Register meter apparatus, agent equipment, application provider and corresponding methodThe present invention relates to data processing fields.More specifically, it is being acted on behalf of the present invention relates to a kind of using registration meter apparatusThe method that trust communicates is established between equipment and application provider.
Have processing and communication capacity to allow it to set with other processing in family, other buildings or outdoor environmentThe number of the standby equipment interacted is increasing.Everyday objects and relatively small-scale processing equipment can be used as " Internet of ThingsA part of net " is connected to each other and is connected to central platform.For example, the sprinkler system in family can be from various wetSpend sensor collection information, and the activation based on humidity information control sprinkler.In addition, health care provider can be usedWireless sensor (such as heart rate monitor or sensor that its prescription drug is being taken for monitoring patient) is located to trackThe health of patient at home.
Therefore, in numerous applications, it is understood that there may be provided with the center applications that one or more agent equipments interactDevice, the agent equipment provide data to application provider and/or are controlled by application provider.Agent equipment existsIt can be dramatically different in terms of complexity, process resource, hardware and purpose.It may be it is important being provided in agent equipment and applicationTrust is provided between device, so that application provider can trust the validity of the data received from agent equipment, andAgent equipment can trust any order received from application provider.But since many agent equipments in Internet of Things canCan only have very low processing capacity, therefore provide in agent equipment for establishing trusted relationship with application providerResource may cost that is relatively difficult and may dramatically increasing agent equipment.The rapid widespread deployment of such agent equipmentMean to also want to so that installing as much as possible quickly and efficiently.Technology of the invention attempts to solve these problems.
From the point of view of on one side, the present invention provide it is a kind of for register meter apparatus agent equipment and application provider itBetween establish trust communication method, wherein registration meter apparatus holding include for uniquely authenticating at least one agent equipmentThe device registry of authentication information;It the described method comprises the following steps:
(a) certification request for showing the device identifier of agent equipment is received from agent equipment;
(b) it is set from the agency that device registry is obtained for being identified by the device identifier shown by certification requestStandby authentication information;
(c) implement the certification of agent equipment using the authentication information obtained from device registry;And
If (d) authenticated successfully, key is applied at least one of agent equipment and application provider transmissionInformation, for implementing trust communication between agent equipment and application provider.
Registration meter apparatus can be provided to communicate to establish trust between agent equipment and application provider.Registration tableDevice can keep device registry comprising for uniquely authenticating the authentication information of at least one agent equipment.Citing comesSay, can during manufacture or distribution to registration table for registering (multiple) agent equipment, once and it is disposed or become canOperation can attempted authentication.In response to the certification request from agent equipment, registers meter apparatus and utilize from for the equipmentThe authentication information that registration table obtains implements the certification of agent equipment.If authenticated successfully, provided to agent equipment and applicationAt least one transmission of device is using key information for implementing trust communication.Registration meter apparatus can manage aboutThe metadata of each agent equipment, the relationship between administration agent equipment and application provider, authentication proxy's equipment, andIt is automatic that key is provided and enables to carry out safe trust communication for agent equipment and/or application provider.
This technology has the advantages that several better than prior art.Since registration table undertakes authentication proxy's equipment and establishesWith the responsibility of the communication of application provider, therefore agent equipment can be manufactured more cheaply, this is because it does not need to useIn the complicated resource of verifying and the trust of application provider.Agent equipment will be communicated even without comprising markApplication provider any information, this is because the information can alternatively be kept by registration table.Further, since in providingTo trust for establishing between agent equipment and application provider, this has just opened agent equipment and using it vertical registration tableBetween relationship so that application provider is not only restricted to using the agent equipment manufactured by identical provider, or anti-.Due to that can be trusted by registering meter apparatus, can be used in conjunction with given application any " existingAt " agent equipment, and the user of particular agent equipment can choose one of the application provider of several competitions, fromAnd the using flexible of agent equipment and application is improved and at the same time still maintaining trust communication.
If authenticated successfully, registration table can be answered at least one of agent equipment and application provider transmissionWith key information for implementing trust communication.It may not be necessary to all to agent equipment and the whole the two of application providerTransmit key information.For example, it is answered what is communicated when application provider is registered as agent equipment in registration tableUsed time may provide for application provider and apply key information corresponding to agent equipment.In addition, agent equipment exampleIt such as can have and permanently apply key information and always implement trust communication using the permanent application key information, andAnd once agent equipment has been certified, registration table can simply to application provider provide accordingly apply key information.
But when authenticating successfully, if registration meter apparatus is all transmitted to agent equipment and the whole the two of application providerUsing key information, then higher safety may be implemented.For example, dress is provided in agent equipment and specific application every timeWhen establishing communication between setting, new application key is can be generated in registration table.This method allows agent equipment to answer differentDifferent keys is used with device is provided, and reduces the probability being exposed using key, to improve among these devicesThe safety of the data of exchange.
If authenticated successfully, registration table can also provide the device identifier of agent equipment to application provider, withSuch as allow application provider associated with particular user account communicating.
Other than the certification of agent equipment, can also have and implement to authenticate between registration meter apparatus and application providerThe step of.Therefore, registration table can be with both authentication application and agent equipment, to ensure trust therebetween.
Device registry may include at least one application identifier for each agent equipment, identifies agency and setsStandby at least one application provider that will implement trust communication therewith.When agent equipment has been certified, registration table can be withTo any application provider transmission for the agent equipment shown in registration table using key information.It can be in response toApplication identifier is registered in association request in device registry, and the association request shows that specified application provides dressIt sets, and notifies the specified application provider that will be registered as authorized agency's equipment and answer what is communicated to registration tableWith.For example, application provider can determine being associated between particular user account and sensor id, and can be withNotify it that will communicate with which sensor then to registration table.Alternatively, can by registration table from addition to application provider itOuter other equipment (for example user has therefrom selected the application shop of the application used for agent equipment) receive application and closeConnection request.
Authentication information may include the key information for authenticating the message received from agent equipment.The key information can be withIt takes many forms, and for example may include symmetric key, wherein agent equipment and registration meter apparatus are respectively held identicalKey information is to be used to encrypting/decrypting message, or may include asymmetric cipher key sets, such as the private held by agent equipmentKey and the corresponding public key held by registration table.
The certification of agent equipment may include being mutually authenticated between agent equipment and registration meter apparatus.Therefore, in addition to byExcept registration table device authentication agent equipment, agent equipment can also for example verify registration table dress using registration table authentication informationThe identity set is to authenticate registration table.In this way, agent equipment can be confirmed the registration table that it is just being communicated be byTrust registration table.
On the other hand, the present invention provides a kind of accredited for establishing between agent equipment and application providerAppoint the registration meter apparatus of communication, comprising:
It is configured to store the storage circuit of device registry, the device registry includes for uniquely authenticating at leastThe authentication information of one agent equipment;
It is configured to receive the telecommunication circuit for showing the certification request of device identifier of agent equipment from agent equipment;WithAnd
It is configured to utilize setting for the agent equipment for being identified by the device identifier shown by certification requestImplement the processing circuit of the certification of agent equipment for the authentication information of registration table;
Wherein, if certification is that successfully, telecommunication circuit is configured to agent equipment and application provider extremelyKey information is applied in one of them few transmission, for implementing trust communication between agent equipment and application provider.
On the other hand, the present invention provides a kind of accredited for establishing between agent equipment and application providerAppoint the registration meter apparatus of communication, comprising:
For storing the storage unit of device registry, the device registry includes for uniquely authenticating at least oneThe authentication information of agent equipment;
For receiving the communication component for showing the certification request of device identifier of agent equipment from agent equipment;And
Equipment for utilizing the agent equipment for being identified by the device identifier shown by certification request is infusedThe authentication information of volume table implements the processing component of the certification of agent equipment;
Wherein, if certification is that successfully, communication component is configured to agent equipment and application provider extremelyKey information is applied in one of them few transmission, for implementing trust communication between agent equipment and application provider.
On the other hand, the present invention provides a kind of device registry for agent equipment using holding agent equipmentRegistration meter apparatus establish the method that communicates with the trust of application provider, wherein the agent equipment is configured to storeThe device identifier of agent equipment and authentication information for uniquely authentication proxy's equipment;The method includes following stepsIt is rapid:
(a) show the certification request of device identifier to registration meter apparatus transmission;
(b) certification is implemented to registration meter apparatus using the authentication information stored by agent equipment;And
If (c) certification is successfully, to receive from registration meter apparatus and apply key information, and believe using using keyBreath is implemented to communicate with the trust of application provider.
According to corresponding mode, agent equipment can be established to trust and lead to by transmitting certification request to registration meter apparatusLetter.After implementing certification for registration meter apparatus, agent equipment can be received from registration meter apparatus using key information andImplement to communicate with the trust of application provider followed by application key information.This technology allows to establish to be provided with applicationThe trust of device communicates, and holds without agent equipment itself for contact or the resource of authentication application offer device.
Certification request can be transmitted from trend registration table device in response to the activation of agent equipment.For example, described to swashWork may include that agent equipment is powered, and deployment agent equipment is perhaps installed in specific settings or presses agency and setsStandby upper button.Certification request can be automatically delivered without user interaction.It therefore, can be in no complicated userThe configuration with the communication of application provider is particularly simple established in the case where interaction.By simply activating agent equipment,Automated validation request can be sent to registration table, and registration table can establish the application for communication then for application providerKey.
Agent equipment can have the registration table authentication information being embedded in for being mutually authenticated period to registrationMeter apparatus is authenticated.For example, registration table authentication information may include the registration table private key held corresponding to registration tablePublic key.
In order to enhance safety, can be stored in protected section by the authentication information that agent equipment is kept.CitingFor, only trusted software can read authentication information from protected section.
Trust communication can use directly to be carried out between agent equipment and application provider using key information, andWithout information by registration meter apparatus.Therefore, once establishing trust communication and agent equipment has been certified, then registration tableDevice can no longer play a role with the communication of obstruction free trust.Also avoid potential safety issue in this way, this be becauseIt communicates for trust not through registration table.
Trust communication, which can be, utilizes the coded communication using key information encryption.It can be pair using key informationClaim key, wherein application provider and agent equipment all encrypt its message using symmetric key, and followed by identicalKey decrypt the message received from another party.For example, it can be established between particular sensor and specific application every timeDisposable session key is generated by registration table when link.Or asymmetric key pair can be generated using as using key information,Wherein agent equipment and application provider each of work as be provided with its own for trust communication private key andThe public key of private key corresponding to another device.But asymmetric key usually may be enough for safety, andThis method can reduce the cost for implementing registration table.
Agent equipment may be configured to the registration table address of storage identifier register meter apparatus.For example, registration tableLocation can be the URL or IP address of registration table.It can be asked to the registration meter apparatus transmission certification identified by registration table addressIt asks.Therefore, agent equipment can have the simple information item for contacting registration table without comprising mentioning for contact applicationFor any information of device, because this can use registration table to establish.
On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipmentDevice establishes the agent equipment communicated with the trust of application provider, comprising:
It is configured to store the device identifier of agent equipment and for the uniquely authentication information of authentication proxy's equipmentStorage circuit;
It is configured to show to registration meter apparatus transmission the telecommunication circuit of the certification request of device identifier;And
It is configured to implement registration meter apparatus using the authentication information stored the processing circuit of certification by storage circuit;
Wherein, telecommunication circuit is configured to receive the application key from registration meter apparatus in the case of successful certification and believesBreath, and be configured to communicate using using key information implementation with the trust of application provider.
On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipmentDevice establishes the agent equipment communicated with the trust of application provider, comprising:
Device identifier for storage agent equipment and the storage for the uniquely authentication information of authentication proxy's equipmentComponent;
For showing the communication component of the certification request of device identifier to registration meter apparatus transmission;And
For implementing the processing component of certification for registration meter apparatus using the authentication information stored by storage unit;
Wherein, communication component is configured to receive the application key from registration meter apparatus in the case of successful certification and believesBreath, and be configured to communicate using using key information implementation with the trust of application provider.
On the other hand, the present invention provides a kind of equipment note for application provider using holding agent equipmentThe registration meter apparatus of volume table establishes the method communicated with the trust of agent equipment, which comprises
(a) device identifier for the agent equipment for having utilized device registry to authenticate is received from registration meter apparatus;
(b) it receives using key information from registration meter apparatus for implementing to communicate with the trust of agent equipment;And
(c) implement to communicate with the trust of the agent equipment identified by device identifier using application key information.
In the way of corresponding to method previously discussed, application provider can be received from registration meter apparatus by recognizingThe device identifier of the agent equipment of card and key information is applied for implement to communicate with the trust of agent equipment.UsingProvider then can use to implement to communicate with the trust of agent equipment using key information.Trust communication for example can wrapIt includes and issues order to agent equipment or receive data from agent equipment.
Application provider can to registration table device authentication its own, and can authenticate registration meter apparatus to establish phaseMutually trust.
Its own can be registered as authorized agency to registration meter apparatus transmission association request by application providerThe application that equipment will communicate.It allows for registration table that application provider is associated with agent equipment in this way, is set without agencyStandby user or agent equipment itself implements any configuration.
Application provider can also receive the equipment association request for showing the device identifier of authorized agency's equipment andBy the user identifier of user associated with the equipment.For example, web interface or smart phone application can be used in userUser identifier is associated with the device identifier of authorized agency's equipment, and can be then passed to apply and providedQuotient.In response to equipment association request, application provider can for authorized agency's equipment to registration table for registering its own.Therefore,Registration table does not need to store any user information, because user information can only be kept by application provider.Registration table can be onlyOnly management application and the relationship between sensor, and any privacy of user can be avoided and not storing any user dataProblem.
Application provider can use the data received from agent equipment in trust communication and carry out executing application.
On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipmentDevice establishes the application provider communicated with the trust of agent equipment, comprising:
It is configured to receive the device identifier for the agent equipment for having utilized device registry to authenticate from registration meter apparatusAnd the telecommunication circuit using key information for implementing to communicate with the trust of agent equipment;
Wherein, telecommunication circuit is configured to implement using the application key information received from registration meter apparatus and pass through equipmentThe trust for the agent equipment that identifier identifies communicates.
On the other hand, the present invention provides a kind of registration table for using the device registry for keeping agent equipmentDevice establishes the application provider communicated with the trust of agent equipment, comprising:
For from registration meter apparatus receive utilize device registry certification agent equipment device identifier andThe communication component using key information for implementing to communicate with the trust of agent equipment;
Wherein, communication component is configured to implement using the application key information received from registration meter apparatus and pass through equipmentThe trust for the agent equipment that identifier identifies communicates.
On the other hand, the present invention provides a kind of for being acted on behalf of using the registration meter apparatus of holding device registryEstablish the method that trust communicates between equipment and application provider, the device registry include for uniquely authenticate toThe authentication information of a few agent equipment;It the described method comprises the following steps:
(a) certification request, the equipment that the certification request shows agent equipment are transmitted from agent equipment to registration meter apparatusIdentifier;
(b) it is set from the agency that device registry is obtained for being identified by the device identifier shown by certification requestStandby authentication information;
(c) implement the certification of agent equipment using the authentication information obtained from device registry;And
If (d) authenticated successfully, from meter apparatus is registered at least one of agent equipment and application providerKey information is applied in transmission, and logical using trust is implemented between agent equipment and application provider using key informationLetter.
On the other hand, the present invention provides a kind of for for implementing and the trust of at least one application providerThe method that the agent equipment of communication establishes trusted identities, comprising the following steps:
(a) it generates for uniquely the first authentication information of authentication proxy's equipment and has for verifying agent equipmentSecond authentication information of one authentication information;
(b) it is embedded in the first authentication information in agent equipment and identifies the device identifier of agent equipment;And
(c) device identifier and the second authentication information are transmitted to for keeping and at least one described application providerThe registration meter apparatus of the device registry of the agent equipment communicated.
The detailed description for illustrative embodiments below, foregoing and other mesh of the invention are read in conjunction with the accompanying drawings, feature and advantage will become obvious.
Fig. 1 is schematically shown including for establishing what trust communicated between agent equipment and application providerOne example of the system of at least one registration meter apparatus;
Fig. 2 shows an examples of the relationship between agent equipment, application provider, device registry and consumer;
Fig. 3 show show agent equipment by its from be fabricated onto for application the life cycle used it is exemplary whenBetween line;
Fig. 4 schematically shows an examples of agent equipment;
Fig. 5 schematically show provide in agent equipment for authentication storage information and be used for and registration meter apparatusEstablish an example of the storage section of the other information of communication;
Fig. 6 shows an example of application provider;
Fig. 7 shows an example for keeping the registration meter apparatus of trusted device registration table;
Fig. 8 A shows an example of the registry entries for agent equipment;
Fig. 8 B shows an example of the logout for agent equipment;
Fig. 9 is to show the chart of the compromise between safety and the cost of property with high safety;
Figure 10,11 and 12 show three examples of the authentication model of the identity for authentication proxy's equipment;
Figure 13 is the table for comparing the different attribute of authentication model shown in Figure 10 to 12;
Figure 14 shows the first illustrative methods for establishing the trusted identities for agent equipment;
Figure 15 shows the second illustrative methods for establishing the trusted identities for agent equipment;
Figure 16, which is shown, to be implemented certification between agent equipment and registration meter apparatus and provides in agent equipment and applicationThe method of coded communication is established between device;
Figure 17 shows agent equipment is associated with user and agent equipment method associated with specific applicationAn example;
Figure 18 shows the method that the agent equipment currently for the first registration table for registering is assigned to second registration tableOne example;
Figure 19 shows an example of the method for the ownership of agent equipment being reset back to the first registration table;And
Figure 20 to 23 shows four realities of the service condition for agent equipment, registration meter apparatus and application providerExample.
Fig. 1 shows one of the system 2 being made of several agent equipments 4, application provider 6 and registration meter apparatus 8Example.Application provider 6 may include the data for providing cloud service or utilizing collected from one or more agent equipments 4Executing application and/or issue any equipment for controlling the order of one or more agent equipments 4.Agent equipment4 can be collection data with any equipment for being transmitted to application provider 6 or being controlled by application provider 6.It liftsFor example, agent equipment 4 can be the connection equipment in Physical Network (IOT), such as wireless sensor and actuator.Although agencyEquipment 4 may include the more large scale processing equipment of such as tablet computer or mobile phone etc, but agent equipment 4 is usuallyIt may include only implementing the relatively small-scale equipment of limited set of tasks, for example collect sensing data and fed backTo the sensor of application, or control such as sprinkler, pump in swimming pool or air-conditioning unit etc associated object it is oppositeSimple control unit.Agent equipment 4 can use wired or wireless communication and other equipment (such as application provider 6 andRegistration meter apparatus 8) it is communicated, this can be through internet connection progress.In this application, term " sensor " is sometimesIt will be used as an example of agent equipment, but it would be recognized that agent equipment can also include that can implement in addition to sensingExcept other tasks equipment.
Agent equipment 4 and application provider 6 are communicated by coded communication.In order to help to establish such addedClose communication provides one or more registration meter apparatus 8 for keeping storage about the accredited of the information of trust agent equipment 4Appoint agent equipment registration table.Registration table 8 promotes the automation of agent equipment 4 and application provider 6 to match safely, so thatUsing can with the authenticity and data integrity of trust agent equipment 4, and allow agent equipment 4 trust using 6 it is trueReality and order integrality, even if being the feelings provided by different manufacturers, supplier or retail trader in application and agent equipmentIt is also such under condition.Registration table 8 also simplifies the configuration that the trust between agent equipment 4 and application 6 communicates, so that agencyEquipment 4 requires no knowledge about the detail of the application just communicated, and the user of agent equipment 4 is made not need realityConfiguration operation is applied to communicate with using foundation.On the contrary, when activated, agent equipment 4 can simply contact registration table 8,It can then be communicated with one another with Configuration Agent equipment 4 and application 6.
As shown in fig. 1, multiple registration meter apparatus 8 can be provided, each registration meter apparatus is mentioned with agent equipment 4 and applicationFor the different sets connection of quotient 6.As shown in fig. 1, agent equipment A8 is possible to for more than one registration table for registering.It is similarGround, application provider 6 can be contacted with multiple registration tablies.In addition, although most of agent equipments 4 will be provided with single applicationDevice 6 communicates, but it is also possible that communicating registration table Configuration Agent equipment 4 (for example, see Fig. 1 with multiple application providersIn agent equipment A2).
For different applications, the function of agent equipment 4 and application provider 6 can have significant difference.Citing comesIt says, agent equipment 4 can collect meteorological data for being transmitted to application provider 6, and the latter's operation is based on being collected by agent equipment 4Data come implement prediction weather application.In addition, some agent equipments 4 can collect the information of the body building about user(such as heart rate, be completed distance etc.), and the information can be fed back to kept by application provider 6 body-building monitoring answerWith.In another example, home air conditioning systems may include that central monitoring is passed using 6 and several agent equipments 4, such as temperatureSensor, humidity sensor, user configuration panel and conditioning control unit, wherein by center application it is sensor-based sensing withAnd the user preference set in user configuration panel controls the operation of conditioning control unit.There are many other applications canTo come in a comparable manner using application provider 6 and one or more agent equipments 4.For example, there can be houseFront yard safety, family or street lighting, public utilities offer, building automation, inspection, asset tracking and logistics etc.Using.Registration table 8 is provided for managing the certification between internet of things equipment and application 6 and the common architecture of trust.
Fig. 2 schematically shows the relationships between agent equipment 4, application provider 6, registration table 8 and consumer 10One example.Consumer 10 has physics ownership to agent equipment 4.Consumer 10 is also closed with application provider 6 with businessSystem.For example, application provider may establish the user profiles of consumer 10 using User ID and password.This feelingsConsumer in border for example can be personal, family or company.
Agent equipment 4 (such as sensor) merges the authentication information for authenticating its own to registration table 8.For example,Agent equipment 4 can have key, and the key can be used to prove its identity.Therefore, registration table 8 can check that agency setsStandby 4 identity, and verifying it is trust agent equipment.Similarly, registration table 8 and application provider 6 can exchange key,To verify mutual identity and to establish trusted relationship.When registration table 8 and agent equipment 4 and application provider 6 are all builtWhen having found trust, subsequent registration table 8 can provide to agent equipment 4 and application provider 6 and apply key.It is mentioned by registration table 8What is supplied is subsequently used to the communication between encryption agents equipment 4 and application provider 6 without by registration table 8 using keyAny communication.Therefore, the foundation that registration table 8 promotes the trust between agent equipment 4 and application provider 6 to communicate, withoutIt needs agent equipment 4 and application provider 6 directly to establish in-between to trust.This is useful, because usually agent equipment 4 canIt can be lesser ultra low power equipment (such as temperature sensor or heart rate monitor), only there is seldom processing capacity to come realIt is applied to the agreement and cryptographic algorithm of the identity of verifying application provider 6.In addition, the people for being commonly installed agent equipment 4 may notWith the knowledge or information for being used to implement for establishing the complex configurations application that trust communicates with application provider 6.Registration tableSo that the user of agent equipment 4 or setter is no longer needed to know how configuration trust communication.
It should be mentioned that there is no the relationships between consumer 10 and registration table 8 in Fig. 2.Registration table 8, which does not have, to closeIt is transmitted and is stored by registration table in any details of consumer, such as User ID or password, therefore without personal details.DisappearExpense person only has relationship 10 with application provider 6.Registration table 8 is only communicated with agent equipment 4 and application provider 6, without with consumptionPerson 10 communicates.Therefore, registration table 8 is the neutral platform for establishing trust between agent equipment and application.Once acting on behalf ofTrust is established between equipment 4 and application 6 to communicate, then communicates and carry out directly between agent equipment and application, without regard toRegistration table.
In other instances, consumer 10 as shown in Figure 2 may be not present, opposite agent equipment 4 can belong to runningThe identical tissue of application provider 6.For example, intelligent link city can have everywhere in city for example withIn the internet of things equipment of monitoring street lighting, the magnitude of traffic flow or waste collection, and city management can possess offer sense simultaneouslyThe agent equipment 4 of measured data and for monitoring the data obtained by agent equipment 4 and the one or more for handling the data(such as the application can provide cloud platform to application provider 6, and the accessible cloud platform of the resident in city is to examineIt looks into state and Reports a Problem).In this case, it is possible to which not associated with particular agent equipment 4 as shown in Figure 2 disappearThe person of expense 10.But the use of registration table 8 still can simplify the installation of agent equipment 4.Agent equipment 4 is mounted on street lamp or wasteContractor in case will for example require no knowledge about how Configuration Agent equipment 4 and to receive the applications of the data from agent equipment 4Communication.On the contrary, agent equipment 4 activate when (such as agent equipment be powered or dispose when), agent equipment can automatically with noteVolume table 8 communicates to set up trusted relationship with using 6.
Fig. 3, which is shown, shows that agent equipment (sensor) 4 is straight for the registration of registration table 8 and certification by it from its manufactureTo the exemplary time line for establishing the process until communicating with application provider 6.At step A, manufactured with silicon for acting on behalf ofThe system on chip (SOC) of equipment.At step B, original equipment manufacturer (OEM) and/or original equipment manufacturer (ODM) benefitAgent equipment 4 is manufactured with the system on chip.At certain point during manufacture, unique device identifier with for authenticatingThe key information of the identity of agent equipment and other metadata about agent equipment are embedded in together in agent equipment 4.At step C, agent equipment is distributed.For example, user 10 can buy agent equipment 4 from shop, or can in generationReason equipment is supplied to the tissue of such as weather forecast center or municipal government etc.Point at manufacture or step C at step BDuring pin, register information is provided to registration table 8 to be registered in registration table 8 using agent equipment 4 as trust agent equipment.Can provide for registration table 8 for verifying agent equipment 4 is trusted key information and about other yuan of agent equipment 4Data.
At this point, registration table 8 knows that the agent equipment 4 with unique ID is trust agent equipment, but do not know alsoWhich cloud service application of road will use the data from agent equipment 4.Therefore, at step D, implement bindings so as toUser 10, agent equipment 4 and cloud are associated using 6.For example, agent equipment can have certain equipment mark on itKnow symbol, such as reference number, bar code or QR code (quick response code).Application provider 6 can provide web interface or intelligenceCan phone or tablet device application, with for input equipment identifier or scanning bar code or QR code, and by equipment markThe identifier for knowing symbol together with user uploads to application provider 6.Or this can by application provider consumer forThe subsequent allocations of registration and agent equipment to user of application provider and implementation when sending with charge free.At this point, which cloud service knowsOne user possesses agent equipment 4, and can then notify this be used and be registered using 6 to registration table 8Device identifier, so that it is now know which application provider 6 should communicate with agent equipment 4 for registration table.Pass through thisKind mode can establish agency in the presence of the user without agent equipment 4 knows registration table 8 in registration table 8 and setBeing associated between standby 4 and application provider 6, and also do not need the storage of agent equipment 4 and agent equipment 4 is associated with specific cloudThe information of service or application provider 6.
It is installed at step E, such as through a part as Internet of Things in original place, or by opening for the first timeAgent equipment disposes agent equipment.When agent equipment 4 activates, agent equipment 4 utilizes the registration being stored in agent equipment 4Table address contacts registration table 8 automatically.Agent equipment 4 and registration table 8 authenticate each other now to establish and trust, this is to utilizeBe embedded at step B in agent equipment 4 and during the registration of step B or C for key information that registration table 8 is registered andIt realizes.If mutual authentication success, registration table 8 provides to agent equipment 4 and application provider 6 and applies key, and soAgent equipment 4 and application provider 6 can be by utilizing the application key encryption reconciliation received from registration table 8 at step F afterwardsClose message is safely communicated.Therefore, registration table 8 allows to set up trust between agent equipment 4 and application 6, withoutAgent equipment is wanted to implement the configuration of any complexity.
To sum up, registration table 8 is provided, for managing I/O T equipment (such as sensor) 4, (cloud is mentioned with application providerFor quotient) framework of the certification of trust between 6.Registration table 8 includes cloud platform, is managed about each application provider 6With the metadata of agent equipment 4, relationship between administration agent equipment 4 and application provider 6, authenticating device identifier, andKey is automatically provided for agent equipment and application to allow safe communication.Agent equipment 4 can be according to particular design guideCome what is manufactured and design, ensure that agent equipment 4 has unique identifiable identity, the key storage of safety, for safely protectingHold the cryptographic abilities and predictable platform robustness of trust.Agent equipment manufacture supports platform that can support agent equipment 4In key generate and insertion, the management of key pair and the interface with registration table.
The framework helps to solve the Railway Project in existing system.By providing for each agent equipment by registration tableThe unique identifier of cloud service certification, agent equipment can be uniquely identified to ensure to trust.Preferably, device identificationSymbol can be it is globally unique so that the whole world is all there are no two the identical identifier of collaborative share.This means that systemMaking the appointment with device identifier may be completely independent of any subsequent registration table used.But it is also possible to make equipment markKnowing symbol is that part is unique in given registration table or registration table group, wherein for registration table that is independent, not interactingIn distinct device use identical identifier.It is real by safely matching the automatic registration process of agent equipment for applicationBeing mutually authenticated between existing agent equipment 4 and application 6, so that using trust agent equipment authenticity and setting agencyIt is standby to trust using authenticity.Due to agent equipment 4 and application 6 even if be not manufactured or distribute by identical provider it is present can alsoTo trust each other, market thus is opened for agent equipment and application, so that It is not necessary to mentioning using by specific applicationTrust for the agent equipment 4 for the particular brand that quotient 6 provides to realize.Using the wide variety from more manufacturers can be trustedAgent equipment, and agent equipment can trust the application of the wide variety from more providers.This will be helpful to reduceThe cost of agent equipment and application, and additionally aid the use for increasing Physical Network agent equipment and application.In addition, registration table 8Confidentiality of the application provider to the source for being used for the sensing data that " big data " is applied is helped to improve, it is described " big data "Using mass data of the processing received from many sources.The value for servicing collected information for " big data " is depended on by eachThe validity of all " small datas " that a individual agent equipment 4 is collected.If it is each individually that cloud service cannot trust on itsAgent equipment 4 then can not be also trusted by " big data " using conclusion obtained, so that entire application is not anticipatedJustice.Technology of the invention is helped to maintain for the trust using collected overall information in this way.In addition, registration table8 can store the other information of usage history of agent equipment characteristic and, for example, agent equipment 4 etc.This can be used to permitPerhaps application provider 6 is using particular kind of agent equipment 4 as target.For example, application 6 may be intended merely to from specificThe agent equipment 4 that minimum safe requires collects data.
Fig. 4 schematically shows agent equipments 4.Agent equipment includes the sensing circuit 11 for collecting sensing data.For example, sensing circuit 11 may include temperature sensor, video camera, heart rate monitor or for collecting application providerAny other detector of data needed for 6.Agent equipment 4 further includes for controlling the various processing implemented by agent equipment 4The processing circuit 12 of operation, for example, be mutually authenticated, the encryption of data for being sent to application provider 6 and key it is rawAt.Agent equipment 4 also has for the logical of the external device communication with such as registration meter apparatus 8 and application provider 6 etcBelieve circuit 14.Wireless communication can be used in telecommunication circuit 14, for example utilizes the communication of WLAN (WiFi), such as radio frequency is logicalBelieve the short haul connection of (RFID) or near-field communication (NFC) etc, or use in such as ZigBee or Bluetooth orCommunication in the wireless sensor network of 6LoWPAN etc.In addition, the bee of such as 3G or 4G etc can be used in telecommunication circuit 14Nest network.Telecommunication circuit 14 can also use wire communication, for example use optical fiber or metallic cable.Telecommunication circuit 14 can also makeWith two or more various forms of communications, for example wherein several examples that front provides are applied in combination.Agent equipment also wrapsInclude storage circuit 16, be used for storage agent equipment 4 device identifier, for authentication proxy's equipment authentication information and byThe other information that agent equipment 4 uses.Agent equipment optionally can also include key generator 18, be used to generate key letterBreath or for agent equipment 4 other authentication informations.
Although Fig. 4 be shown in which agent equipment be include sensing circuit 11 sensor an example, in other realitiesIn example, sensing circuit 11 may not be vital.On the contrary, such as agent equipment may include for controlling physical object,Such as the control circuit of sprinkler, anti-theft alarm, heating or air-conditioning unit or traffic light systems.
Fig. 5 schematically shows an example of the information in the storage circuit 16 for being stored in agent equipment 4.Storage electricityRoad 16 has One Time Programmable (OTP) section 20 for storing the device identifier 22 for uniquely identifying agent equipment 4.IfStandby identifier 22 is embedded in OTP section 20 during the manufacture of agent equipment 4.In this embodiment, once being fixed onIn OTP section 20, device identifier 22 can not be just changed.For example, device identifier be written to OTP section 20 itAfterwards, fuse can be burnt in storage circuit, so that OTP section 20 can not be rewritten.Alternatively, having in certain equipmentMay new identifier be generated for equipment after the fabrication.For example, when equipment is transferred to different registration tablies, having canCan be the new identifier of device assignment, to avoid with clashed via the identifier of the equipment of new registration table management.
Storage circuit 16 further includes the non-volatile memory section 24 that both can be read or be written into, but rightIt applies read-write protection, so that section 24 can only the access of the privileged software as performed by processing circuit 12.Read/write protection zone24 storage registration table address 26 of section comprising URL, IP address or the other identifier for allowing the connection registration table 8 of agent equipment 4Symbol.Protected section 24 also stores the registration table public key 27 for decrypting the message received from registration table 6, to verify the noteVolume table is authorized (registration table public key 27 corresponds to the registration table private key that registration table is held).
Protected section 24 goes back storage sensor key 28 or private key 29, be agent equipment 4 kept for uniqueGround identifies the unique key of its identity.Sensor key 28 is the symmetric key shared with registration table 8.First message can be at leastIn part with sensor key 28 encrypt, and if registration table 8 can use identical key successfully decrypt described in disappearBreath, then the message is considered received from trust agent equipment, therefore the equipment is authenticated.Alternatively, can be set for agencyIt is standby that the private key 29 for corresponding to the different public keys that registration table 8 is held is provided.Such asymmetry key pair allows to set agencyStandby safer certification, this is because holding the private key 29 of agent equipment 4 without other equipment.Public affairs corresponding to private key 29Key 32 is placed on the write-protect of storage circuit 16 but is in non-read-protected section 34.Therefore, public key 32 can be set by anyAny software that is standby or operating on agent equipment 4 is read.In addition, digital certificate 36 associated with agent equipment 4 also byIt is stored in the opening section 34 of storage circuit 16.The digital certificate includes various data, the metadata of mark agent equipment 4And public key 32.The certificate is sent to registration table 8 during certification, and registration table to the certificate sign so as toAuthentication proxy's equipment identities.Other equipment can then read certificate from registration table 8, and the signature verification agency of registration table setsStandby is public key 32 trusted and associated with certificate 36 actually from the agent equipment.Therefore, registration table 8 can serve asFor issuing the Notified Body of public key 32, it's similar to other Notified Bodies in Public Key Infrastructure (PKI).
Read/write protection section 24 also store one or more application key 30, be for application provider 6 implementation byTrust the symmetric key of communication.These keys are provided by registration table 8, and are used to 6 institute of agent equipment 4 and application providerThe data of exchange or order encrypt/decrypt.It can be that every a pair of of agent equipment 4 and application provider 6 provide by registration table 8Different applies key, to keep the safety of the communication between equipment.In other embodiments, asymmetric key can be byAs the application key 30 for being supplied to equipment 4 and application provider 6.Registering can be by infusing using key provided by meter apparatus 8Volume meter apparatus 8 itself generates, or can be set by registration table from another equipment, such as hardware keys generator or key storageIt is standby to obtain.
Fig. 6 shows an example of application provider 6.Telecommunication circuit 40 is provided to be used for and registration table 8 and agencyEquipment 4 is communicated.Likewise it is possible to various forms of wired or wireless communications be provided, as previously for 4 institute of agent equipmentAs discussion.Application provider further includes storage circuit 42, various data that storage is used by application provider 6 andUsing.For example, storage circuit 42 can store application program, the application program use by telecommunication circuit 40 received fromThe data of agent equipment 4 and it is handled in a manner, or issues control command to agent equipment 4.It providesProcessing circuit 44 with for executing application and control other operations, such as registration table 8 certification and for agencyEncryption/the decryption for the data that equipment 4 exchanges.Can provide the safe storage in cipher feature portion, such as storage circuit 42 withAnd cryptographic algorithm or safe handling function in processing circuit 44.
Fig. 7 shows an example for keeping the registration meter apparatus 8 of device registry.Registration table 8 have forThe telecommunication circuit 50 that agent equipment 4 and application provider 6 are communicated.Similarly, telecommunication circuit 50 can be used and various haveLine or wireless communication, as previously discussed.Registration table also has storage circuit 52, and storage is executed by registration table 8Program, and store device registry with for track about various agent equipments 4 and it is corresponding apply 6 information.It providesProcessing circuit 54 is for executing the application program being stored in storage circuit 52 and controlling various operations, such as authentication proxyEquipment 4 and application provider 6 implement transfer of the agent equipment 4 between different registration tablies, and management about agent equipmentMetadata.Likewise it is possible to provide cipher feature portion, such as in the safe storage and processing circuit 44 in storage circuit 42Cryptographic algorithm or safe handling function.Registration table 8 can also be to being directed to about particular agent equipment 4 from external equipmentThe inquiry of information makes a response, for example the information of which authentication model is used about agent equipment.For safety reasons, andNot all registration table 8 can allow such inquiry.For example, some registration table operators are not it may be preferred that provideInformation about the authentication model used by particular agent equipment 4.In addition, registration table 8 can be using about agent equipment 4Information is implemented to authenticate before making a response to query facility, to ensure that only trusted query facility is allowed to obtain the letterBreath.
Fig. 8 A shows an example of the registry entries 60 stored by the storage circuit 52 of registration meter apparatus 8.To noteEach agent equipment 4 of volume table registration can have the device identifier 22 including the agent equipment 4, and (it, which corresponds to, is stored inIdentifier 22 in the OTP section 20 of agent equipment 4) registry entries.Registry entries further include the equipment of agent equipment 4Certificate 36 and public key 32, and used by registration table 8 come to verify agent equipment 4 be any other trusted authentication information.ThoughRight Fig. 8 A is shown in which the example that certificate 36 and public key 32 are in identical field, but certificate 36 and public key 32It may be provided in different fields.In addition, registry entries 60 can also have for use in other authentication modelsOther kinds of authentication information field.
Registry entries 60 further include one or more application identifier 62, mark agent equipment 4 will establish therewith byThe one or more application for trusting communication provides device 6, and one for being communicated with the application provider 6 identified orMultiple application keys 30.Similarly, application identifier 62 and the corresponding phase that registry entries 60 can be in using key 30In same field or separated field.Can in response to from application provider by its request associated with the agent equipmentAnd application identifier is stored in registry entries.Therefore, agent equipment itself does not need to know which it answer withWith communication, and registration table 8 can provide being associated between agent equipment and application provider.For example, once acting on behalf ofEquipment, which is received, applies key 30 from registration table 8, then it, which can simply be exported, utilizes the data encrypted using key 30Without being concerned about the data will go to where.
Registry entries 60 further include identifying agent equipment 4 which authentication model safely to authenticate its own usingAuthentication model information, as will be described later.It should be appreciated that registry entries 60 may include about agent equipmentMany other types of information and metadata, can be inquired by the external equipment of such as application provider etc.Should alsoIt recognizes, agent equipment 4, application provider 6 and registration table 8 may include many other than shown in Fig. 4,6 and 7Other units.
In addition, registry entries 60 include signature/hash field 68 comprising at least within based on registry entries 60The trust signature or hashed value that information in some other fields generates.This allows registering in a certain equipment or personal trialIt is created for the first time in table in the case that registry entries 60 modify one of them other field later and makes tampering detection.Registration table dressIt sets 8 and can use other fields and recalculate signature or hash, and check whether it matches stored signature/hash field68。
As shown in figure 8B, registration meter apparatus 8 can also store the event entries 69 for corresponding agent equipment 4.ThingPart entry 69 can be the sub- entry of registry entries 60 shown in Fig. 8 A, or may be provided as in other embodimentsPass through the record separated associated with registry entries 60 of device id 22.The offer of event entries 69 is acted on behalf of with for correspondingThe related historical information of the event that equipment 4 occurred.Specific agent equipment 4 can have zero associated therewith, oneA or multiple event entries 69.Therefore, for particular device registry entries 60 and with the associated event of identical equipmentMay exist many-one relationship between entry 69.Event entries 69 include sending out for the device id 22 of agent equipment, expression eventThe date information on raw date, show event occurred type logout and it is associated with event any otherThe field of information, and for signature/hash field of tampering detection, it is similarly to signature/hash column of registry entries 60Position 68.New event entries 69 can be created when occurring with the associated event of agent equipment 4.For example, can be rememberedThe event of record include agent equipment 4 from the sending with charge free of manufacture, ship (position), equipment activation or deactivate, consumer is to equipmentRegistration and many other items.The history of the permission registration table tracking equipment of event entries 69.
As shown in Figure 9, different types of agent equipment 4 may have different requirements for safety and certification.OneAs for, the level of required safety it is higher (this be, for example, because data be it is valuable, belong to it is personal, commerciallyIt is sensitive either because there are problems that with data using associated healthy or public safety), the manufacture of agent equipment 4 atIt is originally higher, this is because the more complicated resource for administrative authentication may be needed.For some equipment, this is attachedThe cost added possibly can not be rationalized (justify).For example, for data are for example fed to weather monitoring applicationThe agent equipment of thermometer etc, it is true that required all conditions, which are that data can be trusted, therefore phase can be usedTo the authentication model of low cost and low-security.On the other hand, in health care or intelligent city or telematicsUsed in other kinds of equipment, may it is highly important that agent equipment integrality and authenticity be without damage.ForThese applications, the way for incurring increased cost to obtain the safety of higher degree can be rationalized.Therefore, as schemedShown in 9, multiple and different trust levels can establish, in order to provide one kind for keeping real equipment identity for IOT equipmentExtensible technique.Each agent equipment 4 can have the specific authentication model selected for it, and can use such as Fig. 8Shown in authentication model information 64 show selected model in registry entries 60.Furthermore it is likely present so that havingThe equipment of similar functions has the business demand of authentication model of the operation under different safety levels.This is different for catering toIt the use of field may be useful.
After establishing during the manufacture or distribution of equipment with the different agent equipments 4 of different authentication model, registrationTable 8 then can divide agent equipment based on authentication model information 64 or be separated in different classifications.For example, certainIt may show that it can only be communicated with the agent equipment with specific authentication model using 6.In addition, equipment can inquire noteVolume table 8 is used for the authentication model of authorized agency's equipment 4 to determine.For example, banking application provider may want toDetermine that the ready-made agent equipment 4 of user meets specific minimum safe requirement establishing before trust communicates with agent equipment 4.Different authentication models may be different in terms of many different.For example, fixation can be used in some authentication models, unmodifiable authentication information, other authentication models can permit the key generator circuitry 18 using agent equipment 4 then come moreNew authentication information.For fixed model, key generator circuitry 18 may not be needed to provide together with agent equipment 4, so as toTo implement agent equipment more cheaply, and the agent equipment with key generative capacity can then be provided saferCertification, this is because can regenerating key when needed.Similarly, some authentication models can be used by agent equipment 4Asymmetric key then can be used in the symmetric key shared with registration table 8, other equipment, and wherein agent equipment 4 and registration table 8 haveThere is different complementary keys.Some models can permit an agent equipment and be transferred to another from a registration table, other modelsAgent equipment can be then restricted to for specific registration table handling.Therefore, there are many different modes to implement authentication model,And it can suitably be selected during the manufacture or exploitation of agent equipment.
Figure 10 to 12 shows three examples of authentication model.Figure 10 shows the first authentication model, wherein fixed biographySensor key 28 is injected into during manufacture in the protected section 24 of agent equipment 4.Sensor key 28 is by belonging to manufactureThe external equipment 70 of quotient generates.Then it is total to using sensor key 28 as the shared secret for uniquely identifying equipment with registration table 8It enjoys.For example, sensor key can be 128 bits generated during manufacture or 256 bit A ES (Advanced Encryption Standard)Key.For authentication proxy's equipment 4, agent equipment 4 can transmit message to registration table 8, wherein a part of the message isIt is encrypted using sensor key 28.If registration table 8 can successfully decrypt the part of message 28 and utilize its ownSensor key 28 copy verify its be correctly, then be successful for the certification of agent equipment 4.For example, may be usedIt is hashed with being generated by agent equipment 4 from the message, and encrypts the hash using sensor key 28.Receive messageRegistration table can use the hash of its own that identical with agent equipment 4 algorithm generates received message, and alsoReceived hash can be decrypted and check whether received hash matches its hash generated.If two dissipateColumn matching, then agent equipment is certified.The advantages of first authentication model is its implementation, and cost is relatively low.It is not necessary to be set in agencyPublic Key Infrastructure or key generator 18 are provided in standby 4.Only need AES or another shared secret scheme.But it is lowThe cost of cost is safety reduction, this is because providing if shared secret is cracked (compromise) for attackerFor fully controlling for equipment or agent equipment, change including ownership or data access.Registration table 8 is arrived due to providingShared sensor key 28 it is identical with the sensor key 28 of authenticating device is used to, therefore crack sensor key28 a possibility that, is bigger compared with the case where using asymmetric key, and especially sensor key is being divided from manufacture system 70It is dealt into during registration table 8 especially so.But since sensor key 28 is unique for each agent equipment 4, therefore even if sensor key is cracked, this also only will affect an agent equipment 4, and will not affect that any otherAgent equipment.Therefore, which can be used for the low-security applications of such as weather forecast etc.
In some embodiments, replacing has single sensor key 28, can the list of a sensor key is embeddingEnter into agent equipment 4, and can select a key for authenticating its own from the list by agent equipment 4.In such a case, it is possible to using showing which key is that the index of selected key entered in list defines equipmentActive mark.Then the corresponding agent equipment key for selected key can be provided for registration table 8.With this method,If a sensor key is cracked, agent equipment 4 can be switched to using another sensor key in list.
Figure 11 shows an example of the second authentication model, wherein the authentication information for agent equipment 4 is still solidFixed (immutable), but this time the authentication information includes asymmetric key pair, including private key 29 and public key 32.This be it is safer because private key 29 can only by agent equipment 4 hold without with any other collaborative share, it is corresponding publicKey 32 can then be broadcasted generally to other equipment without damaging private key 29.Before asymmetric key pair makes according to being similar toThe mode that face is discussed can only be decrypted using the message that private key 29 partly encrypts using corresponding public key 32.Therefore, ifRegistration table 8 can use public key 32 and successfully decrypt the message received from agent equipment, then can determine that the message is to come fromThe agent equipment by authorization with private key 29.Digital certificate of the key pair also with the public face for representing agent equipment 436 is associated.Certificate 36 can be used to transmit public key 32, and verification public key 32 if by registry signature to registration table 8It is the correct key for the agent equipment 4.The key pair and certificate may include any type of signing certificate and closeKey pair.For example, elliptic curve cipher (ECC) key is used as key pair 29,32, and X.509 certificate can be byAs digital certificate 36.In the model, manufacturing equipment 70 generates key pair and certificate 36 during manufacture, and is embedded intoIn the protected section 24,34 of memory, as illustrated in Figure 11.Although there are potential weakness, that is,Manufacture processing 70 will be appreciated by the private key 29 of agent equipment 4, but private key 29 once can be injected into agent equipment 4 by manufacturer 70In after be just deleted, and hereafter agent equipment 4 will be the only equipment for being able to access that the private key.In addition to agency setsStandby 4 any other part except itself does not all need private key.Authentication information is more pacified from manufacturer 70 to the transfer of registration table 8Entirely, this is because it only needs to shift public key 32 and certificate 36, without shifting private key 29.But in the model, withThe increased costs that one authentication model is compared, this is because agent equipment needs PKI ability and for storing private key 29, public key 32With more Guared memories of certificate 36.But safety is higher, this is because there is no for other than agent equipment 4Other equipment known to permanent shared key.Similarly, replace single key pair, agent equipment 4 can have once in generationReason equipment can operate the list with regard to alternative key pair later.Nevertheless, the list is not still in this caseWith great protection requirement, this is because the list of the agent equipment key kept by registration table 8 is only by public key and certificate structureAt.Any of PKI scheme can be used for the second model.
Figure 12 shows third authentication model, safer than the first and second models, but implementation cost is also higher.Similarly, private key 29 and public key 32 are provided in the storage circuit 16 of agent equipment 4 together with digital certificate 36.But third modelThe difference is that, it is close to be used to generate that key generator circuitry 18 on chip is provided in agent equipment 4 with the second modelKey is to 29,32.Higher safety is provided in this way, because manufacturer 70 never will appreciate that the private key 29 of agent equipment 4.ThisOutside, facility is generated due to the provision of key on chip, so if if necessary, then agent equipment can be with regenerating key pairTo change authentication information.Only public key 32 and certificate 36 external equipment that is provided to such as registration table 8 etc.Therefore, in bodyDuring part and ownership are established, the chipset 18 in agent equipment 4 creates the asymmetric key pair of such as ECC key pair etc.Private key 29 is stored in the read/write protection section 24 of memory.Only authorization code is able to access that private key 29.Key on chipGenerative circuit 18 will additionally generate certificate 36, and sends the certificate signature comprising device id 22 and public key 32 to registration table 8 and askIt asks.Public key 32 and certificate 36 are also written in the write-protect section 34 of memory, are fully readable without protection.NoteVolume table 8 signs to certificate 36, is by authorization to verify agent equipment.This method does not have sudden and violent in model 1 or 2Reveal weakness, in model 1 or 2, sensor key 28 or private key 29 can be extracted from registration table 8 or manufacturing platform 70.GenerationThe private key 29 of reason equipment will not be exposed to any other equipment other than agent equipment 4.In this case, safetyProperty intensity depend on the quality generated by key generator 18 carries out on chip key pair, in order to enable this aspect is enoughSafety, there are additional costs in terms of manufacturing equipment, this is because must have additional silicon to support security key to generate (exampleGood generating random number will such as be needed).
In the example of Figure 12, third authentication model also allows the trusted relationship between registration table 8 and agent equipment 4It is transferred to the second registration table 80.This processing will be described in further detail below.Since agent equipment 4 has key on chip rawAt circuit 18, it is therefore intended that when trust is transferred to the second registration table 80 from the first registration table 8 by agent equipment, Ke YishengThe key of Cheng Xin, so that the first registration table 8 is no longer able to authentication proxy's equipment 4.This can for providing additional safetyCan be it is useful, this is to be that the operator of privately owned registration table 8 being such as used in government or defence application may may require that handleCertain agent equipments are transferred to its registration table, and remove and to be related with public registry 8.Alternatively, the first registration table canTo be instructed to delete relevant entry, so that it be made to be no longer able to authentication proxy's equipment.In this way, agent equipment is not required toGenerate new key.In another modification, agent equipment can have more than one pre-stored key.It is infused changingWhen volume table, the key being previously not used by then then can be used.
It should be appreciated that other models for being possible Figure 10 and 11 provide the energy of the transfer trust between registration tablePower.But in this case, since agent equipment can not regenerate its key information, agent equipment 4 will utilize phaseSame key information is registered in the second registration table 80.In this case, two registration tablies 8,80 can be shared identicalAgent equipment 4, so that identical agent equipment 4 is registered to two registration tablies.Therefore, replace agent equipment data are straightSwitch through and move on to another registration table, agent equipment can be assigned to two registration tablies on the contrary, so that agent equipment can be withWith homogeneously associated application provider is communicated with two registration tablies.
It is, therefore, possible to provide several different types of authentication models, to allow agent equipment design balance to keep enoughThe cost of the ability of the safety of degree and property with high safety.Meaning depending on agent equipment determines purpose, during manufacture can be withParticular model is selected, and can then be kept by registration table 8 about the information of which model has been used, to allow to applyIt requires to use agent equipment appropriate for it.Figure 13 shows the different attribute for comparing model shown in Figure 10 to 12Table.It should be appreciated that other kinds of model can be used.For example, different types of key can be used to generate to mentionFor different degrees of safety.
Figure 14 shows the first example of the method for the trusted identities for establishing agent equipment 4.The trusted identities canTo be established during the manufacture of agent equipment, in its distribution period or later when for registration table registering apparatus.In stepAt 100, the authentication model that will be used for agent equipment 4 is determined.If agent equipment 4 is manufactured, for selected certificationWhich resource the determination of model will depend on having been provided in agent equipment 4 (for example, if agent equipment does not have chipUpper key generator circuitry 18 then possibly can not select authentication model 3 previously discussed).On the other hand, if in agent equipmentImplement the method before or during manufacture, then can choose any authentication model, and can implement later for implementingThe required process resource of the model (for example is established protected storage, PKI infrastructure or key generative capacity to equipmentIn).
At step 102, the key information for being used for authentication proxy's equipment 4 is generated according to selected authentication model.Depending on instituteModeling type, this can be implemented by external manufacturing equipment 70 or be implemented by agent equipment 4 itself.At step 104, device id22, shared sensor key 28 or private key 29, registration table address 26 and agency optionally is embedded in there are also device certificate 36In the storage circuit 16 of equipment 4.The Embedded step can be implemented by the way that storage circuit is established into equipment, or pass throughIt is provided in the storage circuit in agent equipment and implements during the information has been stored in the fabrication stage previous.If sensor key 28 is embedded into using authentication model 1, if using authentication model 2 or 3, private key 29 and certificate 36It is stored in storage circuit 16.At this point, registration table authentication information can also be provided for agent equipment 4 for verifying registration table8 identity.
At step 106, registration table dress is uploaded to for defining the various metadata of trusted identities of agent equipment 4Set 8.For example, device id 22, sensor key 28 (being used for model 1) or public key 32 (being used for model 2 or 3), digital certificate36 (are used for model 2 or 3) and show that the authentication model information 64 of selected model can be uploaded to registration table 8.In step 108Place, registration table if necessary signs to certificate, and device metadata is registered in registration table so as to the equipmentIt is established as the trusted device that its identity can be certified.
Figure 15 shows the second example for establishing trust and identity for equipment.In this embodiment, utilized key rawAgent equipment (biography has been manufactured at circuit 18 and using the device identifier 22 being stored in the OTP section 20 of storage circuit 16Sensor) 4.Therefore, which using authentication model 3 or allows the close copy that key generates on chip.In step 120Place, sensor 4 send registration (registration) request for showing the device identifier 22 of sensor 4 to registration table 8.At step 122,Whether Registry Checking sensor 4 has been possessed by registration table, and if so then the method terminates.
If agent equipment is not yet possessed, at step 124, trigger sensor 4 using key generator 18 to be createdNew key pair 29,32 is built, and the private key 29 in the key pair is placed in protected storage zone section 24.In stepCertificate Signature Request is generated at 126, is sent to registration table 8.Certificate Signature Request requests registration table 8 to the number of sensor 4Word certificate 32 is signed.The device identifier 22 that the certificate includes at least sensor 4 is used as subject name, sensor 4Safety level (authentication model information), and the public key 32 generated by key generator 18.At step 128, registration table 8 is rightThe certificate signs to confirm the certificate and public key is effective.Registration table is the information registering about sensor 4In device registry, so that sensor 4 is established as trust agent equipment.
Figure 16, which is shown, to be implemented certification to agent equipment 4 and is registered as trusted device to check it and is then acting on behalf ofThe method that trust communicates is established between equipment 4 and application provider 6.Assuming that for example using shown in Figure 14 or 15Method has registered agent equipment 4 for registration table 8, therefore it includes uniquely identifying that registration table 8, which includes for verifying agent equipment 4,The information of the authentication information of the agent equipment 4.Authentication model 3 has been used in this embodiment, therefore agent equipment 4 includes that sensor is privateKey Ks.pr, and registration table 8 includes the sensor public key Ks.pu corresponding to private key Ks.pr.Similarly, agent equipment 4 can be withRegistration table 8 is authenticated using the registration table public key Kr.pu for corresponding to the registration table private key Kr.pr that registration table 8 is held.
At step 150, registration table 8 and application provider 6 are mutually authenticated to establish and trust implementation each other.Usually comeIt says, this will be implemented once each application provider 6 by registration table 8.It is mutual between registration table 8 and application provider 6Certification 150 will usually not repeat each agent equipment 4 communicated with application provider 6.Being mutually authenticated 150 can useAny of authentication techniques occur.
At step 152, agent equipment is activated, and in response to activation, agent equipment 4 is set to by being embedded in agencyThe registration table that registration table URL 26 in standby protected storage 24 is identified transmits certification request 154.The certification requestDevice id 22 including identifying agent equipment 4.The activation of agent equipment for example may include agent equipment after mounting firstActivator button in secondary energization or agent equipment is pressed.Certification request 154 can in response to agent equipment activation by fromDynamic transmission, so that not needing user interface or certain other kinds of user interface carrys out triggering authentication.This means that peaceDress does not need to know that agent equipment is just being certified using the people of agent equipment.In response to certification request 154,4 He of agent equipmentRegistration table 8 via the key exchanged during registration or registration with registration table 8 of agent equipment 4 using starting mutually to be recognized each otherCard 156.In being mutually authenticated, agent equipment 4 encrypts the hash of message using sensor private key Ks.pr, and Partial encryptionMessage 158 be transmitted to registration table 8.According to corresponding mode, registration table 8 is dissipated using registration table private key Kr.pr encryption messageColumn, and the message of Partial encryption 159 is transmitted to agent equipment 4.Agent equipment 4 obtains the hash of the message 159 of its own,And it is compared with by the way that hash obtained is decrypted to keyed hash using registration table public key Kr.pu.Such asTwo hash matchings of fruit, then assert that registration table 8 is true.Similarly, registration table 8 is hashed from message 158, and by itsWith by the way that hash obtained is decrypted to the keyed hash received with message 158 using sensor public key Ks.puIt is compared.Similarly, if two hash matchings, agent equipment 4 are authenticated.
Although Figure 16 shows the certification request 154 separated and certification message 158 transmitted by agent equipment 4,In other embodiments, certification request 154 and certification message 158 can be identical message, so that agent equipment 4 is activatingThe certification message 158 (together with device id 22) encrypted when 152 to 8 translator unit of registration table, and the Partial encryption is recognizedCard message 158 serves as triggering registration table 8 by being mutually authenticated 156 certification requests made a response.
If registration table 8 successfully has authenticated the message 158 received from agent equipment 4, at step 160, registration table 8It generates using key 30 and agent equipment 4 will be sent to using key.In addition, the also handle of registration table 8 is sent to using key 30Pass through the application mark in the registry entries 60 for having the agent equipment 4 for the device id 22 specified in certification request 154Know the application provider 6 that symbol 62 is identified.The agent equipment ID of agent equipment 4 is also sent to application provider by registration table 86, so that application provider 6 knows which agent equipment 4 will be communicated using received using key 30.
If agent equipment 4 successfully has authenticated registration table 8, at step 170, agent equipment 4 and application provider 6Start coded communication using the application key 30 received from registration table 8.If the not yet proxied device 4 of registration table 8 is successfully recognizedCard, then agent equipment 4, which is not involved in, utilizes any coded communication for applying key 30.In coded communication 180, usually act on behalf ofEquipment 4 will transmit data to application provider 6, and application provider will transmit to agent equipment 4 and order, but it is also possible thatData or order are sent in the opposite direction.At step 190, the application processing operated on application provider 6 is receivedFrom the data of agent equipment.For example, other information is determined using data can be used, or data can be used forThe cloud computing platform of access to the Internet can be passed through.Coded communication 180 is straight between agent equipment 4 and application provider 6Row is tapped into, and without registration table 8.
Therefore, registration table 8 allows the 6 pairs of communications of agent equipment 4 and application provider to be encrypted without agent equipment 4The complex configurations at place or user's interaction.This means that agent equipment 4 can be very simple, and do not need with complicated processingResource, while still can keep safety.
Figure 17 shows in registration table 8 agent equipment 4 with particular consumer (user) 10 associated and handleThe method associated with application provider 6 of agent equipment 4.At step 200, consumer 10 obtains the device id of agent equipment22.This can be carried out in several ways.For example, agent equipment 4 or the box for equipment 4 can have and be printed onDevice id thereon, and consumer can read device id from agent equipment shell.In addition, device id can by bar code orQR code or similar graphical representation indicate, and user can be used code reader and carry out scan code to obtain device id22.Consumer 10 is then to 6 transmission equipment association request 210 of application provider, and it includes the identifier of consumer (User ID)With device identifier 22.The step for can in response to for example using smart phone or tablet device application or web interface readBar code or QR code and occur automatically.Application provider 6 can record User ID for device id now, so that coming fromThe later communication of agent equipment 4 can be associated with particular consumer.After receiving equipment association request 210, applicationProvider 6 can also be to 8 sending application association request 220 of registration table, so that the application identifier of application provider 6 is associated withDevice id 22 from agent equipment association request 210.It is requested in response to association, registration table 8 registers application identifierFor having in the registry entries 60 by the agent equipment of the specified device identifier 22 of association request 220.
In other instances, consumer 10 may directly obtain agent equipment 4 from application provider, therefore work as consumerWhen obtaining agent equipment, application provider 6 may already know that being associated between device id and User ID.In this case,It may not be needed equipment association request 210, and application provider 6 can alternatively be generated using its internal record and will be sent outIt is sent to the association request 220 of registration table 8.It should be mentioned that registration table 8 does not receive user identifier.Registration table itemMesh 60 only identifies agent equipment 4 by device id, and does not include any user data.
In a comparable manner, association request 220 can also be by application provider 6 using requesting currently with oneThe associated agent equipment 4 of a application provider 6 is transferred to different providers 6.In this case, association is requested220 can come from a variety of sources, including agent equipment itself (for example, if if user selects switching application provider), firstPreceding application provider 6 in the early time associated with agent equipment 4 is utilizing association request 220 to assign equipment for itNew application provider 6 or another third party device.Agent equipment 4 be reassigned into new application provider 6 itBefore, registration table 4 can check whether the equipment for issuing association request 220 is trusted device.Or if agent equipment 4Be allowed to it is associated with multiple application providers 6, then can be together with previous application provider 6 for 4 note of agent equipmentThe new application provider 6 of volume, rather than previous application provider 6 is replaced as in the example that front provides.
Figure 18 shows the method that the agent equipment 4 registered to the first registration table 8 is assigned to the second registration table 80.In stepAt rapid 250, requester device is requested the ownership transfer of registered agent equipment 4 to the second registration table 80.Requester deviceIt can be agent equipment 4, the second registration table 80 or can be the another of such as application provider (the cloud service owner) etcOne third party device.At step 260, the first registration table 8 checks that the agent equipment 4 mentioned in device assignment request is currentWhether it is registered in registration table.If it is not, then the method terminates.Therefore, in order to assign all of agent equipmentPower, it is necessary to request license from the first registration table 8 of the registration currently with the agent equipment.Ensure so only with generationThe registration table that reason equipment establishes trust, which could be authorized, is transferred to another registration table 80 for its trust state.
At step 270, the first registration table determines if that trusting the requestor for having issued agent equipment assignment request setsIt is standby.If it is not, then the method terminates.Requestor may be previously authenticated in first registration table, in such caseUnder can determine it as trust requestor.Or at step 270, if requestor is certified not yet, registration tableNew certification can be carried out to requestor.Certification between first registration table 8 and requestor can use any of technologyIt carries out.In addition, the appointment of agent equipment 4 to different registration tablies may not be allowed to for certain authentication models, therefore registerTable can check whether the authentication model information for agent equipment is licensed the appointment of agent equipment.
After the inspection at step 270, if registration table credential request person and agent equipment is allowed to be transferred to notSame registration table, then the method proceeds to step 280, and wherein agent equipment 4 generates new key using key generator 18It is right.Agent equipment 4 can be triggered by different modes generate new key pair.In an example, the first registration table 8 can be withIt will be assigned to another registration table to instruction agent equipment 4, and in response to the instruction, new key is can be generated in agent equipmentIt is right.Alternatively, the first registration table 8 can be assigned to requester device or the second registration table 80 notice equipment, and this setsNew key pair is generated for then agent equipment can be triggered.At step 290, agent equipment 4 generates Certificate Signature Request,Device id comprising newly-generated public key and agent equipment 4.Private key corresponding to public key is stored in safe storage.CertificateSignature request is sent to the second registration table 80, signs at step 300 to certificate, and agent equipment 4 is registeredIn its device registry.At step 310, agent equipment cancels its original licensed table ownership, this is by from original closeKey centering deletes private key 29 and updates its registration table URL 26 to the URL realization corresponding to the second registration table 80.In stepAt rapid 320, the first registration table 8 checks that agent equipment correctly displaced its registration table ownership, and then to second80 notification agent equipment 4 of registration table is now arranged under its ownership.At this point, the first registration table 8 can be deleted optionally and is used forThe registry entries 60 of agent equipment 4, so that it be made no longer to be registered in the first registration table.Alternatively, for agent equipmentEntry may remain in registration table, this is because the public key 32 from primary key pair is proxied due to its corresponding private keyTherefore it is no longer relevant that equipment 4 is deleted.
Example shown in Figure 18 is directed to authentication model 3, or wherein agent equipment has the ability to generate new key pairSimilar authentication model.If agent equipment has authentication model 2 or wherein authentication information is fixed close copy, takeIn generation, generates new key pair, at step 280,290 and 300, can be used the primary key from the first registration table to and cardBook, so that providing for the second registration table 80 is initially the identical authentication information being registered in the first registration table 8.It is assigningLater, agent equipment 4 can be registered in registration table 8, in 80 the two, so as to be authenticated by two registration tablies, and can be withIt is communicated with two registration tablies 8,80 associated application providers.
Agent equipment 4 or the first registration table 8 can take steps to ensure that step 280 to 320 is occurred by atomic way,So that the step can not be interrupted halfway and in unfinished state.This means that if updating processingMidway break down, then only possible result either agent equipment 4 retain its primary key to and certificate and not byIt is transferred to the second registration table (the case where similar to when registration table determines that requestor is not trusted after step 270), eitherAgent equipment will be fully updated under the ownership for being in the second registration table.This ensures that agent equipment 4 can will always joinIt is a registration table 8 or 80, and can not finally will not be authenticated by any one registration table 8,80.
In some cases, as shown in Figure 18, when agent equipment 4 is assigned to new registration table, with agent equipment 4Associated application provider 6 also can change.Which (which) application second registration table 80, which for example can choose, to be referred toSend to agent equipment 4 or the second registration table 80 can wait the association from external source to request 220, show by withThe application identifier of the associated application provider 6 of agent equipment 4.It is associated with agent equipment 4 or when switching registration tableApplication can keep identical, and the second registration table 80 can be registered simply and be registered in the first note for agent equipment 4(such as the first registration table 8 can be provided (multiple) application identifier to the identical (multiple) application identifiers in volume table 8Two registration tablies 80).
Figure 19 shows the method for the ownership for resetting the agent equipment 4 for being previously transferred to the second registration table 80,It is looked after to be returned to by the first registration table 8 of first registers agent equipment 4.At step 350, the second registration table 80(requester device) requests the ownership of the first registration table 8 withdrawal agent equipment 4.At step 360, the first registration table 8 is determinedWhether the second registration table 80 is trusted.Similarly, this may include implementing certification, check that requestor had previously been certified, orDetermine whether agent equipment 4 is supported to be reset to the first registration table 8.If agent equipment 4 is not allowed to be reset to registration table,The method terminates.Otherwise, the method proceeds to step 370, and wherein whether Registry Checking agent equipment 4 is currently secondRegistration table 80 is possessed.If it is not, then the method terminates.Ensure that the current owner that only registers can be in this wayThe registration of equipment 4 is reset to the first registration table 8 by triggering.
If agent equipment is possessed by the second registration table 80, at step 380, generated by agent equipment 4 new closeKey pair.At step 390, prepares Certificate Signature Request using new public key and device id and send it to the first registration table8.Private key in key pair generated is stored in the secure storage 16 of agent equipment 4.At step 400, the first noteVolume table 8 signs to new certificate, to authorize again to agent equipment.At step 410, agent equipment passes throughDelete previous key pair and certificate and by its registration table URL 26 update to corresponding to the first registration table 8 and cancel its forThe registration of second registration table 80.At step 420, the more new equipment title of ownership state in the first registration table 8, and the second registrationTable 80 can delete its entry for being used for agent equipment 4.The method then terminates.Similarly, the operation at step 380-420It can be implemented by atomic way, to ensure that agent equipment, and will not be most always for one of registration table for registeringIt is not all registered effectively in any one registration table eventually.
The method of Figure 18 and 19 allows the transfer agent equipment between registration table, or agent equipment is allowed to assign simultaneouslyThe privately owned registration table for the agent equipment for providing its own to multiple registration tablies, this operator certain for permission may be useful, so that its agent equipment is separated with other agent equipments authenticated using public registry.For example, defence tissue,Government or city management can run the registration table of the safe trust agent equipment of its own for using in it is organized.It canTo provide general public registry so that general purpose uses.It, can be initially for public registration when manufacturing agent equipmentTable registration, but when being changed by privately owned registration table request ownership, then can be transferred into privately owned registration table.When privately owned noteWhen volume table no longer needs agent equipment, then ownership can be reset to original licensed table.Preferably, it can be transferred to notWith registration table when generate new authentication information, can be authenticated by registration table in the early time to ensure agent equipment no longer.
Figure 20 to 23 shows four examples for explaining the timeline of the different application example for technology of the invention.Figure20 show the first example in personal health care field, and wherein agent equipment (sensor) is arrived specific by limit beam (tether)Cloud application, to make it directly be provided by application provider and other application can not be used for.Agent equipment 4 for example can be withIt is the sensor of the weared on wrist comprising heart rate monitor, heart rate information can be fed back to by health care provider and be operatedApplication provider 6 with the health for monitoring patient.At step 1, chip I P company is designed for the hardware of sensor 4With software and for the safety Design guide of sensor.It is hard that the production of system on chip (SOC) manufacturer is associated with safetyThe SOC of part and unique device identifier.Original equipment manufacturer (ODM) manufactures sensor device.Original equipment manufacturer (OEM)Develop final products.At the certain point during manufacture processing (this can be in SOC, ODM or OEM stage), in step 2Place, device identifier and private key are installed in agent equipment 4.At step 3, sensor metadata is by manufacture support system 70Upload to registration table 8.The metadata for example may include device identifier, public key and authentication model information.Register meter apparatus 8By the information registering in its device registry.
At step 4, sensor is sold to health care provider 6.At step 5, health care provider 6 is biographySensor is supplied to user as a part of its service.Health care provider 6 is the sensor ID of equipment and the ID phase of userAssociation.At step 4 or at step 5, OEM or application provider 6 provide association request to registration table 8, so as toIt notifies sensor 4 to apply the cloud for being used for health care provider.Therefore, although registration table does not have Customer Information,But it knows that it will be communicated with the application provider 6 for corresponding to health care company when agent equipment 4 is activated.
At step 6, user is from 6 receiving sensor 4 of health care provider.Cuff is worn on his/her hand by userOn wrist, turn on sensor 4 and begin to use.It opens equipment trigger sensor 4 and contacts registration table 8 using certification request, andIt is then mutually authenticated, as previously discussed.User is to this and is unaware of, and does not recognize for triggering thisThe user interface of card --- certification is automatically triggered by the activation of equipment.Registration table 8 determines that sensor 4 has been registered in itIn registration table, and there is the application identifier for corresponding to health care provider 6 in its registry entries.Therefore, in stepAt rapid 7, registration table 8 notifies device id to health care provider, and is protected using the effective device id being certified to healthIt is now active to manage 6 notification agent equipment of provider.At step 8, health care provider 6 is requested using key to be used for and biographyThe secure communication of sensor 4.At step 9, registration table provides to both sensor 4 and health care provider 6 and applies key.InStep 10 place, the direct safe encryption for starting not being related to registration table between sensor 4 and health care provider 6 are logicalLetter.
Figure 21 shows another example of service condition, limits beam before wherein being substituted in and agent equipment being supplied to userIt is applied to cloud, user can alternatively buy " ready-made " equipment and later that the application of equipment and specific cloud is relatedConnection.Sensor of the user for identical cloud using different type or brand is allowed in this way.Similarly, which belongs toPersonal health care field, wherein application provider belongs to health care company.Step 1-3 is identical with Figure 20.ButIn this example, at step 4, product is sold to retailer by OEM, and sensor 4 is then sold to terminal temperature difference by retailer.ThisWhen, sensor 4 is not tied to application provider 6.
At step 5, user runs the smart phone application provided by health care provider 6, and scanning sensor 4Itself or sensor are packaged in the code on box therein.Application on smart phone is transmitted to health care providerSensors association request, so that the device id of sensor is associated with particular user account.At step 6, smart phone applicationOr the platform 6 of health care provider is to 8 sending application association request of registration table, so that application ID is associated with device id.CauseThis, being now registered with table can be associated with specific application agent equipment, and application provider can agent equipment ID withSpecific user is associated.The step 7-11 of Figure 21 is then carried out according to the same way of the step 6-10 of Figure 20 respectively.
Figure 22 shows third service condition, wherein buying " buying equipment by oneself " (BYOD) sensor 4 by user, and whereinUser can be with one in the several different application providers of unrestricted choice to be used together with sensor 4.Internet of Things(IOT) application shop 400 is used to make this selection.Step 1-4 in Figure 22 is identical with Figure 21.Similarly, sensor 4It is sold to retailer, retailer continues to be sold to terminal temperature difference.At step 5, user is in smart phone, tablet deviceOr application shop 400 is run on computer, and be used in the same manner QR code or similar technology carrys out the equipment of collecting sensor 4ID.At step 6, device id of the application shop 400 for 8 verificating sensor of registration table.For example, application shop 400 canTo inquire registration table 8, to determine other abilities of the authentication model or agent equipment that are used by agent equipment, and thenIt can prepare the menu of the compliant applications to work together with agent equipment 4.Application menu is provided for user, desired by user's selectionApplication, operation it is described application and log in.At step 7, application shop utilizes the selection more new registry of user, to makeObtain registration table the device id of sensor is associated with the application identifier of selected application.Application shop is also the equipment of sensorID and User ID are sent to selected application provider 6, so that User ID and sensor ID be allowed to be associated together.At this point, registration table 8 know particular sensor 4 will with which application communication, and application provider know which customer withThe sensor 4 is associated.Then the step 8-12 of Figure 22 is identical as the step 7-11 of Figure 21 respectively, wherein occur sensor 4 withBeing mutually authenticated between registration table 22, and the communication of safety is then established between sensor 4 and application provider 6.
Figure 23 shows the 4th service condition, wherein agent equipment 4 be used in large-scale industry or government deployment in andIt is not to be used in personal health care.In this embodiment, agent equipment is mounted in the sensor 4 on street lamp, aboutThe data feedback of the operation of street lamp safeguards which street provider then can for example determine using the data to cloud platformLamp needs repairing.Similarly, step 1-3 is identical with Figure 20-22.At step 4, manufacture includes the product of sensor and willIt is supplied to contractor.For example, the street lamp with integrated sensor can be manufactured, or can be with the separately manufactured packet of street lampProduct containing sensor is for being installed to street lamp in the later a certain stage.At this time can more new registry, so as to spyDetermine service provider 6 reflect sensor 4 scale or this when sensor and street lamp can be installed at later step 5It carries out, smart phone application or similar equipment can be used to scan product IDs or provide for sensor in contractor at this time4 GPS location data.At step 6, the equipment of contractor can be the device id of sensor 4 together with will use from sensingThe application identifier of the application 6 of the sensing data of device 4 is sent collectively to registration table.Smart phone application, which can be, to allow to contractQuotient issues a kind of simple mode that sensor 4 is associated with to the association request of specific application 6, understands without contractorThe thing of generation.
At step 7, when agent equipment 4 activates (such as when being powered), the agent equipment in street lamp directly contacts noteVolume table is mutually authenticated with establishing, as previously discussed.Once establish certification, at step 8, registration table to exploitation orThe service provider 6 of the deployment system based on Internet of Things (IoT) notifies new street lamp and agent equipment to be mounted, and leads toIt is online to cross the example identity effectively authenticated.At step 9, service provider 6 is requested using key for secure communication.In stepAt rapid 10, registration table 8 provides to service provider 6 and agent equipment itself and symmetrically applies key.Then directly secure communication is openedBegin, and the IoT platform of service provider 6 executes application using the sensing data provided by sensor 4.Customer (such asCity management office or maintenance company, contractor) IoT system (step 11) can also be for example accessed using web platform.Therefore, in the example of Figure 23, the use of registration table 8 simplifies the work of contractor's installation equipment, this is because contractor canWith simply assemble agent equipment, scan code and/or using simple measure (such as insertion power supply or press individually byButton) agent equipment is activated, subsequent registration table 8 is responsible for authentication proxy's equipment and establishes the connection with application provider 6.It contractsQuotient does not need that the time is spent to interact with the user interface for Configuration Agent equipment.
Although specific embodiment is described herein, but it would be recognized that the invention is not limited thereto, and in this hairIn bright range can many modifications may be made and addition.For example, in the feature of independent claims without departing substantially from of the inventionIn the case where range, the various combinations of the feature of subsequent dependent claims can be made.