CN107124433A - Internet of things system, internet of things equipment access method, access authorization methods and equipment - Google Patents
Internet of things system, internet of things equipment access method, access authorization methods and equipment Download PDFInfo
- Publication number
- CN107124433A CN107124433A CN201710537749.3A CN201710537749A CN107124433A CN 107124433 A CN107124433 A CN 107124433A CN 201710537749 A CN201710537749 A CN 201710537749A CN 107124433 A CN107124433 A CN 107124433A
- Authority
- CN
- China
- Prior art keywords
- internet
- token
- things
- access
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of access authorization methods of internet of things equipment in Internet of things system, and the Internet of Things includes multiple internet of things equipment, including:Logging on authentication is verified;When the logging on authentication is by verifying, access rights code corresponding with the logging on authentication is generated, the access rights code corresponds to all internet of things equipment in the logging on authentication authority;Token request is sent to authorization server, the token request includes the access rights code;Receive the authorization server generation corresponds to the token that the token is asked, and all internet of things equipment in the logging on authentication authority are able to access that according to the token.
Description
Technical field
The present invention relates to Internet of Things field, in particular it relates in a kind of Internet of things system internet of things equipment access mandate
The access method and one kind of internet of things equipment in method, the access mandate equipment for performing the access authorization methods, Internet of things system
Internet of things system.
Background technology
At present, Internet of Things is obtained in many fields (for example, the field such as medical treatment, traffic, household) and is widely applied, often
All include multiple internet of things equipment in individual Internet of Things.User can be communicated by internet of things equipment with manufacturer, be asked with solving some
Topic.For example, when the internet of things equipment that user is using breaks down, can be reacted by Internet of Things to manufacturer, and manufacturer
Keeper need remotely access internet of things equipment.In order to guarantee safety, keeper often logs in an internet of things equipment and needed
One-time authentication is carried out, treatment effeciency is reduced.
Therefore, how to improve the data-handling efficiency in Internet of Things turns into the technical problem that solution is received in this area.
The content of the invention
It is an object of the invention to provide access authorization methods of internet of things equipment in a kind of Internet of things system, perform the visit
Ask the access method and a kind of Internet of things system of internet of things equipment in the access mandate equipment of authorization method, Internet of things system.Institute
The data-handling efficiency in Internet of Things can be improved by stating access authorization methods.
To achieve these goals, as one aspect of the present invention, there is provided internet of things equipment in a kind of Internet of things system
Access authorization methods, the Internet of Things include multiple internet of things equipment, wherein, the access authorization methods include:
Logging on authentication is verified;
When the logging on authentication is by verifying, access rights code corresponding with the logging on authentication is generated, it is described to access
Authority code corresponds to all internet of things equipment in the logging on authentication authority;
Token request is sent to authorization server, the token request includes the access rights code;
Receive the authorization server generation corresponds to the token that the token is asked, and is able to access that according to the token
All internet of things equipment in the logging on authentication authority.
Preferably, the access authorization methods also include:
Logging on authentication is generated according to the log-on message received.
As the second aspect of the invention there is provided a kind of access mandate equipment of internet of things equipment in Internet of things system,
The Internet of things system also includes multiple internet of things equipment, and the access mandate equipment includes equipment management device, authentication service
Device and authorization server;
The equipment management device is used to send login credential to the certificate server;
The certificate server is used to verify the login credential received, and the certificate server is additionally operable to
Access rights code is generated when the login credential is verified, and access rights code is sent to equipment control dress
Put, the access rights code corresponds to all internet of things equipment that the logging on authentication is able to access that;
The equipment management device is additionally operable to according to access rights code generation token request, and the token is asked
Send to the authorization server;
The authorization server is used for according to token request generation token, and the token is sent to the equipment
Managing device, wherein, all internet of things equipment in the logging on authentication authority are able to access that according to the token.
Preferably, the equipment management device is used to receive log-on message, and is logged according to log-on message generation is corresponding
Voucher.
It is described as the third aspect of the invention there is provided a kind of access method of internet of things equipment in Internet of things system
Internet of things system includes gateway and multiple internet of things equipment, wherein, the access method includes:
Token is obtained, including the token is obtained according to above-mentioned access authorization methods provided by the present invention;
The access method also includes:
When accessing any one of internet of things equipment in the token authority, to internet of things equipment pair to be visited
The gateway answered sends the token and access instruction;And
When the token authentication by after, control the gateway to send the access instruction to the internet of things equipment.
Preferably, the access method be included in the step of obtaining token with to the corresponding net of internet of things equipment to be visited
Carried out between the step of closing the transmission token:
Obtain the information for the internet of things equipment for sending service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein, the access instruction
Including the service request response message corresponding to the service request.
Preferably, the information of the internet of things equipment includes session key, session key index value, the internet of things equipment
Device id and gateway corresponding with the internet of things equipment address, according to the facility information of the Internet of Things generation it is described access
The step of instruction, includes:
Obtain the session key and session key index value of the service request;
Session key and session key index value according to getting are decoded to the service request;
The access instruction is generated according to decoded service request, the access instruction includes the internet of things equipment
Device id, the session key index value, the token and the service request response message.
Preferably, the access instruction includes callback request information, and the callback request information includes the token, described
The information and callback service-number of internet of things equipment, the information of the internet of things equipment include internet of things equipment device id and with
The address of the corresponding gateway of the internet of things equipment, the step of access method is included in acquisition token and to Internet of Things to be visited
Carried out between the step of corresponding gateway of net equipment sends the token:
The solicited message for the information for obtaining internet of things equipment to be visited is sent, the solicited message includes thing to be visited
The information of networked devices and the token;
The token is verified, when the token is by verifying, the internet of things equipment to be visited is returned to
Information.As the third aspect of the invention there is provided a kind of Internet of things system, the Internet of things system includes gateway and multiple things
Networked devices, it is characterised in that the Internet of things system also includes above-mentioned access mandate equipment provided by the present invention and visitor
Family service unit, wherein,
The equipment management device is additionally operable to send the token to the corresponding gateway of internet of things equipment to be visited, and
The equipment management device is additionally operable to send the process instruction to the gateway,
The gateway is used for after the token is received, and the token is sent to the authorization server, described to award
Power server is used to verify the token after the token is received;
The customer service device is used to receive to verify the token after the token, also, the client
Service unit is additionally operable to receive and stored the information that the internet of things equipment is sent, and for being responded to inquiry request.
Preferably, the equipment management device includes Key Acquisition Module, decoder module and process instruction generation module, institute
Stating Key Acquisition Module is used to obtain the session key and session key index value in the request, and the decoder module is used for
The session key and the session key index value obtained according to the Key Acquisition Module is solved to the request
Code, the process instruction generation module is used to generate the process instruction according to decoded request.
When being managed to Internet of Things, according to the difference of administrator right, the Internet of Things that the keeper is able to access that is set
Standby quantity and address is also different.Each keeper has a logging on authentication, therefore, the thing corresponding to each logging on authentication
The quantity of networking and address are also different.In the present invention, access rights code is corresponding to owning that the logging on authentication is able to access that
Internet of things equipment.The token is generated by authorization server, because token request includes the access rights code,
Therefore, the token has the authority for accessing all internet of things equipment in the access rights code weight limit.Keeper is passing through thing
Networking is got after the token, it is possible to use all internet devices in the range of the token access administrator right.When connecing
After the request (for example, service request, callback request etc.) for receiving internet of things equipment transmission, keeper only needs to utilize equipment control
Token is sent to internet of things equipment and verified by system, without repeat logon, so as to improve processing internet of things equipment
The efficiency of request.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute a part for specification, with following tool
Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart of the access authorization methods of internet of things equipment in Internet of things system provided by the present invention;
Fig. 2 is the flow chart that access mandate equipment provided by the present invention performs the access authorization methods;
Fig. 3 is the se ce request procedure figure of internet of things equipment;
Fig. 4 is the flow chart of access method provided by the present invention;
Fig. 5 is the schematic diagram of Internet of things system provided by the present invention;
Fig. 6 is a kind of schematic diagram for embodiment that Internet of things system provided by the present invention performs access method;
Fig. 7 is the schematic diagram for another embodiment that Internet of things system provided by the present invention performs access method.
Description of reference numerals
210:Equipment management device 220:Certificate server
230:Authorization server 310:Customer service device
410:Equipment management device 510:Gateway
520:Internet of things equipment
Embodiment
The embodiment of the present invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that this place is retouched
The embodiment stated is merely to illustrate and explain the present invention, and is not intended to limit the invention.
Embodiment 1
The embodiment of the present invention 1 provides a kind of access authorization methods of internet of things equipment in Internet of things system, the Internet of Things
Including multiple internet of things equipment, wherein, as shown in figure 1, the access authorization methods include:
In step s 110, logging on authentication is verified;
In the step s 120, when the logging on authentication is by verifying, access right corresponding with the logging on authentication is generated
Code is limited, the access rights code corresponds to all internet of things equipment that the logging on authentication is able to access that;
In step s 130, token request is sent to authorization server, the token request includes the access rights code;
In step S140, receive the authorization server generation corresponds to the token that the token is asked.
When being managed to Internet of Things, according to the difference of administrator right, the Internet of Things that the keeper is able to access that is set
Standby quantity and address is also different.Each keeper has a logging on authentication, therefore, the thing corresponding to each logging on authentication
The quantity of networking and address are also different.In the present invention, access rights code is corresponding to owning that the logging on authentication is able to access that
Internet of things equipment.The token is generated by authorization server, because token request includes the access rights code,
Therefore, the token has the authority for accessing all internet of things equipment in the access rights code weight limit.Keeper is passing through thing
Networking is got after the token, it is possible to use all internet devices in the range of the token access administrator right.When connecing
After the request (for example, service request etc.) for receiving internet of things equipment transmission, keeper only needs to utilize equipment management system military order
Board sends to internet of things equipment and verified, without repeat logon, so as to improve the effect of processing internet of things equipment request
Rate.
In the present invention, do not have special requirement to how to generate logging on authentication, for example, keeper can received
Logging on authentication is generated after the log-on message of input.That is, what described access authorization methods were carried out before being additionally included in step S110:
In the step s 100, logging on authentication is generated according to the log-on message received.
Log-on message is manually entered by keeper, for example, log-on message includes the user name of keeper, Yong Humi
The information such as code, identifying code.
In the present invention, step S100 and step S110 are as performed by equipment management system.That is, keeper passes through
Input equipment (for example, keyboard, touch-screen etc.) inputs log-on message into login interface, and equipment management system can be stepped on according to this
Information generation logging on authentication is recorded, and the logging on authentication is verified.The main contents of checking are whether to verify the logging on authentication
It is legal.When the logging on authentication is by verifying, it is legal to show the logging on authentication.Because the logging on authentication is legal
, therefore, the token received in step s 130 can be used as all internet of things equipment in the range of login administrator right
Validation certificate.
Embodiment 2
The present invention implement 2 in there is provided a kind of Internet of things system in internet of things equipment access mandate equipment, the Internet of Things
Net system includes multiple internet of things equipment, and the access mandate equipment is used to perform the above-mentioned visit that the embodiment of the present invention 1 is provided
Ask authorization method.Specifically, as shown in Fig. 2 the access mandate equipment includes equipment management device 210, certificate server 220
With authorization server 230.
Equipment management device 210 is used to perform step S110, i.e. equipment management device 210 is used to send login credential
To certificate server 220.
Certificate server 220 is used to perform step S120, i.e. certificate server 220 is used for the login credential to receiving
Verified, and certificate server 220 is additionally operable to generate access rights code when the login credential is verified, and will be described
Access rights code is sent to equipment management device 210, and the access rights code corresponds to the institute that the logging on authentication is able to access that
There is internet of things equipment.
Equipment management device 210 is additionally operable to perform step S130, i.e. equipment management device 210 is additionally operable to be visited according to described
Authority code generation token request is asked, and token request is sent to authorization server 230.
Authorization server 230 is used to perform step S140, i.e. authorization server is used for according to token request generation order
Board, and the token is sent to equipment management device 210, wherein, the logging on authentication energy is able to access that according to the token
All internet of things equipment of enough methods.
The operation principles of the access authorization methods of Internet of Things is described in detail in the embodiment of the present invention 1 and beneficial
Effect, therefore, is no longer repeated one by one here.
As mentioned above it is possible, preferably, equipment management device 210 is additionally operable to receive log-on message, and according to log-on message
Generate corresponding logging on authentication.
Embodiment 3
As the third aspect of the invention, there is provided a kind of access method of internet of things equipment in Internet of things system.
The Internet of things system includes gateway and multiple internet of things equipment, wherein, as shown in figure 4, the access method bag
Include:
In step S310, the step of obtaining token, the acquisition token is included according to above-mentioned access provided by the present invention
Authorization method obtains token.
The access method also includes:
In step s 320, when accessing any one of internet of things equipment in the token authority, to be visited
The corresponding gateway of internet of things equipment send the token and access instruction;And
In step S330, when the token authentication by after, control the gateway to send the access instruction to institute
State internet of things equipment.
In the access method provided in the present embodiment, step S310 is only performed once.Step S320 and step S330
It can perform repeatedly.
As mentioned above it is possible, using the access authorization methods obtain token be able to access that the token it is corresponding log in
Internet of things equipment all in access rights are demonstrate,proved, therefore, when accessing multiple internet of things equipment, it is only necessary to which login once obtains institute
State token.In follow-up access process, it is only necessary to send the token to gateway and verified, it is not necessary to weight
Log-on message is inputted again, so as to simplify maintaining method, reduces the time cost safeguarded to internet of things equipment.
In the present invention, the access instruction can be the instruction of active accessing internet of things equipment (for example, information gathering refers to
Make) or passive access instruction, (for example, maintenance instructions) do not do special limitation here.
It is easily understood that after the token is by checking, controlling the gateway to send the access instruction to phase
The internet of things equipment answered, to access the internet of things equipment according to the access instruction.
As mentioned above it is possible, access instruction provided by the present invention can be the access for actively accessing the internet of things equipment
The access instruction of internet of things equipment described in instruction or passive access.Separately below in conjunction with the embodiments 4 and 5 pairs of embodiment
Both scenes are described in detail
Embodiment 4
In the present embodiment, the access instruction instructs for passive access, i.e. the internet of things equipment actively initiates service
Request, conducts interviews according to the service request to the internet of things equipment of the initiation service request.Correspondingly, the access method
It is included in the following steps carried out between step S310 and step S320:
Obtain the information for the internet of things equipment for sending service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein, the access instruction
Including the service request response message corresponding to the service request.
In the method provided using the embodiment of the present invention, such as internet of things equipment actively initiates service request (for example, dimension
Shield request), the service request includes the information for sending the internet of things equipment of the request.Therefore, keeper passes through the equipment
Managing device is received after the request, can get the information for the internet of things equipment for sending the request, and generate corresponding
Service request response message.
Then, the service request response message and the token are sent to corresponding gateway.Now, keeper without
It need to log in again, in internet of things equipment corresponding by gateway access, it is only necessary to send token.When token is verified
When, the service request response message is forwarded to corresponding internet of things equipment by the gateway, to enter to the internet of things equipment
The corresponding service of row.Also, the access method provided using the present embodiment can reduce maintenance cost.
In the present invention, do not have special requirement to the specific form of service request, also, to internet of things equipment how
The service request is sent also without special requirement.A kind of higher service request hair of security performance is introduced with reference to Fig. 3
Delivery method:
Step 1, internet of things equipment 520 send a session key information to gateway 510, and the session key information includes should
The ID (for example, equipment string number) of internet of things equipment, the session key information (SK+ random number Ns) encrypted using master key MK and
The address information of customer service device, wherein, N can be timestamp, and random number N can avoid repeat attack.
Step 2, gateway 510 obtain the address of customer service device 310 from the session key information received, by IoT nets
Network environmental information resolves to the information of Internet environment, and service request information is transmitted into customer service device 310.
The ID of the internet of things equipment 520 of step 3, customer service device 310 in service request information obtains corresponding
Equipment master key MK (is stored corresponding to the ID of the internet of things equipment and ID of each internet of things equipment in customer service device
Master key MK), subsequent customer service device 310 will be decrypted using the master key MK information encrypted, and obtain session key SK
And random number N, customer service device 310 stores the session key SK, and sets session key to index for session key SK
Value.
Step 4,310 pairs of random number Ns received of customer service device plus 1, and then information is entered using session key SK
Row encryption, obtains encryption information, and the subsequent customer service device is by the ID of internet of things equipment, session key index value, encryption
Information is sent to gateway 510 as session key response message.
Step 5, gateway 510 are received after the response message, by the ID of internet of things equipment 520 and session cipher key index value
Carry out storage correspondingly (that is, one session key index value of ID correspondences of one internet of things equipment).Transmission after
During, it is that can be mapped to corresponding internet of things equipment by session key index value, therefore, there is no need to retransmit Internet of Things and set
Standby ID, gateway 510 resolves to the information of Internet environment the information of IoT network environments, then forwards the information to
Internet of things equipment 520.
Step 6, internet of things equipment 520 are received after information, and information is decrypted, and verify random number N+1, and explanation is received
Information come from customer service device 310.Service request and new random number are encrypted internet of things equipment 520, are added
Confidential information, it will words cipher key index value, encryption information, the address of customer service device 310 are sent to gateway as service request
510。
Step 7, gateway 510 read the address of customer service device 310 from the service request received, by IoT networks
The information of environment resolves to the information of Internet environment, and service request information is transmitted into customer service device 310.
The service request information can be activation solicited message, maintenance request message or other service request informations.
Correspondingly, the information of the internet of things equipment includes the corresponding session key of the service request, session key rope
Draw the address of value, the device id of the internet of things equipment and gateway corresponding with the internet of things equipment, according to the Internet of Things
Facility information generate the access instruction the step of including the step of include:
Obtain the session key and session key index value in the service request;
Session key and session key index value according to getting are decoded to the service request;
The access instruction is generated according to decoded service request, the access instruction includes the internet of things equipment
Device id, the session key index value, the token and the service request response message.Wherein, the service request should
Information is answered for encryption information.
In the present embodiment, gateway can be verified to the token.When being verified, the gateway is by the clothes
Business request-reply information is forwarded to the internet of things equipment, and the internet of things equipment is solved to the service request response message
Code, and perform corresponding operation.Due to the session key index value be it is corresponding with the ID of internet of things equipment, therefore,
In way access method provided by the present invention, the ID of internet of things equipment is not present in communication process, so as to improve visit
The security asked.
Embodiment 5
In the present embodiment, access request is actively initiated by keeper.As a kind of embodiment, the access refers to
Order can include callback request, and the information of corresponding internet of things equipment can be gathered by the callback request.The callback request
Information includes the token, the information of the internet of things equipment and callback service-number.The packet of internet of things equipment herein
Include the device id of the internet of things equipment and the address of gateway corresponding with the internet of things equipment.
Specifically, the access instruction includes the token, the information of the internet of things equipment and callback service-number.
Correspondingly, the access method is additionally may included in what is carried out between step S310 and step S320:
The solicited message for the information for obtaining internet of things equipment to be visited is sent, the solicited message includes thing to be visited
The information of networked devices and the token;
The token is verified, when the token is by verifying, the internet of things equipment to be visited is returned to
Information.
When token is by verifying, the callback service-number in callback request is sent to corresponding Internet of Things and set by gateway
It is standby.
Similarly, when carrying out information gathering to different internet of things equipment using access method provided by the present invention, only
Need once to be logged in, the information for gathering different internet of things equipment also only needs to be tested to corresponding gateway transmission token
Card.When token is by verifying, directly the callback request is sent to internet of things equipment to be collected.Thus may be used
Know, need not repeatedly be logged in when carrying out information gathering to different internet of things equipment using maintaining method provided by the present invention,
Maintenance step has been saved, the cost of information gathering is reduced.
Embodiment 6
The embodiment of the present invention provides a kind of Internet of things system, as shown in figure 5, the Internet of things system includes the He of gateway 510
Multiple internet of things equipment 520, the Internet of things system also includes above-mentioned access mandate equipment provided by the present invention, wherein,
Equipment management device 210 is additionally operable to send the order to the corresponding gateway 510 of internet of things equipment 520 to be visited
Board, and equipment management device 210 is additionally operable to send the process instruction to gateway 520.
Gateway 510 is used for after the token is received, and the token is sent to authorization server 230, mandate clothes
Business device 230 is used to verify the token after the token is received.
Customer service device 310 is used to receive to verify the token after the token, also, customer service is filled
Put 310 and be additionally operable to receive and store the information that the internet of things equipment is sent, and for being responded to inquiry request.
It is easily understood that the Internet of things system can not only perform above-mentioned access authorization methods provided by the present invention
The keeper of equipment management device to logging in the Internet of Things authorizes, additionally it is possible to according to above-mentioned visit provided by the present invention
Ask that method conducts interviews to the internet of things equipment in the Internet of things system.
As mentioned above it is possible, including session key and session key index in the service request that the internet of things equipment is sent
In the embodiment of value, the equipment management device can be handled according to the service request of the type.
Specifically, the equipment management device includes Key Acquisition Module, decoder module and process instruction generation module, institute
Stating Key Acquisition Module is used to obtain the session key and session key index value in the request, and the decoder module is used for
The session key and the session key index value obtained according to the Key Acquisition Module is solved to the request
Code, the process instruction generation module is used to generate the process instruction according to decoded request.
It is discussed in detail how Internet of things system provided by the present invention performs embodiment 4 and implementation with reference to Fig. 6 and Fig. 7
Access method in example 5.
Shown in Fig. 6 is that the access method provided in embodiment 4 is performed using the Internet of things system.
Equipment management device 410 sends request instruction to customer service device 310, is believed with the equipment for obtaining service request
Breath.
Customer service device 310 is by the corresponding session key of service request and session key index value, internet of things equipment
The address of device id and gateway corresponding with the internet of things equipment is sent to equipment management device 410.
Equipment management device 410 is decoded using session key and session key index value, obtains service request, and raw
Into service request response message.Equipment management device 410 also sends service request response message to gateway 510.
Gateway 510 sends the token in service request response message to authorization server 230, the authorization server 230
Token is verified.When being verified, authorization server 230 is sent to gateway 510 passes through signal.
When gateway 510 is received by signal, server response request is sent to internet of things equipment 520.The Internet of Things
Equipment 520 is decrypted to service response information and performs corresponding operation.
Shown in Fig. 7 is that the access method provided in embodiment 5 is performed using the Internet of things system.
Equipment management device 410 sends the solicited message for obtaining internet of things equipment information, the request to customer service device
Information includes the ID of token and internet of things equipment.
Token is sent to authorization server 230 and verified by customer service device 310, to customer service when being verified
Device 310, which is provided, passes through signal.Customer service device receive by after signal by internet of things equipment information (including gateway address
With internet of things equipment ID) send to equipment management device.
Equipment management device 410 sends callback request information to gateway 510, and gateway 510 is by callback request information
Token is sent to authorization server 230, when token is by verifying, authorization server 230 is sent to gateway passes through signal.
When gateway 510 is received by signal, callback request information is sent to corresponding internet of things equipment 520.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, but the invention is not limited in this.For those skilled in the art, the essence of the present invention is not being departed from
In the case of refreshing and essence, various changes and modifications can be made therein, and these variations and modifications are also considered as protection scope of the present invention.
Claims (10)
1. a kind of access authorization methods of internet of things equipment in Internet of things system, the Internet of Things includes multiple internet of things equipment,
Characterized in that, the access authorization methods include:
Logging on authentication is verified;
When the logging on authentication is by verifying, access rights code corresponding with the logging on authentication, the access rights are generated
Code corresponds to all internet of things equipment in the logging on authentication authority;
Token request is sent to authorization server, the token request includes the access rights code;
Receive the authorization server generation corresponds to the token that the token is asked, according to being able to access that the token
All internet of things equipment in logging on authentication authority.
2. access authorization methods according to claim 1, it is characterised in that the access authorization methods also include:
Logging on authentication is generated according to the log-on message received.
3. a kind of access mandate equipment of internet of things equipment in Internet of things system, the Internet of things system also includes multiple Internet of Things
Equipment, the access mandate equipment includes equipment management device, certificate server and authorization server;
The equipment management device is used to send login credential to the certificate server;
The certificate server is used to verify the login credential received, and the certificate server is additionally operable to described
Access rights code is generated when login credential is verified, and access rights code is sent to the equipment management device, institute
State access rights code and correspond to all internet of things equipment that the logging on authentication is able to access that;
The equipment management device is additionally operable to according to access rights code generation token request, and the token is asked into transmission
To the authorization server;
The authorization server is used for according to token request generation token, and the token is sent to the equipment control
Device, wherein, all internet of things equipment in the logging on authentication authority are able to access that according to the token.
4. access mandate equipment according to claim 3, it is characterised in that the equipment management device, which is used to receive, to be logged in
Information, and corresponding logging on authentication is generated according to log-on message.
5. a kind of access method of internet of things equipment in Internet of things system, the Internet of things system includes gateway and multiple things
Networked devices, it is characterised in that the access method includes:
Token is obtained, including access authorization methods according to claim 1 or 2 obtain the token;
The access method also includes:
It is corresponding to internet of things equipment to be visited when accessing any one of internet of things equipment in the token authority
Gateway sends the token and access instruction;And
When the token authentication by after, control the gateway to send the access instruction to the internet of things equipment.
6. access method according to claim 5, it is characterised in that the step of access method is included in acquisition token
And to internet of things equipment to be visited corresponding gateway send the token the step of between carry out:
Obtain the information for the internet of things equipment for sending service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein, the access instruction includes
Corresponding to the service request response message of the service request.
7. access method according to claim 6, it is characterised in that it is close that the information of the internet of things equipment includes session
Key, session key index value, the address of the device id of the internet of things equipment and gateway corresponding with the internet of things equipment, according to
The step of facility information of the Internet of Things generates the access instruction includes:
Obtain the session key and session key index value of the service request;
Session key and session key index value according to getting are decoded to the service request;
The access instruction, the equipment that the access instruction includes the internet of things equipment are generated according to decoded service request
ID, the session key index value, the token and the service request response message.
8. access method according to claim 5, it is characterised in that the access instruction includes callback request information, institute
Stating callback request information includes the token, the information of the internet of things equipment and callback service-number, the internet of things equipment
Information including internet of things equipment device id and the address of gateway corresponding with the internet of things equipment, the access method includes
The step of token is obtained and to internet of things equipment to be visited corresponding gateway send the token the step of between carry out:
The solicited message for the information for obtaining internet of things equipment to be visited is sent, the solicited message includes Internet of Things to be visited
The information of equipment and the token;
The token is verified, when the token is by verifying, the information of the internet of things equipment to be visited is returned to.
9. a kind of Internet of things system, the Internet of things system includes gateway and multiple internet of things equipment, it is characterised in that the thing
Networked system also includes the access mandate equipment and customer service device described in claim 3 or 4, wherein,
The equipment management device is additionally operable to send the token to the corresponding gateway of internet of things equipment to be visited, and described
Equipment management device is additionally operable to send the process instruction to the gateway,
The gateway is used for after the token is received, and the token is sent to the authorization server, the mandate clothes
Business device is used to verify the token after the token is received;
The customer service device is used to receive to verify the token after the token, also, the customer service
Device is additionally operable to receive and stored the information that the internet of things equipment is sent, and for being responded to inquiry request.
10. Internet of things system according to claim 9, it is characterised in that the equipment management device is obtained including key
Module, decoder module and process instruction generation module, the Key Acquisition Module are used to obtain the session key in the request
And session key index value, the decoder module be used for according to the Key Acquisition Module obtain the session key and
The session key index value is decoded to the request, and the process instruction generation module is used for according to decoded request
Generate the process instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537749.3A CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537749.3A CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107124433A true CN107124433A (en) | 2017-09-01 |
| CN107124433B CN107124433B (en) | 2019-08-06 |
Family
ID=59730973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710537749.3A Active CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107124433B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108366132A (en) * | 2018-03-13 | 2018-08-03 | 平安普惠企业管理有限公司 | Service management, device, computer equipment between server and storage medium |
| CN108600376A (en) * | 2018-04-27 | 2018-09-28 | 深圳市信锐网科技术有限公司 | Data transmission method, device, LoRa gateways, system based on LoRa and storage medium |
| CN108777699A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | A kind of application cross-domain access method under the domain collaborative multi framework based on Internet of Things |
| CN109286627A (en) * | 2018-10-10 | 2019-01-29 | 四川长虹电器股份有限公司 | Identity identifying method based on double factor authentication |
| CN110232271A (en) * | 2018-03-06 | 2019-09-13 | 通用汽车环球科技运作有限责任公司 | The replacement of vehicle control module security credence |
| CN110795174A (en) * | 2019-10-31 | 2020-02-14 | 成都西加云杉科技有限公司 | Application program interface calling method, device, equipment and readable storage medium |
| CN111049799A (en) * | 2019-11-13 | 2020-04-21 | 华为终端有限公司 | Control method, device and system |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111149334A (en) * | 2017-11-23 | 2020-05-12 | 阿姆有限公司 | Remote device control |
| CN111737681A (en) * | 2020-06-08 | 2020-10-02 | 海尔优家智能科技(北京)有限公司 | Resource acquisition method and device, storage medium and electronic device |
| CN113067797A (en) * | 2021-02-01 | 2021-07-02 | 上海金融期货信息技术有限公司 | Identity authentication and authorization system supporting multiple terminals and multiple certificates in cross-network area |
| CN113329003A (en) * | 2021-05-24 | 2021-08-31 | 广州大学 | Access control method, user equipment and system for Internet of things |
| CN113711631A (en) * | 2019-05-02 | 2021-11-26 | 华为技术有限公司 | Mobile equipment for controlling Internet of things equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
-
2017
- 2017-07-04 CN CN201710537749.3A patent/CN107124433B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111149334A (en) * | 2017-11-23 | 2020-05-12 | 阿姆有限公司 | Remote device control |
| CN110232271A (en) * | 2018-03-06 | 2019-09-13 | 通用汽车环球科技运作有限责任公司 | The replacement of vehicle control module security credence |
| CN108366132A (en) * | 2018-03-13 | 2018-08-03 | 平安普惠企业管理有限公司 | Service management, device, computer equipment between server and storage medium |
| CN108777699B (en) * | 2018-04-13 | 2021-06-22 | 西安电子科技大学 | Application cross-domain access method based on Internet of things multi-domain collaborative architecture |
| CN108777699A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | A kind of application cross-domain access method under the domain collaborative multi framework based on Internet of Things |
| CN108600376B (en) * | 2018-04-27 | 2021-10-22 | 深圳市信锐网科技术有限公司 | Data transmission method and device based on LoRa, LoRa gateway, system and storage medium |
| CN108600376A (en) * | 2018-04-27 | 2018-09-28 | 深圳市信锐网科技术有限公司 | Data transmission method, device, LoRa gateways, system based on LoRa and storage medium |
| CN109286627A (en) * | 2018-10-10 | 2019-01-29 | 四川长虹电器股份有限公司 | Identity identifying method based on double factor authentication |
| CN111125648B (en) * | 2018-11-01 | 2022-03-29 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN113711631A (en) * | 2019-05-02 | 2021-11-26 | 华为技术有限公司 | Mobile equipment for controlling Internet of things equipment |
| CN113711631B (en) * | 2019-05-02 | 2024-04-09 | 华为云计算技术有限公司 | Mobile device for controlling Internet of things equipment |
| CN110795174A (en) * | 2019-10-31 | 2020-02-14 | 成都西加云杉科技有限公司 | Application program interface calling method, device, equipment and readable storage medium |
| CN110795174B (en) * | 2019-10-31 | 2023-03-14 | 成都西加云杉科技有限公司 | Application program interface calling method, device, equipment and readable storage medium |
| CN111049799A (en) * | 2019-11-13 | 2020-04-21 | 华为终端有限公司 | Control method, device and system |
| CN111737681A (en) * | 2020-06-08 | 2020-10-02 | 海尔优家智能科技(北京)有限公司 | Resource acquisition method and device, storage medium and electronic device |
| CN113067797A (en) * | 2021-02-01 | 2021-07-02 | 上海金融期货信息技术有限公司 | Identity authentication and authorization system supporting multiple terminals and multiple certificates in cross-network area |
| CN113329003A (en) * | 2021-05-24 | 2021-08-31 | 广州大学 | Access control method, user equipment and system for Internet of things |
| CN113329003B (en) * | 2021-05-24 | 2022-02-11 | 广州大学 | Access control method, user equipment and system for Internet of things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107124433B (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107124433B (en) | Internet of things system, internet of things equipment access method, access authorization methods and equipment | |
| RU2527730C2 (en) | Security key management in ims-based multimedia broadcast and multicast services (mbms) | |
| CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
| CN105516980B (en) | A kind of wireless sensor network token authentication method based on Restful frameworks | |
| US20150365400A1 (en) | Password-less authentication system and method | |
| CN104954330B (en) | A kind of methods, devices and systems to be conducted interviews to data resource | |
| CN102457509B (en) | Cloud computing resources safety access method, Apparatus and system | |
| US20150288701A1 (en) | Invitation links with enhanced protection | |
| CN107251035A (en) | Account recovers agreement | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| CN105049427B (en) | The management method and device of application system login account | |
| CN103685282A (en) | Identity authentication method based on single sign on | |
| CN101534192B (en) | System used for providing cross-domain token and method thereof | |
| CN103944900A (en) | Cross-station request attack defense method and device based on encryption | |
| CN106537864A (en) | Resource access method and apparatus | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN104054321A (en) | Security management for cloud services | |
| CN102201915A (en) | Terminal authentication method and device based on single sign-on | |
| CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| Beltran | Characterization of web single sign-on protocols | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| US11811739B2 (en) | Web encryption for web messages and application programming interfaces | |
| Park et al. | A selective group authentication scheme for IoT-based medical information system | |
| Huang et al. | A token-based user authentication mechanism for data exchange in RESTful API |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |