in that described home network device receives First Certificate and the second certificate from described control appliance, specifically comprises:
First Certificate, the second certificate and described main equipment that described home network device receives described control appliance transmission are a pair of PKI of described home network device generation and the private key in the private key; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment.
14. arbitrary described method is characterized in that according to claim 10-13, described home network device uses described First Certificate and described the second certificate to add the equipment group at described main equipment place, specifically comprises:
Described home network device uses First Certificate and described main equipment foundation safety to be connected, and by the request of described safety connection to the described main equipment of described main equipment transmission adding place equipment group, so that described main equipment uses the described home network device of described the second certificate verification, when authentication is passed through, receive the response of the described equipment group of adding of described main equipment transmission.
15. arbitrary described method is characterized in that according to claim 10-14, described home network device receives from comprising after the First Certificate of described control appliance and the second certificate:
When with described equipment group in devices communicating the time, described home network device uses the equipment in described First Certificate and the second certificate and the described equipment group to verify, when checking by the time, the interior equipment of described home network device and described equipment group communicates.
16. method according to claim 15 is characterized in that, described home network device uses the equipment in described First Certificate and the second certificate and the described equipment group to verify, specifically comprises:
Described home network device uses described First Certificate to verify the First Certificate of the equipment in the described equipment group, and when the First Certificate of the equipment in the described equipment group was consistent with the signing messages in the described First Certificate, then checking was passed through.
17. a control appliance is characterized in that, comprising:
Authentication module is used for mutually authenticating with home network device;
Receiver module, be used for after described mutual authentication is passed through, receive First Certificate and the second certificate that described main equipment sends, described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment;
Sending module, be used for described First Certificate and described the second certificate are sent to described home network device, so that described home network device uses First Certificate and described the second certificate to add the equipment group at described main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate.
18. control appliance according to claim 17 is characterized in that, described authentication module comprises:
The first receiving element, the equipment that is used for the receiving described home network device notice of reaching the standard grade;
The first transmitting element, be used for sending to described home network device PIN code or keeper's account information of described home network device, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
19. according to claim 17 or 18 described control appliances, it is characterized in that described control appliance also comprises:
Acquisition module, after being used for described mutual authentication and passing through, described control appliance obtains a pair of PKI that described home network device generates and the PKI in the private key;
Described sending module also is used for described PKI is sent to described main equipment;
Described receiver module specifically is used for receiving described main equipment according to the First Certificate of the signing messages generation of described PKI and described main equipment, and receives described the second certificate.
20. according to claim 17 or 18 described control appliances, it is characterized in that described receiver module is a pair of PKI of described home network device generation and the private key of private key for the First Certificate, the second certificate and the described main equipment that receive described main equipment transmission specifically; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment;
It is that the private key that described home network device generates sends to described home network device that described sending module specifically is used for described First Certificate, the second certificate and described main equipment.
21. a control appliance is characterized in that, comprising:
Authentication module is used for mutually authenticating with home network device;
Sending module, be used for after described mutual authentication is passed through, First Certificate and the second certificate are sent to described home network device, so that described home network device uses described First Certificate and described the second certificate to add the equipment group at main equipment place, and use the equipment in described First Certificate and described the second certificate and the described equipment group to communicate; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment, and described the second certificate is the certificate of described main equipment.
22. control appliance according to claim 21 is characterized in that, described authentication module specifically comprises:
The second receiving element, the equipment that is used for the receiving described home network device notice of reaching the standard grade;
The second transmitting element, be used for sending to described home network device PIN code or keeper's account information of described home network device, so that described home network device and described main equipment authenticate mutually according to PIN code or keeper's account information of described home network device.
23. according to claim 21 or 22 described control appliances, it is characterized in that described control appliance also comprises: acquisition module is used for obtaining a pair of PKI that described home network device generates and the PKI of private key;
Described sending module specifically is used for First Certificate that described main equipment is generated according to the signing messages of the PKI of described home network device and described main equipment, and described the second certificate sends to described home network device.
24. according to claim 21 or 22 described control appliances, it is characterized in that described sending module specifically is used to described home network device to generate PKI and private key, and described private key, the second certificate and First Certificate are sent to described home network device; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment.
25. arbitrary described control appliance is characterized in that according to claim 21-24, described control appliance also comprises:
Equipment group authentication module, be used for when described main equipment receives the described equipment group of the adding request of described home network device transmission, use described the second certificate and described home network device to authenticate, after authentication is passed through, described home network device is joined described equipment group.
26. a home network device is characterized in that, described home network device comprises:
Authentication module is used for mutually authenticating with control appliance;
Receiver module is used for receiving First Certificate and the second certificate from described control appliance after described mutual authentication is passed through;
Adding equipment pack module is used for using described First Certificate and described the second certificate to add the equipment group at described main equipment place;
Communication module is used for using the equipment of described First Certificate and the second certificate and described equipment group to communicate; Described First Certificate generates according to the PKI of described home network device and the signing messages of described main equipment; Described the second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
27. home network device according to claim 26 is characterized in that, described authentication module comprises:
The 3rd transmitting element is for the notice of reaching the standard grade to described control appliance transmitting apparatus;
The 3rd receiving element is used for receiving PIN code or the keeper's account information that described control appliance returns, so that described home network device and described control appliance authenticate mutually according to PIN code or keeper's account information of described home network device.
28. according to claim 26 or 27 described home network devices, it is characterized in that described home network device also comprises:
Sending module is used for sending a pair of PKI of described home network device generation and the PKI of private key to described control appliance;
Described receiver module specifically be used for to receive from described control appliance, the described First Certificate that is generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described the second certificate.
29. according to claim 26 or 27 described home network devices, it is characterized in that,
Described receiver module also be used for receiving First Certificate, the second certificate and main equipment that described control appliance sends be described home network device generate a pair of PKI and private key private key; Described First Certificate is generated according to the PKI of described home network device and the signing messages of described main equipment by described main equipment.
30. according to claim 26 or 27 described home network devices, it is characterized in that described adding equipment pack module comprises:
Safety connects sets up the unit, is used for using First Certificate and described main equipment to set up safety and is connected;
Add the unit, be used for connecting the request that sends the described main equipment of adding place equipment group to described main equipment by described safety, so that described main equipment uses the described home network device of described the second certificate verification, when authentication is passed through, receive the response of the described equipment group of adding of described main equipment transmission.
31. arbitrary described home network device according to claim 26-30, it is characterized in that, described communication module specifically be used for when with described equipment group in devices communicating the time, use the equipment in described First Certificate and the second certificate and the described equipment group to verify, when checking by the time, communicate with equipment in the described equipment group.
32. home network device according to claim 30, it is characterized in that, described communication module specifically is used for using described First Certificate to verify the First Certificate of the equipment in the described equipment group, when the First Certificate of the equipment in the described equipment group was consistent with the signing messages in the described First Certificate, then checking was passed through.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110246559.9A CN102957584B (en) | 2011-08-25 | 2011-08-25 | Home network equipment management method, control equipment and home network equipment |
| PCT/CN2012/080596 WO2013026415A1 (en) | 2011-08-25 | 2012-08-27 | Home network device management method, control device and home network device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110246559.9A CN102957584B (en) | 2011-08-25 | 2011-08-25 | Home network equipment management method, control equipment and home network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102957584A true CN102957584A (en) | 2013-03-06 |
| CN102957584B CN102957584B (en) | 2015-03-18 |
Family
ID=47745958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110246559.9A Expired - Fee Related CN102957584B (en) | 2011-08-25 | 2011-08-25 | Home network equipment management method, control equipment and home network equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102957584B (en) |
| WO (1) | WO2013026415A1 (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200061A (en) * | 2013-04-17 | 2013-07-10 | 北京推博信息技术有限公司 | Method of building trust relationship between communication devices and communication devices and system |
| CN104735054A (en) * | 2015-02-06 | 2015-06-24 | 西安电子科技大学 | Digital family equipment trusted access platform and authentication method |
| CN105007164A (en) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | Centralized safety control method and device |
| CN105471974A (en) * | 2015-11-18 | 2016-04-06 | 北京京东世纪贸易有限公司 | Intelligent equipment capable of realizing remote control, terminal equipment and method |
| CN106559213A (en) * | 2015-09-24 | 2017-04-05 | 腾讯科技(深圳)有限公司 | Device management method, equipment and system |
| CN107172105A (en) * | 2017-05-13 | 2017-09-15 | 深圳市欧乐在线技术发展有限公司 | One kind realizes multiple services safety certifying method and system |
| CN110730247A (en) * | 2019-10-23 | 2020-01-24 | 国网重庆市电力公司电力科学研究院 | Communication control system based on power line carrier |
| CN112019434A (en) * | 2020-07-28 | 2020-12-01 | 烽火通信科技股份有限公司 | WEB centralized management method and device for networking equipment |
| CN113660099A (en) * | 2021-09-01 | 2021-11-16 | 珠海格力电器股份有限公司 | Authentication method, authentication server and user equipment server of Internet of things equipment |
| CN114650182A (en) * | 2022-04-08 | 2022-06-21 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
| CN114666151A (en) * | 2022-04-08 | 2022-06-24 | 深圳市欧瑞博科技股份有限公司 | Equipment binding method, device, terminal, Internet of things equipment and storage medium |
| CN114666155A (en) * | 2022-04-08 | 2022-06-24 | 深圳市欧瑞博科技股份有限公司 | Equipment access method, system and device, Internet of things equipment and gateway equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6092200A (en) * | 1997-08-01 | 2000-07-18 | Novell, Inc. | Method and apparatus for providing a virtual private network |
| CN1604552A (en) * | 2003-10-02 | 2005-04-06 | 三星电子株式会社 | Method of constructing a domain based on a public key and executing the domain through UPnP |
| CN1685706A (en) * | 2002-09-23 | 2005-10-19 | 皇家飞利浦电子股份有限公司 | Domain based on certificate granting |
| CN1691603A (en) * | 2004-04-28 | 2005-11-02 | 联想(北京)有限公司 | A method for implementing equipment group and intercommunication between grouped equipments |
| CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
| CN101277297A (en) * | 2007-03-26 | 2008-10-01 | 华为技术有限公司 | Conversation control system and method |
| CN102017514A (en) * | 2008-03-04 | 2011-04-13 | 三星电子株式会社 | Authentication information management method in home network and an apparatus therefor |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100567822B1 (en) * | 2003-10-01 | 2006-04-05 | 삼성전자주식회사 | Domain Formation Method Using Public Key Infrastructure |
| KR20060001550A (en) * | 2004-06-30 | 2006-01-06 | 엘지전자 주식회사 | How to control GPNP devices using the Internet |
-
2011
- 2011-08-25 CN CN201110246559.9A patent/CN102957584B/en not_active Expired - Fee Related
-
2012
- 2012-08-27 WO PCT/CN2012/080596 patent/WO2013026415A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6092200A (en) * | 1997-08-01 | 2000-07-18 | Novell, Inc. | Method and apparatus for providing a virtual private network |
| CN1685706A (en) * | 2002-09-23 | 2005-10-19 | 皇家飞利浦电子股份有限公司 | Domain based on certificate granting |
| CN1604552A (en) * | 2003-10-02 | 2005-04-06 | 三星电子株式会社 | Method of constructing a domain based on a public key and executing the domain through UPnP |
| CN1691603A (en) * | 2004-04-28 | 2005-11-02 | 联想(北京)有限公司 | A method for implementing equipment group and intercommunication between grouped equipments |
| CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
| CN101277297A (en) * | 2007-03-26 | 2008-10-01 | 华为技术有限公司 | Conversation control system and method |
| CN102017514A (en) * | 2008-03-04 | 2011-04-13 | 三星电子株式会社 | Authentication information management method in home network and an apparatus therefor |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200061A (en) * | 2013-04-17 | 2013-07-10 | 北京推博信息技术有限公司 | Method of building trust relationship between communication devices and communication devices and system |
| CN104735054A (en) * | 2015-02-06 | 2015-06-24 | 西安电子科技大学 | Digital family equipment trusted access platform and authentication method |
| CN104735054B (en) * | 2015-02-06 | 2018-03-02 | 西安电子科技大学 | Digital family equipment is credible access platform and authentication method |
| CN105007164B (en) * | 2015-07-30 | 2021-07-06 | 青岛海尔智能家电科技有限公司 | A centralized security control method and device |
| CN105007164A (en) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | Centralized safety control method and device |
| CN106559213A (en) * | 2015-09-24 | 2017-04-05 | 腾讯科技(深圳)有限公司 | Device management method, equipment and system |
