In today's security protocols (also called “security ceremonies” when humans play a key role), different nodes may have different capabilities: computers can encrypt and decrypt messages, whereas humans cannot; a biometric device can capture biometric information, whereas a random number generator used in e-banking cannot; and so on. Furthermore, even if a node has the decryption capability, it must also know the encryption key to decrypt a message. Actor-network procedures (ANPs) are a well-known formal model of heterogeneous security protocols by Meadows and Pavlovic, and their procedure derivation logic (PDL) supports the logical reasoning about ANPs. However, ANPs do not support explicitly specifying node capabilities, and PDL does not support reasoning explicitly about the knowledge of the participants at different points in time. In this paper, we extend ANPs to deal with heterogeneous devices by explicitly specifying the nodes' capabilities, as well as by adding new types of events. We also modify PDL to take into account the knowledge of participants at different points in time, and extend PDL to reason both from a “bird's-eye” view of the system, as well from a “node's-eye” view. All this allows us to reason about secrecy and authentication in security protocols/ceremonies with different kinds of devices and human users. We illustrate the use of our modeling notation ANP-C and our logics PDL-CK and $\mathrm{PDL}\text{-}{\mathrm{CK}}_L$ to specify and reason about a number of scenarios involving different kinds of devices, including: scenarios for updating someone's data in a smart card reader; an SSL/TLS ceremony involving a user, a smartphone with a fingerprint reader, and a remote computer/server; and scenarios involving the YubiKey authentication device used by companies such as Google, Facebook, and Bank of America.

在当今的安全协议中（也称为“安全仪式”，当人类起关键作用时），不同的节点可能具有不同的能力：计算机可以加密和解密消息，而人类不能；生物识别设备可以捕获生物识别信息，而电子银行中使用的随机数生成器则不能；等等。此外，即使节点具有解密能力，它也必须知道解密消息的加密密钥。参与者网络过程(ANP) 是 Meadows 和 Pavlovic 提出的一种著名的异构安全协议形式模型，及其过程推导逻辑(PDL) 支持关于 ANP 的逻辑推理。但是，ANP 不支持明确指定节点能力，PDL 也不支持明确推理参与者在不同时间点的知识。在本文中，我们通过明确指定节点的功能以及添加新类型的事件来扩展 ANP 以处理异构设备。我们还修改了 PDL 以考虑参与者在不同时间点的知识，并将 PDL 扩展为从系统的“鸟瞰”视图和“节点”视图进行推理。所有这些都使我们能够对不同类型的设备和人类用户的安全协议/仪式中的保密性和身份验证进行推理。我们说明了我们的建模符号 ANP-C 和我们的逻辑 PDL-CK 的使用，以及$\mathrm{PDL}\text{——}{\mathrm{CK}}_{升}$指定和推理涉及不同类型设备的许多场景，包括： 在智能卡读卡器中更新某人数据的场景；涉及用户、带指纹读取器的智能手机和远程计算机/服务器的 SSL/TLS 仪式；以及涉及谷歌、Facebook、美国银行等公司使用的YubiKey认证设备的场景。