CN102957584B - Home network equipment management method, control equipment and home network equipment - Google Patents

Home network equipment management method, control equipment and home network equipment Download PDF

Info

Publication number
CN102957584B
CN102957584B CN201110246559.9A CN201110246559A CN102957584B CN 102957584 B CN102957584 B CN 102957584B CN 201110246559 A CN201110246559 A CN 201110246559A CN 102957584 B CN102957584 B CN 102957584B
Authority
CN
China
Prior art keywords
certificate
home network
network device
equipment
main equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110246559.9A
Other languages
Chinese (zh)
Other versions
CN102957584A (en
Inventor
朱萸
吴黄伟
张钦亮
赵君杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Tanous Co
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN201110246559.9A priority Critical patent/CN102957584B/en
Priority to PCT/CN2012/080596 priority patent/WO2013026415A1/en
Publication of CN102957584A publication Critical patent/CN102957584A/en
Application granted granted Critical
Publication of CN102957584B publication Critical patent/CN102957584B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • H04W84/20Master-slave selection or change arrangements

Abstract

The invention discloses a home network equipment management method, control equipment and home network equipment and belongs to the field of home networks. The method includes: the control equipment and the home network equipment are subjected to mutual authentication; and the control equipment receives a first certificate and a second certificate which are sent by master equipment, and sends the first certificate and the second certificate to the home network equipment. The home network equipment and the master equipment are subjected to mutual authentication for setup of trust relation to join in an equipment group, the master equipment issues the master equipment certificates for authentication to the home network equipment, and the certificates issued by the master equipment are used for guaranteeing safety in subsequent interaction between the master equipment and the home network equipment and among the home network equipment and other devices in the groups.

Description

The management method of home network device, control appliance and home network device
Technical field
The present invention relates to field of home networks, particularly a kind of management method of home network device, control appliance and home network device.
Background technology
Along with the development of digital home, and the common numbers of consumption electronic product itself, just there are increasing digitized amusement equipment and household appliances in family, and these amusement equipment and household appliances are connected in a wired or wireless fashion home network, to realize the functions such as the shared or mutual control of content, be that industry is being conceived and the digital home network concept striven for.The tissue being devoted to the exploitation of home network interworking standard at present mainly contains UPnP (Universal Plug and Play, UPnP), DLNA (DigitalLiving Network Alliance, DLNA), IGRS (Intelligent Grouping andResource Sharing, resource-sharing cooperation with service) etc.Give the concept of equipment group in existing protocol, multiple equipment can form an equipment group.Equipment component is peer device group and master-slave equipment group two type, and the former is equal for all devices and the latter has main equipment.The application such as the editing equipment management concentrated can be realized by master-slave equipment group.
Practical application master-slave equipment group carry out household equipment control, management and media share etc. application time, need to consider some row safety problems.A problem that wherein will solve is: how build up mutual trust with the main equipment of equipment group after new equipment adds home network and join in group, to accept the management of main equipment and to exchange visits with other device securities in group.UPnP has formulated a set of safety standard; CP (Control Point; control point) mutual with equipment first time time use WPS (Wi-Fi Protected Setup; Wi-Fi protection setting) agreement inputs PIN (the Personal Identification Number of the other side by user on CP or equipment; personal identification number) code completes mutual trust; both sides preserve the self-signed certificate of the other side, and CP is follow-up to be communicated by tls protocol with equipment.
After analyzing prior art, inventor finds that prior art at least has following shortcoming:
In prior art, a CP and equipment can only set up the trusting relationship of both sides, when new equipment adds equipment group, to need and CP, main equipment and other equipment repeat the step of the identical relation that breaks the wall of mistrust, reciprocal process between equipment is complicated, and user needs repeatedly to input PIN code, experiences poor.
Summary of the invention
Embodiments provide a kind of management method of home network device, control appliance and home network device.Described technical scheme is as follows:
A management method for home network device, comprising:
Control appliance and home network device carry out mutual certification;
After described mutual certification is passed through, described control appliance receives First Certificate and second certificate of the transmission of described main equipment, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Described First Certificate and described second certificate are sent to described home network device by described control appliance, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
A management method for home network device, control appliance is main equipment, comprising:
Main equipment and home network device carry out mutual certification;
After described mutual certification is passed through, First Certificate and the second certificate are sent to described home network device by described main equipment, make described home network device use described First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment.
A management method for home network device, comprising:
Home network device and control appliance carry out mutual certification;
After described mutual certification is passed through, described home network device receives First Certificate from described control appliance and the second certificate, use described First Certificate and described second certificate to add equipment group, and use described First Certificate to communicate with the equipment in described equipment group with the second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
A kind of control appliance, comprising:
Authentication module, for carrying out mutual certification with home network device;
Receiver module, for after described mutual certification is passed through, receive First Certificate and second certificate of the transmission of described main equipment, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Sending module, for described First Certificate and described second certificate are sent to described home network device, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
A kind of control appliance, comprising:
Authentication module, for carrying out mutual certification with home network device;
Sending module, for after described mutual certification is passed through, First Certificate and the second certificate are sent to described home network device, make described home network device use described First Certificate and described second certificate to add the equipment group at main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment.
A kind of home network device, described home network device comprises:
Authentication module, for carrying out mutual certification with control appliance;
Receiver module, for after described mutual certification is passed through, receives the First Certificate from described control appliance and the second certificate;
Add equipment group module, for the equipment group using described First Certificate and described second certificate to add described main equipment place;
Communication module, communicates with the equipment in described equipment group with the second certificate for using described First Certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
The beneficial effect of the technical scheme that the embodiment of the present invention provides is:
By home network device and main equipment mutually certification add equipment group with the relation of breaking the wall of mistrust, be the main equipment certificate that home network device issues for certification by main equipment, between follow-up main equipment and this home network device, home network device and other organize in the mutual certificate all using main equipment to issue between equipment to ensure safety, because the certificate from equipment is all that main equipment is issued, then when this home network device communicates with the equipment in equipment group, certificate by using main equipment to issue carries out verifying the relation of breaking the wall of mistrust, in this process, do not need the participation again of user, do not need between the equipment in home network device and this equipment group, to utilize the contents such as facility information to carry out complicated mutual certification yet, simplify the reciprocal process between equipment.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides;
Fig. 2 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides;
Fig. 3 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides;
Fig. 4 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides;
Fig. 5 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides;
Fig. 6 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Fig. 7 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Fig. 9 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Figure 10 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Figure 11 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Figure 12 is the structural representation of a kind of control appliance that the embodiment of the present invention provides;
Figure 13 is the structural representation of a kind of home network device that the embodiment of the present invention provides;
Figure 14 is the structural representation of a kind of home network device that the embodiment of the present invention provides;
Figure 15 is the structural representation of a kind of home network device that the embodiment of the present invention provides;
Figure 16 is the structural representation of a kind of home network device that the embodiment of the present invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Before the management method introducing home network device provided by the invention, first concise and to the point introduction is carried out to rudimentary knowledge of the present invention:
Define CP (Control Point, control point) and Device (UPnP device) two kinds of logic entity: CP use UPnP protocol and devices communicating in UPnP standard and equipment is controlled; And between CP and CP, directly mutually do not control by UPnP protocol between equipment and equipment.
Similarly, also define client and equipment two logic entities in IGRS agreement, behavior is similar to the CP in UPnP and equipment.This framework achieves distributed network, namely may have multiple CP/ client and multiple equipment in home network, and not have the concept of control centre's equipment.
Fig. 1 is the flow chart of the security initialization method of a kind of home network device that the embodiment of the present invention provides, the method can be applied in UPnP or IGRS, the present embodiment is described for UPnP standard, under this kind of standard, executive agent is control appliance, be specially control point, see Fig. 1, the method comprises:
101, control point and home network device carry out mutual certification;
In the present embodiment, in the process of control point and home network device certification mutually, its authentication information can comprise PIN code or keeper's account information of home network device.Authentication information is fed back to home network device by control appliance and control point, home network device is made to carry out certification according to authentication information to control point, and return authentication result, control point carries out certification according to authentication result to home network device, its verification process is prior art, does not repeat them here.In addition, those skilled in the art can be known, control point obtains authentication information by the PIN code or keeper's account information receiving the home network device of user's input.
102, after described mutual certification is passed through, described control appliance receives First Certificate and second certificate of the transmission of described main equipment, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Those skilled in the art can be known, control point can obtain the facility information of home network device, and after mutual certification is passed through, this facility information are sent to the main equipment of equipment group.Facility information at least comprises following any one: device identification, PKI, equipment Serial Number, UUID, identification of the manufacturer and the date of production etc.
PKI can be comprised in facility information, also PKI can not be comprised, when home network equipment has the ability producing PKI, when receiving the IGRS order at control point, a pair PKI and private key can be generated, and be included in facility information by PKI and send to control point, then be transmitted to the main equipment of equipment group by control point; And home network equipment does not have when producing the ability of PKI, PKI is not comprised in facility information, control point and main equipment set up escape way (such as TLS (Transport Layer Security, safe transmission layer protocol)), main equipment generates a pair PKI and private key, and private key is sent to control point by described escape way, by control point, this private key is sent to home network device.
103, described First Certificate and described second certificate are sent to described home network device by control point, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
Fig. 2 is the flow chart of the security initialization method of a kind of home network device that the embodiment of the present invention provides, and the method can be applied in UPnP or IGRS, and the present embodiment is described for IGRS standard, under this kind of standard, executive agent is main equipment, and see Fig. 2, the method comprises:
201, main equipment and home network device carry out mutual certification;
202, this is after certification is passed through mutually, First Certificate and the second certificate are sent to described home network device by described main equipment, make described home network device use described First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment.
Fig. 3 is the flow chart of the security initialization method of a kind of home network device that the embodiment of the present invention provides, the method can be applied in UPnP or IGRS, and the executive agent of this embodiment is home network device, see Fig. 3, control appliance is the main equipment of control point or equipment group, and the method comprises:
301, home network device and control appliance carry out mutual certification;
302, after mutual certification is passed through, described home network device receives First Certificate from described control appliance and the second certificate, use described First Certificate and described second certificate to add equipment group, and use described First Certificate to communicate with the equipment in described equipment group with the second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment.
In the present embodiment, in home network equipment and network issued other devices communicatings of certificate by same main equipment time, the certificate information of the main equipment of preservation can be used to verify the certificate of other equipment, be all main equipment issue certificate equipment between can directly trust each other.Particularly, the PKI of main equipment can be comprised in the certificate information of the main equipment that home network device is preserved, with other equipment connect (as TLS) obtain the other side's certificate time, the signing messages of this public key verifications the other side certificate can be used, learn that its certificate is also that main equipment is issued thus.Other equipment also can make this new equipment of certification in a like fashion.
By home network device and main equipment mutually certification add equipment group with the relation of breaking the wall of mistrust, be the main equipment certificate that home network device issues for certification by main equipment, between follow-up main equipment and this home network device, home network device and other organize in the mutual certificate all using main equipment to issue between equipment to ensure safety, because the certificate from equipment is all that main equipment is issued, then when this home network device communicates with the equipment in equipment group, certificate by using main equipment to issue carries out verifying the relation of breaking the wall of mistrust, in this process, do not need the participation again of user, do not need between the equipment in home network device and this equipment group, to utilize the contents such as facility information to carry out complicated mutual certification yet, simplify the reciprocal process between equipment.
Fig. 4 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides, in the present embodiment, with applied environment be only UPnP, executive agent for control point for example is described, this home network comprises equipment group, equipment group comprises control point, main equipment and multiple from equipment, an existing home network device adds this network, and see Fig. 4, the method comprises:
401: home network device is reached the standard grade, send SSDP alive multicast message, this SSDP alive multicast message carries the UUID (Universally Unique Identifier, general unique identifier) of home network device;
In the present embodiment, home network device sends SSDP alive multicast message in home network, and this message is equipment on-line message, for notifying that this home network device of control point is reached the standard grade.
402: when control point receives SSDP alive multicast message, the UUID carried by SSDP alive multicast message judges whether this home network device has added this home network;
If not, step 403 is performed;
If so, terminate.
In the present embodiment, the list of devices that has added home network is preserved at control point, can comprise the UUID of equipment, device name etc. in list.Particularly, this step 402 comprises: judge whether comprise this UUID in the list of devices at control point, if, then illustrate that this home network device is registered on control point, for the existing device in home network, if not, then illustrating that this home network device does not add this home network, is new log equipment.
403: when home network equipment does not add this home network, control point sends IGRS control command to home network device;
Alternatively, this IGRS control command is HTTP POST message, and this IGRS control command carries keeper's account information.
404: home network device returns the response of refusal command request to control point, home network device authentication information is carried in this response;
In the present embodiment, because now home network device and control point also do not break the wall of mistrust relation, then home network device can return the response of refusal command request;
Such as, this response can be " 401 Unauthorized ", and alternatively, following information is carried in this response: random value RAND, challenging value CHAL, device authentication information ATUN, session key resource SKEY, set of algorithms ALGO and authentication information type TYPE.
After CP receives above-mentioned response, can, according to the set of algorithms of instruction in response, first check the AUTN value of home network device whether correct by the PIN/ADMIN value of RAND and acquisition; Then, use the PIN/ADMIN of the home network device of the CHAL in above-mentioned message and acquisition to calculate authentication result RES, again send control command and carry authentication result RES wherein.In addition, CP also needs to use the SKEY in responding to calculate key EKey and IKey of the follow-up use of this session.Wherein, Ekey is used in certification by rear CP and home network device coded communication data, and Ikey is used for the integrity protection of CP and home network device communication data after this step.
The information of carrying in this response specifically for:
1) random value RAND, home network device uses this random value and PIN code/keeper's account information to calculate and generates home network device authentication information.After CP knows equipment PIN code/keeper's account information, PIN code/Administrator account the information of algorithm to this random value and equipment in set of algorithms is adopted to calculate, obtain the authentication information of home network device, according to this authentication information, certification is carried out to home network device.
2) challenging value CHAL, this challenging value is random number, and this challenging value of home network device carrys out certification CP.CP uses the PIN code of this challenging value and home network device/keeper's account information to calculate authenticated client information, and carries when retransmitting control command to home network device.
3) home network device authentication information ATUN, home network device uses RAND and PIN code/keeper's account information to calculate this home network device authentication information ATUN.CP calculates can authenticate home network device with RAND after knowing equipment PIN code/keeper's account information.CP is by calculating ATUN value, and then compare by the ATUN value of the ATUN calculated and reception, if unanimously, then home network device passes through certification.
4) session key resource SKEY, the information for the protection of the communication between CP and home network device is not intercepted by third party and decodes.Wherein comprise the material SKEY1 calculating encryption key and the material SKEY2 calculating message integrity key, for home network device and CP calculate the resource of the key (encryption key EKey, message integrity key IKey) after this session.
5) set of algorithms ALGO, set of algorithms is used to indicate the method calculating authentication information, and the algorithm of session encryption.Such as, use the hashing algorithms such as message authentication mechanisms or MD5, SHA1, SHA256 such as MAC, HMAC or use the DEAs such as AES, 3DES.
6) authentication information type TYPE, is used for distinguishing authentication information, and authentication information can be PIN code, keeper's account or other information, and the value of this authentication information type can be " PIN " or " ADMIN ".In reality, home network device is determined to use what value to carry out certification client according to the configuring condition that dispatches from the factory of oneself, PIN or Admin account information can be presented on home network device screen in verification process, or user goes the label on physical equipment to find this information; Above input at the UI (User Interface, user interface) of client after user reads data, UI can be display screen.
In addition, home network device also needs oneself to calculate and preserves the session key used after a while, and the check code (XRES) whether authentication information for checking CP to return is correct.In reality, this step operates after also can replying receiving CP again.
405: control point receives response, according to response, certification is carried out to home network device, and certification by time send command request information to home network device, carry certification in this command request information and pass through information;
In the present embodiment, certification comprises PIN code or administrator's information of home network device by information.Particularly, when home network device networks, the interface that user can provide at control point inputs the PIN code of this home network device to add in management by home network device, or, the interface that user can provide at control point inputs keeper's user profile, through authentication calculations, notice this control point of home network device is the legal control appliance in network.
Illustrate, the authentication information of replying according to above-mentioned response and CP carries out the method for certification can be as follows:
When CP receives response, algorithm according to specifying in response calculates random value, if the AUTN calculated with response in obtain consistent, then can assert that home network device is believable, authentication authorization and accounting equipment passes through, to home network device return authentication result RES, for home network device certification control point.
EKey=SHA1(SKEY1||PIN)
IKey=SHA1(SKEY2||PIN)
Those skilled in the art can be known, SHA1 is a kind of hash (Hash) algorithm, || represent and SKEY1 and PIN numerical value is spliced.
406: when home network device receives command request information, by information, certification is carried out to control point according to the certification of carrying in command request information, and certification by time to control point feedback certification pass through information;
Particularly, this home network device receives certification by after information, preset algorithm calculating is carried out by information according to certification, the XRES calculated before calculating XRES or use carrys out the RES value of carrying in comparison message, if the two is identical, think that control point is believable, namely control point certification is passed through.Home network device returns the response message of this order to control point.Now control point and home network device achieve mutual trust, and home network device obeys the control at control point completely.The EKey known by both sides is encrypted by session below, and IKey verifies message integrity.
Above-mentioned steps 401 to 406 is the mutual authentication process between home network device and control point, to be gained credit relation by this verification process between home network device and control point, it should be noted that, algorithm in this verification process and home network device and control point mutual, be prior art, do not repeat them here.
407: when the certification receiving home network device feedback when control point is by information, control point notice home network device generates a pair PKI and private key, and to home network device transmission group announcement message;
Wherein, the main equipment information of Portable device group information and this equipment group in this group announcement message; The main equipment information of the equipment group information that home network device can provide according to control point and equipment group adds equipment group.The main equipment information of this equipment group information and this equipment group can also be carried by group announcement message and main equipment announcement message respectively, then in step 407 to home network device transmission group announcement message time, can also comprise: send main equipment announcement message to home network device.
408: PKI is sent to control point by home network device;
After control point receives PKI, SSDP Search multicast message can be sent, by this multicast message, find main equipment, and set up safety corridor with this main equipment, mutual between follow-up control point and main equipment, can be transmitted by this safety corridor.
In the present embodiment, PKI is carried in facility information and sends, and facility information at least comprises following any one: device identification, PKI, equipment Serial Number, UUID, identification of the manufacturer and the date of production etc.
409: control point receives PKI, and PKI is transmitted to main equipment;
In the present embodiment, information forwarding, as the control appliance in home network, after the mutual certification between home network device is passed through, can be carried out in control point between home network device and main equipment.
410: main equipment receives PKI, and generate First Certificate according to the PKI of home network device and the signing messages of main equipment, First Certificate, the second certificate are sent to control point;
Those skilled in the art can be known, the signing messages of PKI and main equipment is the necessary component generating First Certificate, in generative process, facility information can also be had to comprise the participations such as device identification, equipment Serial Number, UUID, identification of the manufacturer or the date of production.
411: control point receives First Certificate, the second certificate, and First Certificate and the second certificate are transmitted to home network device;
Above-mentioned steps 407-411 is that main equipment generates First Certificate and First Certificate is presented to the process of home network device, in the present embodiment, home network device possesses the equipment generating PKI and private key ability, therefore a pair PKI and private key is generated by home network device, and in another embodiment, home network equipment is when not possessing the equipment generating PKI and private key ability, PKI and private key can be generated by main equipment, main equipment generates First Certificate according to the signing messages of the PKI of described home network device and described main equipment, and by First Certificate, private key and the second certificate send to control point, these information is forwarded to home network device by control point.Particularly, the main equipment of control point and equipment group sets up safety corridor, PKI and private key is generated by main equipment, and generate First Certificate according to the PKI of described home network device and the signing messages of described main equipment, and by safety corridor, First Certificate, the second certificate and private key are issued control point, and by control point, First Certificate, the second certificate and private key are transmitted to home network device, make it preserve and follow-up with the communication of other equipment in use.
It should be noted that, no matter use which kind of scheme above-mentioned, First Certificate is all that main equipment is issued, and namely carries the signing messages of main equipment in First Certificate, those skilled in the art can be known, this signing messages is that main equipment uses the private key of oneself to the signature of this certificate.This First Certificate is used for using when communicating with any device security in equipment group after home network device.
412: home network device uses First Certificate and the second certificate to add the equipment group at main equipment place;
In verification process, control point is by the main equipment message notice of equipment group and equipment group to home network device, and wherein, equipment group is identified by group ID.
Particularly, home network device adds equipment group and comprises: use First Certificate and described main equipment to set up secure connection, and sent the request adding described main equipment place equipment group to described main equipment by described secure connection, described main equipment is made to use home network device described in described second certificate verification, when certification is passed through, receive the response adding described equipment group that described main equipment sends.
Its concrete steps are:
1) home network device receives the group announcement message of main equipment, checks according to the group ID in this group announcement message and the group ID that receives in verification process, being checked specify with control point consistent.
2) home network device sets up safety corridor (as TLS) to main equipment, certificate exchange process is completed in safety corridor process of establishing, namely First Certificate is sent to main equipment by home network device, and receiving the second certificate of main equipment transmission, the second certificate that home network device can be received by comparison carrys out the identity of certification main equipment with the second certificate that control appliance forwards before;
3) home network device sends to main equipment and adds the request of described equipment group, to ask to add equipment group;
4) main equipment is according to the second certificate verification home network device, and namely use the PKI of the second certificate can identify main equipment in First Certificate and use the signing messages of private key generation, the certificate identifying home network device is that main equipment is signed and issued;
5) when certification home network device passes through, main equipment returns the response of this message, and instruction home network device successfully adds equipment group.
It should be noted that, after home network equipment adds equipment group, main equipment obtains the control to home network device; Those skilled in the art can be known, main equipment after obtaining the control to home network device, for home network device issues initial configuration information;
413: in home network equipment and equipment group from devices communicating time, using First Certificate and the second certificate and should verify from equipment, when being verified, to break the wall of mistrust relation from equipment with this.
Particularly, use described First Certificate to verify the described First Certificate from equipment, when the described First Certificate from equipment is consistent with the signing messages described First Certificate, then described is that described main equipment is issued from the First Certificate of equipment, is verified.
Wherein, home network device with from equipment by being connected safety corridor (as TLS) to obtain the other side's certificate and to verify the signing messages of the other side's certificate, learn that its certificate is also that main equipment is issued thus, other equipment also can make this home network device of certification in a like fashion.
By home network device and control point mutually certification add equipment group with the relation of breaking the wall of mistrust, be the main equipment certificate that home network device issues for certification by the main equipment of equipment group, between follow-up main equipment and this home network device, home network device and other organize in the mutual certificate all using main equipment to issue between equipment to ensure safety, because the certificate from equipment is all that main equipment is issued, then when this home network device communicates with the equipment in equipment group, certificate by using main equipment to issue carries out verifying the relation of breaking the wall of mistrust, in this process, do not need the participation again of user, do not need between the equipment in home network device and this equipment group, to utilize the contents such as facility information to carry out complicated mutual certification yet, simplify the reciprocal process between equipment.
Fig. 5 is the flow chart of the management method of a kind of home network device that the embodiment of the present invention provides, in the present embodiment, with applied environment be only IGRS agreement, executive agent for main equipment for example is described, this home network comprises equipment group, equipment group comprises main equipment and multiple from equipment, an existing home network device adds this network, see Fig. 5, the method comprises:
501: home network device is reached the standard grade, send SSDP alive multicast message, this SSDP alive multicast message carries the UUID of home network device;
After home network equipment is reached the standard grade, user can input PIN code or keeper's account information, carries out certification to make main equipment by this information to new equipment.The detailed process of this step is similar to step 201, repeats no more.
502: home network device and main equipment carry out mutual certification;
This mutually the process of certification and step 401 similar to 406, do not repeat them here.
503: when mutual certification is passed through, main equipment notice home network device generates a pair PKI and private key, and to home network device transmission group announcement message;
504: PKI is sent to main equipment by home network device;
505: main equipment receives PKI, and generate First Certificate according to the PKI of described home network device and the signing messages of described main equipment, First Certificate, the second certificate are sent to home network device;
In the present embodiment, home network device possesses the equipment generating PKI and private key ability, therefore a pair PKI and private key is generated by home network device, and in another embodiment, home network equipment is when not possessing the equipment generating PKI and private key ability, PKI and private key can be generated by main equipment, main equipment generates First Certificate according to the signing messages of the PKI of described home network device and described main equipment, and First Certificate, private key and the second certificate are sent to home network device.
506: home network device adds equipment group.
This step and step 412 similar, do not repeat them here.
The difference of the embodiment shown in this embodiment and Fig. 4 is, the main equipment in the present embodiment contains the function at control point, therefore, in the present embodiment, without the need to carrying out certification by between control point and home network device, but is undertaken by main equipment.
By home network device and main equipment mutually certification add equipment group with the relation of breaking the wall of mistrust, be the main equipment certificate that home network device issues for certification by main equipment, between follow-up main equipment and this home network device, home network device and other organize in the mutual certificate all using main equipment to issue between equipment to ensure safety, because the certificate from equipment is all that main equipment is issued, then when this home network device communicates with the equipment in equipment group, certificate by using main equipment to issue carries out verifying the relation of breaking the wall of mistrust, in this process, do not need the participation again of user, do not need between the equipment in home network device and this equipment group, to utilize the contents such as facility information to carry out complicated mutual certification yet, simplify the reciprocal process between equipment.
Fig. 6 is the structural representation of a kind of control appliance that the embodiment of the present invention provides.See Fig. 6, this control appliance comprises:
Authentication module 601, for carrying out mutual certification with home network device;
Receiver module 602, for after described mutual certification is passed through, receive First Certificate and second certificate of the transmission of described main equipment, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Sending module 603, for described First Certificate and described second certificate are sent to described home network device, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
See Fig. 7, described authentication module 601 comprises:
First receiving element 601a, the equipment for receiving described home network device is reached the standard grade notice;
First transmitting element 601b, for sending PIN code or keeper's account information of described home network device to described home network device, described home network device and described control appliance is made to carry out mutual certification according to the PIN code of described home network device or keeper's account information.
See Fig. 8, described control appliance also comprises:
Acquisition module 604, after passing through for described mutual certification, described control appliance obtain described home network device generate a pair PKI and private key in PKI;
Described sending module 603 is also for sending to described main equipment by described PKI;
The First Certificate that described receiver module 602 generates according to the signing messages of described PKI and described main equipment specifically for receiving described main equipment, and receive described second certificate.
Described receiver module 602 is the private key in a pair PKI generating of described home network device and private key specifically for First Certificate, the second certificate and the described main equipment receiving described main equipment and send; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment;
Described sending module 603 specifically for by described First Certificate, the second certificate and described main equipment be described home network device generate private key send to described home network device.
The control appliance that the present embodiment provides, is specifically as follows the control point of equipment group, belongs to same design with embodiment of the method, and its specific implementation process refers to embodiment of the method, repeats no more here.
Fig. 9 is the structural representation of a kind of control appliance that the embodiment of the present invention provides.See Fig. 9, this control appliance comprises:
Authentication module 901, for carrying out mutual certification with home network device;
Sending module 902, for after described mutual certification is passed through, First Certificate and the second certificate are sent to described home network device, make described home network device use described First Certificate and described second certificate to add the equipment group at main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment.
See Figure 10, described authentication module 901 specifically comprises:
Second receiving element 901a, the equipment for receiving described home network device is reached the standard grade notice;
Second transmitting element 901b, for sending PIN code or keeper's account information of described home network device to described home network device, described home network device and described main equipment is made to carry out mutual certification according to the PIN code of described home network device or keeper's account information.
See Figure 11, described control appliance also comprises:
Acquisition module 903, for obtain described home network device generate a pair PKI and private key in PKI;
The First Certificate of described sending module 902 specifically for described main equipment is generated according to the signing messages of the PKI of described home network device and described main equipment, and described second certificate sends to described home network device.
Described private key, the second certificate and First Certificate specifically for generating PKI and private key for described home network device, and are sent to described home network device by described sending module 902; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment.
See Figure 12, described control appliance also comprises:
Equipment group authentication module 904, for receive when described main equipment described home network device send add described equipment group request time, use described second certificate and described home network device to carry out certification, after certification is passed through, described home network device is joined described equipment group.
The control appliance that the present embodiment provides, is specifically as follows the main equipment of equipment group, belongs to same design with embodiment of the method, and its specific implementation process refers to embodiment of the method, repeats no more here.
Figure 13 is the structural representation of a kind of home network device that the embodiment of the present invention provides.Control appliance is the main equipment of control point or equipment group, and see Figure 13, this home network device comprises:
Authentication module 1301, for carrying out mutual certification with control appliance;
Receiver module 1302, for after described mutual certification is passed through, receives the First Certificate from described control appliance and the second certificate;
Add equipment group module 1303, for the equipment group using described First Certificate and described second certificate to add described main equipment place;
Communication module 1304, communicates with the equipment in described equipment group with the second certificate for using described First Certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
See Figure 14, described authentication module 1301 comprises:
3rd transmitting element 1301a, for notice of reaching the standard grade to described control appliance transmitting apparatus;
3rd receiving element 1301b, for receiving the PIN code or keeper's account information that described control appliance returns, makes described home network device and described control appliance carry out mutual certification according to the PIN code of described home network device or keeper's account information.
See Figure 15, described home network device also comprises:
Sending module 1305, for send to described control appliance described home network device generate a pair PKI and private key in PKI;
Described receiver module 1302 specifically for receiving from described control appliance, the described First Certificate generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described second certificate.
Described receiver module 1302 also for receiving First Certificate that described control appliance sends, the second certificate and main equipment be described home network device generate in a pair PKI and private key private key; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment.
See Figure 16, described in add equipment group module 1303 and comprise:
Secure connection sets up unit 1303a, sets up secure connection for using First Certificate and described main equipment;
Add unit 1303b, for being sent the request adding described main equipment place equipment group to described main equipment by described secure connection, described main equipment is made to use home network device described in described second certificate verification, when certification is passed through, receive the response adding described equipment group that described main equipment sends.
Described communication module 1304, specifically for when with devices communicating in described equipment group, using the equipment in described First Certificate and the second certificate and described equipment group to verify, when being verified, communicating with the equipment in described equipment group.
The First Certificate of described communication module 1304 specifically for using described First Certificate to verify the equipment in described equipment group, when the First Certificate of the equipment in described equipment group is consistent with the signing messages in described First Certificate, is then verified.
The home network device that the present embodiment provides, belongs to same design with embodiment of the method, and its specific implementation process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (32)

1. a management method for home network device, is characterized in that, comprising:
Control appliance and home network device carry out mutual certification;
After described mutual certification is passed through, described control appliance receives First Certificate and second certificate of main equipment transmission, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Described First Certificate and described second certificate are sent to described home network device by described control appliance, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
2. method according to claim 1, is characterized in that, control appliance and home network device carry out mutual certification, specifically comprise:
The equipment that described control appliance receives described home network device is reached the standard grade notice, send PIN code or keeper's account information of described home network device to described home network device, make described home network device and described control appliance carry out mutual certification according to the PIN code of described home network device or keeper's account information.
3. method according to claim 1 and 2, is characterized in that, described control appliance receives First Certificate and second certificate of main equipment transmission, comprises before:
After described mutual certification is passed through, described control appliance obtain described home network device generate a pair PKI and private key in PKI; Described method also comprises:
Described PKI is sent to described main equipment by described control appliance;
Correspondingly, described control appliance receive described main equipment send First Certificate and the second certificate comprise:
Described control appliance receives the First Certificate that described main equipment generates according to the signing messages of described PKI and described main equipment, and receives described second certificate.
4. method according to claim 1 and 2, is characterized in that, the First Certificate that described control appliance reception main equipment sends and the second certificate comprise:
Described control appliance receives First Certificate that described main equipment sends, the second certificate and described main equipment are a pair PKI generating of described home network device and private key in private key; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment;
Described First Certificate and described second certificate are sent to described home network device by described control appliance, specifically comprise:
Described First Certificate, the second certificate and described main equipment are that the private key that described home network device generates sends to described home network device by described control appliance.
5. a management method for home network device, is characterized in that, control appliance is main equipment, comprising:
Main equipment and home network device carry out mutual certification;
After described mutual certification is passed through, First Certificate and the second certificate are sent to described home network device by described main equipment, make described home network device use described First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment.
6. method according to claim 5, is characterized in that, main equipment and home network device carry out mutual certification, specifically comprise:
The equipment that described main equipment receives described home network device is reached the standard grade notice, send PIN code or keeper's account information of described home network device to described home network device, make described home network device and described main equipment carry out mutual certification according to the PIN code of described home network device or keeper's account information.
7. the method according to claim 5 or 6, is characterized in that, it is characterized in that, First Certificate and the second certificate are sent to described home network device by described main equipment, comprise before:
After described mutual certification is passed through, described control appliance obtain described home network device generate a pair PKI and private key in PKI;
Described home network device is sent to comprise First Certificate and the second certificate described in described main equipment:
The First Certificate that described main equipment generates according to the signing messages of the PKI of described home network device and described main equipment by described main equipment, and described second certificate sends to described home network device.
8. the method according to claim 5 or 6, is characterized in that, First Certificate and the second certificate are sent to described home network device by described main equipment, specifically comprise:
Described main equipment is that described home network device generates PKI and private key, and described private key, the second certificate and First Certificate are sent to described home network device, described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment.
9. the method according to claim 5 or 6, is characterized in that, described method also comprises:
When described main equipment receive described home network device send add described equipment group request time, use described second certificate and described home network device to carry out certification, after certification is passed through, described home network device joined described equipment group.
10. a management method for home network device, is characterized in that, comprising:
Home network device and control appliance carry out mutual certification;
After described mutual certification is passed through, described home network device receives First Certificate from described control appliance and the second certificate, use described First Certificate and described second certificate to add equipment group, and use described First Certificate to communicate with the equipment in described equipment group with the second certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and main equipment; Described second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
11. methods according to claim 10, is characterized in that, described home network device and control appliance carry out mutual certification and comprise:
Described home network device to be reached the standard grade notice to described control appliance transmitting apparatus, and receive the PIN code or keeper's account information that described control appliance returns, make described home network device and described control appliance carry out mutual certification according to the PIN code of described home network device or keeper's account information.
12. methods according to claim 10 or 11, is characterized in that, described home network device receives First Certificate from described control appliance and the second certificate, comprises before:
After described mutual certification is passed through, described home network device to described control appliance send described home network device generate a pair PKI and private key in PKI;
Described home network device receives and is specially from the First Certificate of described control appliance and the second certificate:
Described home network device receives from described control appliance, the described First Certificate generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described second certificate.
13. methods according to claim 10 or 11, is characterized in that, described home network device receives First Certificate from described control appliance and the second certificate, specifically comprises:
Described home network device receives First Certificate that described control appliance sends, the second certificate and described main equipment are a pair PKI generating of described home network device and private key in private key; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment.
14. methods according to claim 10 or 11, it is characterized in that, described home network device uses described First Certificate and described second certificate to add the equipment group at described main equipment place, specifically comprises:
Described home network device uses First Certificate and described main equipment to set up secure connection, and sent the request adding described main equipment place equipment group to described main equipment by described secure connection, described main equipment is made to use home network device described in described second certificate verification, when certification is passed through, receive the response adding described equipment group that described main equipment sends.
15. methods according to claim 10 or 11, is characterized in that, described home network device receives and comprises from after the First Certificate of described control appliance and the second certificate:
When with devices communicating in described equipment group, described home network device uses the equipment in described First Certificate and the second certificate and described equipment group to verify, when being verified, described home network device communicates with the equipment in described equipment group.
16. methods according to claim 15, is characterized in that, described home network device uses the equipment in described First Certificate and the second certificate and described equipment group to verify, specifically comprises:
Described home network device uses described First Certificate to verify the First Certificate of the equipment in described equipment group, when the First Certificate of the equipment in described equipment group is consistent with the signing messages in described First Certificate, is then verified.
17. 1 kinds of control appliances, is characterized in that, comprising:
Authentication module, for carrying out mutual certification with home network device;
Receiver module, for after described mutual certification is passed through, receive First Certificate and second certificate of main equipment transmission, described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment;
Sending module, for described First Certificate and described second certificate are sent to described home network device, make described home network device use First Certificate and described second certificate to add the equipment group at described main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate.
18. control appliances according to claim 17, is characterized in that, described authentication module comprises:
First receiving element, the equipment for receiving described home network device is reached the standard grade notice;
First transmitting element, for sending PIN code or keeper's account information of described home network device to described home network device, described home network device and described control appliance is made to carry out mutual certification according to the PIN code of described home network device or keeper's account information.
19. control appliances according to claim 17 or 18, it is characterized in that, described control appliance also comprises:
Acquisition module, after passing through for described mutual certification, described control appliance obtain described home network device generate a pair PKI and private key in PKI;
Described sending module is also for sending to described main equipment by described PKI;
The First Certificate that described receiver module generates according to the signing messages of described PKI and described main equipment specifically for receiving described main equipment, and receive described second certificate.
20. control appliances according to claim 17 or 18, it is characterized in that, described receiver module is the private key in a pair PKI generating of described home network device and private key specifically for First Certificate, the second certificate and the described main equipment receiving described main equipment and send; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment;
Described sending module specifically for by described First Certificate, the second certificate and described main equipment be described home network device generate private key send to described home network device.
21. 1 kinds of control appliances, is characterized in that, comprising:
Authentication module, for carrying out mutual certification with home network device;
Sending module, for after described mutual certification is passed through, First Certificate and the second certificate are sent to described home network device, make described home network device use described First Certificate and described second certificate to add the equipment group at main equipment place, and use described First Certificate to communicate with the equipment in described equipment group with described second certificate; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment, and described second certificate is the certificate of described main equipment.
22. control appliances according to claim 21, is characterized in that, described authentication module specifically comprises:
Second receiving element, the equipment for receiving described home network device is reached the standard grade notice;
Second transmitting element, for sending PIN code or keeper's account information of described home network device to described home network device, described home network device and described main equipment is made to carry out mutual certification according to the PIN code of described home network device or keeper's account information.
23. control appliances according to claim 21 or 22, it is characterized in that, described control appliance also comprises: acquisition module, for obtaining the PKI in a pair PKI and private key that described home network device generates;
The First Certificate of described sending module specifically for described main equipment is generated according to the signing messages of the PKI of described home network device and described main equipment, and described second certificate sends to described home network device.
24. control appliances according to claim 21 or 22, is characterized in that, described private key, the second certificate and First Certificate specifically for being that described home network device generates PKI and private key, and are sent to described home network device by described sending module; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment.
25. control appliances according to claim 21 or 22, it is characterized in that, described control appliance also comprises:
Equipment group authentication module, for receive when described main equipment described home network device send add described equipment group request time, use described second certificate and described home network device to carry out certification, after certification is passed through, described home network device is joined described equipment group.
26. 1 kinds of home network devices, is characterized in that, described home network device comprises:
Authentication module, for carrying out mutual certification with control appliance;
Receiver module, for after described mutual certification is passed through, receives the First Certificate from described control appliance and the second certificate;
Add equipment group module, for the equipment group using described First Certificate and described second certificate to add main equipment place;
Communication module, communicates with the equipment in described equipment group with the second certificate for using described First Certificate; Described First Certificate generates according to the signing messages of the PKI of described home network device and described main equipment; Described second certificate is the certificate of described main equipment;
Described control appliance is described main equipment or control point.
27. home network devices according to claim 26, is characterized in that, described authentication module comprises:
3rd transmitting element, for notice of reaching the standard grade to described control appliance transmitting apparatus;
3rd receiving element, for receiving the PIN code or keeper's account information that described control appliance returns, makes described home network device and described control appliance carry out mutual certification according to the PIN code of described home network device or keeper's account information.
28. home network devices according to claim 26 or 27, it is characterized in that, described home network device also comprises:
Sending module, for send to described control appliance described home network device generate a pair PKI and private key in PKI;
Described receiver module specifically for receiving from described control appliance, the described First Certificate generated according to the signing messages of the PKI of described home network device and described main equipment by described main equipment; And receive described second certificate.
29. home network devices according to claim 26 or 27, is characterized in that,
Described receiver module also for receiving First Certificate that described control appliance sends, the second certificate and described main equipment be described home network device generate in a pair PKI and private key private key; Described First Certificate is generated by the signing messages of described main equipment according to the PKI of described home network device and described main equipment.
30. home network devices according to claim 26 or 27, is characterized in that, described in add equipment group module and comprise:
Secure connection sets up unit, sets up secure connection for using First Certificate and described main equipment;
Add unit, for being sent the request adding described main equipment place equipment group to described main equipment by described secure connection, described main equipment is made to use home network device described in described second certificate verification, when certification is passed through, receive the response adding described equipment group that described main equipment sends.
31. home network devices according to claim 26 or 27, it is characterized in that, described communication module is specifically for when with devices communicating in described equipment group, the equipment in described First Certificate and the second certificate and described equipment group is used to verify, when being verified, communicate with the equipment in described equipment group.
32. home network devices according to claim 30, it is characterized in that, the First Certificate of described communication module specifically for using described First Certificate to verify the equipment in described equipment group, when the First Certificate of the equipment in described equipment group is consistent with the signing messages in described First Certificate, be then verified.
CN201110246559.9A 2011-08-25 2011-08-25 Home network equipment management method, control equipment and home network equipment Expired - Fee Related CN102957584B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110246559.9A CN102957584B (en) 2011-08-25 2011-08-25 Home network equipment management method, control equipment and home network equipment
PCT/CN2012/080596 WO2013026415A1 (en) 2011-08-25 2012-08-27 Home network device management method, control device and home network device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110246559.9A CN102957584B (en) 2011-08-25 2011-08-25 Home network equipment management method, control equipment and home network equipment

Publications (2)

Publication Number Publication Date
CN102957584A CN102957584A (en) 2013-03-06
CN102957584B true CN102957584B (en) 2015-03-18

Family

ID=47745958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110246559.9A Expired - Fee Related CN102957584B (en) 2011-08-25 2011-08-25 Home network equipment management method, control equipment and home network equipment

Country Status (2)

Country Link
CN (1) CN102957584B (en)
WO (1) WO2013026415A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200061A (en) * 2013-04-17 2013-07-10 北京推博信息技术有限公司 Method of building trust relationship between communication devices and communication devices and system
CN104735054B (en) * 2015-02-06 2018-03-02 西安电子科技大学 Digital family equipment is credible access platform and authentication method
CN105007164B (en) * 2015-07-30 2021-07-06 青岛海尔智能家电科技有限公司 Centralized safety control method and device
CN106559213B (en) * 2015-09-24 2020-06-16 腾讯科技(深圳)有限公司 Equipment management method, equipment and system
CN105471974B (en) * 2015-11-18 2019-01-18 北京京东世纪贸易有限公司 Realize smart machine, terminal device and the method remotely controlled
CN107172105A (en) * 2017-05-13 2017-09-15 深圳市欧乐在线技术发展有限公司 One kind realizes multiple services safety certifying method and system
CN110730247B (en) * 2019-10-23 2022-08-09 国网重庆市电力公司电力科学研究院 Communication control system based on power line carrier
CN112019434B (en) * 2020-07-28 2021-08-03 烽火通信科技股份有限公司 WEB centralized management method and device for networking equipment
CN113660099B (en) * 2021-09-01 2022-10-18 珠海格力电器股份有限公司 Authentication method of Internet of things equipment, authentication server and user equipment server
CN114650182B (en) * 2022-04-08 2024-02-27 深圳市欧瑞博科技股份有限公司 Identity authentication method, system, device, gateway equipment, equipment and terminal
CN114666155B (en) * 2022-04-08 2024-04-16 深圳市欧瑞博科技股份有限公司 Equipment access method, system, device, internet of things equipment and gateway equipment
CN114666151B (en) * 2022-04-08 2024-02-27 深圳市欧瑞博科技股份有限公司 Equipment binding method, device, terminal, internet of things equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092200A (en) * 1997-08-01 2000-07-18 Novell, Inc. Method and apparatus for providing a virtual private network
CN1604552A (en) * 2003-10-02 2005-04-06 三星电子株式会社 Method of constructing domain based on public key and implementing the domain through universal plug and play (UPnP)
CN1685706A (en) * 2002-09-23 2005-10-19 皇家飞利浦电子股份有限公司 Domain based on certificate granting
CN1691603A (en) * 2004-04-28 2005-11-02 联想(北京)有限公司 A method for implementing equipment group and intercommunication between grouped equipments
CN101114901A (en) * 2006-07-26 2008-01-30 联想(北京)有限公司 Safety authentication system, apparatus and method for non-contact type wireless data transmission
CN101277297A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Conversation control system and method
CN102017514A (en) * 2008-03-04 2011-04-13 三星电子株式会社 Authentication information management method in home network and an apparatus therefor

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100567822B1 (en) * 2003-10-01 2006-04-05 삼성전자주식회사 Method for creating domain based on public key cryptography
KR20060001550A (en) * 2004-06-30 2006-01-06 엘지전자 주식회사 Upnp device controlling method using internet

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092200A (en) * 1997-08-01 2000-07-18 Novell, Inc. Method and apparatus for providing a virtual private network
CN1685706A (en) * 2002-09-23 2005-10-19 皇家飞利浦电子股份有限公司 Domain based on certificate granting
CN1604552A (en) * 2003-10-02 2005-04-06 三星电子株式会社 Method of constructing domain based on public key and implementing the domain through universal plug and play (UPnP)
CN1691603A (en) * 2004-04-28 2005-11-02 联想(北京)有限公司 A method for implementing equipment group and intercommunication between grouped equipments
CN101114901A (en) * 2006-07-26 2008-01-30 联想(北京)有限公司 Safety authentication system, apparatus and method for non-contact type wireless data transmission
CN101277297A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Conversation control system and method
CN102017514A (en) * 2008-03-04 2011-04-13 三星电子株式会社 Authentication information management method in home network and an apparatus therefor

Also Published As

Publication number Publication date
WO2013026415A1 (en) 2013-02-28
CN102957584A (en) 2013-03-06

Similar Documents

Publication Publication Date Title
CN102957584B (en) Home network equipment management method, control equipment and home network equipment
CN105684344B (en) A kind of cipher key configuration method and apparatus
US9654284B2 (en) Group based bootstrapping in machine type communication
EP2590356B1 (en) Method, device and system for authenticating gateway, node and server
CN101631113B (en) Security access control method of wired LAN and system thereof
CN108965230A (en) A kind of safety communicating method, system and terminal device
US10686595B2 (en) Configuring connectivity association key and connectivity association name in a media access control security capable device
EP3334084B1 (en) Security authentication method, configuration method and related device
TW201706900A (en) Method and device for authentication using dynamic passwords
EP3602997B1 (en) Mutual authentication system
US9781125B2 (en) Enrollment in a device-to-device network
CN111181723B (en) Method and device for offline security authentication between Internet of things devices
CN104901940A (en) 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication
JP7389754B2 (en) Apparatus, methods and articles of manufacture for messaging using message level security
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN112804356B (en) Block chain-based networking equipment supervision authentication method and system
KR20180054775A (en) Method and system for providing security against initial contact establishment of mobile devices and devices
CN101282208B (en) Method for updating safety connection association master key as well as server and network system
CN113411187B (en) Identity authentication method and system, storage medium and processor
BR112021003460A2 (en) device with no subscriber identity, device with subscriber identity, method for use on a device without subscriber identity, method for use on a device with subscriber identity, and computer program product
BR112021003448A2 (en) device without subscriber identity, subscriber identity device, method for use on a device without subscriber identity, method for use on a device with subscriber identity, and downloadable computer program product
WO2017091987A1 (en) Method and apparatus for secure interaction between terminals
CN104753682A (en) Generating system and method of session keys
CN100544247C (en) The negotiating safety capability method
CN104581715A (en) Sensing system key protecting method in field of Internet of things and wireless access equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20180211

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: California, USA

Patentee before: Tanous Co.

Effective date of registration: 20180211

Address after: California, USA

Patentee after: Tanous Co.

Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No.

Patentee before: HUAWEI DEVICE Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150318

CF01 Termination of patent right due to non-payment of annual fee