Registration table device, agent equipment, application provider and corresponding methodThe present invention relates to data processing field. More particularly, the present invention relates to a kind of note that utilizesVolume meter apparatus is set up and is subject to trust the method for communicating by letter between agent equipment and application provider.
Thereby have processing and communication capacity in family, other buildings or outdoor environment allowItself and other treatment facility carries out the number of mutual equipment and is on the increase. Everyday objects is with relativeThe part that the treatment facility of small-scale can be used as " Internet of Things " is connected to each other and connectsTo central platform. For instance, the sprinkler system in family can be from different moisture levels sensorCollection information, and activation based on humidity information control sprinkler. In addition, health care is carriedFor business can wireless senser (for example heart rate monitor or take for monitoring patientWith the sensor of its prescription drug) health of following the tracks of the patient in family.
Therefore,, in multiple application, may exist with one or more agent equipments and carry out alternatelyCenter applications generator, described agent equipment to application provider provide data and/Or by application provider control. Agent equipment is at complexity, processing resource, hardware and orderAspect can be significantly different. May it is important agent equipment and application provider itBetween trust is provided, thereby application provider can be trusted be received from the data of agent equipmentValidity, and agent equipment can be trusted any order that is received from application provider. ButBe because the many agent equipments in Internet of Things may only have very low disposal ability, therefore existIn agent equipment, be provided for setting up and may compare by the resource of trusting relationship with application providerDifficulty and may significantly increase the cost of agent equipment. Such agent equipment rapidly wideGeneral deployment means also to be wished to make to install as much as possible fast with efficient. Technology examination of the present inventionFigure addresses these problems.
From an aspect, the invention provides a kind of for registration table device agent equipment withBetween application provider, set up the method that is subject to the communication of trusting, wherein registration table device keeps comprisingFor authenticating uniquely the device registry of the authentication information of at least one agent equipment; Described sideMethod comprises the following steps:
(a) receive from agent equipment the authentication request of device identifier that shows agent equipment;
(b) obtain for the device identifier institute by being shown by authentication request from device registryThe authentication information of the agent equipment identifying;
(c) utilize the authentication information obtaining from device registry to implement the certification of agent equipment; WithAnd
(d) if authentication success, to agent equipment and application provider at least wherein itOne transmits application key information, is subject to for implementing between agent equipment and application providerTrust communication.
Can provide registration table device to set up trusted between agent equipment and application providerAppoint communication. Registration table device can keep device registry, and it comprises for authenticating extremely uniquelyThe authentication information of a few agent equipment. For instance, can be to note during manufacturing or distributingVolume table registration (multiple) agent equipment, once and its be deployed or become to operate and just canWith attempted authentication. In response to the authentication request from agent equipment, registration table device utilizes from usingThe authentication information obtaining in the registration table of this equipment is implemented the certification of agent equipment. If certificationSuccess, believes at least one of them transmission application key of agent equipment and application providerBreath is for implementing to be subject to the communication of trusting. Registration table device can be managed about each agent equipmentMetadata, the relation between administration agent equipment and application provider, authentication proxy's equipment,And automatically for agent equipment and/or application provider provide key to make it possible to carry out safetyBe subject to trust communication.
This technology has the several advantages that are better than prior art. Because registration table is born certification generationThe responsibility of communicating by letter of reason equipment and foundation and application provider, therefore can be more cheaplyManufacture agent equipment, this is because it does not need for verifying with the trust of application providerComplicated resource. Agent equipment does not even need to comprise mark provides the application communicating with itAny information of business, this is because this information can alternatively be kept by registration table. In addition, byIn providing neutral registration table for set up letter between agent equipment and application providerAppoint, this has just opened the relation between agent equipment and application, thereby makes application providerBe not limited to and use the agent equipment of being manufactured by identical provider, or vice versa. Due toCan obtain and trust by registration table device, therefore can use in combination with given applicationAny " ready-made " agent equipment, and the user of particular agent equipment can select several competingOne of them of the application provider striving, thus it is flexible to have improved the use of agent equipment and applicationProperty and simultaneously still keep being subject to the communication of trusting.
If authentication success, registration table can be to agent equipment and application provider at leastOne of them transmits application key information for implementing to be subject to the communication of trusting. May there is no need toAll the two all transmits key information for agent equipment and application provider. For instance, whenIn registration table application provider be registered as agent equipment by with it communication application time, mayFor application provider provides the application key information corresponding to agent equipment. In addition,Agent equipment for example can have permanent application key information and always use described permanent applicationKey information implement to be subject to trust communication, once and agent equipment certified, registration table canTo provide corresponding application key information to application provider simply.
But in the time of authentication success, if registration table device is to agent equipment and application providerAll the two all transmits application key information, can realize higher security. For instance,Between agent equipment and specific application provider, set up while communication, registration table can at every turnGenerate new application key. This method allows agent equipment for different application providersUse different keys, and reduce the probability that application key is exposed, thereby improve at theseThe security of the data of exchanged between equipment.
If authentication success, registration table can also provide agent equipment to application providerDevice identifier, for example to allow application provider that communication is associated with particular user account.
Except the certification of agent equipment, can also have at registration table device and application dress is providedBetween putting, implement the step of certification. Therefore, registration table can authentication application and agent equipment the two,To guarantee trust therebetween.
Device registry can comprise at least one application identities symbol for each agent equipment,It identifies agent equipment and will implement to be subject to it at least one application provider of the communication of trusting.In the time that agent equipment is certified, registration table can in registration table, show for this agencyAny application provider of equipment transmits application key information. Can ask in response to associationAsk registered application identifier in device registry, described association request shows answering of appointmentWith generator, and notify described appointment application provider will be registered as finger to registration tableDetermine agent equipment by the application of communication with it. For instance, application provider can be determined spyDetermine associated between user account and sensor id, and can be with backward registration table noticeIts will with which sensor communication. Or, can be by registration table from except application providerOutside other equipment (such as user has therefrom selected the application using for agent equipmentApplication shop) request of reception association.
Authentication information can comprise the key information for authenticating the message that is received from agent equipment.This key information can be taked various ways, and for example can comprise symmetric key, Qi ZhongdaiReason equipment and registration table device are held identical key information separately for encrypt/decrypt message,Or can comprise asymmetric cipher key sets, such as the private key of being held by agent equipment with by registeringThe corresponding PKI that table is held.
The certification of agent equipment can comprise recognizing each other mutually between agent equipment and registration table deviceCard. Therefore, except by registration table device authentication agent equipment, agent equipment can also exampleThereby as utilize registration table authentication information to verify the identity certification registration table of registration table device. LogicalCross this mode, agent equipment can confirm that its registration table of communicating by letter just is with it to be subject to trust registrationTable.
On the other hand, the invention provides one for providing dress at agent equipment and applicationBetween putting, set up the registration table device that is subject to the communication of trusting, comprising:
Be configured to the memory circuit of memory device registration table, described device registry comprise forAuthenticate uniquely the authentication information of at least one agent equipment;
Be configured to receive from agent equipment the authentication request of the device identifier that shows agent equipmentTelecommunication circuit; And
Be configured to utilize for identifying by the device identifier being shown by authentication requestThe authentication information of the device registry of agent equipment is implemented the processing electricity of the certification of agent equipmentRoad;
Wherein, if certification is successfully, telecommunication circuit is configured to agent equipment and answersWith generator at least one of them transmit application key information, for agent equipment withBetween application provider, implement to be subject to the communication of trusting.
On the other hand, the invention provides one for providing dress at agent equipment and applicationBetween putting, set up the registration table device that is subject to the communication of trusting, comprising:
For the memory unit of memory device registration table, described device registry comprises for uniqueThe authentication information of at least one agent equipment of ground certification;
For receive authentication request logical of the device identifier that shows agent equipment from agent equipmentLetter parts; And
For utilizing the agency for identifying by the device identifier being shown by authentication requestThe authentication information of the device registry of equipment is implemented the processing unit of the certification of agent equipment;
Wherein, if certification is successfully, communication component is configured to agent equipment and answersWith generator at least one of them transmit application key information, for agent equipment withBetween application provider, implement to be subject to the communication of trusting.
On the other hand, the invention provides one keeps agency to establish for agent equipment utilizationThe registration table device of standby device registry is set up the side that communicated by letter by trust with application providerMethod, wherein said agent equipment be configured to the device identifier of storage agent equipment and forThe authentication information of authentication proxy's equipment uniquely; Said method comprising the steps of:
(a) show the authentication request of device identifier to the transmission of registration table device;
(b) utilize the authentication information of being stored by agent equipment to implement certification to registration table device; WithAnd
(c) if certification is successfully, receive application key information from registration table device, andAnd utilize application key information to implement to communicate by letter with the trust that is subject to of application provider.
According to corresponding mode, agent equipment can be by transmitting authentication request to registration table deviceCommunication breaks the wall of mistrust. After implementing certification for registration table device, agent equipment can be fromRegistration table device receives application key information and utilizes subsequently application key information to implement and applicationThe trust that is subject to of generator is communicated by letter. This technology allows being trusted of foundation and application providerCommunication, and hold for contacting or the resource of authentication application generator without agent equipment itself.
Can transmit authentication request from trend registration table device in response to the activation of agent equipment. LiftExample, described activation can comprise agent equipment energising, disposes agent equipment or by itBe arranged in specific settings, or press the button on agent equipment. Can not have user to hand overIn mutual situation, automatically transmit authentication request. Therefore, the feelings of complicated user interactions can there is noUnder condition, set up very simply the configuration of communicating by letter with application provider. By activating simplyAgent equipment, can send automated validation request to registration table, and registration table can be subsequentlyApplication provider sets up the application key for communicating by letter.
Agent equipment can have the registration table authentication information being embedded in wherein for recognizing each other mutuallyDuring card, registration table device is authenticated. For instance, registration table authentication information can compriseThe PKI of the registration table private key of holding corresponding to registration table.
In order to strengthen security, the authentication information being kept by agent equipment can be stored in and be protectedProtect in section. The software of only being trusted for instance, can read and recognize from protected sectionCard information.
Be subject to the communication of trusting can utilize application key information agent equipment and application provider itBetween directly carry out, and without information through registration table device. Therefore, once set up and trustedCommunication and agent equipment certified, registration table device just can no longer play a role in order to avoidObstruction is subject to the communication of trusting. So also avoided potential safety issue, this is because trustedCommunication and without registration table.
Being subject to the communication of trusting can be the coded communication that utilizes application key information to encrypt. Apply closeKey information can be symmetric key, and wherein application provider and agent equipment all utilize symmetrical closeKey is encrypted its message, and utilizes subsequently identical secret key decryption to be received from the opposing party's message.For instance, can establish the link between particular sensor and application-specific time at every turn by registeringTable generates disposable session key. Or can generate asymmetric key to using as application keyInformation, wherein each in the middle of agent equipment and application provider provides the use of himselfIn being subject to the private key of the communication of trusting and the PKI corresponding to the private key of another device. But asymmetricKey may be usually enough for security, and this method can reduce enforcementThe cost of registration table.
Agent equipment can be configured to the registration table address of storaging mark registration table device. For example, registration table address can be URL or the IP address of registration table. Can be to passing through registration tableThe registration table device that address designation goes out transmits authentication request. Therefore, agent equipment can have useDo not need to comprise appointing for contact application generator in contacting the simple information item of registration tableWhat information, because this can utilize registration table to set up.
On the other hand, the invention provides and a kind ofly keep the equipment of agent equipment for utilizingThe registration table device of registration table is set up the agent equipment that communicated by letter by trust with application provider,Comprise:
Be configured to the device identifier of storage agent equipment and for authentication proxy's equipment uniquelyThe memory circuit of authentication information;
Be configured to show to the transmission of registration table device the communication electricity of the authentication request of device identifierRoad; And
Be configured to utilize the authentication information by memory circuitry stores to implement to recognize for registration table deviceThe treatment circuit of card;
Wherein, telecommunication circuit is configured to receive and fill from registration table in the situation that of authentication successThe application key information of putting, and be configured to utilize application key information to implement to provide with applicationThe trust that is subject to of device is communicated by letter.
On the other hand, the invention provides and a kind ofly keep the equipment of agent equipment for utilizingThe registration table device of registration table is set up the agent equipment that communicated by letter by trust with application provider,Comprise:
For the device identifier of storage agent equipment with for recognizing of authentication proxy's equipment uniquelyThe memory unit of card information;
For show the communication component of the authentication request of device identifier to the transmission of registration table device;And
Implement certification for utilizing by the authentication information of storage component stores for registration table deviceProcessing unit;
Wherein, communication component is configured to receive and fill from registration table in the situation that of authentication successThe application key information of putting, and be configured to utilize application key information to implement to provide with applicationThe trust that is subject to of device is communicated by letter.
On the other hand, the invention provides one and keep generation for application provider utilizationThe registration table device of the device registry of reason equipment is set up the side that communicated by letter by trust with agent equipmentMethod, described method comprises:
(a) receive from registration table device the establishing of agent equipment of having utilized device registry certificationStandby identifier;
(b) receive application key information being subject to for enforcement and agent equipment from registration table deviceTrust communication; And
(c) utilize application key information to implement and the agent equipment identifying by device identifierBe subject to trust communication.
According to the mode corresponding to method previously discussed, application provider can be from registration tableDevice receives through the device identifier of the agent equipment of certification and for implementing and agent equipmentBe subject to trust communication application key information. Application provider can utilize application key letter subsequentlyBreath is implemented to communicate by letter with the trust that is subject to of agent equipment. Be subject to the communication of trusting for example can comprise to agency and establishingFor giving an order or receiving data from agent equipment.
Application provider can to registration table device authentication himself, and can authenticate registrationMeter apparatus is to set up mutual trust.
Application provider can transmit association request to registration table device, with by himselfBe registered as authorized agency's equipment by the application of communication with it. So just allow registration table that application is carriedBe associated with agent equipment for business, and implement to appoint without user or the agent equipment itself of agent equipmentWhat configuration.
Application provider can also receive the equipment of the device identifier that shows authorized agency's equipmentAssociated request and by the user's who is associated with this equipment user identifier. For instance, useFamily can be used the application of web interface or smart phone user identifier and authorized agency's equipmentDevice identifier is associated, and can be communicated to subsequently application provider. In response to establishingStandby associated request, application provider can for authorized agency's equipment to registration table for registering himself.Therefore, registration table does not need to store any user profile, because user profile can be only by applyingProvider keeps. Registration table can only be managed the relation between application and sensor, and canTo avoid any privacy of user problem by not storing any user data.
Application provider can utilize held by the data that are received from agent equipment in the communication of trustingRow application program.
On the other hand, the invention provides and a kind ofly keep the equipment of agent equipment for utilizingThe registration table device of registration table is set up the application provider that communicated by letter by trust with agent equipment,Comprise:
Be configured to receive from registration table device the agent equipment that has utilized device registry certificationDevice identifier and for implement with agent equipment be subject to trust the application key information of communicating by letterTelecommunication circuit;
Wherein, telecommunication circuit is configured to utilize the application key information that is received from registration table deviceImplement to communicate by letter with the trust that is subject to of the agent equipment identifying by device identifier.
On the other hand, the invention provides and a kind ofly keep the equipment of agent equipment for utilizingThe registration table device of registration table is set up the application provider that communicated by letter by trust with agent equipment,Comprise:
For receive the establishing of agent equipment of having utilized device registry certification from registration table deviceStandby identifier and for implement with agent equipment be subject to trust leading to of the application key information of communicate by letterLetter parts;
Wherein, communication component is configured to utilize the application key information that is received from registration table deviceImplement to communicate by letter with the trust that is subject to of the agent equipment identifying by device identifier.
On the other hand, the invention provides and a kind ofly keep the note of device registry for utilizingVolume meter apparatus is set up and is subject to trust the method for communicating by letter, institute between agent equipment and application providerState device registry and comprise the authentication information for authenticating uniquely at least one agent equipment; InstituteThe method of stating comprises the following steps:
(a) transmit authentication request from agent equipment to registration table device, described authentication request showsThe device identifier of agent equipment;
(b) obtain for the device identifier institute by being shown by authentication request from device registryThe authentication information of the agent equipment identifying;
(c) utilize the authentication information obtaining from device registry to implement the certification of agent equipment; WithAnd
(d) if authentication success, from registration table device to agent equipment with application providerAt least one of them transmit application key information, and utilize application key information establish agencyBetween standby and application provider, implement to be subject to trust to communicate by letter.
On the other hand, the invention provides a kind of is to carry with at least one application for implementingThe method of setting up trusted identities for the agent equipment that is subject to the communication of trusting of device, comprises following stepRapid:
(a) generate for the first authentication information of authentication proxy's equipment uniquely and for checkingAgent equipment has the second authentication information of the first authentication information;
(b) in agent equipment, embed the first authentication information and identify the equipment mark of agent equipmentKnow symbol; And
(c) device identifier and the second authentication information are sent to for keeping with described at least oneThe registration table device of the device registry of the agent equipment that individual application provider communicates.
Read in conjunction with the drawings the detailed description for illustrative embodiment below, of the present inventionForegoing and other object, feature and advantage will become apparent.
Fig. 1 schematically shows and comprises for building between agent equipment and application providerAn example of the system of vertical at least one the registration table device that is subject to the communication of trusting;
Fig. 2 shows between agent equipment, application provider, device registry and consumerAn example of relation;
Fig. 3 shows and shows that agent equipment passes through it from being fabricated onto the life for the use of applicationThe exemplary timeline in cycle;
Fig. 4 schematically shows an example of agent equipment;
Fig. 5 schematically show provide in agent equipment for authentication storage information and useIn setting up an example of the storage compartments of other information of communicating by letter with registration table device;
Fig. 6 shows an example of application provider;
Fig. 7 shows a reality of the registration table device for keeping trusted device registration tableExample;
Fig. 8 A shows an example for the registry entries of agent equipment;
Fig. 8 B shows an example for the logout of agent equipment;
Fig. 9 shows the chart of the compromise between security and the cost of enforcement security;
Figure 10,11 and 12 shows for three of the authentication model of the identity of authentication proxy's equipmentIndividual example;
Figure 13 is the table of the different attribute of the authentication model shown in comparison Figure 10 to 12;
Figure 14 shows the first illustrative methods of setting up for the trusted identities of agent equipment;
Figure 15 shows the second illustrative methods of setting up for the trusted identities of agent equipment;
Figure 16 shows and between agent equipment and registration table device, implements certification and acting on behalf ofBetween equipment and application provider, set up the method for coded communication;
Figure 17 show that an agent equipment is associated with user and agent equipment and specific shouldWith an example of the method being associated;
Figure 18 shows the current agent equipment for the first registration table for registering is assigned to secondAn example of the method for registration table;
Figure 19 shows for the method for the first registration table that the ownership of agent equipment is reset backAn example; And
Figure 20 to 23 shows for agent equipment, registration table device and application providerFour examples of service condition.
Fig. 1 shows by some agent equipments 4, application provider 6 and registration table device 8An example of the system 2 forming. Application provider 6 can comprise provide high in the clouds service orPerson utilize collect from the data executive utility of one or more agent equipments 4 and/orSend any equipment of the order for controlling one or more agent equipments 4. Agent equipment 4Can be to collect data for being sent to application provider 6 or by application provider 6Any equipment of controlling. For instance, agent equipment 4 can be the company in Physical Network (IOT)Connect equipment, such as wireless senser and actuator. Although agent equipment 4 can comprise for example flatThe more extensive treatment facility of plate computer or mobile phone and so on, but agent equipment 4 is usuallyCan comprise the relatively small-scale equipment of only implementing limited set of tasks, such as collecting senseSurvey data and fed back to the sensor of application, or control example is as sprinkler, swimming poolThe relatively simple control module of the object being associated of pump or air-conditioning unit and so on. Agent equipment4 can utilize wired or wireless communication and other equipment (such as application provider 6 and registrationMeter apparatus 8) communicate, this can be undertaken by Internet connection. In this application,Term " sensor " will be used as an example of agent equipment sometimes, but will be appreciated that,Agent equipment can also comprise the equipment that can implement other tasks except sensing.
Agent equipment 4 and application provider 6 communicate by coded communication. In order to helpHelp and set up such coded communication, provide one or more registration table devices 8 for keepingStorage about trusted agent equipment 4 information trusted agent equipment registration table. Registration table8 promote agent equipment 4 and the automation of application provider 6 to match safely, should thereby makeBy authenticity and data integrity that can trust agent equipment 4, and make agent equipment 4Can trust application 6 authenticity and order integrality, though application and agent equipment be byIn the situation that different manufacturer, supplier or retail traders provides, be also like this. Registration table 8 alsoSimplify being subject between agent equipment 4 and application 6 and trust the configuration of communicating by letter, thereby agency is establishedStandby 4 do not need to know the detail of the application communicating just with it, and agency is establishedStandby 4 user does not need to implement configuration operation and sets up and communicate by letter with application. On the contrary, when being activatedTime, agent equipment 4 can contact registration table 8 simply, and it subsequently can Configuration Agent equipment 4Communicate with one another with application 6.
As shown in fig. 1, can provide multiple registration table devices 8, each registration table device withThe different sets contact of agent equipment 4 and application provider 6. As shown in fig. 1, Dai LisheStandby A8 is likely for more than one registration table for registering. Similarly, application provider 6 canContact with multiple registration tablies. In addition, although most of agent equipment 4 will provide with single applicationDevice 6 communications, but also likely make registration table Configuration Agent equipment 4 and multiple application carryFor business's communication (for example, referring to the agent equipment A2 in Fig. 1).
For different application, the function of agent equipment 4 and application provider 6 can have aobviousThe difference of work. For instance, agent equipment 4 can be collected meteorological data for being sent to applicationProvider 6, the data that the latter moves based on being collected by agent equipment 4 are implemented the weather of predictingApplication. In addition, some agent equipments 4 can be collected the information (ratio about user's body buildingAs heart rate, complete distance etc.), and this information can be fed back to by application providerThe 6 body-building monitoring and measuring applications that keep. In another example, during family's air-conditioning system can compriseCentre monitoring and measuring application 6 and some agent equipments 4, such as temperature sensor, humidity sensor, useFamily configured board and conditioning control unit, wherein by central authorities apply sensor-based sensing withAnd the user preference of setting in user's configured board is controlled the operation of conditioning control unit.There are many other application can use in a comparable manner application provider 6 and oneIndividual or multiple agent equipments 4. For instance, can have household safe, family or street lighting,The aspects such as public utilities provide, building automation, inspection, asset tracking and logistics shouldWith. Registration table 8 is provided for managing certification between internet of things equipment and application 6 and trustCommon architecture.
Fig. 2 schematically shows agent equipment 4, application provider 6, registration table 8 and consumptionAn example of the relation between person 10. It is all that consumer 10 has physics to agent equipment 4Power. Consumer 10 also has business relations with application provider 6. For instance, application providesBusiness may utilize ID and password to set up consumer 10 user profiles. These feelingsConsumer in border can be for example individual, family or company.
Agent equipment 4 (for example sensor) merges for authenticating recognizing of himself to registration table 8Card information. For instance, agent equipment 4 can have key, and described key can be used toProve its identity. Therefore, registration table 8 can check the identity of agent equipment 4, and checkingIt is trusted agent equipment. Similarly, registration table 8 and application provider 6 can exchange closeKey, so that checking identity and foundation is each other subject to trusting relationship. When registration table 8 is established with agencyStandby 4 and application provider 6 while all having set up trust, registration table 8 can be established to agency subsequentlyStandby 4 and application provider 6 application key is provided. The application key being provided by registration table 8 withAfter be used between encryption agents equipment 4 and application provider 6 communicate by letter and do not need by noteAny communication of volume table 8. Therefore, registration table 8 promotes agent equipment 4 and application provider 6Between the foundation that is subject to the communication of trusting, and do not need agent equipment 4 and application provider 6 at itBetween directly break the wall of mistrust. This is useful, because agent equipment 4 may be less conventionallyUltra low power equipment (such as temperature sensor or heart rate monitor), it has little locatingReason ability is implemented agreement and the cryptographic algorithm of the identity for verifying application provider 6. In addition,Conventionally the people of installation agent equipment 4 may not have for implementing for building with application provider 6Knowledge or the information of the vertical complex configurations application that is subject to the communication of trusting. Registration table makes no longer to need generationThe user of reason equipment 4 or setter know how to configure be subject to trust communication.
It should be mentioned that the relation not existing between consumer 10 and registration table 8 in Fig. 2.Registration table 8 does not have any details about consumer, such as ID or password, does not therefore haveA guy's details is transmitted and is stored by registration table. Consumer is only relevant with application provider 6Be 10. Registration table 8 is only communicated by letter with application provider 6 with agent equipment 4, and not with consumer10 communications. Therefore, registration table 8 for breaking the wall of mistrust between agent equipment and applicationVertical platform. Communicate by letter once set up to be subject to trust between agent equipment 4 and application 6, communicationDirectly between agent equipment and application, carry out, and do not relate to registration table.
In other examples, may not there is not consumer 10 as shown in Figure 2, on the contrary agencyEquipment 4 can belong to the homologue that operates application provider 6. For instance, intelligent linkCity can have be arranged in city everywhere for example for monitoring street lighting, the magnitude of traffic flowOr the internet of things equipment of waste collection, and city management can have simultaneously sense data is providedAgent equipment 4 and for monitoring the data that obtained by agent equipment 4 and processing this dataOne or more application providers 6 (for example described application can provide high in the clouds platform, cityThe resident in city can access this high in the clouds platform so as inspection state and Report a Problem). In this feelingsUnder condition, may there is no the consumer 10 who is associated with particular agent equipment 4 as shown in Figure 2.But the use of registration table 8 still can be simplified the installation of agent equipment 4. Agent equipment 4 is pacifiedBe contained in contractor in street lamp or litter-bin and how for example will do not need to know Configuration Agent equipment 4With the application communication receiving from the data of agent equipment 4. On the contrary, activate at agent equipment 4Time while disposing (for example in agent equipment energising or), agent equipment can be automatically and registration table 8Communicate to set up and be subject to trusting relationship with application 6.
Fig. 3 shows and shows that agent equipment (sensor) 4 passes through it for registration from its manufactureThe registration of table 8 with certification until set up the exemplary of the process of communicating by letter with application provider 6Timeline. At steps A place, manufacture the system on chip (SOC) for agent equipment with silicon.At step B place, original equipment manufacturer (OEM) and/or original equipment manufacturer (ODM) profitManufacture agent equipment 4 with described system on chip. During manufacture certain is place a bit, uniqueDevice identifier is with the key information of the identity for authentication proxy's equipment and about agent equipmentOther metadata be embedded in together in agent equipment 4. At step C place, agent equipment quiltDistribution. For instance, user 10 can buy from shop agent equipment 4, or can be in generationReason equipment offers the tissue of for example weather forecast center or municipal government and so on. At step B placeDuring the distribution at manufacture or step C place, provide register information so that agency to registration table 8Equipment 4 is registered in registration table 8 as trusting agent equipment. Can provide for registration table 8For verifying that agent equipment 4 is the key informations of being trusted and about other of agent equipment 4Metadata.
Now, registration table 8 knows that the agent equipment 4 with described unique ID is to be subject to trust agentEquipment, but also do not know which high in the clouds service application is by the number using from agent equipment 4According to. Therefore,, at step D place, implement bindings so that user 10, agent equipment 4 andHigh in the clouds application 6 is associated. For instance, agent equipment can have certain equipment mark thereonKnow symbol, such as reference number, bar code or QR code (response code fast). Application provider6 can provide web interface or smart phone or tablet device application, for input equipmentIdentifier or scanning bar code or QR code, and by device identifier the mark together with userSymbol uploads to application provider 6 together. Or this can by application provider consumer forThe registration of application provider and agent equipment are implemented to user's subsequent allocations with while sending with charge free. ThisTime, high in the clouds service knows which user has agent equipment 4, so and can be to registrationTable 8 is notified the device identifier that will register for the use of this application 6, thereby makes noteVolume shows knows which application provider 6 should communicate by letter with agent equipment 4. By thisMode, can in the case of know without the user of agent equipment 4 registration table 8 exist noteVolume is set up associated between agent equipment 4 and application provider 6 in table 8, and does not also needAgent equipment 4 storage is associated with agent equipment 4 that specific high in the clouds is served or application provider 6Information.
At step e place, for example install in original place by a part that sets it as Internet of Things, orPerson disposes agent equipment by opening for the first time agent equipment. In the time that agent equipment 4 activates,Agent equipment 4 utilizes the registration table address being stored in agent equipment 4 automatically to contact registration table 8.Agent equipment 4 and registration table 8 authenticate to break the wall of mistrust now each other, and this is to utilize in stepRapid B place is embedded in agent equipment 4 and between the record time of step B or C for registrationThe key information that table 8 is registered is realized. If authentication success mutually, registration table 8 is to generationReason equipment 4 and application provider 6 provide application key, and then establish the agency of step F placeStandby 4 and the application provider 6 application secret key encryption that can be received from registration table 8 by utilizations withDecrypt communicates safely. Therefore, registration table 8 allows at agent equipment 4 and answersBetween 6, set up trust, and do not need agent equipment to implement the configuration of any complexity.
Generally speaking, registration table 8 be provided for managing I/O T equipment (for example sensor) 4 withThe framework of the certification of the trust between application provider (high in the clouds provider) 6. Registration table 8Comprise high in the clouds platform, its management is about first number of each application provider 6 and agent equipment 4According to, the relation between administration agent equipment 4 and application provider 6, authenticating device identifier,And for agent equipment provides key to allow safe communicating by letter with application automatically. Agent equipment 4Can manufacture and design according to particular design guide, it guarantees that agent equipment 4 has onlyOne can authenticating identity, the key storage of safety, for the cryptographic abilities that keeps safely trusting withAnd predictable platform robustness. Agent equipment is manufactured supporting platform can support agent equipment 4In key generation and the right management of insertion, key and with the interface of registration table.
This framework contributes to solve the several problems in existing system. By establishing for each agencyStandby provide the unique identifier by registration table high in the clouds service authentication, agent equipment can be by uniquelyIdentification is to guarantee trust. Preferably, device identifier can be globally unique, thereby makesObtain the whole world and do not have the shared identical identifier of two equipment. This means and manufacture and equipmentThe appointment of identifier can be totally independent of the registration table of any follow-up use. But also likelyIt is local unique making device identifier in given registration table or registration table colony, whereinFor independently, do not have the distinct device in mutual registration table to use identical identifier. LogicalCross for application safety match the automatic registration process of agent equipment, realize agent equipment 4 withMutual certification between application 6, thus make to apply trust agent equipment authenticity and makeAgent equipment is trusted application authenticity. Even because agent equipment 4 is not by identical with application 6Provider manufacture or distribution also can be trusted now each other, be so agent equipment and applicationOpen market, thereby made to there is no need to use provided by application-specific provider 6 specificThe agent equipment 4 of brand is realized trust. Application can be trusted the scope from Duo Jia manufacturerVast agent equipment, and agent equipment can be trusted from the scope of Duo Jia provider vastApplication. This will contribute to reduce the cost of agent equipment and application, and contributes to increaseThe use of Physical Network agent equipment and application. In addition, registration table 8 contributes to improve application providesThe confidentiality in the source of business to the sensing data for " large data " application, described " several greatlyAccording to " apply and process the mass data that is received from many sources. Receive for " large data " serviceThe value of the information of collection depends on all " small data " collected by each independent agent equipment 4Validity. If high in the clouds service cannot be trusted its each independent agent equipment 4, pass throughThe conclusion that " large data " application obtains also cannot be trusted, thereby whole application is not hadMeaning. Technology of the present invention contributes to keep for the collected overall letter of the application by suchThe trust of breath. In addition, registration table 8 can storage agent device characteristics and for example agent equipmentOther information of use history of 4 and so on. This can be used to allow application provider 6 specialDetermine the agent equipment 4 of kind as target. For instance, application 6 may only be wished from havingThe agent equipment 4 that specific minimum safe requires is collected data.
Fig. 4 schematically shows agent equipment 4. Agent equipment comprises for collecting sensing numberAccording to sensing circuit 11. For instance, sensing circuit 11 can comprise temperature sensor, take the photographShadow machine, heart rate monitor or for collecting any other of the required data of application provider 6Detector. Agent equipment 4 also comprises for controlling the various processing of being implemented by agent equipment 4 to be graspedThe treatment circuit 12 of doing, such as certification mutually, for the data that send to application provider 6Encryption and key generate. Agent equipment 4 also have for for example registration table device 8 HesThe telecommunication circuit 14 of the external device communication of application provider 6 and so on. Telecommunication circuit 14 canTo use radio communication, such as utilizing the communication of WLAN (WiFi), for example radio frequency is logicalThe short haul connection of letter (RFID) or near-field communication (NFC) and so on, or use for exampleCommunication in the wireless sensor network of ZigBee or Bluetooth or 6LoWPAN and so on. ThisOutward, telecommunication circuit 14 can be used the cellular network of for example 3G or 4G and so on. Telecommunication circuit14 can also use wire communication, such as using optical fiber or metallic cable. Telecommunication circuit 14 alsoCan use two or more multi-form communications, such as being used in combination its providing aboveIn several examples. Agent equipment also comprises memory circuit 16, and it is for storage agent equipment 4Device identifier, use for the authentication information of authentication proxy's equipment and by agent equipment 4Other information. Agent equipment can also comprise key generator 18 alternatively, and it is close for generatingKey information or for other authentication informations of agent equipment 4.
Although it is of sensor who comprises sensing circuit 11 that Fig. 4 shows agent equipment whereinExample, in other examples, sensing circuit 11 may not be vital. On the contrary, for exampleAgent equipment can comprise for controlling physical object, such as sprinkler, anti-theft alarm, heatingOr the control circuit of air-conditioning unit or traffic light systems.
Fig. 5 schematically shows information in the memory circuit 16 that is stored in agent equipment 4An example. Memory circuit 16 has the equipment mark that identifies uniquely agent equipment 4 for storingKnow One Time Programmable (OTP) section 20 of symbol 22. Device identifier 22 is at agent equipment 4Manufacture during be embedded in OTP section 20. In this embodiment, once be fixed onIn OTP section 20, device identifier 22 just cannot be changed. For instance, equipmentAfter identifier is written to OTP section 20, can in memory circuit, burns fuse, thereby makeObtaining OTP section 20 cannot be rewritten. Or, in some equipment, likely after manufacturingFor equipment generates new identifier. For instance, in the time that equipment is transferred to different registration tablies,Be likely the identifier that device assignment is new, to avoid and establishing of being managed by new registration tableStandby identifier clashes.
Memory circuit 16 also comprises both can be read the non-volatile memories that also can be written intoDevice section 24, but it is applied to read-write protection, thus make the section 24 can only be by processing electricityThe privileged software access that road 12 is performed. Read/write protection section 24 is stored registration table address 26,It comprises URL, IP address or allows agent equipment 4 to contact other identifiers of registration table 8.Protected section 24 is also stored the registration table PKI for deciphering the message that is received from registration table 627, to verify that described registration table is that authorized (registration table PKI 27 is corresponding to registration tableThe registration table private key of holding).
Protected section 24 is gone back storage sensor key 28 or private key 29, and it is agent equipment 4Keep for identifying uniquely unique key of its identity. Sensor key 28 is and registrationThe symmetric key that table 8 is shared. Message can be utilized sensor key 28 at least in part firstEncrypt, and if registration table 8 can utilize identical key successfully to decipher described message,This message is considered to be received from and is trusted agent equipment, and therefore described equipment is authenticated. OrPerson, can provide for agent equipment the private key 29 of the different PKIs of holding corresponding to registration table 8.Asymmetric key is like this to allowing for the safer certification of agent equipment, this be becauseDo not have other equipment to hold the private key 29 of agent equipment 4. Corresponding to PKI 32 quilts of private key 29Be placed on memory circuit 16 write-protect but in the read-protected section 34 of right and wrong. Therefore, PKI32 can be read by any equipment or any software operating on agent equipment 4. In addition,The digital certificate 36 being associated with agent equipment 4 is also stored in the open zone of memory circuit 16In section 34. Described digital certificate comprise identify agent equipment 4 various data, metadata andPKI 32. Described certificate is sent to registration table 8 during authenticating, and registration table is to describedCertificate is signed so that authentication proxy's equipment identities. Other equipment subsequently can be from registration table 8Read certificate, and the signature verification agent equipment of registration table be trusted and with certificate 36The PKI 32 being associated is really from this agent equipment. Therefore, registration table 8 can serve as forIssue the Notified Body of PKI 32, its mode is similar to its in PKIX (PKI)His Notified Body.
Read/write protection section 24 is also stored one or more application keys 30, its be for shouldImplement to be subject to the symmetric key of the communication of trusting with provider 6. These keys are provided by registration table 8,And the data or the order that are used to agent equipment 4 and application provider 6 to exchange addClose/deciphering. Can be provided not for every a pair of agent equipment 4 and application provider 6 by registration table 8Same application key, so that the security of the communication between maintenance equipment. In other embodiments,Asymmetric key can be used as the application key 30 of the equipment that offers 4 and application provider 6.The application key that registration table device 8 provides can itself be generated by registration table device 8, orCan be by registration table from another equipment, such as hardware keys maker or cipher key storage device obtain.
Fig. 6 shows an example of application provider 6. Provide telecommunication circuit 40 forCommunicate with registration table 8 and agent equipment 4. Similarly, can provide multi-form havingLine or radio communication, as discussing for agent equipment 4 above. Application provides dressPut and also comprise memory circuit 42, it is stored the various data that used by application provider 6 and answersWith. For instance, memory circuit 42 can be stored application program, and described application program is used logicalCrossing telecommunication circuit 40 is received from the data of agent equipment 4 and according to certain mode, it is locatedReason, or send control command to agent equipment 4. Provide treatment circuit 44 to answer for carrying outWith and control other operation, such as the certification for registration table 8 and for agent equipmentThe encrypt/decrypt of the data of 4 exchanges. Can provide cipher feature portion, such as memory circuit 42In safe storage and cryptographic algorithm or the safe handling function in treatment circuit 44.
Fig. 7 shows an example of the registration table device 8 for keeping device registry. NoteVolume table 8 has the telecommunication circuit for communicating with agent equipment 4 and application provider 650. Similarly, telecommunication circuit 50 can be used various wired or wireless communications, as institute aboveThat discusses is such. Registration table also has memory circuit 52, the journey that its storage is carried out by registration table 8Order, and memory device registration table is for following the tracks of about various agent equipments 4 and accordingly shouldBy 6 information. Provide treatment circuit 54 to be stored in answering in memory circuit 52 for carrying outBy program and control various operations, such as authentication proxy's equipment 4 and application provider 6, realExecute the transfer of agent equipment 4 between different registration tablies, and management is about the unit of agent equipmentData. Similarly, can provide cipher feature portion, such as the safety storing in memory circuit 42Cryptographic algorithm in device and treatment circuit 44 or safe handling function. Registration table 8 can also be rightThe inquiry for the information about particular agent equipment 4 from external equipment responds, thanAs used the information of which authentication model about agent equipment. For safety reasons, notAll registration tablies 8 can allow such inquiry. For instance, some registration table operatorsMay preferably not provide the information about the authentication model being used by particular agent equipment 4.In addition, registration table 8 can be to looking into before utilization responds about the information of agent equipment 4Inquiry equipment is implemented certification, to guarantee that the query facility of only being trusted is allowed to obtain this information.
Fig. 8 A shows the registry entries 60 of being stored by the memory circuit 52 of registration table device 8An example. Can have and comprise this agency to each agent equipment 4 of registration table for registering(it is corresponding to the OTP section 20 that is stored in agent equipment 4 for the device identifier 22 of equipment 4In identifier 22) registry entries. Registry entries also comprises the equipment of agent equipment 4Certificate 36 and PKI 32, and made for verifying that agent equipment 4 is trusted by registration table 8Any other authentication information. Although showing wherein certificate 36 and PKI 32, Fig. 8 A is in phaseAn example in same field, but certificate 36 and PKI 32 also may be provided in differenceField in. In addition, registry entries 60 can also have for using at other authentication modelsIn the field of authentication information of other types.
Registry entries 60 also comprises one or more application identities symbols 62, and its mark agency establishesStandby 4 will set up with it the one or more application providers 6 that are subject to the communication of trusting, and forOne or more application keys 30 of communicating by letter with identified application provider 6. Similarly,Application identities symbol 62 and corresponding application key 30 can be in the identical of registry entries 60In field or the field that separates. Can be in response to itself and this agency be established from application providerFor the request being associated, application identities symbol is stored in registry entries. Therefore, Dai LisheStandby itself do not need to know its with which application communication, and registration table 8 can provideAssociated between agent equipment and application provider. For instance, once agent equipment receptionTo the application key 30 from registration table 8, it can be exported simply and utilize application key 30Encrypt data and do not need to be concerned about where these data will be gone to.
Registry entries 60 also comprises which authentication model of mark agent equipment 4 use carrys out safetyGround authenticates the authentication model information of himself, just as will be described. Will be appreciated that,Registry entries 60 can comprise about the information of many other types of agent equipment and first numberAccording to, it can be inquired about by the external equipment of for example application provider and so on. It should also be appreciated thatAgent equipment 4, application provider 6 and registration table 8 can comprise except institute in Fig. 4,6 and 7Many other unit outside illustrating.
In addition, registry entries 60 comprises signature/hash field 68, and it comprises based on registration tableThe trust that is subject to of the Information generation in one of them a little other field of entry 60 is signed or hashValue. This allows to attempt creating first registry entries 60 at a certain equipment or individual in registration tableRevise afterwards in the situation of one of them other field and make and distort detection. Registration table device 8 canTo utilize other fields to recalculate signature or hash, and it is stored to check whether it matesSignature/hash field 68.
As shown in Fig. 8 B, registration table device 8 can also be stored for corresponding agent equipment 4Event entries 69. Event entries 69 can be the registry entries 60 shown in Fig. 8 ASub-entry, or may be provided in other embodiments by device id 22 and registration tableThe record separating that entry 60 is associated. Event entries 69 provides and establishes for corresponding agencyThe standby relevant historical information of 4 event being occurred. Specific agent equipment 4 can have withThe zero being associated, one or more event entries 69. Therefore, for particular deviceRegistry entries 60 and and the event entries 69 that is associated of identical device between can exist a pair ofMany relations. Event entries 69 comprises for the device id 22 of agent equipment, presentation of events generationDate date and time information, show logout and and the event of the type of institute's eventThe field of any other information being associated, and for distorting signature/hash field of detection,This is similar to signature/hash field 68 of registry entries 60. Can with agent equipment 4 phasesAssociated event creates new event entries 69 while generation. The thing that can be recorded for instance,Part comprise agent equipment 4 from manufacture the activation of sending, loading and transporting (position), equipment with charge free or stop using,Registration and the many other business of consumer to equipment. Event entries 69 allows registration table to follow the tracks ofThe history of equipment.
As shown in Figure 9, dissimilar agent equipment 4 may tool for security and certificationThere is different requirements. In general, the level of desired security higher (this be for example because ofFor data be valuable, belong to individual, commercial sensitivity or because exist with numberAccording to the use health or the public safety problem that are associated), the manufacturing cost of agent equipment 4 is justHigher, this is because may need the more complicated resource for administrative authentication. For someEquipment, this additional cost may be rationalized (justify). For instance,For for example agent equipment to thermometer of weather monitoring application and so on feeds of data, wantThe all conditions of asking is that data can be real by trust, therefore can use relatively low costAuthentication model with low-security. On the other hand, in health care or intelligent city or far awayThe equipment of other kinds that use in journey information processing, may it is highly important that agent equipmentIntegrality and authenticity are without prejudice. For these application, in order to obtain the safety of higher degreeProperty and the way of causing the cost of increase can be rationalized. Therefore, as shown in Figure 9, canTo set up multiple different trust levels, to provide one to be used to IOT equipment to keep trueThe extensible technique of equipment identities. Each agent equipment 4 can have select for it specificAuthentication model, and can utilize as shown in Figure 8 authentication model information 64 at registration table barIn order 60, show selected model. In addition may also there is the equipment that makes to have similar functionsThere is the business demand that operates in the authentication model under different security levels. This is for catering to notSame use field may be useful.
During the manufacture of equipment or distribution, having set up the difference agency with different authentication model establishesAfter standby 4, registration table 8 can agent equipment be divided based on authentication model information 64 subsequently orBe separated in different classifications. For instance, some application 6 may show its can only with toolThere is the agent equipment of specific authentication model to communicate. In addition, equipment can be inquired about registration table 8To be identified for the authentication model of authorized agency's equipment 4. For instance, banking applicationProvider may wish breaking the wall of mistrust before communicating by letter and determining ready-made generation of user with agent equipment 4Reason equipment 4 meets specific minimum safe requirement. Different authentication models may be manySame aspect is different. For instance, some authentication models can use fixing, can notThe authentication information changing, other authentication models can allow to utilize the key of agent equipment 4 rawBecome circuit 18 to upgrade authentication information. For fixing model, key generative circuit 18 mayDo not need provides together with agent equipment 4, thereby can implement more cheaply agent equipment,Can provide safer certification for the agent equipment with key generative capacity, thisBecause regenerating key when needed. Similarly, some authentication models can useBy agent equipment 4 and the shared symmetric key of registration table 8, it is not right that other equipment can useClaim key, wherein agent equipment 4 and registration table 8 have different complementary key. Some modelsCan allow an agent equipment to transfer to another from a registration table, other models can beAgent equipment is restricted to for specific registration table handling. Therefore, there are many different modes realExecute authentication model, and can or suitably select between development period in the manufacture of agent equipment.
Figure 10 to 12 shows three examples of authentication model. Figure 10 shows the first certification mouldType, wherein fixing sensor key 28 is injected into being protected of agent equipment 4 during manufactureProtect in section 24. Sensor key 28 is generated by the external equipment 70 that belongs to manufacturer. SubsequentlyUsing sensor key 28 as shared secret and the registration table 8 of marking equipment are shared uniquely. LiftExample, sensor key can be 128 bits or the 256 bit A ES that generate during manufacture(Advanced Encryption Standard) key. For authentication proxy's equipment 4, agent equipment 4 can be to noteVolume table 8 transmits message, and a part for wherein said message utilizes sensor key 28 to encrypt.If registration table 8 successfully decrypt 28 this part and utilize himself sensingThe copy of device key 28 verifies that it is correct, is successful for the certification of agent equipment 4.For instance, can be by agent equipment 4 from described message generation hash, and use sensorKey 28 is encrypted described hash. The registration table that receives message can utilize and agent equipment 4Identical algorithm generates himself hash of received message, and can decipher instituteThe hash receiving and check whether received hash mates the hash that it generates. AsTwo Hash matches of fruit, agent equipment is certified. The advantage of the first authentication model is in factExecute cost lower. There is no need to provide PKIX or key raw in agent equipment 4Grow up to be a useful person 18. Only need AES or another kind of shared secret scheme. But cost is cheaplySecurity reduces, and this is because if shared secret is cracked (compromise), for attackingThe person of hitting provides the control completely for equipment or agent equipment, comprising ownership change orData access. Owing to being provided to the shared sensor key 28 of registration table 8 and being used to certificationThe sensor key 28 of equipment is identical, the possibility that therefore cracks sensor key 28 withUse the situation of asymmetric key to compare larger, particularly sensor key from manufacturing systemSystem 70 is distributed in the process of registration table 8 especially like this. But due to sensor key 28Be unique for each agent equipment 4, even if therefore sensor key is cracked, this alsoOnly will affect an agent equipment 4, and will can not affect any other agent equipment. Therefore,This model can be used to the low-security applications of for example weather forecast and so on.
In certain embodiments, replace and there is single-sensor key 28, can be a sensingThe list of device key is embedded in agent equipment 4, and can be by agent equipment 4 from described rowIn table, select a key for authenticating himself. In this case, can utilize and showWhich key is the active mark that the index that enters into list of selected key carrys out define equipmentKnow. Can be provided for for registration table 8 subsequently the corresponding agent equipment key of selected key.In this way, if a sensor key is cracked, agent equipment 4 can switch profitTo another sensor key using in list.
Figure 11 shows an example of the second authentication model, wherein recognizing for agent equipment 4Card information remains fixing (immutable), but this time described authentication information comprises notSymmetric key pair, comprising private key 29 and PKI 32. This is safer, because privateKey 29 can only be held by agent equipment 4 and not share corresponding PKI with any other equipment32 can be broadcasted generally to other equipment and can not damage private key 29. Asymmetric key pairMake the message of utilizing private key 29 partly to encrypt according to being similar to mode previously discussedCan utilize corresponding PKI 32 to decipher. Therefore, if registration table 8 can utilize PKI 32Successfully deciphering is received from the message of agent equipment, can determine that described message is from havingThe agent equipment through authorizing of private key 29. Described key to also with the public affairs that represent agent equipment 4Coplanar digital certificate 36 is associated. Certificate 36 can be used to transmit PKI to registration table 832, once and by registry signature, verification public key 32 is correct for this agent equipment 4Key. Described key is to comprising any type of signing certificate and key pair with certificate.For instance, elliptic curve cipher (ECC) key can be used as key to 29,32, andAnd X.509 certificate can be used as digital certificate 36. In this model, manufacturing equipment 70 existsDuring manufacture, generate key to certificate 36, and be embedded in the protected section of memory24, in 34, just as shown in Figure 11. Although there is potential weakness, alsoBe to manufacture processing 70 will know the private key 29 of agent equipment 4, but once manufacturer 70 canAfter being injected in agent equipment 4, just deleted private key 29, and agent equipment 4 after thisTo be the only equipment that can access described private key. Appointing except agent equipment 4 is ownWhat his part does not need private key. The transfer of authentication information from manufacturer 70 to registration table 8 moreAdd safety, this is because it only needs to shift PKI 32 and certificate 36, and does not need to shift privateKey 29. But in this model, cost compared with the first authentication model increases, this be becauseAgent equipment needs PKI ability and for storing private key 29, PKI 32 and certificate 36 moreMany Guared memories. But security is higher, this is to establish because do not exist for except acting on behalf ofPermanent shared key known to other equipment outside standby 4. Similarly, replace single key pair,Once agent equipment 4 can have after agent equipment can operate with regard to alternative key pairList. However, in this case described list still do not have great protection wantAsk, this is because the list for the agent equipment key that kept by registration table 8 is only by PKI and certificateForm. Any known PKI scheme can be used to the second model.
Figure 12 shows the 3rd authentication model, and it is safer than the first and second models, stillImplementation cost is also higher. Similarly, in the memory circuit 16 of agent equipment 4, provide private key29 and PKI 32 together with digital certificate 36. But the difference of the 3rd model and the second modelBe, in agent equipment 4, provide on chip key generative circuit 18 for generating keyTo 29,32. Generation provides so higher security, because never can be known by manufacturer 70The private key 29 of reason equipment 4. In addition, owing to providing on chip key to generate facility, therefore asFruit is necessary, agent equipment can regenerating key to change authentication information. Only havePKI 32 and certificate 36 are provided for for example external equipment of registration table 8 and so on. Therefore, existDuring identity and ownership are set up, the chipset 18 in agent equipment 4 creates for example ECC keyTo and so on asymmetric key pair. Private key 29 is stored in the read/write protection section 24 of memoryIn. Only have authorization code can access private key 29. On chip, key generative circuit 18 also will be given birth toBecome certificate 36, and send to registration table 8 the certificate label that comprise device id 22 and PKI 32Name request. PKI 32 and certificate 36 are also written in the write-protect section 34 of memory, itsIt is completely readable and not protection. Registration table 8 is signed to certificate 36, to verify agencyEquipment is through authorizing. This method does not have the exposure weakness in model 1 or 2, at mouldIn type 1 or 2, sensor key 28 or private key 29 can be from registration table 8 or manufacturing platforms 70In be extracted. The private key 29 of agent equipment will not be exposed to except agent equipment 4Any other equipment. In this case, the intensity-dependent of security key on by chip is rawGrow up to be a useful person 18 keys that carry out to the quality generating, in order to make this safe enough on the one hand, in systemThere is additional cost in manufacturing apparatus aspect, this is because must there be additional silicon to support that safety is closeKey generates (for example random number good needs being generated).
In the example of Figure 12, the 3rd authentication model also allows a registration table 8 and agent equipment 4Between the trusting relationship that is subject to transfer to the second registration table 80. To this be described in further detail belowProcess. Because agent equipment 4 has key generative circuit 18 on chip, therefore this means and work asWhen agent equipment is transferred to the second registration table 80 trust from the first registration table 8, can generate newKey, thereby make the first registration table 8 no longer can authentication proxy's equipment 4. This is for carryingMay be useful for additional security, this be to be such as being used in government or defence applicationThe operator of privately owned registration table 8 may require some agent equipment to transfer to its registrationTable, and the institute of removal and public registry 8 is related. Or the first registration table can be byRelevant entry is deleted in instruction, thereby makes it no longer can authentication proxy's equipment. By this sideFormula, agent equipment does not need to generate new key. In another kind of modification, agent equipment canThere is more than one pre-stored key. In the time changing registration table, can use subsequently elder generationBefore the key that do not used.
Will be appreciated that, other models that are possible Figure 10 and 11 provide registration table itBetween the ability of transfer trust. But in this case, because agent equipment cannot regenerateIts key information, therefore agent equipment 4 will utilize identical key information to be registered in the second noteIn volume table 80. In this case, two registration tablies 8,80 can be shared identical agency and establishFor 4, thereby make identical agent equipment 4 be registered to two registration tablies. Therefore, replaceAgent equipment data are directly transferred to another registration table, agent equipment can be assigned on the contraryTo two registration tablies, thereby make the agent equipment can should with associated with two registration table homogeneous phasesCommunicate with provider.
Therefore, can provide some different types of authentication models, to allow agent equipment to establishMeter balance keeps the ability and the cost of implementing security of the security of enough degree. Depend on generationThe meaning of reason equipment is determined object, can select during manufacture particular model, and subsequently can be byRegistration table 8 keeps about the information that has used which model, thereby allows application to want for itAsk and use suitable agent equipment. Figure 13 shows the model shown in comparison Figure 10 to 12The table of different attribute. Will be appreciated that, can use the model of other types. For instance,Can use dissimilar key to generate to provide security in various degree.
Figure 14 shows the first example of the method for the trusted identities of setting up agent equipment 4. InstituteState trusted identities can during the manufacture of agent equipment, its distribution during or existed afterwardsDuring for registration table registering apparatus, set up. At step 100 place, determining will be for agent equipment 4The authentication model using. If agent equipment 4 is manufactured, for selected authentication modelWhich resource definite depending on provides (if for example agency establishes in agent equipment 4For not thering is key generative circuit 18 on chip, possibly cannot select certification previously discussedModel 3). On the other hand, if before agent equipment manufacture or during implement described method,Can select any authentication model, and can implement for implementing described model afterwardsRequired processing resource is (such as protected storage, PKI infrastructure or key generative capacityBe established in equipment).
At step 102 place, generate and be used for the close of authentication proxy's equipment 4 according to selected authentication modelKey information. Depend on selected model, this can be implemented or by acting on behalf of by outside manufacturing equipment 70Equipment 4 is implemented itself. At step 104 place, device id 22, shared sensor key 28 orPrivate key 29, registration table address 26 and also have alternatively device certificate 36 to be embedded in agency to establishIn standby 4 memory circuit 16. Described embedding step can be by being established to equipment memory circuitIn implement, or by described information being stored in to quilt during the previous fabrication stageProvide in the memory circuit in agent equipment and implement. If use authentication model 1, passSensor key 28 is embedded into, if use authentication model 2 or 3, private key 29 and certificate 36Be stored in memory circuit 16. Now, can also provide registration table certification for agent equipment 4Information is for the identity of checking registration table 8.
At step 106 place, for defining the various metadata of trusted identities of agent equipment 4Be uploaded to registration table device 8. For instance, device id 22, sensor key 28 (are usedIn model 1) or PKI 32 (for model 2 or 3), digital certificate 36 (for model 2Or 3) and show that the authentication model information 64 of selected model can be uploaded to registration table 8.At step 108 place, registration table is signed to certificate where necessary, and device metadataBeing registered in registration table established by trust to described equipment is established as to its identityStandby.
Figure 15 shows the second example of setting up for trust and the identity of equipment. In this embodiment,Utilize key generative circuit 18 and utilized the OTP section 20 that is stored in memory circuit 16In device identifier 22 manufactured agent equipment (sensor) 4. Therefore, this sensor 4Use authentication model 3 or allow the close copy that on chip, key generates. At step 120 place,Sensor 4 sends the registration (registration) of the device identifier 22 that shows sensor 4 to registration table 8Request. At step 122 place, whether Registry Checking sensor 4 by registration table is had,And if the words that are described method finish.
If agent equipment is not yet had, at step 124 place, trigger sensor 4 in order toCreate new key to 29,32 with key generator 18, and described key is to central privateKey 29 is placed in protected storage zone section 24. Generating Certificate signature at step 126 place pleaseAsk, it is sent to registration table 8. Certificate signature request request registration table 8 is to sensor 4Digital certificate 32 is signed. Described certificate at least comprises the device identifier 22 of sensor 4As subject name, the security level of sensor 4 (authentication model information), and by closeThe PKI 32 that key maker 18 generates. At step 128 place, registration table 8 enters described certificateRow signature is to confirm that described certificate and PKI are effective. Registration table is about sensor 4Information registering is in device registry, to sensor 4 is established as and is trusted agent equipment.
Figure 16 shows agent equipment 4 is implemented to certification to check that it is registered as trusted deviceAnd between agent equipment 4 and application provider 6, set up and be subject to trust the method for communicating by letter subsequently.Suppose for example to use the method shown in Figure 14 or 15 to register agency for registration table 8Equipment 4, therefore registration table 8 comprises for verifying that agent equipment 4 comprises and identifies uniquely this generationThe information of the authentication information of reason equipment 4. Use in this embodiment authentication model 3, therefore agencyEquipment 4 comprises sensor private key Ks.pr, and registration table 8 comprises corresponding to private key Ks.prSensor PKI Ks.pu. Similarly, agent equipment 4 can utilize corresponding to registration table 8The registration table PKI Kr.pu of the registration table private key Kr.pr holding authenticates registration table 8.
At step 150 place, registration table 8 and application provider 6 to implement each other mutually certification withBreak the wall of mistrust. As a rule, this will be implemented for each application provider 6 by registration table 8Once. Mutual certification between registration table 8 and application provider 6 150 conventionally will be not forEach agent equipment 4 that application provider 6 communicates by letter repeats. Certification 150 can utilize mutuallyAny known authentication techniques occur.
At step 152 place, agent equipment is activated, and in response to activation, agent equipment 4Registration table URL26 in the protected storage 24 by being embedded in agent equipment identifiesRegistration table transmit authentication request 154. Described authentication request comprises establishing of mark agent equipment 4Standby ID22. The activation of agent equipment for example can comprise agent equipment install after for the first timeEnergising, or activator button on agent equipment is pressed. Authentication request 154 can be in response toThe activation of agent equipment is transmitted automatically, thereby makes not need user interface or certain otherThe user interface of kind carrys out triggering authentication. This means and install or use the people of agent equipment not needKnow agent equipment just certified. In response to authentication request 154, agent equipment 4 and registrationTable 8 utilizes exchanged between registration or record time by agent equipment 4 and registration table 8 closeKey starts to carry out certification 156 mutually. In mutually authenticating, agent equipment 4 utilizes sensor privateThe hash of key Ks.pr encrypting messages, and the message 158 of Partial encryption is sent to registration table8. According to corresponding mode, registration table 8 utilizes the hash of registration table private key Kr.pr encrypting messages,And the message 159 of Partial encryption is sent to agent equipment 4. Agent equipment 4 obtains it certainlyThe hash of the message 159 of body, and by it and by utilizing registration table PKI Kr.pu to addingClose hash is decrypted obtained hash and compares. If two Hash matches, assertRegistration table 8 is real. Similarly, registration table 8 obtains hash from message 158, and willIts with by utilizing sensor PKI Ks.pu to the keyed hash receiving along with message 158Being decrypted obtained hash compares. Similarly, if two Hash matches, generationsReason equipment 4 is authenticated.
Although Figure 16 shows the authentication request of separating 154 and the certification that are transmitted by agent equipment 4Message 158, but in other embodiments, authentication request 154 and authentication message 158 canBe identical message, thereby make agent equipment 4 activate to registration table 8 transport units at 152 o'clockDivide the authentication message 158 (together with device id 22) of encrypting, and this Partial encryptionAuthentication message 158 serve as trigger the certification that responds by mutual certification 156 of registration table 8 pleaseAsk.
If registration table 8 has successfully authenticated the message 158 that is received from agent equipment 4, existStep 160 place, registration table 8 generates application key 30 and application key is sent to agency and establishesStandby 4. In addition, registration table 8 also sends to application key 30 by asking for having in certificationAsk in 154 the application mark in the registry entries 60 of agent equipment 4 of the device id 22 of specifyingKnow symbol 62 application providers that identify 6. Registration table 8 is also established the agency of agent equipment 4Standby ID sends to application provider 6, thereby makes application provider 6 know which agency establishesStandby 4 will utilize received application key 30 to communicate.
If agent equipment 4 has successfully authenticated registration table 8, at step 170 place, agencyEquipment 4 and application provider 6 utilize the application key 30 that is received from registration table 8 to start to encryptCommunication. If registration table 8 is proxied device 4 success identities not yet, agent equipment 4 is not joinedWith any coded communication that utilizes application key 30. In coded communication 180, generation conventionallyReason equipment 4 will transmit data to application provider 6, and application provider will be to agent equipment4 transmit order, but also likely send in the opposite direction data or order. In step190 places, operate in application processing on application provider 6 and are received from the data of agent equipment.For instance, application can be determined other information by usage data, or data can be usedIn can be by the high in the clouds computing platform of access to the Internet. Coded communication 180 is at agent equipment4 and application provider 6 between directly carry out, and without registration table 8.
Therefore, registration table 8 allows agent equipment 4 to be encrypted communicating by letter with application provider 6And do not need complex configurations or the user interactions at agent equipment 4 places. This means agent equipment 4Can be very simple, and do not need to there is complicated processing resource, still can keep simultaneouslySecurity.
Figure 17 shows for interior agent equipment 4 and particular consumer (user) at registration table 810 methods that are associated and agent equipment 4 is associated with application provider 6. In step 200Place, consumer 10 obtains the device id 22 of agent equipment. This can carry out in several ways.For instance, agent equipment 4 or the box for equipment 4 can have and be printed thereonDevice id, and consumer can be from agent equipment shell fetch equipment ID. In addition equipment,ID can by bar code or QR code or similarly diagrammatic representation represent, and user canTo carry out scan code with code reader with equipment ID22. Consumer 10 carries with backward applicationFor the associated request 210 of business's 6 transfer equipments, its identifier that comprises consumer (ID) andDevice identifier 22. This step can be in response to for example using smart phone or tablet device to answerWith or web interface read bar code or QR code and automatically occur. Application provider 6 now canWith for device id recording user ID, thereby make the communication afterwards from agent equipment 4Can be associated with particular consumer. After the associated request 210 of the equipment that receives, application is carriedCan also send association request 220 to registration table 8 for business 6, thereby application provider 6Application identities symbol be associated with the device id 22 from the associated request 210 of agent equipment. ResponseIn association request, registration table 8 is registered in application identities symbol for having by associationIn the registry entries 60 of the agent equipment of the device identifier 22 that request 220 is specified.
In other examples, consumer 10 may directly obtain agent equipment from application provider4, therefore, in the time that consumer obtains agent equipment, equipment may be known by application provider 6Associated between ID and ID. In this case, may not need the associated request of equipment210, and application provider 6 can alternatively generate and will send to its internal recordThe association request 220 of registration table 8. It should be mentioned that registration table 8 does not receive useFamily identifier. Registry entries 60 only identifies agent equipment 4 by device id, and notComprise any user data.
In a comparable manner, association request 220 can also be used by application provider 6Ask the current agent equipment 4 being associated from an application provider 6 to transfer to differentProvider 6. In this case, association request 220 can be from multiple source, whereinComprise agent equipment itself (if for example user selects switch application provider), previousThe application provider in the early time 6 that is associated with agent equipment 4, utilize association request220 assign new application provider 6 or another third party device of equipment for it. At handleBefore agent equipment 4 is reassigned into new application provider 6, registration table 4 can check to be sent outWhether the equipment that goes out association request 220 is trusted device. If or agent equipment 4Be allowed to be associated with multiple application providers 6, can be together with previous application provider 6Register new application provider 6 for agent equipment 4 together, instead of as the reality providing aboveIn example, replace like that previous application provider 6.
Figure 18 shows the agent equipment 4 of registering to the first registration table 8 is assigned to the second registrationThe method of table 80. At step 250 place, requester device request is registered agent equipment 4Ownership transfer to the second registration table 80. Requester device can be agent equipment 4, secondRegistration table 80 or can be another of for example application provider (owner is served in high in the clouds) and so onIndividual third party device. At step 260 place, the first registration table 8 checks in device assignment requestCurrent whether being registered in registration table of agent equipment 4 of mentioning. If not, instituteThe method of stating finishes. Therefore,, in order to assign the ownership of agent equipment, be necessary to have from currentThe first registration table 8 of the registration of this agent equipment asks for permission. Guarantee like this to only have and generationReason equipment has been set up the registration table of trusting and could have been authorized and trusted state transitions and note to anotherVolume table 80.
At step 270 place, the first registration table is determined whether it trusts and has been sent agent equipment appointmentThe requester device of request. If not, described method finishes. The first registration table canCan be previously authenticated requestor, can be defined as being subject in this case credential requestPerson. Or at step 270 place, certified if requestor does not also have, registration table can be rightRequestor carries out new certification. Certification between the first registration table 8 and requestor can utilize appointsWhat known technology is carried out. In addition,, for some authentication model, agent equipment 4 is to differentThe appointment of registration table may not be allowed to, and therefore registration table can check recognizing for agent equipmentWhether model of a syndrome information makes the appointment of agent equipment licensed.
After the inspection at step 270 place, if registration table credential request person and agent equipmentBe allowed to transfer to different registration tablies, described method proceeds to step 280, wherein agencyEquipment 4 utilizes key generator 18 to generate new key pair. Can trigger by different modesAgent equipment 4 generates new key pair. In an example, the first registration table 8 can be indicatedIt will be assigned to another registration table agent equipment 4, and in response to this instruction, agent equipment canTo generate new key pair. Or the first registration table 8 can be to requester device or the second noteVolume table 80 announcement apparatus can be assigned, and this equipment can trigger agent equipment generation subsequentlyNew key pair. At step 290 place, agent equipment 4 signature request that Generates Certificate, it comprisesThe device id of newly-generated PKI and agent equipment 4. Private key corresponding to PKI is stored in peaceIn full storage. Certificate signature request is sent to the second registration table 80, and it is at step 300 placeCertificate is signed, and agent equipment 4 is registered in its device registry. In step310 places, agent equipment is cancelled its original licensed table ownership, and this is by from primary key pairMiddle deletion private key 29 and its registration table URL26 is updated to corresponding to the second registration table 80URL realize. At step 320 place, the first registration table 8 checks that agent equipment is correctShifted its registration table ownership, and with backward the second registration table 80 notification agent equipment 4Now under its ownership. Now, the first registration table 8 can be deleted alternatively for generationThe registry entries 60 of reason equipment 4, thus it is no longer registered in the first registration table. OrPerson, can remain on registration table for the entry of agent equipment, and this is because from original closeDue to its corresponding private key proxied device 4, therefore delete be no longer relevant to the right PKI 32 of key.
Example shown in Figure 18 is for authentication model 3, or wherein agent equipment is had the ability rawThe right similar authentication model of key of Cheng Xin. If agent equipment have authentication model 2 orWherein authentication information is fixing close copy, replaces and generates new key pair, in step280,290 and 300 places, can use from the primary key of the first registration table to and certificate,Thereby making as the second registration table 80 provides is to be registered in identical in the first registration table 8 at firstAuthentication information. After assigning, agent equipment 4 can be registered in registration table 8,80 bothIn, thus can be authenticated by two registration tablies, and can with two registration tablies, 8,80 phasesAssociated application provider communicates.
Agent equipment 4 or the first registration table 8 can take steps to guarantee step 280 to 320Occur by atomic way, thus described step can not be interrupted halfway and inUnfinished state. This means if upgrade process break down midway, only canCan result or agent equipment 4 retain its primary keys to certificate and be not transferred to(be similar to registration table after step 270 determines when requestor is not trusted the second registration tableSituation), or agent equipment by by be updated to be completely in the second registration table ownership itUnder. This guarantees that agent equipment 4 will always can contact a registration table 8 or 80, and can notFinally cannot be by any registration table 8,80 certification.
In some cases, as shown in Figure 18, agent equipment 4 is being assigned to new registrationWhen table, the application provider 6 being associated with agent equipment 4 also can change. The second registration tableWhich (which) application 80 for example can select to be assigned to agent equipment 4, or theTwo registration tablies 80 can be waited for the association request 220 from external source, its show by with generationThe application identities symbol of the application provider 6 that reason equipment 4 is associated. Or in the time switching registration table,The application being associated with agent equipment 4 can keep identical, and the second registration table 80 can letterSingly register for agent equipment 4 and be registered in identical (multiple) in the first registration table 8(for example the first registration table 8 can be provided to the (multiple) application identities symbol for application identities symbolTwo registration tablies 80).
Figure 19 shows the agent equipment 4 that is previously transferred to the second registration table 80 for resettingProprietorial method, thereby make its turn back to by first registers agent equipment 4 first registrationTable 8 is looked after. At step 350 place, second registration table 80 (requester device) request the first noteVolume table 8 is regained the ownership of agent equipment 4. At step 360 place, the first registration table 8 is determinedWhether the second registration table 80 is trusted. Similarly, this can comprise implements certification, checks requestPerson is previously certified, or whether definite agent equipment 4 supports to be reset to the first registration table8. If agent equipment 4 is not allowed to be reset to registration table, described method finishes. Otherwise,Described method proceeds to step 370, and whether wherein Registry Checking agent equipment 4 is current isTwo registration tablies 80 have. If not, described method finishes. Only so just guaranteeThere is the current owner of registration to trigger the registration of equipment 4 is reset to the first registration table 8.
If agent equipment is had by the second registration table 80, at step 380 place, by acting on behalf ofEquipment 4 generates new key pair. At step 390 place, utilize new PKI and device id to prepareCertificate signature request and send it to the first registration table 8. The key generating is to centralPrivate key is stored in the safety storing 16 of agent equipment 4. At step 400 place, the first registrationTable 8 is signed to new certificate, to again agent equipment is authorized. In step410 places, agent equipment is by deleting previous key to certificate and by its registration table URL26Be updated to corresponding to the first registration table 8 and cancel its registration for the second registration table 80. In stepRapid 420 places, in the first registration table 8, update the equipment ownership state and the second registration table80 can delete its entry for agent equipment 4. Described method finishes subsequently. Similarly,The operation at step 380-420 place can be implemented by atomic way, to guarantee agent equipmentAlways for one of them registration table for registering, and can finally in any registration table, all not haveThere is effective registration.
Figure 18 and 19 method allow transfer agent equipment between registration table, or allow handleAgent equipment is assigned to multiple registration tablies simultaneously, and this is for allowing some operator that himself is providedThe privately owned registration table of agent equipment may be useful so that by its agent equipment with use publicOther agent equipments of registration table certification separate altogether. For instance, defence tissue, government or cityCity management can be runed registration table that himself safety trusted agent equipment for organizing at itInterior use. Can provide general public registry to use for general object. In manufacture, agency establishesWhen standby, it can be at first for public registry registration, but when by privately owned registration table request instituteWhile having the right to change, can be transferred to privately owned registration table. When privately owned registration table no longer needsWhen agent equipment, ownership can be reset to original licensed table. Preferably, Ke YiWhile transferring to different registration tablies, generate new authentication information, to guarantee that agent equipment no longer canAuthenticated by registration table in the early time.
Figure 20 to 23 shows the time of explaining for the different application example of technology of the present inventionFour examples of line. Figure 20 shows the first example in personal health nursing field, Qi ZhongdaiReason equipment (sensor) is limit bundle (tether) to the application of specific high in the clouds, thereby makes it by answeringDirectly provide and cannot be used to other application with provider. Agent equipment 4 can be for exampleThe sensor of the weared on wrist that comprises heart rate monitor, it can feed back to heart rate information by being good forThe application provider 6 of health nursing provider running is for monitoring patient's health. In step1 place, chip I P company is designed for the hardware and software of sensor 4 and for sensorSafety Design guide. System on chip (SOC) manufacturer produce be associated with security hardware andThe SOC of unique device identifier. Original equipment manufacturer (ODM) manufactures sensor device. FormerEquipment manufacturer (OEM) exploitation final products begin. A bit locate (this in certain that manufacture during processingCan be in SOC, ODM or OEM stage), at step 2 place, device identifier and private keyBe installed in agent equipment 4. At step 3 place, sensor metadata is by manufacturing back-up system70 upload to registration table 8. Described metadata for example can comprise device identifier, PKI and recognizeModel of a syndrome information. Registration table device 8 by this information registering in its device registry.
At step 4 place, sensor is sold to health care provider 6. At step 5 place,The part of health care provider 6 using sensor as its service offers user. Health is protectedReason provider 6 is associated the sensor ID of equipment with user's ID. At step 4 place orAt step 5 place, OEM or application provider 6 provide association request to registration table 8, withJust the high in the clouds application of health care provider will be used to its notice sensor 4. Therefore, thoughSo registration table does not have Customer Information, but it knows that in the time that agent equipment 4 is activated it will be withApplication provider 6 corresponding to health care company communicates.
At step 6 place, user is from health care provider 6 receiving sensors 4. User is sleeveBand is worn in his/her wrist, turn on sensor 4 and bringing into use. Opening device triggersSensor 4 utilizes authentication request contact registration table 8, and certification mutually occurs subsequently, asPreviously discussed. User does not know this, and not for triggering this certificationUser interface---certification automatically triggered by the activation of equipment. Registration table 8 is determined sensingDevice 4 has been registered in its registration table, and in its registry entries, has corresponding to strongThe application identities symbol of health nursing provider 6. Therefore,, at step 7 place, registration table 8 is to healthThe nursing announcement apparatus ID of provider, and utilize authentic effective device id to protect to healthReason provider 6 notification agent equipment are now active. At step 8 place, health care provider 6Request application key for the secure communication of sensor 4. At step 9 place, registration table toThe two provides application key sensor 4 and health care provider 6. At step 10 place, passingBetween sensor 4 and health care provider 6, start not relate to direct safe the adding of registration tableClose communication.
Figure 21 shows another example of service condition, is wherein substituted in agent equipment is providedBefore giving user, limit bundle is applied to high in the clouds, and user can alternatively buy " ready-made " equipment alsoAnd afterwards equipment had been associated with the application of specific high in the clouds. So just allow user for identicalHigh in the clouds application is used the sensor of dissimilar or brand. Similarly, this example belongs to personal healthNursing field, wherein application provider belongs to health care company. Step 1-3 and Figure 20In identical. But in this example, at step 4 place, OEM by production marketing to retailer, zeroSell business and subsequently sensor 4 is sold to terminal temperature difference. Now, sensor 4 is not tied to and answersWith provider 6.
At step 5 place, user the smart phone being provided by health care provider 6 is provided and applies,And scanning sensor 4 is own or sensor is packaged in the code on box wherein. IntelligenceApplication on energy phone transmits the associated request of sensor to health care provider, thereby sensingThe device id of device is associated with particular user account. At step 6 place, smart phone application or healthyThe platform 6 of nursing provider sends association request to registration table 8, thereby application IDBe associated with device id. Therefore, registration table can be associated agent equipment with application-specific now,And application provider can be associated agent equipment ID with specific user. The step of Figure 217-11 carries out according to the same way of the step 6-10 of Figure 20 respectively subsequently.
Figure 22 shows the 3rd service condition, wherein buys " buying equipment by oneself " (BYOD) by userSensor 4, and wherein user can freely select in the middle of several different application providersOne to together use with sensor 4. Internet of Things (IOT) application shop 400 is used to doGo out this selection. Step 1-4 in Figure 22 is identical with Figure 21. Similarly, sensor 4Be sold to retailer, retailer continues to be sold to terminal temperature difference. At step 5 place, useApplication shop 400 is moved at family on smart phone, tablet device or computer, and similarlyCarry out the device id of collecting sensor 4 by QR code or similar technology. At step 6 place,Application shop 400 is for the device id of registration table 8 verificating sensors. For instance, application businessRegistration table 8 can be inquired about in shop 400, so as to determine the authentication model that used by agent equipment orOther abilities of agent equipment, and can prepare subsequently and holding concurrently that agent equipment 4 works togetherHold the menu of application. For user provides application menu, user selects desired application, operationDescribed application and login. At step 7 place, application shop utilizes user's more new registration of selectionTable, thus make registration table that the device id of sensor is relevant to the application identities symbol of selected applicationConnection. Application shop also sends to selected application the device id of sensor and ID and carriesFor business 6, thereby it can be associated together ID and sensor ID. Now, noteVolume table 8 know particular sensor 4 will with which application communication, and application provider is knownWhich client is associated with this sensor 4. Then the step 8-12 of Figure 22 respectively with Figure 21Step 7-11 identical, wherein there is the mutual certification between sensor 4 and registration table 22,And between sensor 4 and application provider 6, set up safe communicating by letter subsequently.
Figure 23 shows the 4th service condition, and wherein agent equipment 4 is used in large-scale industryOr government dispose in instead of be used in personal health nursing. In this embodiment, agent equipmentBe mounted in the sensor 4 on street lamp, its data feedback about the operation of street lamp is to high in the cloudsPlatform, safeguards that provider can for example determine that by described data which street lamp needs dimension subsequentlyRepair. Similarly, step 1-3 is identical with Figure 20-22. At step 4 place, manufacture and comprise biographyThe product of sensor and provide it to contractor. For instance, can manufacture and there is integrated biographyThe street lamp of sensor, or can separate and manufacture the product that comprises sensor for rear with street lampCertain one-phase coming is installed on street lamp. Now can upgrade registration table, to special servicesProvider 6 reflects the scale of sensor 4, or this can install at step 5 place afterwardsWhen sensor and street lamp, carry out, now contractor can be used smart phone application or similarly establishThe standby GPS position data that scans product IDs or be provided for sensor 4. In step 6Place, the equipment of contractor can be the device id of sensor 4 together with using from sensor 4The application identities symbol of application 6 of sensing data send to together registration table. Smart phone shouldWith can be allow contractor send the association request that sensor 4 is associated with to application-specific 6A kind of simple mode, and understand occurent thing without contractor.
At step 7 place, in the time that agent equipment 4 activates (for example, in the time of energising), in street lampAgent equipment is contacted directly registration table to set up mutual certification, as previously discussed.Once set up certification, at step 8 place, registration table is to exploitation or dispose described based on Internet of Things(IoT) service provider 6 of system notifies new street lamp and agent equipment to be mounted, andExample identity by effective certification is reached the standard grade. At step 9 place, service provider's 6 request applicationKey is for secure communication. At step 10 place, registration table 8 is to service provider 6 and agencyEquipment itself provides symmetrical application key. Directly secure communication starts subsequently, and service providesThe sensing data that business 6 IoT platform utilization is provided by sensor 4 is carried out application. Client(such as city management office or safeguard company of contractor) for example can also utilize web flatPlatform visits IoT system (step 11). Therefore, in the example of Figure 23, registration table 8The use work having simplified contractor equipment is installed, this is because contractor can fill simplyJoin agent equipment, scan code and/or utilize simple measure (such as inserting power supply or pressingSingle button) activate agent equipment, registration table 8 is responsible for authentication proxy's equipment and foundation subsequentlyWith being connected of application provider 6. Contractor does not need spended time and establishes for Configuration AgentStandby user interface carries out alternately.
Although described specific embodiment here, will be appreciated that, the present invention does not limitIn this, and can make within the scope of the invention many amendments and interpolation. For instance,Feature in independent claims does not deviate from scope of the present invention, after can makingThe various combinations of feature of dependent claims.