Search

EP-4258627-B1 - KEY NEGOTIATION METHOD AND RELATED DEVICE THEREFOR

EP4258627B1EP 4258627 B1EP4258627 B1EP 4258627B1EP-4258627-B1

Inventors

  • WANG, DEHAI

Dates

Publication Date
20260513
Application Date
20211214

Claims (15)

  1. A key negotiation method, comprising: generating, by a first hub device, public key information of a first electronic device and private key information of the first electronic device, wherein the first hub device is a routing device or a device having a routing function, the first electronic device having a station-to-station key negotiation capability, and the first electronic device does not have a key negotiation capability and accesses an external network by using the first hub device; reporting, by the first hub device, a first mode of the first electronic device to a cloud device, wherein the first mode comprises that the first electronic device supports a key negotiation capability; obtaining, by the first hub device, public key information of a second electronic device in the external network, wherein the second electronic device is a control station device for controlling the first electronic device, the public key information is sent by the second electronic device based on the first mode of the first electronic device; and performing, by the first hub device, key negotiation with the second electronic device based on the private key information of the first electronic device and the public key information of the second electronic device, to generate a first shared key.
  2. The method according to claim 1, wherein the method further comprises: sending, by the first hub device, the first shared key to the first electronic device.
  3. The method according to claim 2, wherein after the sending, by the first hub device, the first shared key to the first electronic device, the method further comprises: receiving, by the first hub device, first information by using the cloud device, wherein the first information is encrypted by the second electronic device based on the first shared key; and sending, by the first hub device, the first information to the first electronic device.
  4. The method according to claim 1, wherein the method further comprises: receiving, by the first hub device, first information by using the cloud device, wherein the first information is encrypted by the second electronic device based on the first shared key; decrypting, by the first hub device, the first information based on the first shared key, to obtain second information; and sending, by the first hub device, the second information to the first electronic device.
  5. The method according to any one of claims 1 to 4, wherein before the generating, by a first hub device, public key information of a first electronic device and private key information of the first electronic device, the method further comprises: receiving, by the first hub device, registration information sent by the first electronic device, wherein the registration information comprises a first identification code of the first electronic device, and information that the first electronic device does not have the key negotiation capability.
  6. The method according to claim 5, wherein the obtaining, by the first hub device, public key information of a second electronic device comprises: performing, by the first hub device, key negotiation with the second electronic device based on the first identification code, to generate a second shared key; receiving, by the first hub device, the public key information of the second electronic device by using the cloud device, wherein the public key information of the second electronic device is encrypted by the second electronic device based on the second shared key; and decrypting, by the first hub device, the public key information of the second electronic device based on the second shared key.
  7. The method according to claim 6, wherein the method further comprises: sending, by the first hub device, the public key information of the first electronic device to the second electronic device by using the cloud device, wherein the public key information of the first electronic device is encrypted by the first hub device based on the second shared key.
  8. The method according to claim 7, wherein before the sending, by the first hub device, the public key information of the first electronic device to the second electronic device by using the cloud device, the method further comprises: determining, by the first hub device based on first registration information, that the first electronic device does not have the key negotiation capability.
  9. The method according to any one of claims 1 to 8, wherein before the generating, by a first hub device, public key information of a first electronic device and private key information of the first electronic device, the method further comprises: receiving, by the first hub device, a hub probe packet sent by the first electronic device; and sending, by the first hub device to the first electronic device, a response packet responding to the hub probe packet, wherein the response packet is used to enable the first electronic device to access the network by using the first hub device.
  10. The method according to any one of claims 1 to 9, wherein a communication connection based on a communication protocol comprising Wi-Fi or Bluetooth is established between the first electronic device and the first hub device, and a cloud transmission link between the second electronic device and the first hub device is established based on a cellular network protocol.
  11. A hub device, comprising a processor and a memory, wherein the processor is coupled to the memory, the memory stores program instructions, and when the program instructions stored in the memory are executed by the processor, the method according to any one of claims 1 to 10 is performed.
  12. The hub device of claim 11, wherein the hub device is a routing device, comprising a wireless switch used in a wireless network, a Wi-Fi wireless router, an optical network terminal, a Wi-Fi wireless repeater or a customer premise equipment, CPE, terminal, or a portable terminal hotspot.
  13. The hub device of claim 11, wherein the hub device is a device having a routing function, comprising a wireless router, a smart television, a large-screen device, a smart air conditioner, a mobile phone, a tablet computer, a notebook computer, a large-screen television, a smart home appliance, a personal digital assistant, PDA, a point of sale, POS, or a vehicle-mounted computer.
  14. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, the computer program comprises program instructions, and when the program instructions are executed by a processor, the processor is enabled to perform the method according to any one of claims 1 to 10.
  15. A chip, comprising a processor, wherein the processor is configured to invoke a computer program from a memory and run the computer program, so that a communication device on which the chip is installed performs the method according to any one of claims 1 to 10.

Description

TECHNICAL FIELD This application relates a key negotiation method, a hub device, a computer-readable storage medium, and a chip, which may be employed in particular in the field of smart home devices. BACKGROUND Currently, home devices in a home may include two types: a sensitive device and a non-sensitive device. A HiChain-related component may be integrated on the sensitive device. The HiChain-related component can generate related information about a public key and a private key of the device and perform key negotiation with another device, to improve information transmission security. Generally, the sensitive device with the HiChain-related component has larger memory than the non-sensitive device. However, because memory of the non-sensitive device is small, the HiChain-related component is not integrated on the non-sensitive device generally. Therefore, related information about a public key and a private key cannot be generated, and key negotiation with another device cannot be performed. In some scenarios, a terminal device needs to control the home device by using the cloud. When the terminal device sends information to the sensitive device by using the cloud, because the sensitive device may perform key negotiation with a peer terminal device, the information sent by the terminal device to the sensitive device by using the cloud can be encrypted. When the terminal device sends information to the non-sensitive device by using the cloud, because the non-sensitive device does not have a key negotiation capability, the information sent by the terminal device to the sensitive device by using the cloud cannot be encrypted. In this case, the cloud may learn specific content of the information, resulting in a risk of information leakage; and the cloud may tamper with the information, which reduces security, cannot ensure accuracy of controlling the non-sensitive device by a user, and affects user experience. CN 108306793 A discloses intelligent equipment, an intelligent household gateway, a method and a system used for establishing connection, and the method and the system are used for the intelligent equipment. The method comprises steps that according to a service set identifier SSID corresponding to the intelligent household gateway, the intelligent household gateway is searched on a preset channel; by adopting a preset connection way, a first sharing private key with the intelligent household gateway is generated; a request message aiming at establishing of password-less wireless-fidelity connection is transmitted to the intelligent household gateway; a responding message from the intelligent household gateway is received, and the password-less Wi-Fi connection is established, and the intelligent equipment adopts the first sharing private key, and is used for data interaction with the intelligent household network by the password-less Wi-Fi connection. The paper "Security-Oriented Framework for Internet of Things Smart-Home Applications" by Bogdan-Cosmin Chifor et al, 22nd International Conference on Control Systems and Computer Science (CSCS), 2019, DOI: 10.1109/CSCS.2019.00033 proposes a Smart-Home security framework which consists in a Secure Cloud platform and a smartphone based command authorization solution. The Secure Cloud acts as proxy between the IoT devices and a third-party Cloud vendor and the smartphone authorization mechanism allows the user to control the commands received by the IoT device. US 9,462,624 B2 provides methods, devices, and machine-readable media to provide secure communications between entities. As provided therein, this may include receiving a request to begin a new communication session, determining one or more desired parameters of the session, and determining whether the desired parameters of the message match proposed parameters provided by the entity requesting the new communication session. When the one or more proposed parameters match the one or more desired parameters, a secure communication session is established between the entities. SUMMARY This application provides a key negotiation method a hub device, a computer-readable storage medium, and a chip. The invention is defined by the attached set of claims. Further details of the disclosed methods, devices and system are provided in the following, which are helpful for understanding the claimed invention. In a process in which a first electronic device performs information transmission with a second electronic device by using a hub device, the first hub device may perform negotiation with the second electronic device, to generate a shared key, and encrypt information based on the key. This improves security of information transmission between the second electronic device and the first electronic device, ensures accuracy of controlling the first electronic device by a user, and improves user experience. According to a first aspect, a key negotiation method is provided. The method includes: A first hub device g