| CN105471974A (en) * | 2015-11-18 | 2016-04-06 | 北京京东世纪贸易有限公司 | Intelligent equipment capable of realizing remote control, terminal equipment and method |
| CN105471974B (en) * | 2015-11-18 | 2019-01-18 | 北京京东世纪贸易有限公司 | Realize smart machine, terminal device and the method remotely controlled |
| CN107172105A (en) * | 2017-05-13 | 2017-09-15 | 深圳市欧乐在线技术发展有限公司 | One kind realizes multiple services safety certifying method and system |
| CN110730247A (en) * | 2019-10-23 | 2020-01-24 | 国网重庆市电力公司电力科学研究院 | Communication control system based on power line carrier |
| CN110730247B (en) * | 2019-10-23 | 2022-08-09 | 国网重庆市电力公司电力科学研究院 | Communication control system based on power line carrier |
| CN112019434A (en) * | 2020-07-28 | 2020-12-01 | 烽火通信科技股份有限公司 | WEB centralized management method and device for networking equipment |
| CN112019434B (en) * | 2020-07-28 | 2021-08-03 | 烽火通信科技股份有限公司 | WEB centralized management method and device for networking equipment |
| CN113660099A (en) * | 2021-09-01 | 2021-11-16 | 珠海格力电器股份有限公司 | Authentication method, authentication server and user equipment server of Internet of things equipment |
| CN113660099B (en) * | 2021-09-01 | 2022-10-18 | 珠海格力电器股份有限公司 | Authentication method of Internet of things equipment, authentication server and user equipment server |
| CN114650182A (en) * | 2022-04-08 | 2022-06-21 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
| CN114666151A (en) * | 2022-04-08 | 2022-06-24 | 深圳市欧瑞博科技股份有限公司 | Equipment binding method, device, terminal, Internet of things equipment and storage medium |
| CN114666155A (en) * | 2022-04-08 | 2022-06-24 | 深圳市欧瑞博科技股份有限公司 | Equipment access method, system and device, Internet of things equipment and gateway equipment |
| CN114650182B (en) * | 2022-04-08 | 2024-02-27 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
| CN114666151B (en) * | 2022-04-08 | 2024-02-27 | 深圳市欧瑞博科技股份有限公司 | Equipment binding method, device, terminal, internet of things equipment and storage medium |
| CN114666155B (en) * | 2022-04-08 | 2024-04-16 | 深圳市欧瑞博科技股份有限公司 | Equipment access method, system, device, internet of things equipment and gateway equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102957584B (en) | 2015-03-18 |
| WO2013026415A1 (en) | 2013-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102957584B (en) | Home network equipment management method, control equipment and home network equipment | |
| US20230421394A1 (en) | Secure authentication of remote equipment | |
| EP2810418B1 (en) | Group based bootstrapping in machine type communication | |
| CN105577680B (en) | Key generation method, encrypted data analysis method, device and key management center | |
| CN100389555C (en) | An Access Authentication Method Suitable for Wired and Wireless Networks | |
| TW201929482A (en) | Identity authentication method and system, and computing device | |
| EP2912815B1 (en) | Method and apparatus for securing a connection in a communications network | |
| CN109347809A (en) | A kind of application virtualization safety communicating method towards under autonomous controllable environment | |
| EP3602997B1 (en) | Mutual authentication system | |
| US10686595B2 (en) | Configuring connectivity association key and connectivity association name in a media access control security capable device | |
| CN108512846A (en) | Mutual authentication method and device between a kind of terminal and server | |
| CN111343613A (en) | Method and apparatus to establish secure low energy wireless communication in a process control system | |
| CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
| KR20040075293A (en) | Apparatus and method simplifying an encrypted network | |
| WO2011092500A1 (en) | Digital identity authentication system and method | |
| US20120072717A1 (en) | Dynamic identity authentication system | |
| CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
| US10097555B2 (en) | Device-to-device network membership confirmation | |
| US8498617B2 (en) | Method for enrolling a user terminal in a wireless local area network | |
| KR20180054775A (en) | Method and system for providing security against initial contact establishment of mobile devices and devices | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN112804356B (en) | Block chain-based networking equipment supervision authentication method and system | |
| WO2017091987A1 (en) | Method and apparatus for secure interaction between terminals | |
| CN100544247C (en) | Security Capability Negotiation Method | |
| CN105591748B (en) | A kind of authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180211 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: California, USA Patentee before: Tanous Co. Effective date of registration: 20180211 Address after: California, USA Patentee after: Tanous Co. Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No. Patentee before: HUAWEI DEVICE Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150318 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |