CN107124433B - Internet of things system, internet of things equipment access method, access authorization methods and equipment - Google Patents
Internet of things system, internet of things equipment access method, access authorization methods and equipment Download PDFInfo
- Publication number
- CN107124433B CN107124433B CN201710537749.3A CN201710537749A CN107124433B CN 107124433 B CN107124433 B CN 107124433B CN 201710537749 A CN201710537749 A CN 201710537749A CN 107124433 B CN107124433 B CN 107124433B
- Authority
- CN
- China
- Prior art keywords
- internet
- token
- things
- access
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000013475 authorization Methods 0.000 title claims abstract description 54
- 230000004044 response Effects 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 14
- 230000004083 survival effect Effects 0.000 claims 1
- 238000007726 management method Methods 0.000 description 34
- 230000005540 biological transmission Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 4
- 230000006855 networking Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 238000002716 delivery method Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of access authorization methods of internet of things equipment in Internet of things system, and the Internet of Things includes multiple internet of things equipment, comprising: is verified to logging on authentication;When the logging on authentication passes through verifying, access authority code corresponding with the logging on authentication is generated, the access authority code corresponds to all internet of things equipment in the logging on authentication permission;Token request is sent to authorization server, the token request includes the access authority code;The token for corresponding to token request that the authorization server generates is received, all internet of things equipment in the logging on authentication permission are able to access that according to the token.
Description
Technical field
The present invention relates to internet of things field, and in particular, to the access mandate of internet of things equipment in a kind of Internet of things system
Method, the access mandate equipment for executing the access authorization methods, in Internet of things system internet of things equipment access method and one kind
Internet of things system.
Background technique
Currently, Internet of Things is in many fields (for example, the fields such as medical treatment, traffic, household)
It is all widely used, includes multiple internet of things equipment in each Internet of Things.User can pass through Internet of Things
Net equipment is communicated with manufacturer, to solve the problems, such as.For example, when user's internet of things equipment currently in use breaks down, it can
To be reacted by Internet of Things to manufacturer, and the administrator of manufacturer needs to remotely access internet of things equipment.In order to guarantee safety, manage
Reason person's one internet of things equipment of every login requires to carry out one-time authentication, reduces treatment effeciency.
Therefore, how to improve the data-handling efficiency in Internet of Things becomes the technical issues of this field reception solves.
Summary of the invention
The purpose of the present invention is to provide access authorization methods of internet of things equipment in a kind of Internet of things system, execute the visit
Ask the access mandate equipment of authorization method, the access method of internet of things equipment and a kind of Internet of things system in Internet of things system.Institute
Stating access authorization methods can be improved data-handling efficiency in Internet of Things.
To achieve the goals above, as one aspect of the present invention, internet of things equipment in a kind of Internet of things system is provided
Access authorization methods, the Internet of Things includes multiple internet of things equipment, wherein the access authorization methods include:
Logging on authentication is verified;
When the logging on authentication passes through verifying, access authority code corresponding with the logging on authentication, the access are generated
Permission code corresponds to all internet of things equipment in the logging on authentication permission;
Token request is sent to authorization server, the token request includes the access authority code;
The token for corresponding to token request that the authorization server generates is received, is able to access that according to the token
All internet of things equipment in the logging on authentication permission.
Preferably, the access authorization methods further include:
Logging on authentication is generated according to the log-on message received.
As the second aspect of the invention, a kind of access mandate equipment of internet of things equipment in Internet of things system is provided,
The Internet of things system further includes multiple internet of things equipment, and the access mandate equipment includes equipment management device, authentication service
Device and authorization server;
The equipment management device is used to logging on authentication being sent to the certificate server;
The certificate server is for verifying the logging on authentication received, and the certificate server is also used to
Access authority code is generated when the logging on authentication is verified, and the access authority code is sent to the equipment management and is filled
It sets, the access authority code corresponds to all internet of things equipment that the logging on authentication is able to access that;
The equipment management device is also used to generate token request according to the access authority code, and the token is requested
It is sent to the authorization server;
The authorization server is used to be requested to generate token according to the token, and the token is sent to the equipment
Managing device, wherein all internet of things equipment in the logging on authentication permission are able to access that according to the token.
Preferably, the equipment management device generates corresponding log in for receiving log-on message, and according to log-on message
Voucher.
As the third aspect of the invention, a kind of access method of internet of things equipment in Internet of things system is provided, it is described
Internet of things system includes gateway and multiple internet of things equipment, wherein the access method includes:
Token is obtained, including provided above-mentioned access authorization methods obtain the token according to the present invention;
The access method further include:
When accessing any one of internet of things equipment in the token permission, to internet of things equipment pair to be visited
The gateway answered sends the token and access instruction;And
After the token authentication passes through, the gateway is controlled by the access instruction and is sent to the internet of things equipment.
Preferably, the access method include the steps that obtain token with to the corresponding net of internet of things equipment to be visited
It is carried out between the step of closing the transmission token:
Obtain the information for sending the internet of things equipment of service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein the access instruction
Service request response message including corresponding to the service request.
Preferably, the information of the internet of things equipment includes session key, session key index value, the internet of things equipment
Device id and gateway corresponding with the internet of things equipment address, the access is generated according to the facility information of the Internet of Things
The step of instruction includes:
Obtain the session key and session key index value of the service request;
The service request is decoded according to the session key and session key index value that get;
The access instruction is generated according to decoded service request, the access instruction includes the internet of things equipment
Device id, the session key index value, the token and the service request response message.
Preferably, the access instruction includes callback request information, and the callback request information includes the token, described
The information and callback service-number of internet of things equipment, the information of the internet of things equipment include internet of things equipment device id and with
The address of the corresponding gateway of the internet of things equipment, the access method include the steps that obtaining token and to Internet of Things to be visited
It is carried out between the step of corresponding gateway of net equipment sends the token:
The solicited message for obtaining the information of internet of things equipment to be visited is sent, the solicited message includes object to be visited
The information of networked devices and the token;
The token is verified, when the token passes through verifying, returns to the internet of things equipment to be visited
Information.
As the third aspect of the invention, a kind of Internet of things system is provided, the Internet of things system includes gateway and more
A internet of things equipment, which is characterized in that the Internet of things system further include above-mentioned access mandate equipment provided by the present invention with
And customer service device, wherein
The equipment management device is also used to send the token to the corresponding gateway of internet of things equipment to be visited, and
The equipment management device is also used to send the process instruction to the gateway,
The gateway is used for after receiving the token, and the token is sent to the authorization server, described to award
Power server is for verifying the token after receiving the token;
The customer service device is also used to receive and store the information that the internet of things equipment is sent, and for looking into
Request is ask to be responded.
Preferably, the equipment management device includes Key Acquisition Module, decoder module and process instruction generation module, institute
It states Key Acquisition Module and is used for for obtaining session key and session key index value in the request, the decoder module
The session key and the session key index value obtained according to the Key Acquisition Module solves the request
Code, the process instruction generation module are used to generate the process instruction according to decoded request.
When being managed to Internet of Things, according to the difference of administrator right, the Internet of Things which is able to access that is set
Standby quantity and address is also different.Each administrator has a logging on authentication, therefore, object corresponding to each logging on authentication
The quantity of networking and address are also different.In the present invention, access authority code is able to access that all corresponding to the logging on authentication
Internet of things equipment.The token is generated by authorization server, due to including the access authority code in token request,
Therefore, the token, which has, accesses the permission that the access authority code weight limits interior all internet of things equipment.Administrator is passing through object
After networking gets the token, it can use token and access all internet devices within the scope of the administrator right.When connecing
After the request (for example, service request, callback request etc.) for receiving internet of things equipment transmission, administrator only needs to utilize equipment management
Token is sent to internet of things equipment and is verified by system, repeat logon is not necessarily to, to improve processing internet of things equipment
The efficiency of request.
