CN118435639A - Security domain management method, device, apparatus, storage medium and program product - Google Patents
Security domain management method, device, apparatus, storage medium and program product Download PDFInfo
- Publication number
- CN118435639A CN118435639A CN202280084063.2A CN202280084063A CN118435639A CN 118435639 A CN118435639 A CN 118435639A CN 202280084063 A CN202280084063 A CN 202280084063A CN 118435639 A CN118435639 A CN 118435639A
- Authority
- CN
- China
- Prior art keywords
- security domain
- target device
- security
- request
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 41
- 238000003860 storage Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 claims abstract description 70
- 238000004590 computer program Methods 0.000 claims description 18
- 238000000605 extraction Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 8
- 239000004744 fabric Substances 0.000 description 43
- 238000010586 diagram Methods 0.000 description 12
- 101001104100 Homo sapiens Rab effector Noc2 Proteins 0.000 description 10
- 102100040095 Rab effector Noc2 Human genes 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 5
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000013499 data model Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000009776 industrial production Methods 0.000 description 2
- 102100038815 Nocturnin Human genes 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A security domain management method, a device, equipment, a storage medium and a program product belong to the technical field of Internet of things. The method comprises the following steps: in the event that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration, a first event notification is sent to the configuration device. By the scheme, the user can timely delete the unnecessary security domain in the target equipment, and the influence on the adding or updating process of the subsequent security domain is avoided.
Description
The present application relates to the field of internet of things, and in particular, to a method, apparatus, device, storage medium, and program product for secure domain management.
With the continuous development of internet of things (Internet of Things, ioT) technology, more and more internet of things devices bring great convenience to the production and life of users in various fields such as smart home, industrial production and the like.
In the related art, a user may configure a security domain for an internet of things device through a configuration device, so that secure communication may be performed between each internet of things device belonging to the same security domain. Wherein one internet of things device may be configured to multiple security domains.
Disclosure of Invention
The embodiment of the application provides a security domain management method, a device, equipment, a storage medium and a program product. The technical scheme is as follows:
In one aspect, an embodiment of the present application provides a security domain management method, which is performed by a target device, the method including:
Sending a first event notification to a configuration device if the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration; the first event notification is to indicate that the number of configured security domains in the target device reaches an upper number of security domains that the target device supports configuration.
In one aspect, an embodiment of the present application provides a security domain management method, which is performed by a configuration device, the method including:
receiving a first event notification sent by target equipment; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In another aspect, an embodiment of the present application provides a security domain management apparatus, including:
A sending module, configured to send a first event notification to a configuration device when the number of configured security domains in a target device reaches an upper limit of the number of security domains configured by the target device; the first event notification is to indicate that the number of configured security domains in the target device reaches an upper number of security domains that the target device supports configuration.
In another aspect, an embodiment of the present application provides a security domain management apparatus, including:
The receiving module is used for receiving a first event notification sent by the target equipment; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In yet another aspect, an embodiment of the present application provides a computer device, where the computer device includes a processor, a memory, and a transceiver, where the memory stores a computer program, and the computer program is configured to be executed by the processor to implement the above-mentioned security domain management method.
In yet another aspect, an embodiment of the present application further provides a computer readable storage medium having a computer program stored therein, the computer program being loaded and executed by a processor to implement the above-mentioned security domain management method.
In yet another aspect, the present application further provides a chip, where the chip is configured to run in a computer device, so that the computer device performs the above-mentioned security domain management method.
In yet another aspect, the present application provides a computer program product comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the above-described security domain management method.
In yet another aspect, the present application provides a computer program to be executed by a processor of a computer device to implement the above-described security domain management method.
The technical scheme provided by the embodiment of the application can bring the following beneficial effects:
The target device can notify the configured security domain to the configuration device when the number of the configured security domains reaches the upper limit of the number of the security domains supported by the target device; through the scheme, the target device can inform the user of the condition that the configured security domain is full, so that the user can timely delete the unnecessary security domain in the target device, and the influence on the adding or updating process of the subsequent security domain is avoided.
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a network architecture of an internet of things according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of secure domain management provided by one embodiment of the present application;
FIG. 3 is a flow chart of a method of secure domain management provided by one embodiment of the present application;
FIG. 4 is a flow chart of a method of secure domain management provided by one embodiment of the present application;
FIG. 5 is a security domain update diagram according to the embodiment of FIG. 4;
FIG. 6 is a flow chart of a method of secure domain management provided by one embodiment of the present application;
FIG. 7 is a security domain update diagram according to the embodiment of FIG. 6;
FIG. 8 is a block diagram of a security domain management apparatus provided by one embodiment of the present application;
FIG. 9 is a block diagram of a security domain management apparatus provided by one embodiment of the present application;
Fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
Referring to fig. 1, a schematic diagram of a network architecture of the internet of things according to an embodiment of the present application is shown. The network architecture of the internet of things can comprise: an internet of things device 110, a configuration device 120, and an authentication device 130;
The internet of things device 110 may be a device for providing a server function corresponding to an internet of things protocol in the internet of things. The source device may provide subscribed resources externally.
For example, the internet of things device 110 may be an intelligent home device, such as an intelligent light fixture, an intelligent television, an intelligent air conditioner, an intelligent refrigerator, an intelligent microwave oven, an intelligent electric cooker, a sweeping robot, an intelligent sound box, an intelligent switch, and the like.
Or the internet of things device 110 may be an industrial production device, such as a lathe, an industrial robot, a solar panel, a wind turbine, or the like.
Or the internet of things device 110 may be a commercial service device, such as a vending machine or the like.
Or the internet of things device 110 may be an intelligent monitoring device, such as a monitoring camera, infrared sensor, sound sensor, temperature sensor, or the like.
In one possible implementation, the internet of things device 110 may also be a terminal device on the user side. For example, the internet of things device 110 may be an intelligent controller, an intelligent remote control, a smart phone, a tablet computer, a smart watch, a smart television, a gateway, or the like; or the internet of things device 110 may be a personal computer such as a desktop computer, a portable computer, a personal workstation, or the like.
The configuration device 120 may be a terminal device on the user side. For example, the configuration device 120 may be a smart phone, a tablet, a smart watch, a smart television, or the like.
In another possible implementation, the configuration device 120 may also be a client entity (may be a virtual entity) running based on a terminal device, for example, the configuration device 120 may be an APP running in a smart phone for managing and configuring the internet of things device 110.
The authentication device 130 may be a server deployed on the network side. For example, the server may be a single server, or the server may be a server cluster composed of a plurality of servers. The authentication device 130 may be a computer device that provides cloud support for authentication of internet of things devices.
In the embodiment of the present application, the internet of things device 110 may be an electronic device that satisfies the same or different internet of things protocols, for example, an electronic device that satisfies the Matter protocol (or called connecting to the home workgroup (Connected Home over IP Working Group, CHIP) item through IP (Internet Protocol ) under the connection standard alliance (or Zigbee alliance).
The Matter is an internet of things connection standard based on IP, and solves the problems of compatibility, safety, connectivity and the like existing in the current smart home market. The following concepts exist in the Matter protocol:
1)Fabric
Fabric is a security domain that allows a set of nodes to be identified and the identified nodes to communicate in the domain's environment. A node may be identified by one or more Fabric domains. Where Fabric has a unique ID within the ecology, it may be a 64bit code (see table 2 below). In a node operation certificate of a node, there is typically a field to characterize the Fabric ID.
2) Fabric index
Each Fabric on the device has a unique index that corresponds to one of the full Fabric reference tables, expressed using Fabric-idx dataform (embodied as a certain Fabric number, such as Fabric 5). This mapping of the Fabric index into the Fabric reference table will start numbering from the smaller index, e.g., when there is a Fabric 1,3, 4, the new Fabric index Id will be 2, the new Fabric index Id will be 5,6,7, etc. if the Fabric is to be added further.
3)Node
Node, a Node, encapsulates addressable, unique network resources and has a range of functions such that a user can clearly see it as a functional whole. For example, a desk lamp supporting the Matter protocol has an IP address (addressable, unique network resource) after pairing with a user terminal, and has two functions of turning on and off, and the user can treat the desk lamp node as an entity and control it.
Nodes are the highest or outermost first-order elements in the object model and are also the only addressable elements of the object model outermost.
A node may have multiple node ids, each Id attributed to a particular Fabric.
The communication protocol stack supporting the data model should support interactions between nodes on the logical internetwork of nodes.
4)Endpoint
Endpoint is an Endpoint, a node is made up of one or more endpoints. An endpoint is an instance and may be a service type or a virtual device.
Each endpoint has one or more functional units, i.e., clusters (clusters) supported on the endpoint. A cluster is an object class instantiated on an endpoint.
For example, a table lamp may be considered a node, a table lamp may have two independently controlled bulbs, each bulb may be considered an endpoint, the on function of each bulb corresponds to one Cluster, and the brightness adjustment function may correspond to another Cluster.
5)Cluster
Cluster is the most basic functional building element in object model. Clusters define rules for interactions between the server side and the client side. Clusters can be considered interfaces, services, or object classes, being the lowest level of individual functional elements in a data model. Each cluster has an independent specification definition that contains attributes, events, commands, behavior behaviors. The mandatory or optional nature of the clusters, events, commands and behavior depends on the definition of the clusters themselves.
The cluster specification should contain one or more cluster identifiers. A cluster identifier should refer to a cluster specification and ensure compliance with that specification. One cluster instance should be represented by a cluster identifier on the endpoint and can be discovered. The cluster identifier also represents the function and purpose of the cluster instance.
The server clusters support attribute, event and command data and the client clusters are responsible for initiating interactions, including invoking cluster commands.
6)Attribute
Attribute, an Attribute, reflects the queriable/settable state, configuration, and capabilities of a device.
7)Event
Event is an Event that represents a record of past and occurring events. An event can be seen as a log entry and an event stream can be seen as a temporal view of the evolution of states on a node.
The event is readable because its event identifier is discoverable by the cluster instance.
Event records are created by nodes when events occur. The record should have three metadata, event label, timestamp, priority level. These metadata should be stored in the header of the event record.
Event label:
64-bit labels within the range of the node. The label should monotonically increase over the life of the node and ensure that monotonicity is unchanged after the device is restarted. The monotonicity is reset after the device is restored to factory settings.
Each event record should have an event label that is exactly one plus the label of the last created event record on the node.
When a node reboots, the event label may increase by a step size greater than 1.
8) Time stamp
Each event should have a time stamp at the time it was created. The timestamp should be a system time (microseconds) or a epoch time (microseconds).
9) Priority level
Because the priority level can be overwritten at the time of transmission, it should be recorded as one metadata in the event header.
10 Certificate update)
When the root CA (CERTIFICATE AUTHORITY, authentication center) of Ecosystem (ecosystem) is updated, the information of the root certificate configured on the Node needs to be updated accordingly, and the new root Public Key (Public Key) corresponds to the new Fabric, so the new Fabric is added to the device:
① Using the original (old) NOC (Node Operational Certificate, node operation certificate) to establish a CASE (CERTIFICATE AUTHENTICATED SESSION ESTABLISHMENT, certificate authentication session establishment) connection;
② Adding a new root certificate using AddTrustedRootCertificate;
③ Adding a new (new) NOC using AddNOC;
④ Ending CASE;
⑤ Establishing CASE using new NOC;
⑥ The old Fabric was deleted using RemoveFabric.
In the internet of things, the ecosystem may be composed of hardware devices, network connections, software in the cloud, and the like. The hardware equipment comprises a sensor, an actuator and the like; the network connection refers to connection established between the hardware devices of the Internet of things based on an Internet of things protocol; software in the cloud is typically deployed at the cloud for data collection, device and configuration management, messaging, firmware update, security and identity management, and the like.
The root certificate is a certificate issued by the CA and is the starting point of the trust chain. The root certificate may contain three parts, the user's information, the root public key, and the signature of the root certificate by the CA.
NOCs typically include a unique identifier that can be used to identify a node, i.e., a node operation identifier (e.g., a node ID). The NOC is authenticated by the root certificate of the security domain to identify and authenticate the identity of the node in the security domain.
11 Node operation certificate Cluster (NOC Cluster)
This cluster is used to add or delete node operation certificates on a person or node, as well as manage the associated structure.
12 Attribute(s)
Wherein, the node operation certificate cluster attribute (Node Operational Credentials Cluster Attributes) may be as shown in the following table 1:
TABLE 1
CurrentFabricIndex in table 1 above indicates the Fabric corresponding to the connection currently established between two devices (e.g., CASE connection).
Wherein FabricDescriptorStruct has the structure shown in the following table 2:
TABLE 2
| ID | Name | Type | Constraint | Conformance |
| 1 | RootPublicKey | octstr | 65 | M |
| 2 | VendorID | vendor-id | desc | M |
| 3 | FabricID | fabric-id | M | |
| 4 | NodeID | node-id | M | |
| 5 | Label | string | max 32 | M |
The method of node operation clustering (Node Operational Credentials Cluster Commands) may be as shown in table 3 below:
TABLE 3 Table 3
The fields included in AddNOC command parameters may be as shown in table 4:
TABLE 4 Table 4
| ID | Field | Type | Constraint | Conformance |
| 0 | NOCValue | octstr | max 400 | M |
| 1 | ICACValue | octstr | max 400 | O |
| 2 | IpkValue | octstr | 16 | M |
| 3 | CaseAdminNode | SubjectID | M | |
| 4 | AdminVendorId | vendor-id | M |
Wherein AddTrustedRootCertificate (adding a trusted root certificate) command parameters contain fields to be as shown in table 5:
TABLE 5
| ID | Field | Type | Constraint | Conformance |
| 0 | RootCACertificate | octstr | max 400 | M |
Wherein RemoveFabric (remove security domain) command parameters contain fields to be shown in table 6:
TABLE 6
| ID | Field | Type | Conformance |
| 0 | FabricIndex | fabric-idx | M |
In the case of a Multi-manager (Multi-Admin), the device is configured to multiple fabrics, at which point the Fabric number of the device reaches a maximum number of security domains supporting configuration (max Supported Fabrics, the upper limit on the number of security domains supporting configuration). For example, max Supported Fabrics is set when the device leaves the factory, and after the user purchases the device, the device is configured under 5 ecologs, and one Fabric is configured for each ecology. When one of the ecological root CA keys is updated, the user needs to update the ecological root certificate and Fabric configured on the device, but because the Fabric Slot of the device is already occupied, an update error may be caused, which brings trouble to the operation of the user.
Referring to fig. 2, a flowchart of a security domain management method according to an embodiment of the present application is shown, where the method may be performed by a target device, for example, the target device may be the internet of things device 110 in the network architecture shown in fig. 1; the method may comprise the steps of:
Step 201, in the case that the number of configured security domains in the target device reaches the upper limit of the number of security domains supported by the target device for configuration, sending a first event notification to the configuration device; the first event notification is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In an embodiment of the present application, the security domain may be configured in a node operation certificate cluster.
In summary, the target device may notify the configuration device of an event that the configured security domain is full when the number of configured security domains reaches the upper limit of the number of security domains that the target device supports configuration; through the scheme, the target device can inform the user of the condition that the configured security domain is full, so that the user can timely delete the unnecessary security domain in the target device, and the influence on the adding or updating process of the subsequent security domain is avoided.
Referring to fig. 3, a flowchart of a security domain management method according to an embodiment of the present application is shown, where the method may be performed by a target device, for example, the target device may be the configuration device 120 in the network architecture shown in fig. 1; the method may comprise the steps of:
Step 301, receiving a first event notification sent by a target device; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In summary, the target device may notify the configuration device of an event that the configured security domain is full when the number of configured security domains reaches the upper limit of the number of security domains that the target device supports configuration; through the scheme, the target device can inform the user of the condition that the configured security domain is full, so that the user can timely delete the unnecessary security domain in the target device, and the influence on the adding or updating process of the subsequent security domain is avoided.
Based on the schemes shown in fig. 2 and 3, the target device may send a corresponding event notification to the configuration device if the configured security domain is full, each time a new security domain is configured, if possible.
Referring to fig. 4, a flowchart of a security domain management method according to an embodiment of the present application is shown, where the method may be interactively performed by a target device, a configuration device, and an authentication device; for example, the target device may be the internet of things device 110 in the network architecture shown in fig. 1, the configuration device may be the configuration device 120 in the network architecture shown in fig. 1, and the authentication device may be the authentication device 130 in the network architecture shown in fig. 1; the method may comprise the following steps:
Step 401, the configuration device receives an update request sent by the authentication platform, where the update request is used to request to update a configured security domain in the target device; the update request includes the root certificate of the second security domain.
In the embodiment of the application, when a certain ecological authentication platform triggers the update of a root certificate (such as a root public key), an update request can be sent to configuration equipment.
Optionally, the updated root certificate may be carried in the update request.
In one possible implementation, the security domain may include at least one of a root certificate of the security domain, and a node operation certificate of the security domain.
Step 402, the configuration device sends a request for acquiring the number information of the security domains to the target device; the target device receives the request to obtain the number of security domains information.
In the embodiment of the present application, after receiving the update request, the configuration device may query the target device for the number of security domains that it has configured (i.e. CommissionedFabrics in table 1 above) and the upper limit of the number of security domains that it supports configuration (i.e. SupportedFabrics in table 1 above).
Alternatively, the request for obtaining the number of security domains may be a single request, or the request for obtaining the number of security domains may be two requests corresponding to CommissionedFabrics and SupportedFabrics, respectively.
If no connection is established between the current configuration device and the target device, the configuration device may first establish a secure connection with the target device, for example, establish a CASE connection, through a node operation certificate of Fabric where the configuration device is located.
Step 403, the target device sends the number information of the configured security domains in the target device and the number information of the security domains supported by the target device to the configuration device; the configuration equipment receives the number information of the configured security domains in the target equipment and the number information of the security domains supported to be configured by the target equipment, wherein the number information is sent by the target equipment.
The number information of the configured security domains may be the value CommissionedFabrics in table 1; the number information of security domains supporting the configuration may be the value SupportedFabrics in table 1.
After receiving the request for obtaining the number information of the security domains, the target device may read the values CommissionedFabrics and SupportedFabrics from the node operation certificate cluster attribute, and return the read values CommissionedFabrics and SupportedFabrics to the configuration device.
Step 404, in the case that the number of configured security domains in the target device is smaller than the upper limit of the number of security domains supported by the target device for configuration, the configuration device sends a first configuration request to the target device, and the target device receives the first configuration request; the first configuration request includes information of the second security domain.
In the embodiment of the present application, when the configuration device determines that the value CommissionedFabrics is smaller than the value SupportedFabrics, the information of the second security domain that needs to be updated may be sent to the target device through the first configuration request.
The information of the security domain configured in the target device may include at least one of a root certificate of the security domain, a node operation certificate of the security domain, an access control list, binding information, context information, and a group key.
Wherein the first configuration request may be sent by means of AddTrustedRootCertificate (adding trusted root certificates) and AddNOC (adding node operation certificates) in table 3.
In one possible implementation, the configuration device may further receive a node operation certificate of the second security domain sent by the authentication platform before sending the first configuration request to the target device; the node operation certificate of the second security domain is a node operation certificate issued by the authentication platform according to the root public key of the second security domain;
wherein the step of sending the first configuration request to the target device may comprise:
And sending a first configuration request to the target equipment according to the root certificate of the second security domain and the node operation certificate of the second security domain.
For example, the configuration device may send a first configuration request to the target device that includes a root certificate of the second security domain, and a node operation certificate of the second security domain. The root certificate of the second security domain and the node operation certificate of the second security domain may be sent by a single request, or may be sent by multiple requests respectively (that is, the first configuration request may include multiple requests that are sent sequentially).
In the embodiment of the present application, for the NOC in the second security domain, the configuration device may apply for the authentication device, and the authentication device may issue the NOC in the second security domain according to the root public key in the second security domain, and send the NOC to the configuration device.
In step 405, the target device configures a second security domain in the target device according to the first configuration request.
In the embodiment of the application, the target device can write the second security domain into the node operation certificate cluster attribute in the target device.
In one possible implementation manner, the identification information of the security domain carried in the node operation certificate of the second security domain is the identification information of the current security domain; the current security domain is the security domain corresponding to the connection currently established between the configuration device and the target device.
In the embodiment of the present application, the CASE connection needs to be established between the configuration device and the target device based on the security domain, and the security domain used for establishing the CASE connection between the configuration device and the target device is the current security domain.
In an embodiment of the present application, the identification information of the security domain may include at least one of a security domain identification (Fabric ID) and a security domain Index (Fabric Index). For example, the identification information of the current security domain may be CurrentFabricIndex as shown in table 1.
In step 406, the target device updates the number of configured security domains in the target device after the second security domain configuration is completed.
In the embodiment of the present application, after the second security domain configuration is completed, the target device may add 1 to the number of configured security domains in the target device.
Step 407, sending a first event notification to the configuration device, in case the number of configured security domains in the target device reaches the upper limit of the number of security domains that the target device supports configuration; the configuration device receives the first event notification.
In the embodiment of the present application, after the target device adds 1 to the number of configured security domains in the target device, the updated number of configured security domains may be compared with the upper limit of the number of security domains supporting configuration, and if the two are consistent, a first event notification is sent to the configuration device.
In one possible implementation, the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
The information included in the security domain description structure list may be shown in table 2, which is not described herein.
In one possible implementation, the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;
the security domain identification structure contains at least one of the following information:
Root public key, vendor identification information, security domain index, and security domain label.
In the embodiment of the present application, the above-mentioned security domain identification structure list may be obtained after removing the node identification information on the basis of the security domain description structure list.
In one possible implementation, the first event notification includes identification information of the current security domain.
In the embodiment of the application, the target device can carry the identification information of the current security domain corresponding to the security domain used by the connection of the configuration device in the first event notification so as to remind the user of the security domain which can be deleted preferentially at present. For example, the configuration device may display a security domain deletion prompt to the user according to the identification information of the current security domain carried in the first event notification, where the prompt includes information such as an ecology to which the current security domain belongs, so that the user can determine whether to delete the current security domain in the target device or select other security domains configured by the target device for deletion.
Step 408, the configuration device sends a request for removing the security domain to the target device; the target device receives the remove security domain request.
Wherein a remove security domain request (which may be the RemoveFabric command referred to in tables 3 and 6 above) is used to request the target device to remove the configured at least one security domain.
In the embodiment of the application, the configuration device can prompt the user to confirm whether to delete one or more configured security domains in the target device after receiving the first event notification. For example, the configuration device may prompt the user whether to delete a current security domain in the target device, prompt the user whether to delete other security domains that are in the same ecology as the current security domain, or prompt the user to select a configured security domain in one or more target devices for deletion.
In the event that the user confirms that the current security domain in the target device is deleted/other security domains that are in the same ecology as the current security domain, or the user selects a configured security domain in one or more target devices for deletion, the configuration device may send a request to the target device to remove the security domain.
In step 409, the target device removes at least one security domain configured in the target device according to the security domain removal request.
In an embodiment of the present application, the target device may delete one or more configured security domains from the node operation certificate cluster attribute according to the indication of the request to remove the security domain.
In one possible implementation, the removing security domain request includes identification information of the configured first security domain in the target device; the remove security domain request is for requesting the target device to remove the configured first security domain. Accordingly, the target device removes the configured first security domain from the target device according to the security domain removal request.
The first security domain may be a current security domain/another security domain that belongs to the same ecology as the current security domain, or may be a security domain specified by a user.
In the embodiment of the application, a FabricSlotsFull (security domain configuration slot is full) event can be added in the NOC Cluster and is used for sending a notification to an administrator user after Fabric is set to be full; alternatively, fabricSlotsFull event is the first event notification. The FabricSlotsFull event can be as shown in table 7 below:
TABLE 7
| ID | Name | Priority | Access | Conformance |
| 0 | FabricSlotsFull | INFO | V | M |
As shown in the above table, fabricSlotsFull events are prioritized as messages (INFO). The data contained by this event can be as shown in table 8 below:
TABLE 8
| ID | Name | Type | Conformance |
| 0 | Fabrics | list[FabricDescriptorStruct] | O |
As shown in FIG. 9, the first event notification may include the security domain description structure list (list [ FabricDescriptorStruct ]) introduced below in step 407. The data included in the security domain description structure list may refer to table 2, and will not be described herein.
Or FabricSlotsFull events (i.e., the data contained in the first event notification) may also be as shown in table 9 below:
TABLE 9
| ID | Name | Type | Conformance |
| 0 | Fabrics | list[FabricIdStruct] | O |
As shown in FIG. 9, the first event notification may include the security domain identification structure list (list [ FabricIdStruct ]) described below in step 407.
The definition of FabricIdStruct (i.e., the security domain identification structure described above) can be as shown in table 10 below:
Table 10
| ID | Name | Type | Constraint | Conformance |
| 1 | RootPublicKey | octstr | 65 | O |
| 2 | VendorID | vendor-id | desc | M |
| 3 | FabricIndex | fabric-idx | M | |
| 4 | Label | string | max 32 | O |
Referring to fig. 5, a security domain update diagram according to an embodiment of the present application is shown. As shown in fig. 5, assuming that the root CA public key of the ecological platform is updated, the user configures a new credential for the device through the mobile phone as a configurator (Commissioner) as follows:
s51, commissioner (configuration device) receives the authentication platform notification Root PubKey update and the updated certificate RootCert.
S52, commissioner uses the NOC of the original Fabric to establish a CASE connection with the Device.
S53, commissioner reads the SupportedFabrics attribute of the Device.
S54, the Device returns SupportedFabrics the value of the attribute to 5.
S55, commissioner reads the CommissionedFabrics attribute of the Device.
S56, the Device returns CommissionedFabrics that the value of the attribute is 4.
S57, commissioner compares the values of both CommissionedFabrics and SupportedFabrics above, if CommissionedFabrics < SupportedFabrics, determines that a new Fabric can be added.
S58, commissioner sends AddTrustedRootCertificate command to the Device, configures RootCert2 into the Device.
S59, optionally, commissioner sends CSRRequest to the Device a new certificate signing application (CERTIFICATE SIGNING Request, CSR) for the Device.
S510, commissioner applies for a new NOC for Device to the platform.
S511, the platform issues a new NOC2 by using the Root PubKey 2 and returns the new NOC2 to Commissioner.
S512, commissioner sends AddNOC command to the Device to configure NOC2 into the Device.
S513, the Device updates NOC related information, including updating CommissionedFabrics the value of the attribute to 5.
S514, device determines CommissionedFabrics = SupportedFabrics, and may trigger reporting of event notification FabricSlotsFull to Commissioner.
S515, commissioner prompts the user to delete the current Fabric through the operation interface after receiving the FabricSlotsFull event.
S516, the user agrees to delete the current Fabric.
S517, commissioner sends RemoveFabric a command to delete Fabric1 to the Device.
In summary, the target device may notify the configuration device of an event that the configured security domain is full when the number of configured security domains reaches the upper limit of the number of security domains that the target device supports configuration; through the scheme, the target device can inform the user of the condition that the configured security domain is full, so that the user can timely delete the unnecessary security domain in the target device, and the influence on the adding or updating process of the subsequent security domain is avoided.
Based on the schemes shown in fig. 2 and 3, the target device may send a corresponding event notification to the configuration device when the configured security domain is full during each configuration of the new security domain, if possible.
Referring to fig. 6, a flowchart of a security domain management method according to an embodiment of the present application is shown, where the method may be interactively performed by a target device, a configuration device, and an authentication device; for example, the target device may be the internet of things device 110 in the network architecture shown in fig. 1, the configuration device may be the configuration device 120 in the network architecture shown in fig. 1, and the authentication device may be the authentication device 130 in the network architecture shown in fig. 1; the method may comprise the following steps:
Step 601, the configuration device receives an update request sent by the authentication platform, where the update request is used to request to update a configured security domain in the target device; the update request includes the root certificate of the second security domain.
Step 602, the configuration device sends a first configuration request to the target device, and the target device receives the first configuration request; the first configuration request includes information of the second security domain.
In one possible implementation, the configuration device may further receive a node operation certificate of the second security domain sent by the authentication platform before sending the first configuration request to the target device; the node operation certificate of the second security domain is a node operation certificate issued by the authentication platform according to the root public key of the second security domain;
wherein the step of sending the first configuration request to the target device may comprise:
And sending a first configuration request to the target equipment according to the root certificate of the second security domain and the node operation certificate of the second security domain.
In one possible implementation, sending a first configuration request to a target device includes:
The configuration device sends a trusted root certificate request for adding rotation to the target device; adding a root certificate of a second security domain in the rotated trusted root certificate request;
The configuration equipment sends a node operation certificate request for adding rotation to the target equipment; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
Correspondingly, the target equipment receives a trusted root certificate request which is sent by the configuration equipment and added with rotation; and receiving a node operation certificate request which is sent by the configuration equipment and added with rotation.
In the embodiment of the application, two new methods, namely a method for adding a rotated trusted root certificate request and a method for adding a rotated node operation certificate request, can be added on the basis of the method for node operation clustering shown in the table 3, and are used for updating the root certificate and the node operation certificate of the security domain.
In one possible implementation, the identification information of the second security domain is the same as the identification information of the first security domain to be updated.
In the embodiment of the application, when the configured first security domain in the target device is updated, the security domains before and after updating can be kept to use the same identification information.
In one possible implementation manner, the identification information of the security domain carried in the node operation certificate of the second security domain is the identification information of the current security domain; the current security domain is the security domain corresponding to the connection between the configuration device and the target device.
In step 603, the target device caches the information of the second security domain.
In the embodiment of the present application, since the target device cannot configure a new security domain if the number of configured security domains reaches the upper limit of the number of security domains supported by the target device, the target device may save the information of the second security domain and wait for deleting the configured security domain in step 603.
Step 604, the target device sends a first event notification to the configuration device if the number of configured security domains reaches the upper limit of the number of security domains that the target device supports configuration; the configuration device receives the first event notification.
In one possible implementation, the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
In one possible implementation, the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;
the security domain identification structure contains at least one of the following information:
Root public key, vendor identification information, security domain index, and security domain label.
In one possible implementation, the first event notification includes identification information of the current security domain; the current security domain is the security domain corresponding to the connection currently established between the configuration device and the target device.
In one possible implementation, before sending the first event notification to the configuration device, the method further includes:
Extracting identification information of the second security domain from the node operation certificate of the second security domain;
querying the first security domain from the security domain configured by the target device according to the identification information of the second security domain;
Sending a first event notification to a configuration device, comprising:
in case the first security domain is queried, a first event notification is sent to the configuration device.
In the embodiment of the present application, after receiving the first configuration information, the target device may query/match whether the security domain with the same identification information exists locally through the identification information of the second security domain, if so, determine the security domain with the same identification information that needs to be updated, and at this time, send a first event notification to notify the user that the security domain that needs to be updated is deleted.
In one possible implementation, before querying the first security domain from the security domain configured by the target device according to the identification information of the second security domain, the method further includes:
extracting a root public key of the second security domain from the root certificate of the second security domain;
Querying the first security domain from the security domain in which the target device has been configured according to the identification information of the second security domain, comprising:
And querying a first security domain, in which the identification information is identical to the identification information of a second security domain and the root public key is different from the root public key of the second security domain, from the configured security domain of the target device.
In the embodiment of the application, when the target device queries/matches whether the security domain with the same identification information exists locally, whether the security domain needs to be updated can be judged by combining the identification information of the security domain and the contained root public key, and specifically, if one security domain exists in the target device, the identification information of the security domain is the same as that of the second security domain, but the root public key is different, the security domain is the security domain needing to be updated.
Step 605, the configuration device sends a request for removing the security domain to the target device; the target device receives the remove security domain request.
Wherein the remove security domain request is for requesting the target device to remove the configured at least one security domain.
In step 606, the target device removes the configured at least one security domain from the target device according to the security domain removal request.
In one possible implementation, the removing security domain request includes identification information of the configured first security domain in the target device; the remove security domain request is for requesting the target device to remove the configured first security domain. Accordingly, the target device removes the configured first security domain from the target device according to the security domain removal request.
In step 607, the target device configures a second security domain in the target device after removing the configured first security domain in the target device according to the request to remove the security domain.
In an embodiment of the present application, in addition to adding a FabricSlotsFull event to the NOC Cluster, a AddRotationTrustedRootCertificate command (i.e., the trusted root certificate request for adding a rotation described above) and a AddRotationNOC command (corresponding to the node operation certificate request for adding a rotation described above) may be added to the NOC Cluster to add updated root certificates and node operation certificates to the temporary storage area. The method of the new command may be as shown in the following table 11:
TABLE 11
The parameters of AddRotationTrustedRootCertificate commands may be the same as the parameters of AddTrustedRootCertificate commands shown in table 3 above, and the parameters of AddRotationNOC commands may be the same as the parameters of AddNOC commands shown in table 3 above.
Unlike the AddTrustedRootCertificate command and the AddNOC command, in the embodiment of the present application, the AddRotationTrustedRootCertificate command and the AddRotationNOC command are also used to instruct the target device to cache the root certificate and the node operation certificate of the security domain to be configured before configuring the security domain.
The scheme of the embodiment of the application can also add a FabricSlotsFull event (as shown in table 7 above) to the NOC Cluster.
The priority of FabricSlotsFull events is message (INFO). The event contains data as shown in table 12 below:
Table 12
| ID | Name | Type | Conformance |
| 0 | Fabrics | list[FabricDescriptorStruct] | O |
| 1 | CurrentFabricIndex | uint8 | M |
Or FabricSlotsFull events may also be as shown in table 13 below:
TABLE 13
| ID | Name | Type | Default | Conformance |
| 0 | Fabrics | list[FabricIdStruct] | O | |
| 1 | CurrentFabricIndex | uint8 | 0 | M |
CurrentFabricIndex in table 12 is the identification information of the current security domain. The meanings of list [ FabricDescriptorStruct ] and list [ FabricIdStruct ] in tables 12 and 13 may be referred to the corresponding descriptions of tables 8 to 10, and are not repeated here.
Please refer to fig. 7, which illustrates a security domain update diagram according to an embodiment of the present application. As shown in fig. 7, assuming that the root CA public key of the ecological platform is updated, the user configures a new credential for the device through the mobile phone as a configurator (Commissioner) as follows:
S71, commissioner receives the platform notification Root PubKey update and the updated certificate RootCert.
S72, commissioner uses the NOC of the original Fabric to establish CASE connection with the Device.
S73, commissioner sends AddRotationTrustedRootCertificate command to the Device, configures RootCert2 into the Device.
And S74, the Device caches RootCert2 in the temporary storage area according to AddRotationTrustedRootCertificate of the received command.
S75, optionally, commissioner sends CSRRequest to the Device to get the new CSR for the Device.
S76, commissioner applies for a new NOC of the Device to the platform, and the carried parameter FabricID is the original FabricID.
S77, the platform issues new NOC2 by using Root PubKey 2, wherein FabricID in the NOC2 is FabricID. The platform returns the NOC2 to Commissioner.
S78, commissioner sends AddRotationNOC command to the Device, and NOC2 is configured in the Device.
S79, the Device caches the NOC2, ICAC2 and other information in the temporary storage area according to the received command AddRotationNOC.
S710, device determination CommissionedFabrics = SupportedFabrics.
S711, device extracts AddRotationNOC the AdminVendorId parameters in the command to obtain the VendorID value.
S712, extracting FabricID in NOC2 by the Device to obtain FabricID.
S713, the Device finds a matching Fabric, fabric1, based on the values of VendorID and FabricID. Optionally, the Device may also extract the Root PubKey in RootCert as a match to find Fabric.
S714, the Device reports an event notification FabricSlotsFull to Commissioner, carrying the parameter Fabric1.
S715, commissioner prompts the user to delete the Fabric1 through the operation interface after receiving the FabricSlotsFull event.
S716, the user agrees to delete Fabric1.
S717, commissioner sends RemoveFabric a command to delete Fabric1 to the Device.
S718, the Device deletes Fabric1, and adds the cached RootCert and NOC2 to Fabric 1' S Slot.
Through the scheme shown in the embodiments of the application, the problem that the new certificate is not successfully added due to Fabric filling in the process of updating the root CA certificate and NOC can be solved. By adding an event and a temporary storage mechanism in the NOC Cluster, the available Fabric configuration slot is kept, and inconvenience in operation brought to a user when the Root PubKey and the Root certificate are updated is avoided.
In summary, the target device may notify the configuration device of an event that the configured security domain is full when the number of configured security domains reaches the upper limit of the number of security domains that the target device supports configuration; through the scheme, the target device can inform the user of the condition that the configured security domain is full, so that the user can timely delete the unnecessary security domain in the target device, and the influence on the adding or updating process of the subsequent security domain is avoided.
Referring to fig. 8, a block diagram of a security domain management apparatus according to an embodiment of the present application is shown. The secure domain management apparatus 800 has a function to be executed by the target device in the method shown in fig. 2, 4, or 6. As shown in fig. 8, the security domain management apparatus 800 may include:
A sending module 801, configured to send a first event notification to a configuration device when the number of configured security domains in a target device reaches an upper limit of the number of security domains that the target device supports configuration; the first event notification is used to indicate that the number of security domains configured in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In one possible implementation, the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
In one possible implementation, the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;
the security domain identification structure body comprises at least one of the following information:
Root public key, vendor identification information, security domain index, and security domain label.
In a possible implementation manner, the first event notification includes identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
In one possible implementation, the apparatus further includes:
The receiving module is used for receiving a security domain removal request sent by the configuration equipment;
And the removing module is used for removing at least one configured security domain in the target equipment according to the security domain removing request.
In a possible implementation manner, the security domain removal request includes identification information of a first security domain configured in the target device;
the removing module is configured to remove the configured first security domain in the target device according to the security domain removing request.
In a possible implementation manner, the receiving module is further configured to receive a first configuration request sent by the configuration device, where the first configuration request includes information of the second security domain.
In one possible implementation, the apparatus further includes:
a first configuration module, configured to configure the second security domain in the target device according to the first configuration request;
And the quantity updating module is used for updating the quantity of the configured security domains in the target equipment after the second security domain is configured.
In a possible implementation manner, the receiving module is further configured to receive a request sent by the configuration device to obtain the number information of the security domains;
The sending module is further configured to send, to the configuration device, the number information of the configured security domains in the target device and the number information of the security domains that the target device supports configuration.
In one possible implementation, the apparatus further includes:
the caching module is used for caching the information of the second security domain;
the apparatus further comprises:
and the second configuration module is used for configuring the second security domain in the target equipment according to the cached information of the second security domain after the configured first security domain in the target equipment is removed according to the security domain removal request.
In one possible implementation, the receiving module is configured to,
Receiving a trusted root certificate request which is sent by the configuration equipment and added with rotation; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;
Receiving a node operation certificate request which is transmitted by the configuration equipment and added with rotation; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
In one possible implementation, the identification information of the second security domain is the same as the identification information of the first security domain.
In one possible implementation, the apparatus further includes:
A first extraction module, configured to extract identification information of the second security domain from a node operation certificate of the second security domain;
A query module, configured to query the first security domain from the security domain configured by the target device according to the identification information of the second security domain;
The sending module is configured to send the first event notification to the configuration device when the first security domain is queried.
In a possible implementation manner, the extracting module is further configured to extract, from a root certificate of the second security domain, a root public key of the second security domain before querying the first security domain from the security domain configured by the target device;
The query module is configured to query, from a configured security domain of the target device, the first security domain having identification information identical to identification information of the second security domain and a root public key different from a root public key of the second security domain.
Referring to fig. 9, a block diagram of a security domain management apparatus according to an embodiment of the present application is shown. The security domain management apparatus 900 has functions to be executed by the configuration device in the method shown in fig. 3,4, or 6. As shown in fig. 9, the security domain management apparatus 900 may include:
A receiving module 901, configured to receive a first event notification sent by a target device; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
In one possible implementation, the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
In one possible implementation, the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;
the security domain identification structure body comprises at least one of the following information:
Root public key, vendor identification information, security domain index, and security domain label.
In a possible implementation manner, the first event notification includes identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
In one possible implementation, the apparatus further includes:
A sending module, configured to send a request for removing the security domain to the target device; the remove security domain request is for requesting the target device to remove the configured at least one security domain.
In a possible implementation manner, the security domain removal request includes identification information of a first security domain configured in the target device; the remove security domain request is to request the target device to remove the configured first security domain.
In a possible implementation manner, the sending module is further configured to send a first configuration request to the target device, where the first configuration request includes information of the second security domain.
In a possible implementation manner, the receiving module is further configured to, before the sending module sends the first configuration request to the target device, receive an update request from an authentication platform, where the update request is used to request updating of a configured security domain in the target device; the update request comprises a root certificate of the second security domain;
The receiving module is further configured to receive a node operation certificate of the second security domain sent by the authentication platform; the node operation certificate of the second security domain is a node operation certificate issued by the authentication platform according to a root public key of the second security domain;
the sending module is configured to send the first configuration request to the target device according to the root certificate of the second security domain and the node operation certificate of the second security domain.
In one possible implementation manner, the identification information of the security domain carried in the node operation certificate of the second security domain is the identification information of the current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
In a possible implementation manner, the sending module is further configured to send a request for obtaining the number information of the security domains to the target device;
The receiving module is further configured to receive the number information of the security domains configured in the target device and the number information of the security domains supported by the target device, where the number information is sent by the target device;
The sending module is configured to send the first configuration request to the target device if the number of configured security domains in the target device is less than the upper limit of the number of security domains supported by the target device.
In one possible implementation, the sending module is configured to send, to the user,
Sending a trusted root certificate request for adding rotation to the target device; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;
sending a node operation certificate request for adding rotation to the target equipment; the node operation certificate request of the adding rotation comprises the node operation certificate in the second security domain.
Referring to fig. 10, a schematic structural diagram of a computer device 1000 according to an embodiment of the application is shown. The computer device 1000 may include: a processor 1001, a receiver 1002, a transmitter 1003, a memory 1004, and a bus 1005.
The processor 1001 includes one or more processing cores, and the processor 1001 executes various functional applications and information processing by running software programs and modules.
The receiver 1002 and the transmitter 1003 may be implemented as one communication component, which may be a communication chip. The communication chip may also be referred to as a transceiver.
The memory 1004 is connected to the processor 1001 through a bus 1005.
The memory 1004 may be used for storing a computer program for execution by the processor 1001 for carrying out the steps of the method embodiments described above.
Further, the memory 1004 may be implemented by any type of volatile or nonvolatile storage device or combination thereof, including but not limited to: magnetic or optical disks, electrically erasable programmable read-only memory, static random access memory, read-only memory, magnetic memory, flash memory, programmable read-only memory.
Wherein the processes performed by the processor and/or transceiver in the computer device 1000 may refer to the steps performed by the target device or the configuration device in the methods shown in any of fig. 2,3,4, or 6.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, the computer program being loaded and executed by a processor to implement the steps performed by a target device or a configuration device in the method shown in any of the above fig. 2,3,4 or 6.
The present application also provides a chip for running in a computer device to cause the computer device to perform the steps performed by a target device or a configuration device in the method shown in any of the above figures 2,3,4 or 6.
The present application also provides a computer program product, or computer program, comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of the computer device, and executed by the processor, to cause the computer device to perform the steps performed by the target device or the configuration device in the method shown in any of fig. 2,3,4, or 6 described above.
The present application also provides a computer program for execution by a processor of a computer device to perform the steps of the method shown in any of the above figures 2,3,4 or 6, as performed by a target device or a configuration device.
Claims (53)
- A security domain management method, the method performed by a target device, the method comprising:Sending a first event notification to a configuration device if the number of security domains that the target device has configured reaches an upper limit on the number of security domains that the target device supports configuration; the first event notification is to indicate that the number of configured security domains in the target device reaches an upper number of security domains that the target device supports configuration.
- The method of claim 1, wherein the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
- The method of claim 1, wherein the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;the security domain identification structure body comprises at least one of the following information:Root public key, vendor identification information, security domain index, and security domain label.
- A method according to any one of claims 1 to 3, wherein the first event notification contains identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The method according to any one of claims 1 to 4, further comprising:Receiving a security domain removal request sent by the configuration equipment;and removing the configured at least one security domain in the target equipment according to the security domain removal request.
- The method of claim 5, wherein the request for removing the security domain includes identification information of the first security domain configured in the target device;The removing, according to the security domain removal request, the configured at least one security domain in the target device includes:and removing the configured first security domain in the target equipment according to the security domain removal request.
- The method according to claim 5 or 6, wherein, in case the number of security domains configured in the target device reaches the upper limit of the number of security domains that the target device supports configuration, before sending the first event notification to the configuration device, further comprising:Receiving a first configuration request sent by the configuration equipment, wherein the first configuration request comprises information of a second security domain;Configuring the second security domain in the target device according to the first configuration request;And after the second security domain configuration is completed, updating the number of the configured security domains in the target device.
- The method of claim 7, wherein the method further comprises:receiving a request for acquiring the quantity information of the security domains, which is sent by the configuration equipment;and sending the number information of the security domains configured by the target device and the number information of the security domains supported to be configured by the target device to the configuration device.
- The method of claim 7, wherein the method further comprises:Caching information of the second security domain;After the configured first security domain information in the target device is removed according to the security domain removal request, the second security domain is configured in the target device according to the cached information of the second security domain.
- The method of claim 9, wherein the receiving the first configuration request sent by the configuration device comprises:Receiving a trusted root certificate request which is sent by the configuration equipment and added with rotation; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;Receiving a node operation certificate request which is transmitted by the configuration equipment and added with rotation; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
- A method according to claim 9 or 10, wherein the identification information of the second security domain is the same as the identification information of the first security domain.
- The method of claim 11, wherein prior to sending the first event notification to the configuration device, further comprising:extracting identification information of the second security domain from a node operation certificate of the second security domain;Querying the first security domain from the security domain configured by the target device according to the identification information of the second security domain;said sending said first event notification to said configuration device, comprising:And sending the first event notification to the configuration device in the case that the first security domain is queried.
- The method of claim 12, wherein the querying the first security domain from the security domain in which the target device has been configured based on the identification information of the second security domain further comprises:extracting a root public key of the second security domain from a root certificate of the second security domain;said querying the first security domain from the security domain in which the target device has been configured according to the identification information of the second security domain, comprising:And querying the first security domain, in which the identification information is identical to the identification information of the second security domain and the root public key is different from the root public key of the second security domain, from the configured security domain of the target device.
- A security domain management method, the method performed by a configuration device, the method comprising:receiving a first event notification sent by target equipment; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
- The method of claim 14, wherein the first event notification includes a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
- The method of claim 14, wherein the first event notification includes a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;the security domain identification structure body comprises at least one of the following information:Root public key, vendor identification information, security domain index, and security domain label.
- A method according to any one of claims 14 to 16, wherein the first event notification contains identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The method according to any one of claims 14 to 17, further comprising:Sending a security domain removal request to the target device; the remove security domain request is for requesting the target device to remove the configured at least one security domain.
- The method of claim 18, wherein the request for removing the security domain includes identification information of the first security domain configured in the target device; the remove security domain request is to request the target device to remove the configured first security domain.
- The method according to claim 18 or 19, characterized in that the method further comprises:And sending a first configuration request to the target device, wherein the first configuration request comprises information of a second security domain.
- The method of claim 20, wherein the method further comprises:Receiving an update request sent by an authentication platform, wherein the update request is used for requesting to update a configured security domain in the target equipment; the update request comprises a root certificate of the second security domain;Receiving a node operation certificate of the second security domain sent by the authentication platform; the node operation certificate of the second security domain is a node operation certificate issued by the authentication platform according to a root public key of the second security domain;The sending a first configuration request to the target device includes:And sending the first configuration request to the target equipment according to the root certificate of the second security domain and the node operation certificate of the second security domain.
- The method of claim 21, wherein the identification information of the security domain carried in the node operation certificate of the second security domain is the identification information of the current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The method according to any one of claims 20 to 22, further comprising:sending a request for acquiring the quantity information of the security domain to the target equipment;Receiving the number information of the configured security domains in the target equipment and the number information of the security domains supported to be configured by the target equipment, wherein the number information is sent by the target equipment;The sending a first configuration request to the target device includes:And sending the first configuration request to the target device under the condition that the number of the configured security domains in the target device is smaller than the number of the security domains supported by the target device.
- The method according to any one of claims 20 to 22, wherein said sending a first configuration request to the target device comprises:Sending a trusted root certificate request for adding rotation to the target device; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;Sending a node operation certificate request for adding rotation to the target equipment; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
- A security domain management apparatus, the apparatus comprising:A sending module, configured to send a first event notification to a configuration device when the number of configured security domains in a target device reaches an upper limit of the number of security domains configured by the target device; the first event notification is to indicate that the number of configured security domains in the target device reaches an upper number of security domains that the target device supports configuration.
- The apparatus of claim 25, wherein the first event notification comprises a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
- The apparatus of claim 25, wherein the first event notification comprises a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of at least one configured security domain in the target device;the security domain identification structure body comprises at least one of the following information:Root public key, vendor identification information, security domain index, and security domain label.
- The apparatus according to any one of claims 25 to 27, wherein the first event notification contains identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The apparatus according to any one of claims 25 to 28, further comprising:The receiving module is used for receiving a security domain removal request sent by the configuration equipment;And the removing module is used for removing at least one configured security domain in the target equipment according to the security domain removing request.
- The apparatus of claim 29, wherein the request for removing the security domain includes identification information of the first security domain configured in the target device;the removing module is configured to remove the configured first security domain in the target device according to the security domain removing request.
- The apparatus of claim 29 or 30, wherein the device comprises a plurality of sensors,The receiving module is further configured to receive a first configuration request sent by the configuration device, where the first configuration request includes information of a second security domain;the apparatus further comprises:a first configuration module, configured to configure the second security domain in the target device according to the first configuration request;And the quantity updating module is used for updating the quantity of the configured security domains in the target equipment after the second security domain is configured.
- The apparatus of claim 31, wherein the device comprises a plurality of sensors,The receiving module is further configured to receive a request for acquiring the number information of the security domains, which is sent by the configuration device;The sending module is further configured to send, to the configuration device, the number information of the security domains configured in the target device and the number information of the security domains supported by the target device.
- The apparatus of claim 31, wherein the apparatus further comprises:the caching module is used for caching the information of the second security domain;and the second configuration module is used for configuring the second security domain in the target equipment according to the cached information of the second security domain after the configured first security domain in the target equipment is removed according to the security domain removal request.
- The apparatus of claim 33, wherein the receiving means is configured to,Receiving a trusted root certificate request which is sent by the configuration equipment and added with rotation; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;Receiving a node operation certificate request which is transmitted by the configuration equipment and added with rotation; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
- The apparatus of claim 33 or 34, wherein the identification information of the second security domain is the same as the identification information of the first security domain.
- The apparatus of claim 35, wherein the apparatus further comprises:A first extraction module, configured to extract identification information of the second security domain from a node operation certificate of the second security domain;A query module, configured to query the first security domain from the security domain configured by the target device according to the identification information of the second security domain;The sending module is configured to send the first event notification to the configuration device when the first security domain is queried.
- The apparatus of claim 36, wherein the device comprises a plurality of sensors,The extraction module is further configured to extract a root public key of the second security domain from a root certificate of the second security domain;The query module is configured to query, from a configured security domain of the target device, the first security domain having identification information identical to identification information of the second security domain and a root public key different from a root public key of the second security domain.
- A security domain management apparatus, the apparatus comprising:The receiving module is used for receiving a first event notification sent by the target equipment; the first notification event is used to indicate that the number of configured security domains in the target device reaches an upper limit on the number of security domains that the target device supports configuration.
- The apparatus of claim 38, wherein the first event notification comprises a list of security domain description structures; the security domain description structure list includes security domain description structures of at least one security domain configured in the target device.
- The apparatus of claim 38, wherein the first event notification comprises a list of security domain identification structures; the security domain identification structure list comprises security domain identification structures of configured security domains in the target device;the security domain identification structure body comprises at least one of the following information:Root public key, vendor identification information, security domain index, and security domain label.
- An apparatus as claimed in any one of claims 38 to 40, wherein the first event notification includes identification information of a current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The apparatus of any one of claims 38 to 41, wherein the apparatus further comprises:A sending module, configured to send a request for removing the security domain to the target device; the remove security domain request is for requesting the target device to remove the configured at least one security domain.
- The apparatus of claim 42, wherein the request for removal of the security domain includes identification information of the first security domain configured in the target device; the remove security domain request is to request the target device to remove the configured first security domain.
- The apparatus of claim 42 or 43, wherein the device comprises,The sending module is further configured to send a first configuration request to the target device, where the first configuration request includes information of the second security domain.
- The apparatus of claim 44, wherein the device comprises,The receiving module is further configured to receive an update request sent by the authentication platform, where the update request is used to request updating of a configured security domain in the target device; the update request comprises a root certificate of the second security domain;The receiving module is further configured to receive a node operation certificate of the second security domain sent by the authentication platform; the node operation certificate of the second security domain is a node operation certificate issued by the authentication platform according to a root public key of the second security domain;the sending module is configured to send the first configuration request to the target device according to the root certificate of the second security domain and the node operation certificate of the second security domain.
- The apparatus of claim 45, wherein the identification information of the security domain carried in the node operation certificate of the second security domain is identification information of the current security domain; the current security domain is a security domain corresponding to a connection currently established between the configuration device and the target device.
- The apparatus of any one of claims 44 to 46, wherein,The sending module is further configured to send a request for obtaining the number information of the security domains to the target device;the receiving module is further configured to receive the number information of the configured security domains in the target device and the number information of the security domains supported by the target device, where the number information is sent by the target device;The sending module is configured to send the first configuration request to the target device if the number of configured security domains in the target device is less than the upper limit of the number of security domains supported by the target device.
- The apparatus of any one of claims 44 to 46, wherein the transmitting module is configured to,Sending a trusted root certificate request for adding rotation to the target device; the addition of the alternate trusted root certificate request includes the root certificate of the second security domain;Sending a node operation certificate request for adding rotation to the target equipment; the node operation certificate request added with the rotation comprises the node operation certificate of the second security domain.
- A computer device comprising a processor, a memory, and a transceiver;The memory has stored therein a computer program, the processor executing the computer program to cause the computer device to implement the security domain management method of any of the preceding claims 1 to 24.
- A computer readable storage medium having stored therein a computer program for execution by a processor to implement the security domain management method of any of claims 1 to 24.
- A chip for running in a computer device to cause the computer device to perform the security domain management method of any of claims 1 to 24.
- A computer program product, the computer program product comprising computer instructions stored in a computer readable storage medium; a processor of a computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions, such that the computer device performs the security domain management method of any of claims 1 to 24.
- A computer program, characterized in that it is executed by a processor of a computer device to implement the security domain management method of any of claims 1 to 24.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2022/091541 WO2023216035A1 (en) | 2022-05-07 | 2022-05-07 | Security domain management method and apparatus, device, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118435639A true CN118435639A (en) | 2024-08-02 |
Family
ID=88729393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202280084063.2A Pending CN118435639A (en) | 2022-05-07 | 2022-05-07 | Security domain management method, device, apparatus, storage medium and program product |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN118435639A (en) |
| WO (1) | WO2023216035A1 (en) |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8539545B2 (en) * | 2010-07-22 | 2013-09-17 | Juniper Networks, Inc. | Domain-based security policies |
| KR102132218B1 (en) * | 2013-09-24 | 2020-07-09 | 삼성전자 주식회사 | Method and apparatus for security domain notification in trusted execution environment |
| WO2016023199A1 (en) * | 2014-08-13 | 2016-02-18 | 华为技术有限公司 | Method, device and system for security domain management |
| US10671744B2 (en) * | 2016-06-23 | 2020-06-02 | Intel Corporation | Lightweight trusted execution for internet-of-things devices |
| WO2021102915A1 (en) * | 2019-11-29 | 2021-06-03 | Oppo广东移动通信有限公司 | Method and apparatus for configuring internet-of-things device, and storage medium |
| WO2021142849A1 (en) * | 2020-01-19 | 2021-07-22 | Oppo广东移动通信有限公司 | Method and apparatus for configuring, discovering and joining security domain, and electronic device |
| CN113381966B (en) * | 2020-03-09 | 2023-09-26 | 维沃移动通信有限公司 | Information reporting method, information receiving method, terminal and network side equipment |
| CN113810283A (en) * | 2021-09-16 | 2021-12-17 | 中国联合网络通信集团有限公司 | Network security configuration method, device, server and storage medium |
-
2022
- 2022-05-07 CN CN202280084063.2A patent/CN118435639A/en active Pending
- 2022-05-07 WO PCT/CN2022/091541 patent/WO2023216035A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023216035A1 (en) | 2023-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105471686B (en) | Terminal control method, device and system | |
| JP5981662B2 (en) | Method and apparatus for access authorization authentication in a wireless communication system | |
| CN109644522B (en) | Method and system for securely loading devices over a wireless network | |
| US9769801B2 (en) | Method and apparatus for updating information regarding specific resource in wireless communication system | |
| US9521039B2 (en) | Method and system for managing devices in batches | |
| CN105049502B (en) | The method and apparatus that device software updates in a kind of cloud network management system | |
| US20150358824A1 (en) | Method and apparatus for controlling access in wireless communication system | |
| US20200195508A1 (en) | Systems and methods for network device management using device clustering | |
| US20090024727A1 (en) | Network system management method | |
| US20090160626A1 (en) | Method for Setting Home Code in Network System and Device for Network | |
| KR20070119013A (en) | Device for network system and method of transmitting profile | |
| US20080172481A1 (en) | Method of Configuring Network Profile of Network System | |
| JP2023529775A (en) | DEVICE CONTROL METHOD, DEVICE, GATEWAY DEVICE AND STORAGE MEDIUM IN INTERNET OF THINGS | |
| CN118435639A (en) | Security domain management method, device, apparatus, storage medium and program product | |
| CN115835370A (en) | Network distribution method, device, equipment and medium for intelligent equipment | |
| CN105207811B (en) | Method and device for replacing non-AllJoyn equipment | |
| CN113132333B (en) | Networking login method, household appliance equipment, household appliance system and storage medium | |
| TWI439081B (en) | Networking device and method for reseting parameters thereof | |
| CN112152850A (en) | Internet of things equipment management method based on IGRS (intelligent grouping and resource sharing) protocol and business terminal | |
| WO2023184559A1 (en) | Device sharing method and apparatus, and device, storage medium and program product | |
| WO2023108653A1 (en) | Subscription access information processing method and apparatus, computer device and storage medium | |
| WO2023115584A1 (en) | Connection configuration method and apparatus, connection establishment method and apparatus, device, and storage medium | |
| CN117917048A (en) | Method, device, equipment and storage medium for configuring bridging equipment | |
| CN114125843B (en) | Intelligent equipment network distribution method, device and equipment | |
| CN118103838A (en) | Information reporting method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |