TWI789635B - Electronic device and method for encrypted communication - Google Patents
Electronic device and method for encrypted communication Download PDFInfo
- Publication number
- TWI789635B TWI789635B TW109134109A TW109134109A TWI789635B TW I789635 B TWI789635 B TW I789635B TW 109134109 A TW109134109 A TW 109134109A TW 109134109 A TW109134109 A TW 109134109A TW I789635 B TWI789635 B TW I789635B
- Authority
- TW
- Taiwan
- Prior art keywords
- sub
- cloud server
- registered
- unregistered
- key
- Prior art date
Links
Images
Landscapes
- Communication Control (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本發明係有關於一電子裝置,特別係有關於用於加密通訊的電子裝置及方法。The present invention relates to an electronic device, in particular to an electronic device and method for encrypted communication.
大多數的即時訊息服務(例如,交友通訊應用程式)都要求發送者和接收者都必須在其服務上註冊一個帳號,以便發送者和接收者可以彼此發現並創建安全的通訊通道。現今的使用習慣中,使用者更加不願意安裝新的應用程式。如果兩個使用者沒有共同的即時訊息應用程式,則彼此係無法進行安全通訊。Most instant messaging services (eg, dating and messaging apps) require both the sender and receiver to register an account on their service so that the sender and receiver can discover each other and create a secure communication channel. In today's usage habits, users are even more reluctant to install new applications. If two users do not have a common instant messaging application, they cannot communicate securely with each other.
依據本發明實施例之電子裝置,包括一雲端伺服器、一已註冊子裝置,及一未註冊子裝置。雲端伺服器驗證至少一子裝置是否已註冊。已註冊子裝置執行一應用程式,使得已註冊子裝置得以與雲端伺服器建立一通訊通道。已註冊子裝置透過通訊通道,從雲端伺服器接收一網址。未註冊子裝置透過其他通訊管道從已註冊子裝置接收網址。當未註冊子裝置透過瀏覽器造訪網址而與雲端伺服器相連線時,雲端伺服器傳送一驗證訊息予已註冊子裝置,使得已註冊子裝置得以對未註冊子裝置執行身分驗證。當已註冊子裝置核准未註冊子裝置的身分驗證,雲端伺服器建立與未註冊子裝置之間的通訊通道,使得已註冊子裝置可透過雲端伺服器與未註冊子裝置進行一加密通訊。An electronic device according to an embodiment of the present invention includes a cloud server, a registered sub-device, and an unregistered sub-device. The cloud server verifies whether at least one sub-device is registered. The registered sub-device executes an application program, so that the registered sub-device can establish a communication channel with the cloud server. The registered sub-device receives a URL from the cloud server through the communication channel. The unregistered child device receives the URL from the registered child device through other communication channels. When the unregistered sub-device connects to the cloud server by visiting the website through the browser, the cloud server sends a verification message to the registered sub-device, so that the registered sub-device can perform identity verification on the unregistered sub-device. When the registered sub-device approves the identity verification of the unregistered sub-device, the cloud server establishes a communication channel with the unregistered sub-device, so that the registered sub-device can conduct an encrypted communication with the unregistered sub-device through the cloud server.
如上所述之電子裝置,其中,已註冊子裝置執行應用程式而產生一第一公開金鑰及一第一私密金鑰,並且透過通訊通道將第一公開金鑰傳送予雲端伺服器。雲端伺服器透過第一公開金鑰確認該已註冊子裝置的身分。The above electronic device, wherein the registered sub-device executes the application program to generate a first public key and a first private key, and transmits the first public key to the cloud server through the communication channel. The cloud server confirms the identity of the registered child device through the first public key.
如上所述之電子裝置,其中,網址為一統一資源定位符(uniform resource locator:URL)。驗證訊息為一雙因素驗證(two-factor authentication)。The above electronic device, wherein the URL is a uniform resource locator (uniform resource locator: URL). The verification message is a two-factor authentication.
如上所述之電子裝置,其中,當雲端伺服器傳送驗證訊息予已註冊子裝置時,已註冊子裝置產生一驗證使用者介面(UI) ,或透過對該已註冊子裝置及/或該雲端伺服器的設定,該已註冊子裝置可在收到該驗證訊息時自動授權。The electronic device as above, wherein, when the cloud server sends a verification message to the registered sub-device, the registered sub-device generates a verification user interface (UI), or through the registered sub-device and/or the cloud Server settings, the registered sub-device can be automatically authorized when receiving the verification message.
如上所述之電子裝置,其中,當未註冊子裝置透過網址而與雲端伺服器相連線時,未註冊子裝置產生一第二公開金鑰及一第二私密金鑰,並且將第二公開金鑰傳送予雲端伺服器。The above-mentioned electronic device, wherein, when the unregistered sub-device is connected to the cloud server through the website, the unregistered sub-device generates a second public key and a second private key, and publishes the second public key The key is sent to the cloud server.
如上所述之電子裝置,其中,加密通訊包括:已註冊子裝置以第一私密金鑰及第二公開金鑰對欲傳送的一資料進行加密;未註冊子裝置以第二私密金鑰及第一公開金鑰對欲傳送的資料進行解密。The above-mentioned electronic device, wherein the encrypted communication includes: the registered sub-device encrypts a data to be transmitted with the first private key and the second public key; the unregistered sub-device encrypts the data to be transmitted with the second private key and A public key decrypts the data to be transmitted.
如上所述之電子裝置,其中,加密通訊更包括:已註冊子裝置產生一進階加密標準(advance encryption standard:AES)鑰匙;已註冊子裝置以AES鑰匙對欲傳送的一資料進行加密;已註冊子裝置以該第一私密金鑰及第二公開金鑰產生一共享密鑰(shared secret),並且以共享密鑰對AES鑰匙進行加密;未註冊子裝置以第二私密金鑰及第一公開金鑰對AES鑰匙進行解密;未註冊子裝置以AES鑰匙對已接收的資料進行解密。The above-mentioned electronic device, wherein the encrypted communication further includes: the registered sub-device generates an advanced encryption standard (advance encryption standard: AES) key; the registered sub-device encrypts a data to be transmitted with the AES key; The registered sub-device uses the first private key and the second public key to generate a shared secret (shared secret), and encrypts the AES key with the shared secret; the unregistered sub-device uses the second private key and the first The public key decrypts the AES key; the unregistered sub-device uses the AES key to decrypt the received data.
如上所述之電子裝置,其中,當已註冊子裝置與未註冊子裝置進行加密通訊的持續時間大於一閾值,則雲端伺服器切斷加密通訊。In the above-mentioned electronic device, when the duration of the encrypted communication between the registered sub-device and the unregistered sub-device is greater than a threshold, the cloud server cuts off the encrypted communication.
依據本發明實施例之加密通訊的方法,適用於透過一雲端伺服器進行一加密通訊的一已註冊子裝置及一未註冊子裝置,包括:已註冊子裝置執行一應用程式,使得已註冊子裝置得以與雲端伺服器建立一通訊通道;雲端伺服器傳送一網址予已註冊子裝置;已註冊子裝置傳送網址予該未註冊子裝置;當未註冊子裝置透過網址而與雲端伺服器相連線,雲端伺服器傳送一驗證訊息予已註冊子裝置,使得已註冊子裝置得以對未註冊子裝置執行一身分驗證;當已註冊子裝置核准未註冊子裝置的身分驗證,雲端伺服器建立與未註冊子裝置之間的通訊通道,使得已註冊子裝置可透過雲端伺服器與未註冊子裝置進行加密通訊。The encrypted communication method according to the embodiment of the present invention is applicable to a registered sub-device and an unregistered sub-device performing an encrypted communication through a cloud server, including: the registered sub-device executes an application program, so that the registered sub-device The device can establish a communication channel with the cloud server; the cloud server sends a URL to the registered sub-device; the registered sub-device sends the URL to the unregistered sub-device; when the unregistered sub-device is connected to the cloud server through the URL line, the cloud server sends a verification message to the registered sub-device, so that the registered sub-device can perform an identity verification on the unregistered sub-device; when the registered sub-device approves the identity verification of the unregistered sub-device, the cloud server establishes The communication channel between unregistered sub-devices enables registered sub-devices to conduct encrypted communication with unregistered sub-devices through the cloud server.
本發明係參照所附圖式進行描述,其中遍及圖式上的相同參考數字標示了相似或相同的元件。上述圖式並沒有依照實際比例大小描繪,其僅僅提供對本發明的說明。一些發明的型態描述於下方作為圖解示範應用的參考。這意味著許多特殊的細節,關係及方法被闡述來對這個發明提供完整的了解。無論如何,擁有相關領域通常知識的人將認識到若沒有一個或更多的特殊細節或用其他方法,此發明仍然可以被實現。以其他例子來說,眾所皆知的結構或操作並沒有詳細列出以避免對這發明的混淆。本發明並沒有被闡述的行為或事件順序所侷限,如有些行為可能發生在不同的順序亦或同時發生在其他行為或事件之下。此外,並非所有闡述的行為或事件都需要被執行在與現有發明相同的方法之中。The present invention is described with reference to the accompanying drawings, wherein like reference numerals designate similar or identical elements throughout. The above drawings are not drawn according to actual scale, and they are only provided to illustrate the present invention. Some aspects of the invention are described below as references to illustrate exemplary applications. This means that numerous specific details, relationships and methods are set forth to provide a complete understanding of the invention. However, one having ordinary knowledge in the relevant art will recognize that the invention can still be practiced without one or more of the specific details or otherwise. In other instances, well-known structures or operations are not listed in detail to avoid obscuring the invention. The invention is not limited by the illustrated acts or sequence of events, as some acts may occur in a different order or concurrently with other acts or events. Furthermore, not all recited acts or events need be performed in the same manner as a prior invention.
第1圖為本發明實施例之電子裝置100及其建立通訊通道的示意圖。如第1圖所示,電子裝置100包括一雲端伺服器102、一已註冊子裝置104,及一未註冊子裝置106。在一些實施例中,雲端伺服器102儲存有一註冊用戶清單,用以標記及驗證與其連線的至少一子裝置是否已註冊。FIG. 1 is a schematic diagram of an
舉例來說,已註冊子裝置104係會(例如以識別碼的方式)出現在雲端伺服器102的註冊用戶清單中。相反地,未註冊子裝置106由於尚未註冊,因此並不會出現在雲端伺服器102的註冊用戶清單中。換句話說,對於雲端伺服器102來說,未註冊子裝置106係為未經驗證的用戶,因此無法一開始就在已註冊子裝置104及未註冊子裝置106之間建立一通訊通道,導致已註冊子裝置104及未註冊子裝置106彼此之間無法進行加密通訊。For example, the registered
在一些實施例中,已註冊子裝置104及未註冊子裝置106不同之處在於,已註冊子裝置104已經安裝關聯於雲端伺服器102的應用程式,但未註冊子裝置106尚未安裝關聯於雲端伺服器102的應用程式。關聯於雲端伺服器102的應用程式係可使得至少一子裝置可透過無線網路連線至雲端伺服器102。舉例來說,當已註冊子裝置104執行關聯於雲端伺服器102的應用程式時,已註冊子裝置104可連線至雲端伺服器102。雲端伺服器102識別已註冊子裝置104已出現在其註冊用戶清單中,因此雲端伺服器102在其自身及已註冊子裝置104之間建立一通訊通道110。In some embodiments, the difference between the registered
在一些實施例中,當已註冊子裝置104執行關聯於雲端伺服器102的應用程式時,已註冊子裝置104透過關聯於雲端伺服器102的應用程式,產生一第一公開金鑰及一第一私密金鑰,並且連線至雲端伺服器102。已註冊子裝置104傳送第一公開金鑰予雲端伺服器102。In some embodiments, when the registered
在一些實施例中,當雲端伺服器102在其註冊用戶清單中找到相同於第一公開金鑰的資訊時,雲端伺服器102確定已註冊子裝置104為已註冊的用戶,因此在其自身及已註冊子裝置104之間建立通訊通道110。在一些實施例中,已註冊子裝置104及未註冊子裝置106可為筆記型電腦、智慧型手機、平板電腦,但本發明不限於此。In some embodiments, when the
之後,雲端伺服器102透過通道110傳送關聯於雲端伺服器102的一網址112予已註冊子裝置104。在一些實施例中,網址112可為與雲端伺服器102相連線的連結網址,例如一統一資源定位符(uniform resource locator:URL)。再者,已註冊子裝置104透過一通訊界面114分享來自雲端伺服器102的網址112予未註冊子裝置106。Afterwards, the
在一些實施例中,舉例來說,已註冊子裝置104可透過簡訊、其他通訊軟體(例如 LINE應用程式、WECHAT應用程式)將關聯於雲端伺服器102的網址112傳送給未註冊子裝置106,但本發明不限於此。當未註冊子裝置106的使用者點擊關聯於雲端伺服器102的網址112(例如透過網頁瀏覽器),未註冊子裝置106可透過網址112的導向,而與雲端伺服器102相連線,並且按下登入鍵後,向雲端伺服器102提出一通訊請求116。In some embodiments, for example, the registered
在一些實施例中,當未註冊子裝置106透過網址112與雲端伺服器102相連線時,未註冊子裝置106會產生一第二公開金鑰及一第二私密金鑰。未註冊子裝置106將第二公開金鑰傳送予雲端伺服器102(例如透過通訊請求116)。當雲端伺服器102收到來自未註冊子裝置106的通訊請求116及第二公開金鑰時,雲端伺服器102記錄下第二公開金鑰,並且以第二公開金鑰進行註冊。In some embodiments, when the
換句話說,未註冊子裝置106的第二公開金鑰係會出現在雲端伺服器102的註冊用戶清單中。接著,雲端伺服器102會傳送一驗證訊息118予已註冊子裝置104。在一些實施例中,驗證訊息118為一雙因素驗證(two-factor authentication)。換句話說,除了由雲端伺服器102透過未註冊子裝置106的第二公開金鑰確認未註冊子裝置106已註冊,還需透過已註冊子裝置104來確認未註冊子裝置106的身分驗證。In other words, the second public key of the
在一些實施例中,當已註冊子裝置104接收來自雲端伺服器102的驗證訊息118,已註冊子裝置104會依據驗證訊息118產生一驗證使用者介面(user interface:UI)。在一些實施例中,當已註冊子裝置104接收來自雲端伺服器102的驗證訊息118,並且透過設定,已註冊子裝置104及/或雲端伺服器102已經開啟允許一自動授權的功能,因此已註冊子裝置104可在收到驗證訊息118時自動授權,而無需透過已註冊子裝置104的使用者以驗證使用者介面進行確認。第2圖為本發明實施例之第1圖電子裝置100的已註冊子裝置104所產生的一驗證使用者介面200的示意圖。如第2圖所示,驗證使用者介面200包括一訊息視窗202、一按鍵圖標204,及一按鍵圖標206。在一些實施例中,訊息視窗202係顯示驗證使用者介面200係用於「驗證訊息」,並且詢問已註冊子裝置104的使用者「是否核准」未註冊子裝置106的身分驗證。In some embodiments, when the registered
當已註冊子裝置104的使用者核准未註冊子裝置106的身分驗證,則已註冊子裝置104的使用者按下按鍵圖標204,使得已註冊子裝置104傳送一驗證回覆120予雲端伺服器102。如第1圖所示,當雲端伺服器102從已註冊子裝置104接收到驗證回覆120後,雲端伺服器102在其自身與未註冊子裝置106之間建立一通訊通道122。已註冊子裝置104及未註冊子裝置106遂可透過通訊通道110、通訊通道122,及雲端伺服器102進行加密通訊。When the user of the registered
在第1圖中,愈下方的箭頭表示其發生的時間愈晚。例如,雲端伺服器102傳送網址112給已註冊子裝置104的時間點係晚於雲端伺服器102建立通訊通道110的時間點。未註冊子裝置106透過網址112與雲端伺服器102相連線並傳送通訊請求116的時間點係早於雲端伺服器102傳送驗證訊息118給已註冊子裝置104的時間點。In Figure 1, the lower the arrow indicates the later the occurrence time. For example, the time point when the
在一些實施例中,為了確保已註冊子裝置104及未註冊子裝置106之間加密通訊的安全性,雲端伺服器102可偵測已註冊子裝置104及未註冊子裝置106之間加密通訊的持續時間。當已註冊子裝置104及未註冊子裝置106之間加密通訊的持續時間大於一閾值(例如5分鐘),則雲端伺服器102可自動切斷已註冊子裝置104及未註冊子裝置106之間的加密通訊,而不需經過已註冊子裝置104及未註冊子裝置106的同意。In some embodiments, in order to ensure the security of the encrypted communication between the
在一些實施例中,當已註冊子裝置104或未註冊子裝置106任一方結束加密通訊,例如已註冊子裝置104的使用者退出與裝置106的對話介面,或未註冊子裝置106的使用者關掉導向網址112的網頁瀏覽器,則雲端伺服器102亦會切斷已註冊子裝置104及未註冊子裝置106之間的加密通訊,用以確保已註冊子裝置104及未註冊子裝置106之間的加密通訊為一次性的加密通訊。In some embodiments, when either the registered
在一些實施例中,當雲端伺服器102切斷已註冊子裝置104及未註冊子裝置106之間的加密通訊時,原本儲存在註冊用戶清單中的未註冊子裝置106的第二公開金鑰亦會被刪除。在一些實施例中,雲端伺服器102可事先將未註冊子裝置106的第二公開金鑰儲存在註冊用戶清單中的一臨時註冊資料夾。因此,當雲端伺服器102切斷已註冊子裝置104及未註冊子裝置106之間的加密通訊時,雲端伺服器102可直接清空臨時註冊資料夾內的所有資料。In some embodiments, when the
在另一實施例中,當已註冊子裝置104的使用者不核准未註冊子裝置106的身分驗證,則已註冊子裝置104的使用者按下按鍵圖標206,使得已註冊子裝置104傳送另一驗證回覆(未圖示於第1圖中)予雲端伺服器102。當雲端伺服器102接收到另一驗證回覆時,則雲端伺服器不建立其與未註冊子裝置106之間的通訊通道,因此已註冊子裝置104及未註冊子裝置106係無法透過雲端伺服器102進行加密通訊。In another embodiment, when the user of the registered
在一些實施例中,在已註冊子裝置104及未註冊子裝置106透過雲端伺服器102(通訊通道110、122)進行加密通訊的過程中,例如已註冊子裝置104要傳送一資料A給未註冊子裝置106,已註冊子裝置104首先從雲端伺服器102得到未註冊子裝置106的第二公開金鑰。已註冊子裝置104以執行關聯於雲端伺服器102的應用程式所產生的第一私密金鑰及未註冊子裝置106的第二公開金鑰對欲傳送的資料A進行加密,而成為一加密資料A’。加密資料A’係經由通訊通道110,雲端伺服器102,及通訊通道122被傳送至未註冊子裝置106。In some embodiments, during encrypted communication between the
同理,未註冊子裝置106亦從雲端伺服器102得到註冊子裝置104的第一公開金鑰。未註冊子裝置106以透過網址與雲端伺服器102相連線時所產生的第二私密金鑰及已註冊子裝置104的第一公開金鑰對加密資料A’進行解密,而得到資料A的內容。上述實施例中所使用的加密/解密方式係為一迪菲-赫爾曼密鑰交換演算法(Diffie-Hellman key exchange algorithm:DH algorithm)。由於迪菲-赫爾曼密鑰交換演算法係為一習知的技術,故本發明不再多加贅述。Similarly, the
在一些實施例中,在已註冊子裝置104及未註冊子裝置106透過雲端伺服器102(通訊通道110、122)進行加密通訊的過程中,例如已註冊子裝置104要傳送一資料B給未註冊子裝置106,已註冊子裝置104產生一進階加密標準(advance encryption standard:AES)鑰匙。已註冊子裝置104以AES鑰匙對資料B進行加密。已註冊子裝置104以自身的第一私密金鑰及未註冊子裝置106的第二公開金鑰產生一共享密鑰(shared secret),並且以共享密鑰對AES鑰匙進行加密,而成為一加密資料B’。加密資料B’係經由通訊通道110,雲端伺服器102,及通訊通道122被傳送至未註冊子裝置106。In some embodiments, during encrypted communication between the
未註冊子裝置106在收到加密資料B’後,以自身的第二私密金鑰及已註冊子裝置104的第一公開金鑰對AES鑰匙進行解密。最後未註冊子裝置106以AES鑰匙對加密資料B’進行解密,而得到資料B的內容。在一些實施例中,資料A、B可為任何形式的文字訊息、影像訊息、聲音訊息,及VoIP電話等,但本發明不限於此。After receiving the encrypted data B', the
本發明亦提出了一種在具有註冊帳戶的移動應用程式(例如第1圖的已註冊子裝置104)與具有臨時帳戶的網頁瀏覽器(例如第1圖的未註冊子裝置106)之間在建立一次性使用的安全通訊通道的方法。移動應用程式和網路應用程式都分別保護自己所擁有的密鑰。當網路應用程式端登錄時,移動應用程式可執行雙因素驗證(two-factor authentication)以進行授權。The present invention also proposes a method for establishing a connection between a mobile application with a registered account (such as the
第3圖為本發明實施例之加密通訊方法的流程圖。本發明的加密通訊的方法係適用於透過一雲端伺服器(例如第1圖的雲端伺服器102)進行一加密通訊的一已註冊子裝置(例如第1圖的已註冊子裝置104)及一未註冊子裝置(例如第1圖的未註冊子裝置106)。如第3圖所示,在步驟S300中,已註冊子裝置104執行一應用程式,使得已註冊子裝置104得以與雲端伺服器102建立一通訊通道(例如第1圖的通訊通道110)。Fig. 3 is a flowchart of an encrypted communication method according to an embodiment of the present invention. The encrypted communication method of the present invention is applicable to a registered sub-device (such as the
接著,在步驟S302中,雲端伺服器102傳送一網址予(例如第1圖的網址112)已註冊子裝置104。在步驟S304中,當未註冊子裝置106透過網址而與雲端伺服器102相連線,雲端伺服器102傳送一驗證訊息(例如第1圖的驗證訊息118)予已註冊子裝置104,使得已註冊子裝置104得以對未註冊子裝置106執行一身分驗證。Next, in step S302 , the
最後,在步驟S306中,當已註冊子裝置104核准未註冊子裝置106的身分驗證,雲端伺服器102建立與未註冊子裝置106之間的通訊通道(例如第1圖的通訊通道122),使得已註冊子裝置104可透過雲端伺服器102與未註冊子裝置106進行加密通訊。Finally, in step S306, when the registered
雖然本發明的實施例如上述所描述,我們應該明白上述所呈現的只是範例,而不是限制。依據本實施例上述示範實施例的許多改變是可以在沒有違反發明精神及範圍下被執行。因此,本發明的廣度及範圍不該被上述所描述的實施例所限制。While embodiments of the present invention have been described above, it should be understood that the foregoing has been presented by way of example only, and not limitation. Many changes of the above exemplary embodiments according to this embodiment can be implemented without departing from the spirit and scope of the invention. Therefore, the breadth and scope of the present invention should not be limited by the above-described embodiments.
更確切地說,本發明的範圍應該要以以下的申請專利範圍及其相等物來定義。儘管上述發明已被一或多個相關的執行來圖例說明及描繪,等效的變更及修改將被依據上述規格及附圖且熟悉這領域的其他人所想到。此外,儘管本發明的一特別特徵已被相關的多個執行之一所示範,上述特徵可能由一或多個其他特徵所結合,以致於可能有需求及有助於任何已知或特別的應用。Rather, the scope of the present invention should be defined by the following claims and their equivalents. While the above invention has been illustrated and described by one or more pertinent implementations, equivalent alterations and modifications will occur to others skilled in the art in light of the above specification and drawings. Furthermore, although a particular feature of the invention has been demonstrated in relation to one of its implementations, the aforementioned feature may be combined with one or more other features as may be required and useful for any known or particular application .
本說明書所使用的專業術語只是為了描述特別實施例的目的,並不打算用來作為本發明的限制。除非上下文有明確指出不同,如本處所使用的單數型,一、該及上述的意思係也包含複數型。再者,用詞「包括」,「包含」,「(具、備)有」,「設有」,或其變化型不是被用來作為詳細敘述,就是作為申請專利範圍。而上述用詞意思是包含,且在某種程度上意思是等同於用詞「包括」。The terminology used in this specification is for the purpose of describing particular embodiments only, and is not intended to be used as a limitation of the present invention. Unless the context clearly indicates otherwise, as used herein in the singular, the meanings of 1, this and the above also include the plural. Furthermore, the words "comprise", "comprise", "(have, have) have", "have", or their variants are used either as a detailed description or as a scope of patent application. However, the above words are meant to include, and to some extent, are meant to be equivalent to the word "comprising".
除非有不同的定義,所有本文所使用的用詞(包含技術或科學用詞)是可以被屬於上述發明的技術中擁有一般技術的人士做一般地了解。我們應該更加了解到上述用詞,如被定義在眾所使用的字典內的用詞,在相關技術的上下文中應該被解釋為相同的意思。除非有明確地在本文中定義,上述用詞並不會被解釋成理想化或過度正式的意思。Unless otherwise defined, all terms (including technical or scientific terms) used herein can be commonly understood by those having ordinary skill in the art pertaining to the above inventions. We should be more aware that the above terms, such as those defined in commonly used dictionaries, should be interpreted as the same meanings in the context of related technologies. Unless expressly defined herein, the above terms are not to be interpreted in an idealized or overly formal sense.
100:電子裝置 102:雲端伺服器 104:已註冊子裝置 106:未註冊子裝置 110:通訊通道 112:網址 114:通訊界面 116:通訊請求 118:驗證訊息 120:驗證回覆 122:通訊通道 200:驗證使用者介面 202:訊息視窗 204,206:按鍵圖標 S300,S302,S304,S306:步驟 100: Electronic device 102:Cloud server 104:Sub-device registered 106: Unregistered child device 110: communication channel 112: URL 114: Communication interface 116:Communication request 118: Verification message 120: Verification reply 122: Communication channel 200: Validate UI 202: Message window 204,206: button icons S300, S302, S304, S306: steps
第1圖為本發明實施例之電子裝置及其建立通訊通道的示意圖。 第2圖為本發明實施例之第1圖電子裝置的已註冊子裝置所產生的一驗證使用者介面的示意圖。 第3圖為本發明實施例之加密通訊方法的流程圖。 FIG. 1 is a schematic diagram of an electronic device and its establishment of a communication channel according to an embodiment of the present invention. FIG. 2 is a schematic diagram of a verification user interface generated by a registered sub-device of the electronic device in FIG. 1 according to an embodiment of the present invention. Fig. 3 is a flowchart of an encrypted communication method according to an embodiment of the present invention.
100:電子裝置 100: Electronic device
102:雲端伺服器 102:Cloud server
104:已註冊子裝置 104:Sub-device registered
106:未註冊子裝置 106: Unregistered child device
110:通訊通道 110: communication channel
112:網址 112: URL
114:通訊界面 114: Communication interface
116:通訊請求 116:Communication request
118:驗證訊息 118: Verification message
120:驗證回覆 120: Verification reply
122:通訊通道 122: Communication channel
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109134109A TWI789635B (en) | 2020-09-30 | 2020-09-30 | Electronic device and method for encrypted communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109134109A TWI789635B (en) | 2020-09-30 | 2020-09-30 | Electronic device and method for encrypted communication |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202215813A TW202215813A (en) | 2022-04-16 |
TWI789635B true TWI789635B (en) | 2023-01-11 |
Family
ID=82197280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109134109A TWI789635B (en) | 2020-09-30 | 2020-09-30 | Electronic device and method for encrypted communication |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI789635B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110028126A1 (en) * | 2009-07-31 | 2011-02-03 | Samsung Electronics Co., Ltd. | System for managing unregistered terminals with shared authentication information and method thereof |
US20140256285A1 (en) * | 2013-03-05 | 2014-09-11 | Kt Corporation | Providing m2m data to unregistered terminal |
US9755825B2 (en) * | 2006-12-21 | 2017-09-05 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
-
2020
- 2020-09-30 TW TW109134109A patent/TWI789635B/en active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9755825B2 (en) * | 2006-12-21 | 2017-09-05 | Bce Inc. | Device authentication and secure channel management for peer-to-peer initiated communications |
US20110028126A1 (en) * | 2009-07-31 | 2011-02-03 | Samsung Electronics Co., Ltd. | System for managing unregistered terminals with shared authentication information and method thereof |
US20140256285A1 (en) * | 2013-03-05 | 2014-09-11 | Kt Corporation | Providing m2m data to unregistered terminal |
Also Published As
Publication number | Publication date |
---|---|
TW202215813A (en) | 2022-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10554420B2 (en) | Wireless connections to a wireless access point | |
AU2011309758B2 (en) | Mobile handset identification and communication authentication | |
EP2316097B1 (en) | Protocol for device to station association | |
TWI465932B (en) | Method of establishing a trust relationship between mobile devices, vehicle system, and cloud services and the mobile device and computer-readable media thereof | |
WO2016177052A1 (en) | User authentication method and apparatus | |
JP2011530957A (en) | Mobile device association | |
TWI581599B (en) | Key generation system, data signature and encryption system and method | |
CA2829233C (en) | Method and system for hypertext transfer protocol digest authentication | |
US12041452B2 (en) | Non-3GPP device access to core network | |
TW201814547A (en) | Electronic device, server, communication system and communication method | |
JP7564919B2 (en) | NON-3GPP DEVICE ACCESS TO CORE NETWORK - Patent application | |
WO2024139616A1 (en) | Signature authentication method and apparatus | |
TWI789635B (en) | Electronic device and method for encrypted communication | |
KR101660261B1 (en) | Method for configuring access point connection information and terminal device for the same | |
JP2017103710A (en) | Program for terminal device authentication, terminal device authentication method, server device and authentication system | |
KR20150114923A (en) | Method for configuring access point connection information and terminal device for the same | |
JP5940745B2 (en) | Mobile instant messaging service method utilizing personal computer | |
JP6334275B2 (en) | Authentication device, authentication method, authentication program, and authentication system | |
TW202411865A (en) | Method for requesting and signing certificate, certificate system and computer-readable medium thereof | |
TWM640772U (en) | Certificate system | |
Hallsteinsen | A study of user authentication using mobile phone |