Detailed description of the invention
The drawings are intended to provide a further understanding of the invention, and constitutes part of specification, with following tool
Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart of the access authorization methods of internet of things equipment in Internet of things system provided by the present invention;
Fig. 2 is the flow chart that access mandate equipment provided by the present invention executes the access authorization methods;
Fig. 3 is the se ce request procedure figure of internet of things equipment;
Fig. 4 is the flow chart of access method provided by the present invention;
Fig. 5 is the schematic diagram of Internet of things system provided by the present invention;
Fig. 6 is a kind of schematic diagram for embodiment that Internet of things system provided by the present invention executes access method;
Fig. 7 is the schematic diagram for another embodiment that Internet of things system provided by the present invention executes access method.
Description of symbols
210: equipment management device 220: certificate server
230: authorization server 310: customer service device
410: equipment management device 510: gateway
520: internet of things equipment
Specific embodiment
Below in conjunction with attached drawing, detailed description of the preferred embodiments.It should be understood that this place is retouched
The specific embodiment stated is merely to illustrate and explain the present invention, and is not intended to restrict the invention.
Embodiment 1
The embodiment of the present invention 1 provides a kind of access authorization methods of internet of things equipment in Internet of things system, the Internet of Things
Including multiple internet of things equipment, wherein as shown in Figure 1, the access authorization methods include:
In step s 110, logging on authentication is verified;
In the step s 120, when the logging on authentication passes through verifying, access right corresponding with the logging on authentication is generated
Code is limited, the access authority code corresponds to all internet of things equipment that the logging on authentication is able to access that;
In step s 130, token request is sent to authorization server, the token request includes the access authority code;
In step S140, the token for corresponding to token request that the authorization server generates is received.
When being managed to Internet of Things, according to the difference of administrator right, the Internet of Things which is able to access that is set
Standby quantity and address is also different.Each administrator has a logging on authentication, therefore, object corresponding to each logging on authentication
The quantity of networking and address are also different.In the present invention, access authority code is able to access that all corresponding to the logging on authentication
Internet of things equipment.The token is generated by authorization server, due to including the access authority code in token request,
Therefore, the token, which has, accesses the permission that the access authority code weight limits interior all internet of things equipment.Administrator is passing through object
After networking gets the token, it can use token and access all internet devices within the scope of the administrator right.When connecing
After the request (for example, service request etc.) for receiving internet of things equipment transmission, administrator only needs to utilize equipment management system military order
Board is sent to internet of things equipment and is verified, and is not necessarily to repeat logon, to improve the effect of processing internet of things equipment request
Rate.
In the present invention, to how to generate logging on authentication, there is no special requirements, for example, administrator can received
Logging on authentication is generated after the log-on message of input.That is, the access authorization methods further include carrying out before step S110:
In the step s 100, logging on authentication is generated according to the log-on message received.
Log-on message is manually entered by administrator, for example, log-on message includes the user name of administrator, Yong Humi
The information such as code, identifying code.
In the present invention, step S100 and step S110 is as performed by equipment management system.That is, administrator passes through
Log-on message is input in login interface by input equipment (for example, keyboard, touch screen etc.), and equipment management system can be stepped on according to this
It records information and generates logging on authentication, and the logging on authentication is verified.The main contents of verifying are whether to verify the logging on authentication
It is legal.When the logging on authentication passes through verifying, show that the logging on authentication is legal.Since the logging on authentication is legal
, therefore, the token received in step s 130 can be as all internet of things equipment within the scope of login administrator right
Validation certificate.
Embodiment 2
Implement to provide a kind of access mandate equipment of internet of things equipment in Internet of things system, the Internet of Things in 2 in the present invention
Net system includes multiple internet of things equipment, and the access mandate equipment is for executing above-mentioned visit provided by the embodiment of the present invention 1
Ask authorization method.Specifically, as shown in Fig. 2, the access mandate equipment includes equipment management device 210, certificate server 220
With authorization server 230.
Equipment management device 210 is for executing step S110, that is, equipment management device 210 is for sending logging on authentication
To certificate server 220.
