CN110505089B - Internet of things equipment management method and system - Google Patents

Internet of things equipment management method and system Download PDF

Info

Publication number
CN110505089B
CN110505089B CN201910772409.8A CN201910772409A CN110505089B CN 110505089 B CN110505089 B CN 110505089B CN 201910772409 A CN201910772409 A CN 201910772409A CN 110505089 B CN110505089 B CN 110505089B
Authority
CN
China
Prior art keywords
internet
things equipment
things
challenge information
management server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910772409.8A
Other languages
Chinese (zh)
Other versions
CN110505089A (en
Inventor
包丛笑
李星
翁喆
刘人杰
常得量
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201910772409.8A priority Critical patent/CN110505089B/en
Publication of CN110505089A publication Critical patent/CN110505089A/en
Application granted granted Critical
Publication of CN110505089B publication Critical patent/CN110505089B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a method and a system for managing equipment of the Internet of things, wherein the method comprises the following steps: after the Internet of things equipment is networked, sending an address of the Internet of things equipment to a registration server, and starting a survival timer of the Internet of things equipment if the address is successfully sent; receiving challenge information sent by a management server for managing the Internet of things equipment, and carrying out validity verification on the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed; if the validity verification passes, resetting the survival timer; if the validity verification is not passed and the validity verification is not passed all the time when the pre-design is completed by the survival timer, the Internet of things equipment is shut down. The invention realizes the safety management of the Internet of things equipment on the Internet based on the survival time of the Internet of things equipment.

Description

Internet of things equipment management method and system
Technical Field
The invention belongs to the technical field of Internet of things safety, and particularly relates to an Internet of things equipment management method and system.
Background
With the development of the internet, people put forward the concept and technology of interconnection of everything, and try to connect various articles and articles with people in a network manner so as to realize monitoring, feedback, control and interaction of the conditions of various articles.
After the concept of the internet of things is put forward, the development is rapid in the corresponding fields of academia and industry. However, as an emerging network application mode, the internet of things still faces many challenges in the security field. Each piece of internet-of-things equipment is essentially an electronic equipment which runs on a network and can communicate with the outside, and if no better network security protection and control exists, the equipment can easily become a target of hacker or malicious man-in-the-middle attack, and becomes a DDOS attack source or causes other influences which may threaten the network security.
With the accelerated popularization of the internet of things, more and more internet of things equipment inevitably exist on the network. Different from the traditional network server, the internet of things equipment has smaller volume and less resource consumption, and is more prone to be forgotten on the network. The unattended internet of things equipment is inevitably easier to become an internet attack source, and more serious security threat is caused to the network.
Disclosure of Invention
In order to overcome the problems that the management of the internet of things equipment is easy to ignore and attack or at least partially solve the problems, embodiments of the present invention provide a method and a system for managing the internet of things equipment.
According to a first aspect of the embodiments of the present invention, there is provided an internet of things device management method, including:
after the Internet of things equipment is networked, sending an address of the Internet of things equipment to a registration server, and starting a survival timer of the Internet of things equipment if the address is successfully sent;
receiving challenge information sent by a management server for managing the Internet of things equipment, and carrying out validity verification on the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed;
if the validity verification passes, resetting the survival timer; if the validity verification does not pass and the pre-design is completed by the survival timer, the validity verification does not pass all the time, and the Internet of things equipment is shut down.
According to a second aspect of the embodiments of the present invention, there is provided an internet of things device management method, including:
checking the safety state of the Internet of things equipment according to the address of the Internet of things equipment sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked;
if the check is passed, generating challenge information according to a check result, sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information, and if the validity verification is passed, resetting a keep timer; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down; and the survival timer is started by the Internet of things equipment when the Internet of things equipment successfully sends the address.
According to a third aspect of the embodiments of the present invention, there is provided an internet of things device, including:
the registration module is used for sending the address of the Internet of things equipment to a registration server after the Internet of things equipment is networked, and starting a survival timer of the Internet of things equipment if the address is successfully sent;
the verification module is used for receiving challenge information sent by a management server for managing the Internet of things equipment and verifying the validity of the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed;
the control module is used for resetting the survival timer if the validity verification passes; if the validity verification does not pass and the pre-design is completed by the survival timer, the validity verification does not pass all the time, and the Internet of things equipment is shut down.
According to a fourth aspect of the embodiments of the present invention, there is provided a management server including:
the checking module is used for checking the safety state of the Internet of things equipment according to the address of the Internet of things equipment sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked;
the sending module is used for generating challenge information according to a checking result if the checking is passed, sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information, and resetting a survival timer if the validity verification is passed; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down; and the survival timer is started by the Internet of things equipment when the Internet of things equipment successfully sends the address.
According to a fifth aspect of the embodiments of the present invention, there is provided an internet of things device management system, including any one of the internet of things devices and any one of the management servers.
The embodiment of the invention provides a method and a system for managing Internet of things equipment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of an internet of things device management method according to an embodiment of the present invention;
fig. 2 is a schematic view of an overall structure of an internet of things device according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of an internet of things device management method according to another embodiment of the present invention;
fig. 4 is a schematic overall structure diagram of a management server according to an embodiment of the present invention;
fig. 5 is a schematic flow chart of an internet of things device management method in the internet of things device management system according to the embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
In an embodiment of the present invention, an internet of things device management method is provided, and fig. 1 is a schematic overall flow chart of the internet of things device management method provided in the embodiment of the present invention, where the method includes: s101, after networking of the Internet of things equipment, sending an address of the Internet of things equipment to a registration server, and starting a survival timer of the Internet of things equipment if the address is successfully sent;
the embodiment is applied to management of the internet of things equipment deployed in the internet environment, and the equipment accessed to the network comprises the internet of things equipment, a registration server used for registration of the internet of things equipment and a management server used for managing the internet of things equipment. Before networking of the Internet of things equipment, initializing the Internet of things equipment and a management server. The method specifically comprises the steps of accessing the Internet of things equipment and a management server into a network, respectively configuring relevant addresses of the Internet of things equipment and the management server, configuring accessibility of the Internet of things equipment, ensuring that the management server can actively initiate access to the Internet of things equipment, and determining a corresponding relation between the management server for managing the Internet of things equipment and the Internet of things equipment.
When the Internet of things equipment is networked, the Internet of things equipment reports the address of the Internet of things equipment to the registration server. And after the report is successful, the Internet of things equipment starts a self survival timer. The survival timer is preset with a survival time length. And when the timing duration of the survival timer reaches the survival duration, the Internet of things equipment is actively powered off.
For example, when an Internet of things device accesses the network, a public global unicast IPv6 address is obtained, such as 2001: da8: 5630: b700:0003: be88, or an IPv6 prefix, such as 2001: da8:3000:344c: 64. It should be noted that, here, taking IPv6 as an example, the address acquired by the internet of things device may also be an IPv4 address. And the Internet of things equipment reports the address to the Internet of things registration server. After the report is successful, the internet of things equipment starts a survival timer, and the survival time is set, for example, 30 days. The survival time duration can be fixed in hardware of the internet of things device, can be specified by a registration server of the internet of things device through a certain encryption communication mode, or can be set in any other mode capable of ensuring safety. Meanwhile, the registration server transmits the information of the equipment of the Internet of things, such as equipment address information, equipment survival time and the like, to the management server, and the management server prepares to check the safety state of the equipment of the Internet of things at regular time.
S102, receiving challenge information sent by a management server for managing the Internet of things equipment, and carrying out validity verification on the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed;
and after receiving the address sent by the Internet of things equipment, the registration server informs a management server for managing the Internet of things equipment to carry out safety management on the Internet of things equipment. The management server checks the safety state of the Internet of things equipment at regular time according to the information provided by the registration server, and judges whether the Internet of things equipment passes the check. If the verification is passed, the management server generates verifiable Challenge information (Challenge Message) according to the verification result. And the Internet of things equipment receives the challenge information sent by the management server, decrypts the challenge information and verifies the legality.
The management server is connected with the Internet of things equipment through address information registered by the Internet of things equipment within 30 days, wherein the address information is 2001: da8: 5630: b700:0003: be88, and the safety state of the Internet of things equipment is checked at least once, and whether the Internet of things equipment is infected or invaded by a virus, whether a key code is tampered or not and the like are checked. If the IOT equipment passes the check, the management server generates a plaintext which can verify the challenge information, such as 'pass check @20190203 and 100304'.
S103, if the validity verification passes, resetting the survival timer; if the validity verification does not pass and the pre-design is completed by the survival timer, the validity verification does not pass all the time, and the Internet of things equipment is shut down.
If the validity verification is passed, the internet of things equipment resets its own survival timer, for example, timing for 30 days. And then the management server checks the security state of the internet of things equipment every other first preset time, and the internet of things equipment repeatedly executes S102-S103 after the security state of the internet of things equipment is checked at least once in the survival time of the internet of things equipment, such as 30 days. If the validity verification fails, the safety state of the Internet of things equipment is continuously checked in the process of timing by a survival timer of the Internet of things equipment, so that the challenge information is verified in validity, if the validity verification fails all the time when the survival timer completes the pre-design, the Internet of things equipment is actively powered off, and the Internet of things equipment can be powered on again only by directly operating the Internet of things equipment; and resetting the survival timer if the validity verification passes before the preset of the survival timer is finished. This process is repeated until the internet of things device is off-line or the related service needs to be stopped for any reason.
In the embodiment, the survival timer is arranged on the internet of things equipment, the management server for managing the internet of things equipment is used for checking the safety state of the internet of things equipment, the challenge information is generated when the check is passed, the validity of the challenge information is verified by the internet of things equipment, and the survival timer is reset or shut down according to the verification result, so that the internet of things equipment on the internet is safely managed based on the survival time of the internet of things equipment.
On the basis of the foregoing embodiment, before the step of receiving challenge information sent by a management server that manages the internet of things device, the embodiment further includes: if the check is not passed, receiving the repair operation of the management server or the user so that the management server can judge whether the repair is successful; if the repair is unsuccessful and when the pre-design is completed by the survival timer, the validity verification is always not passed, and the Internet of things equipment is shut down; and if the repairing is successful, receiving the challenge information sent by the management server, and carrying out validity verification on the challenge information.
Specifically, if the internet of things device fails the security check, the management server attempts to notify the relevant person or autonomously repair the problem of the internet of things device, and determines whether the repair is successful. If the repair is successful, the check requirement is met, and the management server sends verifiable challenge information to the Internet of things equipment. And the Internet of things equipment carries out validity verification on the challenge information sent by the management server, and then resets a survival timer or shuts down the management server according to a validity verification result.
On the basis of the foregoing embodiment, the step of performing validity verification on the challenge information in this embodiment specifically includes: decrypting the challenge information by using the management server according to a public key generated by an asymmetric encryption algorithm in advance, and verifying the validity according to a decryption result; before the challenge information is sent to the internet of things equipment, the management server uses a private key generated by the management server according to the asymmetric algorithm in advance to encrypt the challenge information.
Specifically, the management server generates a public and private key pair in advance according to an asymmetric encryption algorithm, and stores a public key in the public and private key pair in the corresponding internet of things device. The management server encrypts the challenge information by using a private key in the public and private key pair before sending the challenge information to the Internet of things equipment. And the Internet of things equipment decrypts the challenge information by using the stored public key after receiving the encrypted challenge information, and performs validity verification according to a decryption result, wherein the validity verification includes whether decryption is successful or not and whether the decrypted content and form are correct or not.
For example, the management server private key is used to encrypt the plaintext of the challenge information into the ciphertext of the challenge information. For example, the base64 ciphertext encrypted using 512bit RSA is:
LPL0QPodVrb3UOrBGhx/f/k4aumgZIewvMKoV3HK1f5ybq1LAjPB2efpeksApva7dTuL5NEJE6Z6KlieUPKQeA==
then, the management server sends the ciphertext of the challenge information to the Internet of things device according to the Internet of things device-related address information provided by the registration server, such as 2001: da8: 5630: b700:0003: be 88.
After the internet of things equipment receives the ciphertext of the challenge information, the ciphertext of the challenge information is decrypted by using the public key of the management server, the plaintext of the challenge information is obtained, the plaintext is checked to be @20190203 and 100304, and the legitimacy of the plaintext of the challenge information is verified.
On the basis of the above embodiments, the present embodiment further includes: reporting the networking state of the Internet of things equipment to the registration server every second preset time period, so that the management server stops checking the security state of the Internet of things equipment when knowing that the Internet of things equipment is offline according to the networking state sent by the registration server; and/or if the address of the internet of things equipment changes, sending the new address of the internet of things equipment to the registration server so that the management server can check the safety state of the internet of things equipment according to the new address sent by the registration server.
Specifically, the internet of things device reports its own state to the registration server periodically, for example, reporting every 1 day, so that the registration server knows that the internet of things device is not offline from the network. Meanwhile, if the address information of the internet of things device changes, for example, to 2001: da8:2c2c:3888:: 64, the address information change is synchronized with the registration server as well. The internet of things registration server also synchronizes the changes to the management server.
The following is an example of the operation of the internet of things device if the management server is not present.
If no management server exists, such as the management server fails or stops being used, that is, no main body is responsible for managing the internet of things device, no flow can reset the keep-alive timer of the internet of things device, so that the keep-alive timer maintains normal timing. And when the remaining time is 0 after the survival timer is timed, namely after 30 days, the Internet of things equipment is actively powered off. The internet of things equipment after being powered off needs manual intervention, and the internet of things equipment is powered on again through physical contact.
The following further illustrates the working situation after the internet of things device is invaded.
When the management server performs security check on the internet of things device, if the internet of things device is found to have an intrusion trace, such as an abnormal process record, a tampered or injected program code, an abnormal device behavior, and the like, the internet of things device is considered to have been intruded. At this point, the management server may attempt to take action on the internet of things device to fix the relevant problem, such as notifying human intervention, comparing with an existing security threat database to find a solution, and so on.
If the internet of things equipment is repaired, the internet of things equipment is regarded as passing the security check, and the subsequent challenge information process is continued. If the internet of things equipment cannot be repaired or the management server does not have the capability of processing the security threat, the information challenging process is not carried out, and the internet of things equipment is actively powered off when the timing of the survival timer is completed, so that the internet is prevented from being threatened more.
The following further illustrates the working condition of the internet of things device when the internet of things device is intruded and therefore cannot contact the internet of things registration server or the management server.
If the internet of things equipment cannot get in contact with the registration server after being invaded, the registration server will see the internet of things equipment in an off-line state after a certain time, for example, after 1 day, and inform the management server that the security check on the internet of things equipment is not carried out any more. And the Internet of things equipment is actively powered off when the timing of the survival timer is finished.
If the internet of things equipment cannot be connected with the management server after being invaded, the management server cannot perform safety check on the internet of things equipment, the information challenge flow cannot be performed, and the internet of things equipment is actively shut down when the timing of the existence timer is completed.
In another embodiment of the present invention, an internet of things device is provided, which is used for implementing the methods in the foregoing embodiments. Therefore, the descriptions and definitions in the foregoing embodiments of the internet of things device management method may be used for understanding each execution module in the embodiments of the present invention. Fig. 2 is a schematic view of an overall structure of an internet of things device according to an embodiment of the present invention, where the apparatus includes a registration module 201, a verification module 202, and a control module 203, where:
the registration module 201 is configured to send an address of the internet of things device to a registration server after the internet of things device is networked, and if the address is successfully sent, start a keep-alive timer of the internet of things device; the verification module 202 is configured to receive challenge information sent by a management server that manages the internet of things device, and perform validity verification on the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed; the control module 203 is configured to reset the liveness timer if the validity verification passes; if the validity verification does not pass and when the pre-design is completed by the survival timer, the validity verification does not pass all the time, and the Internet of things equipment is powered off.
In the embodiment, the survival timer is arranged on the internet of things equipment, the management server for managing the internet of things equipment is used for checking the safety state of the internet of things equipment, the challenge information is generated when the check is passed, the validity of the challenge information is verified by the internet of things equipment, and the survival timer is reset or shut down according to the verification result, so that the internet of things equipment on the internet is safely managed based on the survival time of the internet of things equipment.
On the basis of the foregoing embodiment, the present embodiment further includes a receiving module, configured to receive, if the check fails, the repair operation of the management server or the user, so that the management server determines whether the repair is successful; if the repair is unsuccessful and when the pre-design is completed by the survival timer, the validity verification is always not passed, and the Internet of things equipment is shut down; and if the repairing is successful, receiving the challenge information sent by the management server, and carrying out validity verification on the challenge information.
On the basis of the foregoing embodiment, the verification module in this embodiment is specifically configured to: decrypting the challenge information by using the management server according to a public key generated by an asymmetric encryption algorithm in advance, and verifying the validity according to a decryption result; before the challenge information is sent to the internet of things equipment, the management server uses a private key generated by the management server according to the asymmetric algorithm in advance to encrypt the challenge information.
On the basis of the foregoing embodiments, the present embodiment further includes a reporting module, configured to report the networking state of the internet of things device to the registration server every second preset time period, so that the management server stops checking the security state of the internet of things device when knowing that the internet of things device is offline according to the networking state sent by the registration server; and/or if the address of the internet of things equipment changes, sending the new address of the internet of things equipment to the registration server so that the management server can check the safety state of the internet of things equipment according to the new address sent by the registration server.
In another embodiment of the present invention, a method for managing devices in an internet of things is provided, and fig. 3 is a schematic overall flow chart of the method for managing devices in an internet of things provided in the embodiment of the present invention, where the method includes: s301, checking the safety state of the Internet of things equipment according to the address of the Internet of things equipment sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked;
when the Internet of things equipment is networked, the Internet of things equipment reports the address of the Internet of things equipment to the registration server. And after the report is successful, the Internet of things equipment starts a self survival timer. The survival timer is preset with a survival time length. And when the timing duration of the survival timer reaches the survival duration, the Internet of things equipment is actively powered off. And after receiving the address sent by the Internet of things equipment, the registration server informs a management server for managing the Internet of things equipment to carry out safety management on the Internet of things equipment. The management server checks the security state of the internet of things equipment at regular time according to the information provided by the registration server,
s302, if the check is passed, generating challenge information according to the check result, and sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information, and if the validity verification is passed, resetting a survival timer; if the validity verification is not passed and when the pre-design is completed by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is powered off; and the survival timer is started by the Internet of things equipment when the Internet of things equipment successfully sends the address.
And judging whether the equipment of the Internet of things passes the check. If the verification is passed, the management server generates verifiable Challenge information (Challenge Message) according to the verification result, such as "pass verification @20190203 and 100304". And the Internet of things equipment receives the challenge information sent by the management server, decrypts the challenge information and verifies the legality. If the validity verification is passed, the Internet of things equipment resets the self survival timer. And then the management server checks the security state of the Internet of things equipment every other first preset time, and at least one security state check is performed within the survival time of the Internet of things equipment. If the validity verification fails, the safety state of the Internet of things equipment is continuously checked in the process of timing by a survival timer of the Internet of things equipment, so that the challenge information is verified in validity, if the validity verification fails all the time when the survival timer completes the pre-design, the Internet of things equipment is actively powered off, and the Internet of things equipment can be powered on again only by directly operating the Internet of things equipment; and resetting the survival timer if the validity verification passes before the preset of the survival timer is finished. This process is repeated until the internet of things device is off-line or the related service needs to be stopped for any reason.
In the embodiment, the survival timer is arranged on the internet of things equipment, the management server for managing the internet of things equipment is used for checking the safety state of the internet of things equipment, the challenge information is generated when the check is passed, the validity of the challenge information is verified by the internet of things equipment, and the survival timer is reset or shut down according to the verification result, so that the internet of things equipment on the internet is safely managed based on the survival time of the internet of things equipment.
On the basis of the foregoing embodiment, in this embodiment, the step of checking the security status of the internet of things device according to the address of the internet of things device sent by the registration server further includes: if the check is not passed, sending a repair notice to the user client so that a user can repair the internet of things equipment according to the repair notice on the user client or perform autonomous repair on the internet of things equipment; judging whether the repair is successful or not, if the repair is unsuccessful and the Internet of things equipment completes the pre-design in the survival timer, if the validity verification is not passed all the time, shutting down the equipment; if the repairing is successful, generating challenge information according to a repairing result, and sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information.
Specifically, if the internet of things device fails the security check, the management server attempts to notify the relevant person or autonomously repair the problem of the internet of things device, and determines whether the repair is successful. If the repair is successful, the check requirement is met, and the management server sends verifiable challenge information to the Internet of things equipment. And the Internet of things equipment carries out validity verification on the challenge information sent by the management server, and then resets a survival timer or shuts down the management server according to a validity verification result.
On the basis of the foregoing embodiment, the step of sending the challenge information to the internet of things device in this embodiment specifically includes: encrypting the challenge information using a private key; the private key is generated by the management server in advance according to an asymmetric algorithm; and sending the encrypted challenge information to the Internet of things equipment so that the Internet of things equipment decrypts the challenge information according to a public key generated by the asymmetric algorithm and verifies the validity according to a decryption result.
Specifically, the management server generates a public and private key pair in advance according to an asymmetric encryption algorithm, and stores a public key in the public and private key pair in the corresponding internet of things device. The management server encrypts the challenge information by using a private key in the public and private key pair before sending the challenge information to the Internet of things equipment. And the Internet of things equipment decrypts the challenge information by using the stored public key after receiving the encrypted challenge information, and performs validity verification according to a decryption result, wherein the validity verification includes whether decryption is successful or not and whether the decrypted content and form are correct or not. In addition, the internet of things equipment reports the self state to the registration server periodically, so that the registration server knows that the internet of things equipment is not offline from the network. Meanwhile, if the address information of the Internet of things equipment changes, the address information changes are synchronized with the registration server. The internet of things registration server also synchronizes the changes to the management server.
In a further embodiment of the invention, a management server is provided, which is configured to implement the methods in the foregoing embodiments. Therefore, the descriptions and definitions in the foregoing embodiments of the internet of things device management method may be used for understanding each execution module in the embodiments of the present invention. Fig. 4 is a schematic diagram of an overall structure of a management server according to an embodiment of the present invention, where the management server includes a checking module 401 and a sending module 402, where:
the checking module 401 is configured to check a security state of the internet of things device according to the address of the internet of things device sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked; the sending module 402 is configured to generate challenge information according to a check result if the check is passed, send the challenge information to the internet of things device, so that the internet of things device performs validity verification on the challenge information, and reset a keep timer if the validity verification is passed; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down; and the survival timer is started by the Internet of things equipment when the Internet of things equipment successfully sends the address.
In the embodiment, the survival timer is arranged on the internet of things equipment, the management server for managing the internet of things equipment is used for checking the safety state of the internet of things equipment, the challenge information is generated when the check is passed, the validity of the challenge information is verified by the internet of things equipment, and the survival timer is reset or shut down according to the verification result, so that the internet of things equipment on the internet is safely managed based on the survival time of the internet of things equipment.
On the basis of the foregoing embodiment, the present embodiment further includes a repair module, configured to send a repair notification to the user client if the check fails, so that the user can repair the device according to the repair notification on the user client or perform autonomous repair on the internet of things device; judging whether the repair is successful or not, if the repair is unsuccessful and the validity verification of the Internet of things equipment is always not passed when the survival timer is preset, shutting down the Internet of things equipment; if the repairing is successful, generating challenge information according to a repairing result, and sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information.
On the basis of the foregoing embodiment, in this embodiment, the sending module is specifically configured to encrypt the challenge information by using a private key; the private key is generated by the management server in advance according to an asymmetric algorithm; and sending the encrypted challenge information to the Internet of things equipment so that the Internet of things equipment decrypts the challenge information according to a public key generated by the asymmetric algorithm and verifies the validity according to a decryption result.
In another embodiment of the present invention, an internet of things device management system is provided, where the system includes an internet of things device in any one of the above-described embodiments of the internet of things device and a management server in any one of the above-described embodiments of the management server.
Specifically, the internet of things device management process of the system is shown in fig. 5, and the specific steps are as follows:
s1, when the Internet of things equipment is networked, the Internet of things equipment reports the address of the Internet of things equipment to a registration server, and a survival timer of the Internet of things equipment is started;
s2, the registration server informs a management server managing the Internet of things equipment to perform security management on the Internet of things equipment;
s3, the management server regularly checks the safety state of the Internet of things equipment according to the information provided by the registration server, and judges whether the Internet of things equipment passes the check;
if the check is not passed, go to step S4;
if the check is passed, step S5 is executed;
s4, the management server for managing the equipment of the Internet of things tries to inform related personnel or autonomously repair the problems of the equipment of the Internet of things, and judges whether the repair is successful or not;
if successful, go to step S5;
if not, go to step S8;
s5, the management server uses the private key of the asymmetric encryption algorithm to encrypt verifiable challenge information sent to the Internet of things equipment;
s6, the Internet of things equipment receives the challenge information and decrypts the challenge information by using a public key owned by a management server for managing the Internet of things equipment and verifies the validity;
if successful, go to step S7;
if not, go to step S8;
s7, resetting the self survival timer of the Internet of things equipment, and repeating S3-37;
and S8, when the survival timer of the Internet of things equipment completes timing, the Internet of things equipment is actively powered off, and the Internet of things equipment can be powered on again only by directly operating the Internet of things equipment.
In the embodiment, the survival timer is arranged on the internet of things equipment, the management server for managing the internet of things equipment is used for checking the safety state of the internet of things equipment, the challenge information is generated when the check is passed, the validity of the challenge information is verified by the internet of things equipment, and the survival timer is reset or shut down according to the verification result, so that the internet of things equipment on the internet is safely managed based on the survival time of the internet of things equipment.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An Internet of things equipment management method is characterized by comprising the following steps:
after the Internet of things equipment is networked, sending an address of the Internet of things equipment to a registration server, and starting a survival timer of the Internet of things equipment if the address is successfully sent;
receiving challenge information sent by a management server for managing the Internet of things equipment, and carrying out validity verification on the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed;
if the validity verification passes, resetting the survival timer; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down;
the registration server is used for registering the Internet of things equipment, and the management server is used for managing the Internet of things equipment.
2. The method for managing devices in the internet of things according to claim 1, wherein before the step of receiving the challenge information sent by the management server managing the devices in the internet of things, the method further comprises:
if the check is not passed, receiving the repair operation of the management server or the user so that the management server can judge whether the repair is successful;
if the repair is unsuccessful and when the pre-design is completed by the survival timer, the validity verification is always not passed, and the Internet of things equipment is shut down;
and if the repairing is successful, receiving the challenge information sent by the management server, and carrying out validity verification on the challenge information.
3. The internet of things equipment management method according to claim 1, wherein the step of performing validity verification on the challenge information specifically includes:
decrypting the challenge information by using the management server according to a public key generated by an asymmetric encryption algorithm in advance, and verifying the validity according to a decryption result; before the challenge information is sent to the internet of things equipment, the management server uses a private key generated by the management server according to the asymmetric algorithm in advance to encrypt the challenge information.
4. The Internet of things equipment management method according to any one of claims 1 to 3, further comprising:
reporting the networking state of the Internet of things equipment to the registration server every second preset time period, so that the management server stops checking the security state of the Internet of things equipment when knowing that the Internet of things equipment is offline according to the networking state sent by the registration server; and/or the presence of a gas in the gas,
if the address of the Internet of things equipment changes, sending a new address of the Internet of things equipment to the registration server, so that the management server can check the safety state of the Internet of things equipment according to the new address sent by the registration server.
5. An Internet of things equipment management method is characterized by comprising the following steps:
checking the safety state of the Internet of things equipment according to the address of the Internet of things equipment sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked;
if the check is passed, generating challenge information according to a check result, sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information, and if the validity verification is passed, resetting a keep timer; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down; the keep-alive timer is started by the Internet of things equipment when the Internet of things equipment successfully sends an address;
the registration server is used for registering the Internet of things equipment, and the management server is used for managing the Internet of things equipment.
6. The method for managing devices in the internet of things as claimed in claim 5, wherein the step of checking the security status of the devices in the internet of things according to the addresses of the devices in the internet of things sent by the registration server further comprises:
if the check is not passed, sending a repair notice to the user client so that a user can repair the internet of things equipment according to the repair notice on the user client or perform autonomous repair on the internet of things equipment;
judging whether the repair is successful or not, if the repair is unsuccessful and the validity verification of the Internet of things equipment is always not passed when the survival timer is preset, shutting down the Internet of things equipment;
if the repairing is successful, generating challenge information according to a repairing result, and sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information.
7. The internet of things equipment management method according to claim 5, wherein the step of sending the challenge information to the internet of things equipment specifically comprises:
encrypting the challenge information using a private key; the private key is generated by the management server in advance according to an asymmetric algorithm;
and sending the encrypted challenge information to the Internet of things equipment so that the Internet of things equipment decrypts the challenge information according to a public key generated by the asymmetric algorithm and verifies the validity according to a decryption result.
8. An internet of things device, comprising:
the registration module is used for sending the address of the Internet of things equipment to a registration server after the Internet of things equipment is networked, and starting a survival timer of the Internet of things equipment if the address is successfully sent;
the verification module is used for receiving challenge information sent by a management server for managing the Internet of things equipment and verifying the validity of the challenge information; the management server checks the safety state of the Internet of things equipment according to the address sent by the registration server every other first preset time, and the challenge information is generated according to a check result when the check is passed;
the control module is used for resetting the survival timer if the validity verification passes; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down;
the registration server is used for registering the Internet of things equipment, and the management server is used for managing the Internet of things equipment.
9. A management server, comprising:
the checking module is used for checking the safety state of the Internet of things equipment according to the address of the Internet of things equipment sent by the registration server; the address of the Internet of things equipment is sent to the registration server by the Internet of things equipment after the Internet of things equipment is networked;
the sending module is used for generating challenge information according to a checking result if the checking is passed, sending the challenge information to the Internet of things equipment so that the Internet of things equipment can carry out validity verification on the challenge information, and resetting a survival timer if the validity verification is passed; if the validity verification is not passed and the pre-design is finished by the survival timer, the validity verification is not passed all the time, and the Internet of things equipment is shut down; the keep-alive timer is started by the Internet of things equipment when the Internet of things equipment successfully sends an address;
the registration server is used for registering the Internet of things equipment, and the management server is used for managing the Internet of things equipment.
10. An internet-of-things device management system, characterized by comprising the internet-of-things device of claim 8 and the management server of claim 9.
CN201910772409.8A 2019-08-21 2019-08-21 Internet of things equipment management method and system Active CN110505089B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910772409.8A CN110505089B (en) 2019-08-21 2019-08-21 Internet of things equipment management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910772409.8A CN110505089B (en) 2019-08-21 2019-08-21 Internet of things equipment management method and system

Publications (2)

Publication Number Publication Date
CN110505089A CN110505089A (en) 2019-11-26
CN110505089B true CN110505089B (en) 2020-09-15

Family

ID=68588653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910772409.8A Active CN110505089B (en) 2019-08-21 2019-08-21 Internet of things equipment management method and system

Country Status (1)

Country Link
CN (1) CN110505089B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113163012B (en) * 2021-04-26 2022-08-16 物鼎安全科技(武汉)有限公司 Internet of things equipment management method and device based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163005B (en) * 2006-10-13 2010-07-14 中兴通讯股份有限公司 Client terminal management method of embedded type WEB network management
WO2013001549A1 (en) * 2011-06-29 2013-01-03 Shetty Ravindra K Devices connect and operate universally by learning
CN104394623A (en) * 2014-11-21 2015-03-04 苏州市欧博锐自动化科技有限公司 Intelligent streetlamp control method
CN105049472A (en) * 2015-05-22 2015-11-11 上海美迪索科电子科技有限公司 Urban PM2.5 monitoring system and method based on Beidou and Internet of Things
CN109218251B (en) * 2017-06-29 2022-03-22 国民技术股份有限公司 Anti-replay authentication method and system
CN108134706B (en) * 2018-01-02 2020-08-18 中国工商银行股份有限公司 Block chain multi-activity high-availability system, computer equipment and method
CN110113164A (en) * 2019-04-24 2019-08-09 深圳前海微众银行股份有限公司 A kind of IOT device management method and device based on block chain

Also Published As

Publication number Publication date
CN110505089A (en) 2019-11-26

Similar Documents

Publication Publication Date Title
EP3641266B1 (en) Data processing method and apparatus, terminal, and access point computer
JP6367375B2 (en) System and method for secure communication over a network using linking addresses
US9264423B2 (en) Password-less authentication system and method
US20200358764A1 (en) System and method for generating symmetric key to implement media access control security check
CN108418691B (en) Dynamic network identity authentication method based on SGX
EP4181460A1 (en) Service communication method, system and apparatus, and electronic device
US10242176B1 (en) Controlled access communication between a baseboard management controller and PCI endpoints
US20140298037A1 (en) Method, apparatus, and system for securely transmitting data
CN113099443B (en) Equipment authentication method, device, equipment and system
EP3408992A1 (en) Secure connections for low-power devices
US10158608B2 (en) Key establishment for constrained resource devices
CN104573516A (en) Industrial control system trusted environment control method and platform based on safety chip
CN112235235A (en) SDP authentication protocol implementation method based on state cryptographic algorithm
CN110933484A (en) Management method and device of wireless screen projection equipment
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
US20190238536A1 (en) Techniques for resuming a secure communication session
Yoon et al. Remote security management server for IoT devices
CN105553666A (en) Security authentication system and method for smart power terminal
CN104754571A (en) User authentication realizing method, device and system thereof for multimedia data transmission
US20140359707A1 (en) Protecting end point devices
CN102932219B (en) The method of dynamic group net facility registration and cancellation
CN110505089B (en) Internet of things equipment management method and system
CN116232683A (en) Authentication method, device and computer medium of industrial micro-service system
CN112995140B (en) Safety management system and method
CN113660285A (en) Multimedia conference on-line terminal control method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant