CN107222373A

CN107222373A - Control method, system, terminal, FIDO servers and the safety means of smart home

Info

Publication number: CN107222373A
Application number: CN201710311631.9A
Authority: CN
Inventors: 倪力立
Original assignee: Shenzhen Wen Ding Chuang Software Co Ltd
Current assignee: Shenzhen Wen Ding Chuang Software Co Ltd
Priority date: 2017-05-05
Filing date: 2017-05-05
Publication date: 2017-09-29
Anticipated expiration: 2037-05-05
Also published as: CN107222373B

Abstract

The present invention relates to Smart Home technical field, it is proposed that a kind of control method of smart home, system, terminal, FIDO servers and safety means.The intelligent home control system includes outside control subsystem and internal control subsystem, the outside control subsystem includes control terminal and safety means, the safety means support the standard agreement of FIDO certifications, and the internal control subsystem includes FIDO servers, home controller and application server.The user account that the present invention is controlled intelligent domestic system using safety means and FIDO servers is registered and operating right certification, when user carries out online high safety rank operation, safety means are used as the second authentication factor, complete to carry out strong level of security authentication to user account, the security of intelligent domestic system control can be ensured on the basis of independent of conventional cipher complexity, it is to avoid user is when operating intelligent domestic system due to the various inconvenience for forgetting Password and occurring.

Description

Control method, system, terminal, FIDO servers and the safety means of smart home

Technical field

The present invention relates to Smart Home technical field, more particularly to the control method of smart home, system, terminal, FIDO Server and safety means.

Background technology

Internet of Things is exactly the connected internet of thing thing, and its core and basis are still internet, are on Internet basic Extension and the network of extension, its user terminal extend and extend between any article and article, enter row information and exchange and communicate. Intelligent domestic system based on technology of Internet of things has the wide market demand, but the Internet of Things industry development of overall apparently China Still in the primary stage.

The principal element for restricting Internet of Things development is safety issue, and the structure of safe Internet of Things relies solely on national formulation Related policy and law is far from being enough, it is necessary to pass through technological means.It is currently based on the smart home of technology of Internet of things System encrypts and carried out the means such as user authentication to solve safety issue frequently with configuration information, but the technological means is to password Excessively rely on, great inconvenience can be brought if user forgets password.

The content of the invention

Set the embodiments of the invention provide a kind of control method of smart home, system, terminal, FIDO servers and safety It is standby, it is intended to solve the problem of current security control intelligent domestic system excessively relies on password.

The first aspect of the embodiment of the present invention provides a kind of intelligent home furnishing control method, applied to Intelligent housing system System, the intelligent home control system includes outside control subsystem and internal control subsystem；

The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described Safety means support the standard agreement of FIDO certifications；

The internal control subsystem includes FIDO servers, application server and home controller, the application service Device supports the application of the control terminal；

The intelligent home furnishing control method includes：In the secure device enrollment user account, by under the user account Operational order available for control smart home carries out mapping association with the user account, treats user's input object run instruction Afterwards, the safety means verify the user account associated with object run instruction, are verified the rear home control Device performs the object run instruction；

The process of registered user's account is：

The control terminal sends registration information to the FIDO servers；

The registration information is built into registration request order by the FIDO servers, by the registration request order The safety means are sent to by the control terminal；

The safety means are received after the registration request order, judge whether the user account sets in the safety Standby middle registration；

If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, will be described The private key of unsymmetrical key pair is stored in the safety means, and the public key of the unsymmetrical key pair is whole by the control End is sent to the FIDO servers；Public key described in the FIDO server storages, and by the public key and the user account It is associated.

The second aspect of the embodiment of the present invention provides a kind of intelligent home control system, including:

Outside control subsystem and internal control subsystem；

The safety means are used for registered user's account, the operation of control smart home will be can be used under the user account Instruction carries out mapping association with the user account, and after after user's input object run instruction, checking refers to the object run The associated user account of order, is verified the rear home controller and performs the object run instruction；

The control terminal includes：

Registration request generation module, for generating and sending registration information to the FIDO servers；

Registration request order transceiver module, for receiving the registration request order of the FIDO servers transmission and by described in Registration request order is sent to the safety means；

Public key transceiver module, for receiving the public key of the safety means transmission and the public key being sent into the FIDO Server；

The safety means include：

Registration request Order receiver module, for receiving that the control terminal sends by the FIDO server constructions Registration request order；

Judge module is registered, for judging whether the user account is registered in the safety means；

Confirmation acquisition module, for obtaining registration confirmation；

Public and private key generation module, if being registered for the user account not in the safety means, is getting note After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored in the safety means, and will The public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal；

The FIDO servers include：

Registration request order structure and sending module, the registration information for being sent according to the control terminal are built The registration request order is simultaneously sent to the control terminal by registration request order；

Public key receiving module, for receiving the public key generated by the safety means；

Public key is stored and relating module, for storing the public key, and the public key is associated with the user account.

The third aspect of the embodiment of the present invention provides a kind of method that control terminal controls smart home, applied to intelligence House control system, the intelligent home control system includes outside control subsystem and internal control subsystem；

The internal control subsystem includes FIDO servers, application server and home controller；

The control terminal controls the method for smart home to be：

The control terminal receives the registration information of user, and is sent to FIDO servers；

The control terminal receives the registration request order sent by the FIDO servers, and the registration request order is As the FIDO servers according to constructed by the registration information；

The registration request order is sent to the safety means by the control terminal, so that the safety means are received To after the registration request order, judge whether the user account is registered in the safety means, it is described if unregistered Safety means then after registration confirmation is got, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, And the public key of the unsymmetrical key pair is sent to the control terminal；

The public key is sent to the FIDO servers by the control terminal, so that described in the FIDO server storages Public key, and the public key is associated with the user account；

The control terminal will can be used for the operational order and user's account of control smart home under the user account Family carries out mapping association；

The control terminal receives object run instruction, so that safety means checking instructs phase with the object run The user account of association, and the home controller is performed the object run instruction after being verified.

The fourth aspect of the embodiment of the present invention provides a kind of method of FIDO server controls smart home, applied to intelligence Energy house control system, the intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

The FIDO servers receive the registration information that the control terminal is sent；

The registration information is built into registration request order by the FIDO servers, by the registration request order The safety means are sent to by the control terminal, so that the safety means are received after the registration request order, Judge whether the user account is registered in the safety means, if unregistered, the safety means are then getting note After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair Public key the FIDO servers are sent to by the control terminal；

Public key described in the FIDO server storages, and the public key is associated with the user account；

After the control terminal receives object run instruction, the FIDO servers coordinate the safety means checking The user account associated with object run instruction, so that the home controller performs the target after being verified Operational order.

5th aspect of the embodiment of the present invention provides a kind of method that safety means control smart home, applied to intelligence House control system, the intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

The safety means receive the registration request order sent by the FIDO servers by the control terminal, institute It is constructed by the registration information sent as the FIDO servers according to the control terminal to state registration request order；

Whether the safety means parse the registration request order, judge the user account in the safety means Middle registration；

If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, and store institute The private key of unsymmetrical key pair is stated, and the public key of the unsymmetrical key pair is sent to the FIDO by the control terminal Server, so that public key described in the FIDO server storages, and the public key is associated with the user account；

After the control terminal receives object run instruction, the safety means are with reference to the FIDO server authentications The user account associated with object run instruction, so that the home controller performs the target after being verified Operational order.

6th aspect of the embodiment of the present invention provides a kind of control terminal, applied to intelligent home control system, difference Data interaction is carried out with FIDO servers and safety means, the control terminal includes：

Registration information transceiver module, for receiving the registration information of user and being sent to the FIDO services Device；

Registration request order transceiver module, for receiving the registration request order of the FIDO servers transmission and by described in Registration request order is sent to the safety means, so that the safety means are received after the registration request order, judges Whether the user account is registered in the safety means, if unregistered, and the safety means are then getting registration really Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair Key is sent to the control terminal, and the registration request order is that the FIDO servers are built according to the registration information 's；

Public key transceiver module, for receiving the public key of the safety means transmission and the public key being sent into the FIDO Server, so that public key described in the FIDO server storages, and the public key is associated with the user account；

Operational order transceiver module, for receiving object run instruction, and after the user account is verified, by mesh Mark operational order is sent to the home controller, so that the home controller performs the object run instruction；

Authentication module, for associated with object run instruction with reference to the FIDO servers and the safety means pair User account is verified.

7th aspect of the embodiment of the present invention provides a kind of FIDO servers, applied to intelligent home control system, with Control terminal is communicated to connect, and carries out data interaction by the control terminal and safety means, and the FIDO servers include：

Registration information receiving module, for receiving the registration information that the control terminal is sent；

Registration request order structure and sending module, for building registration request order and by institute according to registration information State registration request order and the safety means are sent to by the control terminal, so that the safety means receive the note After volume request command, judge whether the user account is registered in the safety means, if unregistered, the safety means Then after registration confirmation is got, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and will be described The public key of unsymmetrical key pair is sent to the control terminal；

Public key receiving module, for receiving public key from the control terminal；

Public key is stored and relating module, for storing the public key, and the public key is associated with the user account；

Authentication module, for instructing associated user to object run with reference to the control terminal and the safety means Account is verified, so that the home controller performs the object run instruction after the user account is verified.

The eighth aspect of the embodiment of the present invention provides a kind of safety means, applied to intelligent home control system, passes through Control terminal carries out data interaction with FIDO servers, and the safety means include：

Registration request Order receiver module, for receiving that the control terminal sends by the FIDO server constructions Registration request order, the registration request order be as the FIDO servers according to constructed by registration information, it is described Registration information is inputted in the control terminal by user and is sent to the FIDO servers by the control terminal；

Confirmation acquisition module, for obtaining registration confirmation；

Public and private key generation module, if being registered for the user account not in the safety means, is getting note After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair Public key the FIDO servers are sent to by the control terminal so that public key described in the FIDO server storages, and The public key is associated with the user account；

Authentication module, for instructing associated use to object run with reference to the control terminal and the FIDO servers Family account is verified, is referred to so that the home controller performs the object run after the user account is verified Order.

The user account that the present invention is controlled intelligent domestic system using safety means and FIDO servers carries out operating rights Certification is limited, when user carries out online high safety rank operation, safety means are completed to user as the second authentication factor Account carries out strong level of security authentication, can ensure intelligent domestic system on the basis of independent of conventional cipher complexity The security of control, it is to avoid user is when operating intelligent domestic system due to the various inconvenience for forgetting Password and occurring, whole mistake Journey is not influenceed by the power of conventional cipher, lifts the information security of user.

Brief description of the drawings

Fig. 1 is a kind of structural representation of intelligent home control system in the embodiment of the present invention；

Fig. 2 is a kind of control method for being used to control intelligent home control system as shown in Figure 1 in the embodiment of the present invention Flow chart；

Fig. 3 is structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention；

Fig. 4 is used to control intelligent home control system as shown in Figure 3 in an application to be a kind of in the embodiment of the present invention The flow chart of control method under scene；

Fig. 5 is structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention；

Fig. 6 is used to control intelligent home control system as shown in Figure 5 in an application to be a kind of in the embodiment of the present invention The flow chart of control method under scene.

Embodiment

Set the embodiments of the invention provide a kind of control method of smart home, system, terminal, FIDO servers and safety It is standby, the security of intelligent domestic system control can be ensured on the basis of independent of conventional cipher complexity, it is to avoid Yong Hu Due to the various inconvenience for forgetting Password and occurring during operation intelligent domestic system.

To enable goal of the invention, feature, the advantage of the present invention more obvious and understandable, below in conjunction with the present invention Accompanying drawing in embodiment, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that disclosed below Embodiment be only a part of embodiment of the invention, and not all embodiment.Based on the embodiment in the present invention, this area All other embodiment that those of ordinary skill is obtained under the premise of creative work is not made, belongs to protection of the present invention Scope.

Referring to Fig. 1, a kind of intelligent home control system includes in the embodiment of the present invention：

Outside control subsystem 10 and internal control subsystem 11；

The outside control subsystem includes control terminal 101 and the safety means 102 communicated with the control terminal；Institute State the standard agreement that safety means support FIDO certifications；

The internal control subsystem includes FIDO servers 111, home controller 112 and application server 113, described FIDO servers and home controller communication connection, the application server support the application of the control terminal；

The control terminal 101 includes：

Registration request generation module 1010, for generating and sending registration information to the FIDO servers；

Registration request order transceiver module 1011, for receiving the registration request order of the FIDO servers transmission and inciting somebody to action The registration request order is sent to the safety means；

Public key transceiver module 1012, for receiving the public key of the safety means transmission and being sent to the public key described FIDO servers；

The safety means 102 include：

Registration request Order receiver module 1020, for receiving that the control terminal sends by the FIDO servers structure The registration request order built；

Judge module 1021 is registered, for judging whether the user account is registered in the safety means；

Confirmation acquisition module 1022, for obtaining registration confirmation；

Public and private key generation module 1023, if being registered for the user account not in the safety means, is being obtained To after registration confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored in the safety means, And the public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal；

The FIDO servers 111 include：

Registration request order structure and sending module 1110, for the registration information sent according to the control terminal Build registration request order and the registration request order is sent to the control terminal；

Public key receiving module 1111, for receiving the public key generated by the safety means；

Public key store with relating module 1112, for storing the public key, and by the public key and the user account phase Association.

Wherein, the internal control subsystem is to be located at the control system within home-ranges, the outside control subsystem System is can be located at the control system of optional position (including beyond home-ranges) remote control intelligent household electrical equipment.

The control terminal refers to the movement or fixed terminal for controlling the intelligent domestic system, can install Intelligent domestic system operation APP all kinds of smart mobile phones, intelligent watch, notebook, tablet personal computer, POS even include vehicle-mounted Computer, the communication modes with safety means can be being mutually combined between USB, bluetooth, NFC or three, the present embodiment pair Its communication modes is not construed as limiting.

The safety means support the standard agreement of FIDO certifications, belong to safety secret key equipment, for combining FIDO services Device realizes registration and operating right certification of the user account under FIDO authentication systems, and the communication modes with control terminal can be Being mutually combined between USB, bluetooth, NFC or three, the present embodiment is not construed as limiting or built-in to its communication modes In the module or equipment of control terminal, with control terminal data communication inside control terminal.

The FIDO servers refer to the server for supporting FIDO (Fast Identity Online) authentication protocol, include two Part a, part is used for authentication storage key, the device certificate that another part is used for the characteristic of authentication storage equipment and trusted.

The home controller include household electric appliances controlling switch and household electric appliances monitoring unit, realize to illumination, TV, The switch control and the monitoring of all kinds of parameters of the electrical equipment such as air-conditioning, water heater.Household electric appliances controlling switch can using relay or The electrical equipment control device of other forms, it would however also be possible to employ intelligent switch.

Further, the home controller can have multiple, and each home controller needs the family of control with it respectively Occupy electrical equipment connection.

The application server is mainly used in providing the reliable running environment of global function to smart home operation APP, can Support the standard agreement of FIDO certifications.

Further, the control terminal also includes：

Acquisition module 1013, for obtaining object run instruction, the object run instruction is selected for user in control terminal The operational order selected；

Checking request sending module 1014, please for instructing corresponding user account to send checking according to the object run Ask to the FIDO servers；

Signal dispatcher module 1015 to be verified, for receiving challenge data that the FIDO servers produce and described Verification command that FIDO servers are built according to the checking request simultaneously sends the challenge data and verification command to described Safety means；

Signing messages transceiver module 1016, for receive the signing messages from the safety means and will described in Signing messages is sent to the FIDO servers；

Operational order sending module 1017, will if being sign test success for the sign test result from the FIDO servers The object run instruction is sent to home controller.

Further, the safety means can also include：

Information receiving module 1024 to be verified, for receiving that the control terminal sends by the FIDO server constructions Challenge data and verification command；

FIDO server authentications module 1025, for parsing the verification command and verifying the true of the FIDO servers It is pseudo-；

Validation confirmation information acquisition module 1026, for obtaining validation confirmation information；

Signature blocks 1027, if being true for the FIDO servers, after validation confirmation information is got, choose to described War data are signed signing messages；

Signing messages sending module 1028, for the signing messages to be back into the control terminal；

The confirmation acquisition module 1022 is additionally operable to obtain validation confirmation information；

Further, the FIDO servers can also include：

Checking request receiving module 1113, is used for receiving the control terminal according to object run instruction is corresponding The checking request that family account is sent；

Information architecture module 1114 to be verified, for producing challenge data and building checking life according to the checking request Order；

Information sending module 1115 to be verified, for the challenge data and verification command to be sent into the control eventually End；

Signing messages receiving module 1116, for receiving being generated by the safety means from the control terminal Signing messages；

Sign test module 1117, for carrying out sign test to the signing messages, obtains sign test result.

Further, the FIDO servers 111 can also include：

Mapping block 1118, for operational order and the user account to be carried out into mapping association.

Further, the FIDO servers 111 are additionally operable to different operational orders and identical or different user's account Family mapping association；Different user accounts is registered in same or different safety means.

Household electric appliances different operating instruction can with same user account carry out mapping association, also can respectively from it is different User account carries out mapping association；It is also registrable in difference and different user accounts is registrable in same safety means Safety means in.

For example：A user account is registered in a safety means, all operationss instruction and the user account are carried out Mapping association；Or, multiple user accounts are registered in a safety means, by all operationss instruction packet and different users Account carries out mapping association；Or, register one or more user accounts in multiple different safety means.

It can be grouped, be registered respectively using same safety means corresponding many according to the operational order of different household electric appliances Individual user account, by household electric appliances operational order by packet respectively with corresponding user account mapping association.Log in one of them The operational order associated with the user account can only be sent during user account, so that the control to household electric appliances is managed more Convenient, Consumer's Experience is good.

Further, different privacy class are may relate to for multiple household electric appliances, household electric appliances are corresponded to The more than two situation of quantity of home controller, can be set the safety means of respective numbers, to identical by privacy class The user account of the operational control of the household electric appliances of privacy class is registered under corresponding safety means respectively.Each safety means Under user account operation is controlled to the household electric appliances of different privacy class respectively, only needing to control corresponding privacy level Further taken out during other household electric appliances and use its safety means, reduced the utilization rate of individual security equipment, especially reduce privacy The utilization rate of the corresponding safety means of the higher household electric appliances of rank.It will not so be led because of the loss of one of safety means Cause the security control to whole intelligent domestic system to paralyse to fail, safety and reliability, user are controlled to the privacy of household electric appliances Experience is more preferable.

Further, the FIDO servers can also include Registering modules 1119；

The Registering modules are used to judge that whether the safety means are located in predeterminable area, and/or judge the safety Whether equipment specifies user to hold or known safety means, if the safety means are located in predeterminable area, and/or the peace Full equipment is to specify user to hold or known safety means, then performs the FIDO servers by the registration information structure The step of building up registration request order；Otherwise registration process is terminated.

Further, the safety means 102 can be the U2F equipment with button；

The confirmation data obtaining module of the safety means can specifically include：

Detection unit, for detecting whether the button is pressed；

First acquisition unit, if being pressed for the button, obtains the registration confirmation and validation confirmation information.

U2F equipment refers to the safety secret key equipment for supporting U2F agreements, and the communication modes with control terminal can be USB, indigo plant Being mutually combined between tooth, NFC or three, the present embodiment is not construed as limiting to its communication modes.U2F(UniversalSecond Factor Protocol) agreement is general " factor Ⅱ " agreement, with double factor (password and equipment that can be with user mutual) come Protect the account and privacy of user.U2F is that increase by one is safer on the basis of existing user name+cipher authentication The certification factor is used for login authentication.User can be as before by user name and password login service, and service can point out to use Family shows a factor Ⅱ equipment to be authenticated.U2F can use simple password (such as 4 digital PIN) without Sacrificing security, show factor Ⅱ is generally in the form of the button clicked in U2F equipment.

Specifically, the U2F equipment can include：

U2F clients, refer to the software entity of processing U2F information, for being operated with the smart home on control terminal 101 APP is interacted, and using the interface realization and the communication of FIDO servers of user terminal, receives the order of the FIDO servers And parsed, set up corresponding command information and be sent to ASM modules progress associative operation；

ASM modules, are the associated with U2F authenticators of one unified interface of offer between hardware and U2F clients Telecommunication media between module, specifically U2F clients and U2F authenticators；

U2F authenticators, meet U2F agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation Confirm body.

Further, intelligent domestic system user account is being carried out under FIDO authentication systems using the U2F equipment During registration, in generation public and private key to before, that is, it is necessary to enter line activating to the U2F equipment before confirming to be registered.It is described Activation manipulation can be that user presses button in the U2F equipment, can point out to use when waiting user to press button Press button indication and confirm to perform the registration operation of user account in family.

Further, when carrying out the operating right certification of the user account using the U2F equipment, in the U2F , it is necessary to enter line activating to the U2F equipment before equipment is signed to checking information.The activation manipulation can be that user presses Button in the U2F equipment, can point out user to press button indication when waiting user to press button and confirm execution The operating right certification of user account.

Further, the safety means 102 can also be UAF equipment；

Collecting unit, for gather the first biometric information for being used to register of specified user and for checking the Two biometric informations；

Second acquisition unit, if for collecting first biometric information, storing first bio-identification Information simultaneously confirms to obtain the registration confirmation,

Authentication unit is contrasted, if for collecting second biometric information, by second biometric information Certification is compared with first biometric information；

3rd acquiring unit, if the contrast certification for the contrast authentication unit passes through, obtains the checking and confirms Information.

UAF equipment refers to the safety secret key equipment for supporting UAF agreements, without using user cipher, directly utilizes bio-identification Mode carries out checking transaction, can be built in PC or smart mobile phone directly with control terminal data communication or outer Connect equipment.When UAF be control terminal external equipment when, the communication modes with control terminal can be USB, bluetooth, NFC or Being mutually combined between three, the present embodiment is not construed as limiting to its communication modes.UAF(UniversalAuthentication Framework Protocol) agreement is universal authentication framework agreement, it is intended to the Consumer's Experience of " going encipherment " is realized, there is a variety of ID authentication mechanism is available for user to select, the bio-identification mode such as voice, iris, fingerprint, face recognition.

Specifically, the UAF equipment can include：

UAF clients, refer to the software entity of processing UAF information, for being operated with the smart home on control terminal 101 APP is interacted, and using the interface realization and the communication of FIDO servers of user terminal, receives the order of the FIDO servers And parsed, set up corresponding command information and be sent to ASM modules progress associative operation；

ASM modules, are the associated with UAF authenticators of one unified interface of offer between hardware and UAF clients Telecommunication media between module, specifically UAF clients and UAF authenticators；

UAF authenticators, meet UAF agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation Confirm body.

The user account that the embodiment of the present invention is controlled intelligent domestic system using safety means and FIDO servers is carried out Registration and operating right certification, when user carries out the operation of online high safety rank, safety means as the second authentication because Element, completes to carry out strong level of security authentication to user account, can be protected on the basis of independent of conventional cipher complexity Demonstrate,prove the security of intelligent domestic system control, it is to avoid user is each due to what is forgotten Password and occur when operating intelligent domestic system Inconvenience is planted, whole process is not influenceed by the power of conventional cipher, lift the information security of user.

The concrete operating principle of intelligent home control system disclosed in the embodiment of the present invention and detailed operating procedure referring to The specific descriptions of following intelligent home system control method.

Referring to Fig. 2, a kind of control method bag for being used to control intelligent domestic system as shown in Figure 1 in the present embodiment Include：

In the secure device enrollment user account, the operation that control smart home is can be used under the user account is referred to Order carries out mapping association with the user account, after after user's input object run instruction, safety means checking with it is described The associated user account of object run instruction, is verified the rear home controller and performs the object run instruction.

The process of registered user's account includes：

201st, the control terminal sends registration information to the FIDO servers；

If user account is registered not under FIDO authentication systems, it is possible to use the safety means are carried out to user account Registration, the operation interface of the control terminal smart home APP can eject the interface of a FIDO identifications registration, point out to use Whether family will carry out the registration of FIDO authentication systems.User will be carried out by the module determination with user mutual on safety means After the registration of FIDO authentication systems, the control terminal generates and sends registration information to the FIDO servers.

Further, in order that registration process is safer, the FIDO servers can also include Registering modules, in institute State FIDO servers the registration information is built into before registration request order, can also include：

The Registering modules judge that whether the safety means are located in predeterminable area, and/or judge the safety means Whether user is specified to hold or known safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known Safety means, then perform the step of registration information is built into registration request order by the FIDO servers；Otherwise Terminate registration process.

Above-mentioned predeterminable area refers to spatial dimension set in advance, for example, can be default by home dwelling range set Region.Distance-sensor can be set for portion position within the family, obtain between the safety means and distance-sensor away from From information.Then judge whether the distance is less than some threshold value (such as 20 meters) set again, if it is judge the safety Equipment is located in the range of home dwelling, namely in predeterminable area.It can also be judged by wireless communication modes such as GPS locations Whether the safety means are located in preset range, do not limit herein.Above-mentioned steps are defined to registered range, only Safety means, which are located in preset range, can just carry out the registration of user account, further ensure that the safety of registration process.

FIDO servers can send safety means to after the registration request is received with direct construction registration request order, Whether be specify user hold or known safety means, confirmation is to specify user to hold if can also first judge the safety means Have or known safety means after build registration request order again and send safety means to, be further ensured that the peace of registration process Entirely.

202nd, the registration information is built into registration request order by the FIDO servers, by the registration request Order is sent to the safety means by the control terminal；

The FIDO servers are after the registration information that the control terminal is sent is received, by the registration request Information architecture is sent to the safety means into registration request order.

Whether the 203rd, the safety means are received after the registration request order, judge the user account in the peace Registered in full equipment；

Whether the safety means are received after the registration request order, judge the user account in the safety Registered in equipment, if registered, represent the accounts information associated with the user account in the safety means Middle generation, now jumps out the operation of registration.

If the 204, unregistered, the safety means generate unsymmetrical key pair, by institute after registration confirmation is got The private key for stating unsymmetrical key pair is stored in the safety means, and the public key of the unsymmetrical key pair is passed through into the control Terminal is sent to the FIDO servers；

If the user account is registered not in the safety means in step 203, the safety means are being obtained Get after registration confirmation, generate unsymmetrical key pair, the private key of the unsymmetrical key pair is stored in the safety and set It is standby, and the public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal.The safety is set The standby registration confirmation got refers to the safety means is used for confirmation progress by what the means with user mutual were got The information of registration, the means can be pushed button, detect the means such as fingerprint, sound or iris.

205th, public key described in the FIDO server storages, and the public key is associated with the user account.

The FIDO servers preserve the public key that the safety means are sent, and by the public key and the user account phase Association, shows that corresponding user account has succeeded in registration.

In addition, the safety means generate unsymmetrical key pair when, also be the unsymmetrical key to distribution one key Handle, and the key handles and public key are transmitted into the FIDO servers, the FIDO servers are by the user account phase of registration Information, public key, key handles are closed all to be associated together and preserve.

Further, it can also include after above-mentioned steps 205：The FIDO servers use operational order with described Family account carries out mapping association.

In order to make the different user accounts possess the operating right for sending different operating instruction, it is possible to use Operational order and the user account are carried out mapping association by FIDO servers, equivalent to establishing operational order and the user Corresponding relation between account, is represented as the user account and sets the operating right for possessing and sending the operational order.

Further, can be in the control terminal in order to more facilitate, intuitively household electric appliances are controlled On the control to household electric appliances is built into operational order in smart home operation APP, and by operational order and the user Account carries out mapping association.

, can also be by for example, the control (such as fan opening) of single household electric appliances can be built into an operational order The control (such as fan is opened, electric light is opened) of multiple household electric appliances is built into an operational order.This step is equivalent to be each The authority of the control household electric appliances of user account is configured, that is, determines that some user account for having completed FIDO registrations specifically may be used So which control action to which electrical equipment performed.The user account that some operational order has been completed into FIDO registrations with some enters Row mapping association, then represent this user account and possess the authority for performing this operational order.For example, can be by " fan opening " An operational order is built into, the operational order of " fan opening " is carried out with having completed the user account A of FIDO registrations by described in Mapping association, then represent the operating right that user account A possesses execution " fan opening " this operational order.

Further, different operational orders can be with identical or different user account mapping association, different users Account can be registered in same or different safety means.

For example, " fan and electric light are all opened ", " air-conditioning opening ", " all electrical equipment are all closed " can be built into 3 respectively Individual operational order, use of the operational order of " fan and electric light are all opened " and " air-conditioning opening " with having completed FIDO registrations by described in Family account B carries out mapping association, user account of the operational order of " all electrical equipment are all closed " with having completed FIDO registrations by described in Family C carries out mapping association.Then represent user account B and possess execution " fan and electric light are all opened " and " air-conditioning opening " the two behaviour Make the operating right instructed, do not possess the operating right of execution " all electrical equipment are all closed " this operational order；And user account C Then possess the operating right of execution " all electrical equipment are all closed " this operational order, do not possess execution " fan and electric light are all opened " The operating right of " air-conditioning opening " the two operational orders.Combination of the above can have a lot, not limit herein.Again such as, The registered user account A of safety means 1 can be used, user account A and conventional residential electrical equipment (lamp, fan etc.) operational order are entered Row mapping association, illustrates that user account A possesses the authority of operating routine household electric appliances, and correlation is selected in login user account A After operational order purview certification is carried out using the safety means 1.The registered user account B of safety means 2 can be used, by user account B and the stronger household electric appliances of privacy (such as imaging first-class) operational order carry out mapping association, illustrate that user account B possesses behaviour Make the authority of the stronger household electric appliances of privacy, set after related operational order is selected in login user account B using the safety Standby 2 carry out purview certification.Certainly, above-mentioned user account A and B can also be carried out registering with same safety means and recognized with authority Card.

Be grouped according to the operation of different household electric appliances, can in the multiple user accounts of same secure device enrollment, So as to which different user accounts has the authority of each self-grouping household electric appliances operation of different controls, the control to household electric appliances is realized Tubulation reason is more convenient, and Consumer's Experience is good.Can also be by the stronger household electricity of the operating right of conventional residential electrical equipment and privacy The operating right of device assigns different user accounts respectively, and is registered in different safety means to carry out recognizing for operating right Card, can preferably protect the privacy of user, Consumer's Experience is more preferable.

After registration process completion, it is possible to utilize the control terminal, the FIDO servers and the peace Full equipment verifies that the object run instruction is the operational order that user selects in control terminal to object run instruction.

The process of the checking user account may comprise steps of A to F：

A, the control terminal obtain object run instruction；

User can install smart home operation APP on control terminal, and user is set on the APP to smart home The various operational orders of electrical equipment, can be opening or close some or multiple household electric appliances equipment, show or adjust some or The instructions such as the related warning message of the various state parameters of multiple household electric appliances equipment, processing.Control terminal obtains mesh by APP Mark the operational order of operational order, i.e. user's input.

Further, user first can be logged in before using the APP with oneself account and password, due to described Intelligent home control system has used safety means and FIDO servers carry out the registration and operating right certification of user account, profit It can be protected with password and safety means with the characteristic (such as button or collection identification user biological identification information) of user mutual The account privacy of user is protected, security can be ensured in the case of independent of the high complexity of password, therefore user is in the APP The login password of setting can be very simple, such as password of 4 digits, it might even be possible to do not set password.

B, the control terminal instruct corresponding user account to send checking request to described according to the object run FIDO servers；

The control terminal is got after object run instruction, and corresponding user account is instructed according to the object run Checking request is sent to the FIDO servers.

Must assure that before performing stepb safety means with control terminal proper communication, the safety means with The communication mode of the control terminal can be being mutually combined between USB, bluetooth, NFC or three, and the present embodiment is logical to it News mode is not construed as limiting；In addition, the safety means can also be the module or equipment for being built in control terminal, safety means exist With being communicated between control terminal inside control terminal.If it is USB connected mode, then be inserted in institute by the USB port of safety means State on the USB interface of control terminal, making can normal communication between safety means and control terminal.If the safety means are built-in In the module of control terminal, the finger print acquisition module on control terminal can be integrated with.The user account is using described What safety means were generated when being registered under FIDO authentication systems, the information of the user account and the FIDO server storages Public key is associated.The information to be verified is to judge the registration whether user account has been completed under FIDO authentication systems Foundation, only completing the user account of the registration just has the authority for sending object run instruction.

C, the FIDO servers produce challenge data, build verification command according to the checking request, and choose described War data and verification command are sent to the safety means by the control terminal；

The challenge data can be random number or other arbitrary datas, the verification command bag of the FIDO server constructions Include the relevant information and the key handles related to the user account of the FIDO servers.With reference to what is generated in registration process Public key and private key verify the FIDO servers and the safety means, so as to verify the legitimacy of user account.

D, the safety means parse the verification command, and verify the true and false of the FIDO servers；

The control terminal is received after challenge data and the verification command of the FIDO server constructions, by the challenge Data and verification command are sent to the safety means, and the safety means are parsed to the verification command, and checking is described The true and false of FIDO servers.

The safety means verify that the process of the true and false of the FIDO servers is：Safety means use the key received Handle finds corresponding key pair, if key to existing, examine the corresponding FIDO server infos of key whether with it is incoming FIDO server infos are matched：If mismatched, it is to forge or incorrect to illustrate FIDO servers, terminates checking；If Matching, it is true to illustrate FIDO servers.

If E, the FIDO servers are true, the safety means are after validation confirmation information is got, to the challenge Data are signed signing messages, and the signing messages is sent to the FIDO by the control terminal and serviced Device；

If the FIDO servers are genuine, then the safety means will be called after validation confirmation information is got In registration, the private key that generates is signed signing messages to the challenge data, then will described in signing messages hair Send the control terminal back to.

Signature refers to some data being attached in data cell, or the cryptographic transformation made to data cell.The private Key is that the user account is generated when being registered under FIDO authentication systems, in the place of safety for being stored in the safety means. Signing messages is obtained after carrying out encrypted signature to the information to be verified, it is necessary to could be into the public key matched with the private key Work(carries out sign test to the signing messages.The validation confirmation information that the safety means are got refers to the safety means and passed through Confirm the information verified with being used for of getting of the means of user mutual, the means can be pushed button, detect and refer to Line, the detection means such as sound or iris.

F, the FIDO servers carry out sign test to the signing messages, obtain sign test result.

The control terminal is after the signing messages that the safety means are sent is received, and signing messages is sent out by described in The FIDO servers are delivered to, now public key described in the FIDO server calls is tested the signing messages progress parsing Label, obtain sign test result.The public key is that the user account is generated when being registered under FIDO authentication systems, is stored in described In FIDO servers.If the public key is matched with the private key, it will be unable to parse the signing messages, sign test is lost Lose, the user account does not possess the operating right for sending the object run instruction, it is impossible to send the object run instruction Household electric appliances are operated.

If sign test success, illustrate that the user account has completed the registration under FIDO authentication systems and operated and have Preparation send the authority of the object run instruction, then the object run is instructed successfully is sent to the family by the control terminal Controller is occupied, the operational control to household electric appliances is completed by home controller.

Optionally, the safety means can be the U2F equipment with button, the acquisition process of the registration confirmation Including：

Detect whether the button is pressed；

If the button is pressed, the registration confirmation is got；

The acquisition process of the validation confirmation information includes：

Detect whether the button is pressed；

If the button is pressed, the validation confirmation information is got.

In the registration process of the user account, safety means are generated asymmetric after registration confirmation is got Key pair.If the safety means are the U2F equipment with button, progress is clearly recognized for pressing the button by user Registration.In the object run instructs the verification process with the user account operation authority, the safety means are being obtained To after validation confirmation information, private key is called to be signed to the information to be verified signing messages.If the safety is set Standby is the U2F equipment with button, then presses clearly to recognize for the button by user and verified.

Specifically, the U2F equipment can include：

U2F clients, refer to the software entity of processing U2F information, for entering with the smart home operation APP on control terminal Row interaction, and using the interface realization and the communication of FIDO servers of user terminal, the order for receiving the FIDO servers is gone forward side by side Row parsing, sets up corresponding command information and is sent to ASM modules progress associative operation；

Step (3) and step (4) in registration process of the user account under FIDO authentication systems can specifically be wrapped Include：The registration request order sends U2F clients to, and U2F clients are parsed after receiving order, according to order class Type sets up corresponding command information and is sent to ASM modules.ASM modules are received after the command information, start registration operation, generation The numerical value of one protection authenticator order.U2F authenticators are received after the numerical value that the ASM modules are sent, according to the close of storage Code material judges whether the user account has been registered.If do not registered, the APP ejection accreditation verifications on control terminal are reminded Frame, if user confirms to need registered user's account, the button that user is pressed in U2F equipment is confirmed after needing to register, U2F authenticators Generation includes the asymmetric public private key pair and key handles of the user account information, and private key is stored in into what is specified in U2F equipment Place of safety, U2F clients are returned to by public key and key handles by ASM modules.U2F clients are by public key and key handles structure Make registration response command and be returned to FIDO servers.

The object run instructs step 204 of the corresponding user account in operating right verification process specifically to wrap Include：U2F clients are parsed after receiving the information to be verified, and setting up corresponding command information according to information type sends Give ASM modules.ASM modules are received after the command information, are started authentication operation, are sent commands to the U2F authenticators.Deng use The button that family is pressed in U2F equipment is confirmed after checking, calls the private key pair generated when user account is registered in U2F equipment safeties area The information to be verified carries out signature operation, the signing messages finally is returned into U2F clients through ASM modules, by institute State U2F clients and the signing messages is back to the control terminal.

Optionally, the safety means can be UAF equipment, and the acquisition process of the registration confirmation includes：

The first biometric information for being used to register of user is specified in collection；

If collecting first biometric information, store first biometric information and confirm to get institute State registration confirmation；

The acquisition process of the validation confirmation information includes：

Gather the second biometric information for being used to verify of user；

If collecting second biometric information, by second biometric information and first bio-identification Information compares certification；

If the contrast certification passes through, the validation confirmation information is got.

UAF equipment refers to the safety secret key equipment for supporting UAF agreements, without using user cipher, directly utilizes bio-identification Mode carries out checking transaction, can be built in PC or smart mobile phone or external equipment.When UAF equipment is control During the external equipment of terminal, the communication modes with control terminal can be mutual group between USB, bluetooth, NFC or three Close, the present embodiment is not construed as limiting to its communication modes.UAF(UniversalAuthentication Framework Protocol) agreement is universal authentication framework agreement, it is intended to realize the Consumer's Experience of " going encipherment ", there is a variety of authentication machines System is available for user to select, the bio-identification mode such as voice, iris, fingerprint, face recognition.

In the registration process of the user account, safety means are generated asymmetric after registration confirmation is got Key pair.If the safety means are UAF equipment, the first step of the acquisition process of the registration confirmation is that collection is specified The first biometric information for being used to register of user.Specified user refers to some positive validated user for carrying out registration operation, biological The species of identification information has a lot, such as voice, iris, fingerprint and face recognition, and the first biometric information is to be used to note The biometric information of volume.After first biometric information is collected (fingerprint for such as collecting specified user), then Store first biometric information and confirm to get the registration confirmation.The object run instruction with it is described In the verification process of user account operation authority, the safety means call private key to institute after validation confirmation information is got Information to be verified is stated to be signed signing messages.If the safety means are UAF equipment, being used for for user is gathered first Second biometric information of checking, i.e. active user inputs itself corresponding biometric information (finger of such as active user Line), then, if collecting second biometric information, by second biometric information and the described first biological knowledge Other information compares certification (such as when the fingerprint of active user and registration the fingerprint of user being specified to compare).Finally, if institute State contrast certification to pass through, then illustrate that current user identities information is correct, get the validation confirmation information.If the contrast is recognized Mistake is demonstrate,proved, then illustrates current user identities information errors, the verification process is terminated.

Specifically, the UAF equipment can include：

UAF clients, refer to the software entity of processing UAF information, for entering with the smart home operation APP on control terminal Row interaction, and using the interface realization and the communication of FIDO servers of user terminal, the order for receiving the FIDO servers is gone forward side by side Row parsing, sets up corresponding command information and is sent to ASM modules progress associative operation；

Step (3) and step (4) in registration process of the user account under FIDO authentication systems can specifically be wrapped Include：The registration request order sends UAF clients to, and UAF clients are parsed after receiving order, according to order class Type sets up corresponding command information and is sent to ASM modules.ASM modules are received after the command information, start registration operation, generation The numerical value of one protection authenticator order.UAF authenticators are received after the numerical value that the ASM modules are sent, according to the close of storage Code material judges whether the user account has been registered.If do not registered, the biological knowledge that can be supported according to the UAF equipment Other mode is selected for user, and prompting user provides identity identification information material on the APP on control terminal, and collection user is corresponding Biometric information.Then the generation of UAF authenticators includes the asymmetric public private key pair and key handles of the user account information, Private key is stored in the place of safety specified in UAF equipment, public key and key handles are returned to UAF clients by ASM modules. UAF clients are by public key and key handles construction registration response command and are returned to FIDO servers.

The object run instructs step 204 of the corresponding user account in operating right verification process specifically to wrap Include：UAF clients are parsed after receiving the information to be verified, and setting up corresponding command information according to information type sends Give ASM modules.ASM modules are received after the command information, and the command information is sent into UAF authenticators, UAF authenticator roots Whether be true, if the FIDO servers are true if the FIDO servers are examined according to key handles, collection active user's input Biometric information, by its with registration when specify user storage biometric information carry out contrast certification.If described right Pass through than certification, then call the private key generated when user account is registered in UAF equipment safeties area to carry out the information to be verified Signature operation, is finally returned to UAF clients by the signing messages through ASM modules, described in UAF clients general Signing messages is back to the control terminal.

Fig. 3 shows structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention Figure.

Referring to Fig. 3, intelligent home control system of the embodiment of the present invention shown under an application scenarios includes：It is outside Control subsystem 30 and internal control subsystem 31；

The outside control subsystem includes control terminal 301 and the U2F equipment 302 being connected with the control terminal；

The U2F equipment 302 includes：

U2F clients 3021, refer to the software entity of processing U2F information, for being grasped with the smart home on control terminal 101 Interacted as APP, and using the interface realization and the communication of FIDO servers of control terminal, receive the FIDO servers Order and parsed, set up corresponding command information and be sent to ASM modules progress associative operation；

ASM modules 3022, are the related to U2F authenticators of one unified interface of offer between hardware and U2F clients Telecommunication media between the module of connection, specifically U2F clients and U2F authenticators；

U2F authenticators 3023, meet U2F agreements, the cryptographic material with user authentication function and preservation trusted party accreditation Certification entity.

The internal control subsystem includes FIDO servers 311, application server 312 and home controller 313.

Fig. 4 shows a kind of control method of control intelligent home control system as shown in Figure 3 in the embodiment of the present invention Flow chart under an application scenarios.

Referring to Fig. 4, a kind of control method for controlling intelligent home control system as shown in Figure 3 includes：

401st, user installs smart home operation APP on control terminal, and input username and password logs in described APP；

Various operations of the smart home operation APP, the APP comprising control household electric appliances are installed on control terminal to refer to Order, such as open or close some or multiple household electric appliances equipment, show some or the various shapes of multiple household electric appliances equipment State parameter warning message related to processing etc., user needs to carry out login behaviour with oneself account and password before using the APP Make.Because the intelligent home control system has used U2F equipment and FIDO servers to carry out the registration and operation of user account Purview certification, can ensure security in the case of independent of password, therefore user can set in the login password of the APP Put very simple, for example the password of 4 digits, it might even be possible to do not set password.The APP, input account and password are run, using clothes Business device, which is demonstrated, enters APP (supporting U2F agreements) after the account and password.

402nd, whether the APP promptings carry out registration of the user account under FIDO authentication systems；

The operation interface of the control terminal can eject the interface of a FIDO identifications registration, and prompting the user whether will Carry out the registration of FIDO authentication systems.User's determination will be carried out after the registration of FIDO authentication systems, and the control terminal generation is simultaneously Registration information is sent to the FIDO servers, the U2F equipment and the positive normal open of the control terminal is now must determine News.

Before the control terminal sends registration information to the FIDO servers, the note of the FIDO servers Volume module judges whether the U2F equipment is located in predeterminable area, if the U2F equipment is located in predeterminable area, the control Terminal then sends registration information to the FIDO servers.The FIDO servers are received after registration information, first Whether be specify user hold or known safety means, confirming it is to specify user to hold or known peace if judging U2F equipment After full equipment, registration request order is built according to registration information, and U2F equipment is sent to by control terminal.

U2F clients are parsed after receiving registration request order, and setting up corresponding order according to command type believes Breath is sent to ASM modules.ASM modules are received after the command information, start registration operation, generate a protection authenticator order Numerical value.U2F authenticators are received after the numerical value that the ASM modules are sent, and the user is judged according to the cryptographic material of storage Whether account has been registered, if do not registered, and wait user to press the button in U2F equipment (needs to remind on the APP of control terminal User key-press confirms) confirm after registration, asymmetric public private key pair and key handles comprising the user account information can be generated, will Private key is stored in the place of safety specified in U2F equipment, and public key and key handles are returned into U2F clients by ASM modules, U2F clients are by public key and key handles construction registration response command and are returned to FIDO servers.

403rd, user account and operational order are associated；

, can will be to family on the control terminal in order to more facilitate, intuitively household electric appliances are operated The control for occupying electrical equipment is built into operational order in smart home operation APP, and by the operational order and the user account Carry out mapping association.This step is configured equivalent to the authority of the control household electric appliances for each user account, that is, determines certain The individual user account for having completed FIDO registrations can specifically perform which control action to which electrical equipment.By some operational order With some completed FIDO registration user account carry out mapping association, then represent this user account possess execution this operation The authority of instruction.For example, " fan opening " can be built into an operational order, the operational order of " fan opening " by described in With completed FIDO registration user account A carry out mapping association, then represent user account A possess execution " fan opening " this The operating right of operational order.

404th, specific operational order is selected；

User according to want to household electric appliances carry out operation specific operational order is selected on control terminal, it is assumed that user Login user account A have selected the operational order of " fan opening ".

405th, operating right certification is carried out to the user account using the U2F equipment；

Whether completed in FIDO certifications using user account described in the U2F equipment and the FIDO server authentications Registration under system.

The step 405 is specifically as follows：The operational order that user selects on control terminal, as object run refer to Order.Control terminal obtains object run instruction, and instructs corresponding user account transmission checking please according to the object run Ask to the FIDO servers, so that the FIDO servers build verification command, the checking life according to the checking request Order includes the relevant informations such as key handles.FIDO servers also produce challenge data, by verification command and challenge data send to The control terminal；The control terminal sends the verification command received and challenge data to the U2F equipment U2F clients, U2F clients are parsed after receiving the verification command, and setting up corresponding order according to information type believes Breath is sent to ASM modules.ASM modules are received after the command information, are started authentication operation, are sent commands to the U2F certifications Device, the U2F authenticators examine whether the FIDO servers are true according to key handles.If the FIDO servers are true, The button in U2F equipment is pressed Deng user to confirm after checking, calls the private generated when user account is registered in U2F equipment safeties area Key carries out signature operation to the challenge data, obtains signing messages, finally passes the signing messages through ASM modules back U2F clients are given, the signing messages is back to the control terminal by the U2F clients.The control terminal will The signing messages is sent to the FIDO servers, so that the FIDO server calls public key is to the signing messages Carry out sign test.

If the 406, the operating right certification passes through, the home controller is operated to household electric appliances.

If the sign test result of step 405 is sign test success, it is validated user to represent user account, i.e., the user has target The operating right of operational order, the home controller receives object run and instructs and household electric appliances are operated.If with It is sign test success that family account A, which sends the sign test result of " fan opening " operational order, then illustrates that user account A possesses execution " wind Fan is opened " operating right of this operational order, then the home controller control fan open.If testing in step 405 Sign result for sign test to fail, then illustrate that user account A does not possess the operating right of execution " fan opening " this operational order, nothing Method opens fan.

Can be seen that by this application scene can press because the intelligent home control system has been used with user mutual The U2F equipment and FIDO servers of button carry out the registration and operating right certification of user account, can be in the feelings independent of password Ensure security under condition, therefore user can set very simple in the login password of the APP, such as password of 4 digits, very Password can not extremely be set.

Referring to Fig. 5, intelligent home control system of the embodiment of the present invention shown under an application scenarios includes：It is outside Control subsystem 50 and internal control subsystem 51；

The outside control subsystem includes control terminal 501 and the UAF equipment 502 being connected with the control terminal；

The UAF equipment 502 includes：

UAF clients 5021, refer to the software entity of processing UAF information, for being grasped with the smart home on control terminal 101 Interacted as APP, and using the interface realization and the communication of FIDO servers of user terminal, receive the life of the FIDO servers Make and parsed, set up corresponding command information and be sent to ASM modules progress associative operation；

ASM modules 5022, are the related to UAF authenticators of one unified interface of offer between hardware and UAF clients Telecommunication media between the module of connection, specifically UAF clients and UAF authenticators；

UAF authenticators 5023, meet UAF agreements, the cryptographic material with user authentication function and preservation trusted party accreditation Certification entity.

The internal control subsystem includes FIDO servers 511, application server 512 and home controller 513.

Fig. 6 shows a kind of control method of control intelligent home control system as shown in Figure 5 in the embodiment of the present invention Flow chart under an application scenarios.

Referring to Fig. 6, a kind of control method for controlling intelligent home control system as shown in Figure 5 includes：

601st, user installs smart home operation APP on control terminal, and input username and password logs in described APP；

Various operations of the smart home operation APP, the APP comprising control household electric appliances are installed on control terminal to refer to Order, such as open or close some or multiple household electric appliances equipment, show some or the various shapes of multiple household electric appliances equipment State parameter warning message related to processing etc., user needs to carry out login behaviour with oneself account and password before using the APP Make.Because the intelligent home control system has used UAF equipment and FIDO servers to carry out the registration and operation of user account Purview certification, can ensure security in the case of independent of password, therefore user can set in the login password of the APP Put very simple, for example the password of 4 digits, it might even be possible to do not set password.The APP, input account and password are run, using clothes Business device, which is demonstrated, enters APP (supporting UAF agreements) after the account and password.

602nd, whether the APP promptings carry out registration of the user account under FIDO authentication systems；

The operation interface of the control terminal can eject the interface of a FIDO identifications registration, and prompting the user whether will Carry out the registration of FIDO authentication systems.User's determination will be carried out after the registration of FIDO authentication systems, and the control terminal generation is simultaneously Registration information is sent to the FIDO servers, the UAF equipment and the positive normal open of the control terminal is now must determine News.

Before the control terminal sends registration information to the FIDO servers, the note of the FIDO servers Volume module judges whether the UAF equipment is located in predeterminable area, if the UAF equipment is located in predeterminable area, the control Terminal then sends registration information to the FIDO servers.FIDO servers are received after registration information, are first judged Whether UAF equipment is to specify user to hold or known safety means, is confirming it is that specified user holds or known safety is set After standby, registration request order is built according to registration information, and UAF equipment is sent to by control terminal.

UAF clients are parsed after receiving registration request order, and setting up corresponding order according to command type believes Breath is sent to ASM modules.ASM modules are received after the command information, start registration operation, generate a protection authenticator order Numerical value.UAF authenticators are received after the numerical value that the ASM modules are sent, and the user is judged according to the cryptographic material of storage Whether account has been registered.If do not registered, selected according to the bio-identification mode that the UAF equipment can be supported for user, Point out user to provide identity identification information material on APP on control terminal, gather the corresponding biometric information of user.So The generation of UAF authenticators includes the asymmetric public private key pair and key handles of the user account information afterwards, and private key is stored in into UAF and set The standby interior place of safety specified, UAF clients are returned to by public key and key handles by ASM modules.UAF clients by public key and Key handles construction registration response command is simultaneously returned to FIDO servers.

603rd, user account and operational order are associated；

, can will be to family on the control terminal in order to more facilitate, intuitively household electric appliances are operated The control for occupying electrical equipment is built into operational order in smart home operation APP, and by the operational order and the user account Carry out mapping association.This step is configured equivalent to the authority of the control household electric appliances for each user account, that is, determines certain The individual user account for having completed FIDO registrations can specifically perform which control action to which electrical equipment.By some operational order With some completed FIDO registration user account carry out mapping association, then represent this user account possess execution this operation The operating right of instruction.For example, " fan opening " can be built into an operational order, the operation of " fan opening " by described in Instruction carries out mapping association with having completed the user account A of FIDO registrations, then represents user account A and possess execution " fan opening " The operating right of this operational order.

604th, specific operational order is selected；

User constitutes target according to wanting to select specific operational order on control terminal to the operation that household electric appliances are carried out Operational order, it is assumed that User logs in user account A have selected the operational order of " fan opening ".

605th, operating right certification is carried out to the user account using the UAF equipment；

Whether completed in FIDO certifications using user account described in the UAF equipment and the FIDO server authentications Registration under system.

The step 605 is specifically as follows：The operational order that user selects on control terminal, as object run refer to Order.Control terminal obtains object run instruction, and instructs corresponding user account transmission checking please according to the object run Ask to the FIDO servers, so that the FIDO servers build verification command, the checking life according to the checking request Order includes the relevant informations such as key handles.FIDO servers also produce challenge data, by verification command and challenge data send to The control terminal；The control terminal sends the verification command received to the UAF clients of the UAF equipment, UAF clients are parsed after receiving the verification command, and setting up corresponding command information according to information type is sent to ASM Module.ASM modules are received after the command information, the command information are sent into UAF authenticators, UAF authenticators are according to close Key handle examines whether the FIDO servers are true, if the FIDO servers are true, the life of collection active user's input Thing identification information, specifies the biometric information of user's storage to carry out contrast certification during by it with registration.If the contrast is recognized Card passes through, then calls the private key generated when user account is registered in UAF equipment safeties area to carry out signature operation to challenge data, obtain To signing messages, the signing messages is finally returned to UAF clients through ASM modules, by the UAF clients by institute State signing messages and be back to the control terminal.The signing messages is sent to the FIDO and serviced by the control terminal Device, so that the FIDO server calls public key carries out sign test to the signing messages.

If the 606, the operating right certification passes through, the home controller is operated to household electric appliances.

If the sign test result of step 605 is sign test success, it is validated user to represent user account, i.e., the user has target The operating right of operational order, the home controller receives object run and instructs and household electric appliances are operated.If with It is sign test success that family account A, which sends the sign test result of " fan opening " operational order, then illustrates that user account A possesses execution " wind Fan is opened " operating right of this operational order, then the home controller control fan open.If testing in step 605 Sign result for sign test to fail, then explanation checking account A does not possess the operating right of execution " fan opening " this operational order, nothing Method opens fan.

Can be seen that by this application scene can gather user biological knowledge because the intelligent home control system has been used The UAF equipment and FIDO servers of other information carry out the registration and operating right certification of user account, can be independent of password In the case of ensure security, therefore user can set very simple in the login password of the APP, and for example 4 digits is close Code, it might even be possible to do not set password.

The embodiment of the present invention also provides a kind of method that control terminal controls smart home, applied to Intelligent housing system System, the intelligent home control system includes outside control subsystem and internal control subsystem；

The control terminal controls the method for smart home to be：

Further, the FIDO servers include Registering modules, and the control terminal sends out the registration information It can also include before giving the FIDO servers：

The control terminal obtains the positional information and/or facility information of the safety means from the safety means；

The positional information and/or facility information are set up into registration information by the control terminal, so that the note Volume module judges the safety means whether in the predeterminable area according to the positional information received, and/or according to connecing The facility information received judges whether the safety means specify user to hold or known safety means, if the safety Equipment is located in predeterminable area, and/or the safety means are to specify user to hold or known safety means, the FIDO clothes Business device performs the step of registration information is built into registration request order.

The embodiment of the present invention also provides a kind of method of FIDO server controls smart home, applied to Intelligent housing System, the intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

Further, the FIDO servers include Registering modules, and the registration information includes the control terminal The positional information and/or facility information of the safety means obtained from the safety means, in the FIDO servers by institute State registration information to be built into before registration request order, can also include：

The Registering modules receive the registration information,

The Registering modules judge whether the safety means are located in predeterminable area according to the positional information, and/or Judge whether the safety means specify user to hold or known safety means according to the facility information；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known Safety means, the FIDO servers perform the step of registration information is built into registration request order, otherwise eventually Only registration process.

The embodiment of the present invention also provides a kind of method that safety means control smart home, applied to Intelligent housing system System, it is characterised in that the intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

Further, the FIDO servers include Registering modules, and the safety means receive the registration request order It can also include before：

The safety means send the positional information and/or facility information of the safety means to the control terminal, with The control terminal is set to set up the registration information, and the registration according to the positional information and/or facility information Module judges whether the safety means are located in default scope according to the positional information, and/or is believed according to the equipment Breath judges whether user holds or known safety means the safety means；

When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety Equipment, performs the safety means and receives the registration request order that the FIDO servers are sent.

The embodiment of the present invention also provides a kind of control terminal, applied to intelligent home control system, is serviced respectively with FIDO Device and safety means carry out data interaction, and the control terminal includes：

Operational order transceiver module, for receiving object run instruction, and after the user account is verified, by mesh Mark operational order is sent to the home controller, so that the home controller performs the object run instruction.

Further, the FIDO servers include Registering modules, and the registration information transceiver module can also be used In：

The positional information and/or facility information of the safety means are obtained from the safety means, and sets up into registration and is asked Seek information；

The positional information and/or facility information are sent to the Registering modules, so that the Registering modules are according to institute State positional information and judge whether the safety means are located in predeterminable area, and/or the peace is judged according to the facility information Whether full equipment specifies user to hold or known safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known Safety means, make the FIDO servers perform the step of registration information is built into registration request order.

The control terminal is applied to intelligent home control system, carries out data friendship with FIDO servers and safety means respectively Mutually, with verify user account whether have control smart home operating right.When user needs control smart home, in control Terminal selection operation instruction processed, is verified by safety means and FIDO servers to the user account corresponding to operational order Whether it has the authority of the operational order, and if the verification passes, i.e., the user has the authority of selected operational order, control Terminal processed is to send operational order to home controller, and home controller performs operational order, completes the control to smart home.

Therefore, this control terminal is applied to intelligent home control system so that system completes the checking to user account, protects Demonstrate,prove the security of intelligent domestic system control, it is to avoid user is each due to what is forgotten Password and occur when operating intelligent domestic system Inconvenience is planted, whole process is not influenceed by the power of conventional cipher, lift the information security of user.

The embodiment of the present invention also provides a kind of FIDO servers, logical with control terminal applied to intelligent home control system Letter connection, and data interaction is carried out by the control terminal and safety means, the FIDO servers include：

Further, the FIDO servers also include Registering modules, and the registration information is set including the safety Standby positional information and/or facility information, the Registering modules are used for：

The registration information is received, and whether the safety means are judged according to the positional information of the safety means Judge whether the safety means specify user to hold or known in predeterminable area, and/or according to the facility information Safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known Safety means, make the FIDO servers perform the step of registration information is built into registration request order, otherwise Terminate registration process.

The FIDO server applications carry out data in intelligent home control system by the control terminal and safety means Interaction, operating right of the checking user account to smart home.When user needs control smart home, in control terminal selection Operational order, carrying out checking to the user account corresponding to operational order by the FIDO servers and safety means, whether it has There is the authority of the operational order, if the verification passes, i.e., the user has the authority of selected operational order, and control terminal is again Operational order is sent to home controller, home controller performs operational order, completes the control to smart home.

Therefore, this FIDO server applications are in intelligent home control system so that system can be independent of conventional cipher On the basis of complexity, the checking to user account is completed, it is ensured that the security of intelligent domestic system control, it is to avoid user is in behaviour Due to the various inconvenience for forgetting Password and occurring when making intelligent domestic system, whole process is not influenceed by the power of conventional cipher, Lift the information security of user.

The embodiment of the present invention also provides a kind of safety means, applied to intelligent home control system, by control terminal with FIDO servers carry out data interaction, and the safety means include：

Confirmation acquisition module, for obtaining registration confirmation；

Further, the FIDO servers include Registering modules, and the safety means can also include positional information hair Module is sent, the positional information sending module is used for：

The positional information and/or facility information of the safety means are sent into the control terminal please to set up into registration Information is sought, so that the Registering modules judge whether the safety means are located at default model according to the positional information received In enclosing, and/or judge whether user holds or known safety means the safety means according to the facility information；

When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety Equipment, the safety means receive the registration request order that the FIDO servers are sent.

The safety means are applied to intelligent home control system, and data friendship is carried out by the control terminal and safety means Mutually, operating right of the checking user account to smart home.When user needs control smart home, select to grasp in control terminal Instruct, carrying out checking to the user account corresponding to operational order by the safety means and FIDO servers, whether it has The authority of the operational order, if the verification passes, i.e., the user has the authority of selected operational order, and control terminal is sent out again Send operational order to home controller, home controller performs operational order, completes the control to smart home.

Therefore, safety equipment application is in intelligent home control system so that system can be multiple independent of conventional cipher On the basis of miscellaneous degree, the checking to user account is completed, it is ensured that the security of intelligent domestic system control, it is to avoid user is in operation Due to the various inconvenience for forgetting Password and occurring during intelligent domestic system, whole process is not influenceed by the power of conventional cipher, is carried Rise the information security of user.

In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces Close or communicate to connect, can be electrical, machinery or other forms.

The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.

In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.

If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And foregoing storage medium includes：USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.

Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations；Although with reference to before Embodiment is stated the present invention is described in detail, it will be understood by those within the art that：It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic；And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. a kind of intelligent home furnishing control method, applied to intelligent home control system, it is characterised in that the Intelligent housing System includes outside control subsystem and internal control subsystem；

The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety Equipment supports the standard agreement of FIDO certifications；

The internal control subsystem includes FIDO servers, application server and home controller, the application server branch Support the application of the control terminal；

The intelligent home furnishing control method includes：In the secure device enrollment user account, it will can be used under the user account In the operational order and user account progress mapping association of control smart home, after user's input object run is instructed, The safety means verify the user account associated with object run instruction, are verified the rear home controller and hold The row object run instruction；

The process of registered user's account is：

The control terminal sends registration information to the FIDO servers；

The registration information is built into registration request order by the FIDO servers, and the registration request order is passed through The control terminal is sent to the safety means；

Whether the safety means are received after the registration request order, judge the user account in the safety means Registration；

If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, will be described non-right Claim the private key of key pair to be stored in the safety means, and the public key of the unsymmetrical key pair is sent out by the control terminal Give the FIDO servers；Public key described in the FIDO server storages, and the public key is related to the user account Connection.

2. intelligent home furnishing control method according to claim 1, it is characterised in that different operational orders with it is identical or not Same user account mapping association, different user account is registered in same or different safety means.

3. intelligent home furnishing control method according to claim 1, it is characterised in that the FIDO servers include registration mould The registration information is built into before registration request order by block, the FIDO servers, in addition to：

The Registering modules judge that whether the safety means are located in predeterminable area, and/or whether judge the safety means Specified user holds or known safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety Equipment, then perform the step of registration information is built into registration request order by the FIDO servers；Otherwise terminate Registration process.

4. intelligent home furnishing control method according to claim 1, it is characterised in that the process of the checking user account is：

The control terminal obtains object run instruction；

The control terminal is serviced according to the corresponding user account transmission checking request of object run instruction to the FIDO Device；

The FIDO servers produce challenge data, and verification command is built according to the checking request, and by the challenge data Sent with verification command by the control terminal to the safety means；

The safety means parse the verification command, and verify the true and false of the FIDO servers；

If the FIDO servers are true, the safety means enter after validation confirmation information is got to the challenge data Row signature obtains signing messages, and the signing messages is sent to the FIDO servers by the control terminal；

The FIDO servers carry out sign test to the signing messages, obtain sign test result.

5. intelligent home furnishing control method according to claim 4, it is characterised in that the safety means are with button U2F equipment；

The acquisition process of the registration confirmation includes：

Detect whether the button is pressed；

If the button is pressed, the registration confirmation is got；

The acquisition process of the validation confirmation information includes：

Detect whether the button is pressed；

If the button is pressed, the validation confirmation information is got.

6. intelligent home furnishing control method according to claim 4, it is characterised in that the safety means are UAF equipment；

The acquisition process of the registration confirmation includes：

If collecting first biometric information, store first biometric information and confirm to get the note Volume confirmation；

The acquisition process of the validation confirmation information includes：

Gather the second biometric information for being used to verify of user；

If collecting second biometric information, by second biometric information and first biometric information Compare certification；

7. a kind of intelligent home control system, it is characterised in that including:

Outside control subsystem and internal control subsystem；

The safety means are used for registered user's account, the operational order of control smart home will be can be used under the user account Mapping association is carried out with the user account, after after user's input object run instruction, checking instructs phase with the object run The user account of association, is verified the rear home controller and performs the object run instruction；

The control terminal includes：

Registration request order transceiver module, for receiving registration request order that the FIDO servers send and by the registration Request command is sent to the safety means；

Public key transceiver module, is serviced for receiving the public key of the safety means transmission and the public key being sent into the FIDO Device；

The safety means include：

Registration request Order receiver module, for receiving the registration by the FIDO server constructions that the control terminal is sent Request command；

Confirmation acquisition module, for obtaining registration confirmation；

Public and private key generation module, it is true getting registration if being registered for the user account not in the safety means Recognize after information, generate unsymmetrical key pair, the private key of the unsymmetrical key pair is stored in the safety means, and will be described The public key of unsymmetrical key pair is sent to the FIDO servers by the control terminal；

The FIDO servers include：

Registration request order structure and sending module, the registration information for being sent according to the control terminal, which is built, to be registered The registration request order is simultaneously sent to the control terminal by request command；

8. intelligent home control system according to claim 7, it is characterised in that the FIDO servers are used for difference Operational order and identical or different user account mapping association；Different user accounts is registered in same or different peace In full equipment.

9. intelligent home control system according to claim 7, it is characterised in that the FIDO servers also include registration Module；

The Registering modules are used to judge that whether the safety means are located in predeterminable area, and/or judge the safety means Whether user is specified to hold or known safety means, if the safety means are located in predeterminable area, and/or the safety is set Standby is to specify user to hold or known safety means, then performs the FIDO servers and be built into the registration information The step of registration request order；Otherwise registration process is terminated.

10. intelligent home control system according to claim 7, it is characterised in that

The control terminal also includes：

Acquisition module, for obtaining object run instruction, the operation that the object run instruction selects for user in control terminal Instruction；

Checking request sending module, for instructing corresponding user account to send checking request to described according to the object run FIDO servers；

Signal dispatcher module to be verified, for receiving challenge data and the FIDO servers that the FIDO servers are produced According to the verification command of checking request structure and the challenge data and verification command are sent to the safety means；

Signing messages transceiver module, for receive the signing messages from the safety means and will described in signing messages Send to the FIDO servers；

Operational order sending module, if being sign test success for the sign test result from the FIDO servers, by the target Operational order is sent to home controller；

The safety means also include：

Information receiving module to be verified, for receiving the challenge number by the FIDO server constructions that the control terminal is sent According to and verification command；

FIDO server authentication modules, for parsing the verification command and verifying the true and falses of the FIDO servers；

Signature blocks, if being true for the FIDO servers, after validation confirmation information is got, enter to the challenge data Row signature obtains signing messages；

Signing messages sending module, for the signing messages to be back into the control terminal；

The confirmation acquisition module is additionally operable to obtain validation confirmation information；

The FIDO servers also include：

Checking request receiving module, sends out for receiving the control terminal according to the corresponding user account of object run instruction The checking request sent；

Information architecture module to be verified, for producing challenge data and building verification command according to the checking request；

Information sending module to be verified, for the challenge data and verification command to be sent into the control terminal；

Signing messages receiving module, for receiving the A.L.S. generated by the safety means from the control terminal Breath；

Sign test module, for carrying out sign test to the signing messages, obtains sign test result.

11. intelligent home control system according to claim 10, it is characterised in that the safety means are to carry button U2F equipment；

The confirmation data obtaining module of the safety means is specifically included：

Detection unit, for detecting whether the button is pressed；

12. intelligent home control system according to claim 10, it is characterised in that the safety means are UAF equipment；

Collecting unit, for gathering the first biometric information for being used to register of specified user and being given birth to for the second of checking Thing identification information；

Second acquisition unit, if for collecting first biometric information, storing first biometric information And confirm to obtain the registration confirmation,

Authentication unit is contrasted, if for collecting second biometric information, by second biometric information and institute State the first biometric information and compare certification；

3rd acquiring unit, if the contrast certification for the contrast authentication unit passes through, obtains the validation confirmation information.

13. a kind of method that control terminal controls smart home, applied to intelligent home control system, it is characterised in that described Intelligent home control system includes outside control subsystem and internal control subsystem；

The control terminal controls the method for smart home to be：

The control terminal receives the registration request order sent by the FIDO servers, and the registration request order is by institute FIDO servers are stated according to constructed by the registration information；

The registration request order is sent to the safety means by the control terminal, so that the safety means receive institute State after registration request order, judge whether the user account is registered in the safety means, if unregistered, the safety Equipment then after registration confirmation is got, generates unsymmetrical key pair, stores the private key of the unsymmetrical key pair, and will The public key of the unsymmetrical key pair is sent to the control terminal；

The public key is sent to the FIDO servers by the control terminal, so that public described in the FIDO server storages Key, and the public key is associated with the user account；

The control terminal enters the operational order that can be used for control smart home under the user account with the user account Row mapping association；

The control terminal receives object run instruction, so that safety means checking is associated with object run instruction User account, and the home controller is performed the object run instruction.

14. the method that control terminal according to claim 13 controls smart home, it is characterised in that the FIDO services Device includes Registering modules, and the control terminal also includes before the registration information is sent into the FIDO servers：

The positional information and/or facility information are set up into registration information by the control terminal, so that the registration mould Root tuber judges the safety means whether in predeterminable area according to the positional information that receives, and/or according to receiving The facility information judge the safety means whether specify user hold or known safety means, if the safety means In predeterminable area, and/or the safety means are to specify user to hold or known safety means, the FIDO servers The step of registration information is built into registration request order by execution.

15. a kind of method of FIDO server controls smart home, applied to intelligent home control system, it is characterised in that institute Stating intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

The registration information is built into registration request order by the FIDO servers, and the registration request order is passed through The control terminal is sent to the safety means, so that the safety means are received after the registration request order, judges Whether the user account is registered in the safety means, if unregistered, and the safety means are then getting registration really Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair Key is sent to the FIDO servers by the control terminal；

After the control terminal receives object run instruction, the FIDO servers coordinate the safety means checking and institute The associated user account of object run instruction is stated, so that the home controller performs the object run after being verified Instruction.

16. the method for FIDO server controls smart home according to claim 15, it is characterised in that the FIDO clothes Business device includes Registering modules, and the registration information includes the safety that the control terminal is obtained from the safety means The positional information and/or facility information of equipment, registration request is built into the FIDO servers by the registration information Before order, in addition to：

The Registering modules receive the registration information；

The Registering modules judge whether the safety means are located in predeterminable area according to the positional information, and/or according to The facility information judges whether the safety means specify user to hold or known safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety Equipment, the FIDO servers perform the step of registration information is built into registration request order, otherwise terminate note Volume process.

17. a kind of method that safety means control smart home, applied to intelligent home control system, it is characterised in that described Intelligent home control system includes outside control subsystem and internal control subsystem；

The intelligent home furnishing control method is：

The safety means receive the registration request order sent by the FIDO servers by the control terminal, the note Volume request command is constructed by the registration information sent as the FIDO servers according to the control terminal；

The safety means parse the registration request order, judge whether the user account is noted in the safety means Volume；

If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, and store described non- The private key of symmetric key pair, and the public key of the unsymmetrical key pair is sent to the FIDO services by the control terminal Device, so that public key described in the FIDO server storages, and the public key is associated with the user account；

After the control terminal receives object run instruction, the safety means are with reference to the FIDO server authentications and institute The associated user account of object run instruction is stated, so that the home controller performs the object run after being verified Instruction.

18. the method that safety means according to claim 17 control smart home, it is characterised in that the FIDO services Device includes Registering modules, and the safety means also include before receiving the registration request order：

The safety means send the positional information and/or facility information of the safety means to the control terminal, so that institute State control terminal and the registration information, and the Registering modules are set up according to the positional information and/or facility information Judge whether the safety means are located in default scope according to the positional information, and/or sentenced according to the facility information Breaking, whether user holds or known safety means the safety means；

When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety means, Perform the safety means and receive the registration request order that the FIDO servers are sent.

19. a kind of control terminal, applied to intelligent home control system, carries out data with FIDO servers and safety means respectively Interaction, it is characterised in that the control terminal includes：

Registration information transceiver module, for receiving the registration information of user and being sent to the FIDO servers；

Registration request order transceiver module, for receiving registration request order that the FIDO servers send and by the registration Request command is sent to the safety means, so that the safety means are received after the registration request order, judges described Whether user account is registered in the safety means, if unregistered, the safety means are then getting registration confirmation After breath, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and the public key of the unsymmetrical key pair is sent out The control terminal is given, the registration request order is that the FIDO servers are built according to the registration information；

Public key transceiver module, is serviced for receiving the public key of the safety means transmission and the public key being sent into the FIDO Device, so that public key described in the FIDO server storages, and the public key is associated with the user account；

Operational order transceiver module, for receiving object run instruction, and after the user account is verified, target is grasped The home controller is sent to as instruction, so that the home controller performs the object run instruction；

Authentication module, for reference to the FIDO servers user associated with object run instruction with the safety means pair Account is verified.

20. control terminal according to claim 19, it is characterised in that the FIDO servers include Registering modules, institute Registration information transceiver module is stated to be additionally operable to：

The positional information and/or facility information of the safety means are obtained from the safety means, and sets up into registration request letter Breath；

The positional information and/or facility information are sent to the Registering modules, so that the Registering modules are according to institute's rheme Confidence breath judges whether the safety means are located in predeterminable area, and/or judges that the safety is set according to the facility information It is standby whether to specify user to hold or known safety means；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety Equipment, makes the FIDO servers perform the step of registration information is built into registration request order.

21. a kind of FIDO servers, applied to intelligent home control system, are communicated to connect, and pass through the control with control terminal Terminal processed carries out data interaction with safety means, it is characterised in that the FIDO servers include：

Registration request order structure and sending module, for building registration request order and by the note according to registration information Volume request command is sent to the safety means by the control terminal, so that the safety means receive the registration and asked Ask after order, judge whether the user account is registered in the safety means, if unregistered, the safety means then exist Get after registration confirmation, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and will be described non-right The public key of key pair is claimed to be sent to the control terminal；

Authentication module, for instructing associated user account to object run with reference to the control terminal and the safety means Verified, so that the home controller performs the object run instruction after the user account is verified.

22. FIDO servers according to claim 21, it is characterised in that also including Registering modules, the registration request Information includes the positional information and/or facility information of the safety means, and the Registering modules are used for：

The registration information is received, and judges whether the safety means are located at according to the positional information of the safety means In predeterminable area, and/or according to the facility information judge the safety means whether specify user hold or known safety Equipment；

If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety Equipment, makes the FIDO servers perform the step of registration information is built into registration request order, otherwise terminates Registration process.

23. a kind of safety means, applied to intelligent home control system, data friendship is carried out by control terminal and FIDO servers Mutually, it is characterised in that the safety means include：

Registration request Order receiver module, for receiving the registration by the FIDO server constructions that the control terminal is sent Request command, the registration request order is the registration as the FIDO servers according to constructed by registration information Solicited message is inputted in the control terminal by user and is sent to the FIDO servers by the control terminal；

Confirmation acquisition module, for obtaining registration confirmation；

Public and private key generation module, it is true getting registration if being registered for the user account not in the safety means Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair Key is sent to the FIDO servers by the control terminal, so that public key described in the FIDO server storages, and by institute State public key associated with the user account；

Authentication module, for instructing associated user's account to object run with reference to the control terminal and the FIDO servers Family is verified, so that the home controller performs the object run instruction after the user account is verified.

24. safety means according to claim 23, it is characterised in that the FIDO servers include Registering modules, institute Stating safety means also includes positional information sending module, and the positional information sending module is used for：

The positional information and/or facility information of the safety means are sent into the control terminal to set up into registration request letter Breath, so that the Registering modules judge whether the safety means are located at default scope according to the positional information received It is interior, and/or judge whether user holds or known safety means the safety means according to the facility information；

When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety means, The safety means receive the registration request order that the FIDO servers are sent.