Certificate server 220 is for executing step S120, that is, certificate server 220 is used for the logging on authentication received
It is verified, and certificate server 220 is also used to generate access authority code when the logging on authentication is verified, and will be described
Access authority code is sent to equipment management device 210, and the access authority code corresponds to the institute that the logging on authentication is able to access that
There is internet of things equipment.
Equipment management device 210 is also used to execute step S130, that is, equipment management device 210 is also used to according to the visit
It asks that permission code generates token request, and token request is sent to authorization server 230.
Authorization server 230 is for executing step S140, that is, authorization server is used to request to generate according to the token and enable
Board, and the token is sent to equipment management device 210, wherein the logging on authentication energy is able to access that according to the token
All internet of things equipment of enough methods.
The working principle of the access authorization methods of Internet of Things and beneficial is described in detail in the embodiment of the present invention 1
Therefore effect no longer repeats one by one here.
As mentioned above it is possible, preferably, equipment management device 210 is also used to receive log-on message, and according to log-on message
Generate corresponding logging on authentication.
Embodiment 3
As the third aspect of the invention, a kind of access method of internet of things equipment in Internet of things system is provided.
The Internet of things system includes gateway and multiple internet of things equipment, wherein as shown in figure 4, the access method packet
It includes:
In step s310, the step of acquisition token, the acquisition token includes provided above-mentioned access according to the present invention
Authorization method obtains token.
The access method further include:
In step s 320, when accessing any one of internet of things equipment in the token permission, to be visited
The corresponding gateway of internet of things equipment send the token and access instruction;And
In step S330, after the token authentication passes through, the gateway is controlled by the access instruction and is sent to institute
State internet of things equipment.
In the present embodiment in provided access method, it is only performed once step S310.Step S320 and step S330
It can execute repeatedly.
As mentioned above it is possible, using the access authorization methods obtain token be able to access that the token it is corresponding log in
Internet of things equipment all in access authority is demonstrate,proved, therefore, when accessing multiple internet of things equipment, it is only necessary to log in primary acquisition institute
State token.In subsequent access process, it is only necessary to the token are sent to gateway and verified, weight is not needed
Log-on message is inputted again, to simplify maintaining method, reduces the time cost safeguarded to internet of things equipment.
In the present invention, the access instruction can be the instruction of active accessing internet of things equipment (for example, information collection refers to
Enable), it is also possible to passive access instruction, (for example, maintenance instructions) do not do special limitation here.
It is easily understood that controlling the gateway after token is by verifying for the access instruction and being sent to phase
The internet of things equipment answered, to access the internet of things equipment according to the access instruction.
As mentioned above it is possible, access instruction provided by the present invention can be the access for actively accessing the internet of things equipment
Instruction, is also possible to the access instruction of internet of things equipment described in passive access.Separately below in conjunction with the embodiments 4 and embodiment 5 it is right
Both scenes are described in detail
Embodiment 4
In the present embodiment, the access instruction is passive access instruction, that is, the internet of things equipment actively initiates service
Request, accesses according to internet of things equipment of the service request to the initiation service request.Correspondingly, the access method
Including the following steps carried out between step S310 and step S320:
Obtain the information for sending the internet of things equipment of service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein the access instruction
Service request response message including corresponding to the service request.
When using method provided by the embodiment of the present invention, as internet of things equipment actively initiates service request (for example, dimension
Shield request), it include the information for sending the internet of things equipment of the request in the service request.Therefore, administrator passes through the equipment
After managing device receives the request, the available information to the internet of things equipment for sending the request, and generate corresponding
Service request response message.
Then, the service request response message and the token are sent to corresponding gateway.At this point, administrator without
It need to log in again, in internet of things equipment corresponding by gateway access, it is only necessary to send token.When token is verified
When, the service request response message is forwarded to corresponding internet of things equipment by the gateway, with to the internet of things equipment into
The corresponding service of row.Also, maintenance cost can be reduced using access method provided by the present embodiment.
In the present invention, to the specific format of service request, there is no special requirements, also, to internet of things equipment how
Send the service request also not special requirement.A kind of higher service request hair of security performance is introduced below with reference to Fig. 3
Delivery method:
Step 1, internet of things equipment 520 send a session key information to gateway 510, which includes should
The ID (for example, equipment string number) of internet of things equipment, using the master key MK session key information (SK+ random number N) encrypted and
The address information of customer service device, wherein N can be timestamp, and random number N can be to avoid repeat attack.
Step 2, gateway 510 obtain the address of customer service device 310 from the session key information received, by IoT net
Network environmental information resolves to the information of Internet environment, and service request information is transmitted to customer service device 310.
Step 3, customer service device 310 obtain corresponding according to the ID of the internet of things equipment 520 in service request information
Equipment master key MK (is stored corresponding to the ID of internet of things equipment and the ID of each internet of things equipment in customer service device
Master key MK), the information encrypted using master key MK is decrypted subsequent customer service device 310, obtains session key SK
And random number N, customer service device 310 stores the session key SK, and session key is arranged for session key SK and indexes
Value.
Step 4, customer service device 310 add 1 to the random number N received, then using session key SK to information into
Row encryption, obtains encryption information, and the subsequent customer service device is by the ID of internet of things equipment, session key index value, encryption
Information is sent to gateway 510 as session key response message.
After step 5, gateway 510 receive the response message, by the ID of internet of things equipment 520 and session cipher key index value
(that is, the corresponding session key index value of the ID of an internet of things equipment) is stored correspondingly.In transmission later
In the process, corresponding internet of things equipment can be mapped to by session key index value, therefore, there is no need to retransmit Internet of Things and sets
The information of Internet environment is resolved to the information of IoT network environment, then forwarded the information to by standby ID, gateway 510
Internet of things equipment 520.
After step 6, internet of things equipment 520 receive information, information is decrypted, verifies random number N+1, explanation receives
Information come from customer service device 310.Internet of things equipment 520 encrypts service request and new random number, is added
Confidential information, it will words cipher key index value, encryption information, 310 address of customer service device are sent to gateway as service request
510。
Step 7, gateway 510 read the address of customer service device 310 from the service request received, by IoT network
The information of environment resolves to the information of Internet environment, and service request information is transmitted to customer service device 310.
The service request information can be activation solicited message, maintenance request message or other service request informations.
Correspondingly, the information of the internet of things equipment includes the corresponding session key of the service request, session key rope
The address for drawing value, the device id of the internet of things equipment and gateway corresponding with the internet of things equipment, according to the Internet of Things
The step of facility information generation access instruction, includes the steps that
Obtain the session key and session key index value in the service request;
The service request is decoded according to the session key and session key index value that get;
The access instruction is generated according to decoded service request, the access instruction includes the internet of things equipment
Device id, the session key index value, the token and the service request response message.Wherein, the service request is answered
Answering information is encryption information.
In the present embodiment, gateway can verify the token.When being verified, the gateway is by the clothes
Business request-reply information is forwarded to the internet of things equipment, and the internet of things equipment solves the service request response message
Code, and execute corresponding operation.Due to the session key index value be it is corresponding with the ID of internet of things equipment,
In way access method provided by the present invention, the ID of internet of things equipment is not present in communication process, to improve visit
The safety asked.
Embodiment 5
In the present embodiment, access request is actively initiated by administrator.As a kind of specific embodiment, the access refers to
Order may include callback request, and the information of corresponding internet of things equipment can be acquired by the callback request.The callback request
Information includes the token, the information of the internet of things equipment and callback service-number.The packet of internet of things equipment herein
Include the device id of the internet of things equipment and the address of gateway corresponding with the internet of things equipment.
Specifically, the access instruction includes the token, the information of the internet of things equipment and callback service-number.
Correspondingly, the access method can also include carrying out between step S310 and step S320:
The solicited message for obtaining the information of internet of things equipment to be visited is sent, the solicited message includes object to be visited
The information of networked devices and the token;
The token is verified, when the token passes through verifying, returns to the internet of things equipment to be visited
Information.
When token passes through verifying, the callback service-number in callback request is sent to corresponding Internet of Things and set by gateway
It is standby.
Similarly, when carrying out information collection to different internet of things equipment using access method provided by the present invention, only
It needs once to be logged in, the information for acquiring different internet of things equipment, which also only needs to send token to corresponding gateway, to be tested
Card.When token passes through verifying, the callback request is directly sent to internet of things equipment to be collected.Thus may be used
Know, do not need repeatedly to log in when carrying out information collection to different internet of things equipment using maintaining method provided by the present invention,
Maintenance step has been saved, the cost of information collection is reduced.
Embodiment 6
The embodiment of the present invention provides a kind of Internet of things system, as shown in figure 5, the Internet of things system includes 510 He of gateway
Multiple internet of things equipment 520, the Internet of things system further include above-mentioned access mandate equipment provided by the present invention, wherein
Equipment management device 210 is also used to send the order to the corresponding gateway 510 of internet of things equipment 520 to be visited
Board, and equipment management device 210 is also used to send the process instruction to gateway 520.
Gateway 510 is used for after receiving the token, and the token is sent to authorization server 230, authorization clothes
Business device 230 is for verifying the token after receiving the token.
Customer service device 310 is for verifying the token after receiving the token, also, customer service fills
It sets 310 and is also used to receive and store the information that the internet of things equipment is sent, and for being responded to inquiry request.
It is easily understood that the Internet of things system can not only execute above-mentioned access authorization methods provided by the present invention
The administrator for the equipment management device for logging in the Internet of Things is authorized, additionally it is possible to according to above-mentioned visit provided by the present invention
Ask that method accesses to the internet of things equipment in the Internet of things system.
As mentioned above it is possible, including session key and session key index in the service request that the internet of things equipment is sent
In the specific embodiment of value, the equipment management device can be handled according to the service request of the type.
Specifically, the equipment management device includes Key Acquisition Module, decoder module and process instruction generation module, institute
It states Key Acquisition Module and is used for for obtaining session key and session key index value in the request, the decoder module
The session key and the session key index value obtained according to the Key Acquisition Module solves the request
Code, the process instruction generation module are used to generate the process instruction according to decoded request.
It is discussed in detail how Internet of things system provided by the present invention executes embodiment 4 and implementation below with reference to Fig. 6 and Fig. 7
Access method in example 5.
Shown in fig. 6 is to execute access method provided in embodiment 4 using the Internet of things system.
Equipment management device 410 sends request instruction to customer service device 310, to obtain the equipment letter of service request
Breath.
Customer service device 310 is by the corresponding session key of service request and session key index value, internet of things equipment
The address of device id and gateway corresponding with the internet of things equipment is sent to equipment management device 410.
Equipment management device 410 is decoded using session key and session key index value, obtains service request, and raw
At service request response message.Service request response message is also sent to gateway 510 by equipment management device 410.
Token in service request response message is sent to authorization server 230 by gateway 510, the authorization server 230
Token is verified.When being verified, authorization server 230 passes through signal to the transmission of gateway 510.
Gateway 510 receives when passing through signal, and server response request is sent to internet of things equipment 520.The Internet of Things
Equipment 520 is decrypted service response information and executes corresponding operation.
Shown in Fig. 7 is to execute access method provided in embodiment 5 using the Internet of things system.
Equipment management device 410 sends the solicited message for obtaining internet of things equipment information, the request to customer service device
Information includes the ID of token and internet of things equipment.
Token is sent to authorization server 230 and verified by customer service device 310, to customer service when being verified
The offer of device 310 passes through signal.Customer service device receive by after signal by internet of things equipment information (including gateway address
Equipment management device is sent to internet of things equipment ID).
Callback request information is sent to gateway 510 by equipment management device 410, and gateway 510 will be in callback request information
Token is sent to authorization server 230, and when token passes through verifying, authorization server 230 passes through signal to gateway transmission.
Gateway 510 receives when passing through signal, and callback request information is sent to corresponding internet of things equipment 520.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (7)
1. the access method of internet of things equipment in a kind of Internet of things system, the Internet of things system includes gateway and multiple objects
Networked devices, which is characterized in that the access method includes:
Logging on authentication is verified;
When the logging on authentication passes through verifying, access authority code corresponding with the logging on authentication, the access authority are generated
Code corresponds to all internet of things equipment in the logging on authentication permission;
Token request is sent to authorization server, the token request includes the access authority code;
The token for corresponding to token request that the authorization server generates is received, is able to access that according to the token described
All internet of things equipment in logging on authentication permission;
The access method further include:
Obtain the information for sending the internet of things equipment of service request;
The access instruction is generated according to the facility information for the Internet of Things for sending service request, wherein the access instruction includes
Service request response message corresponding to the service request;
It is corresponding to internet of things equipment to be visited when accessing any one of internet of things equipment in the token permission
Gateway sends the token and access instruction;And
After the token authentication passes through, the gateway is controlled by the access instruction and is sent to the internet of things equipment.
2. access method according to claim 1, which is characterized in that the access authorization methods further include:
Logging on authentication is generated according to the log-on message received.
3. access method according to claim 1, which is characterized in that the information of the internet of things equipment includes that session is close
The address of key, session key index value, the device id of the internet of things equipment and gateway corresponding with the internet of things equipment, according to
The facility information of the Internet of Things generates the step of access instruction and includes:
Obtain the session key and session key index value of the service request;
The service request is decoded according to the session key and session key index value that get;
The access instruction is generated according to decoded service request, the access instruction includes the equipment of the internet of things equipment
ID, the session key index value, the token and the service request response message.
4. access method according to claim 1, which is characterized in that the access instruction includes callback request information, institute
Stating callback request information includes the token, the information of the internet of things equipment and callback service-number, the internet of things equipment
Information include the device id of internet of things equipment and the address of gateway corresponding with the internet of things equipment, the access method includes
It is carried out between in the step of obtaining token and the step of to the corresponding gateway of internet of things equipment to be visited send the token:
The solicited message for obtaining the information of internet of things equipment to be visited is sent, the solicited message includes Internet of Things to be visited
The information of equipment and the token;
The token is verified, when the token passes through verifying, returns to the information of the internet of things equipment to be visited.
5. a kind of Internet of things system, the Internet of things system includes gateway and multiple internet of things equipment, which is characterized in that the object
Networked system further includes equipment management device, certificate server and authorization server;
The equipment management device is used to logging on authentication being sent to the certificate server;
The certificate server is for verifying the logging on authentication received, and the certificate server is also used to described
Access authority code is generated when logging on authentication is verified, and the access authority code is sent to the equipment management device, institute
It states access authority code and corresponds to all internet of things equipment that the logging on authentication is able to access that;
The equipment management device is also used to generate token request according to the access authority code, and the token is requested to send
To the authorization server;
The authorization server is used to be requested to generate token according to the token, and the token is sent to the equipment management
Device, wherein all internet of things equipment in the logging on authentication permission are able to access that according to the token;
The equipment management device is also used to send the token to the corresponding gateway of internet of things equipment to be visited, and described
Equipment management device is also used to send process instruction to the gateway;
The gateway is used for after receiving the token, and the token is sent to authorization server, the authorization server
For being verified after receiving the token to the token;
Customer service device is used to receive and store the information that the internet of things equipment is sent, and for carrying out to inquiry request
Response.
6. Internet of things system according to claim 5, which is characterized in that the equipment management device includes that key obtains mould
Block, decoder module and process instruction generation module, the Key Acquisition Module be used to obtain session key in the request with
And session key index value, the session key and institute that the decoder module is used to be obtained according to the Key Acquisition Module
It states session key index value to be decoded the request, the process instruction generation module according to decoded for that please seek survival
At the process instruction.
7. Internet of things system according to claim 5, which is characterized in that the equipment management device logs in letter for receiving
Breath, and corresponding logging on authentication is generated according to log-on message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537749.3A CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710537749.3A CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107124433A CN107124433A (en) | 2017-09-01 |
| CN107124433B true CN107124433B (en) | 2019-08-06 |
Family
ID=59730973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710537749.3A Active CN107124433B (en) | 2017-07-04 | 2017-07-04 | Internet of things system, internet of things equipment access method, access authorization methods and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107124433B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2568871B (en) * | 2017-11-23 | 2021-09-22 | Advanced Risc Mach Ltd | Devices and methods for control of internet of things (IoT) devices |
| US20190278903A1 (en) * | 2018-03-06 | 2019-09-12 | GM Global Technology Operations LLC | Vehicle control module security credential replacement |
| CN108366132B (en) * | 2018-03-13 | 2021-01-08 | 平安普惠企业管理有限公司 | Method and device for managing service between servers, computer equipment and storage medium |
| CN108777699B (en) * | 2018-04-13 | 2021-06-22 | 西安电子科技大学 | Application cross-domain access method based on Internet of things multi-domain collaborative architecture |
| CN108600376B (en) * | 2018-04-27 | 2021-10-22 | 深圳市信锐网科技术有限公司 | Data transmission method and device based on LoRa, LoRa gateway, system and storage medium |
| CN109286627A (en) * | 2018-10-10 | 2019-01-29 | 四川长虹电器股份有限公司 | Identity identifying method based on double factor authentication |
| CN111125648B (en) * | 2018-11-01 | 2022-03-29 | 大唐移动通信设备有限公司 | Equipment change method and device |
| EP3942853A1 (en) * | 2019-05-02 | 2022-01-26 | Huawei Technologies Co., Ltd. | A mobile device for controlling an internet of things device |
| CN110795174B (en) * | 2019-10-31 | 2023-03-14 | 成都西加云杉科技有限公司 | Application program interface calling method, device, equipment and readable storage medium |
| CN111049799B (en) * | 2019-11-13 | 2022-01-21 | 华为终端有限公司 | Control method, device and system |
| CN111737681A (en) * | 2020-06-08 | 2020-10-02 | 海尔优家智能科技(北京)有限公司 | Resource acquisition method and device, storage medium and electronic device |
| CN113067797B (en) * | 2021-02-01 | 2023-04-07 | 上海金融期货信息技术有限公司 | Identity authentication and authorization system supporting multiple terminals and multiple certificates in cross-network area |
| CN113329003B (en) * | 2021-05-24 | 2022-02-11 | 广州大学 | Access control method, user equipment and system for Internet of things |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
-
2017
- 2017-07-04 CN CN201710537749.3A patent/CN107124433B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107124433A (en) | 2017-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107124433B (en) | Internet of things system, internet of things equipment access method, access authorization methods and equipment | |
| CN106357649B (en) | User identity authentication system and method | |
| CN106534175B (en) | Open platform authorization identifying system and method based on OAuth agreement | |
| CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
| US8984295B2 (en) | Secure access to electronic devices | |
| EP3412001B1 (en) | A method of data transfer and cryptographic devices | |
| CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| CN102171969A (en) | A method for operating a network, a system management device, a network and a computer program therefor | |
| CN104054321A (en) | Security management for cloud services | |
| CN103067399A (en) | A wireless transmitting/receiving unit | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
| CN106537864A (en) | Resource access method and apparatus | |
| CN102457509A (en) | Safe access method, device and system of cloud computing resource | |
| US11811739B2 (en) | Web encryption for web messages and application programming interfaces | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| JP2016521029A (en) | Network system comprising security management server and home network, and method for including a device in the network system | |
| Huang et al. | A token-based user authentication mechanism for data exchange in RESTful API | |
| CN109698746A (en) | Negotiate the method and system of the sub-key of generation bound device based on master key | |
| CN101938465B (en) | Method and system based on webservice authentication | |
| JP2016536678A (en) | Network management security authentication method, apparatus, system, and computer storage medium | |
| CN112383401B (en) | User name generation method and system for providing identity authentication service | |
| KR20130039745A (en) | System and method for authentication interworking | |
| CN111131160B (en) | User, service and data authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |