CN110636063B

CN110636063B - Method and device for controlling secure interaction of equipment, electronic equipment and storage medium

Info

Publication number: CN110636063B
Application number: CN201910897944.6A
Authority: CN
Inventors: 戴中印; 罗启汉; 曲乐炜
Original assignee: Baidu Online Network Technology Beijing Co Ltd
Current assignee: Baidu Online Network Technology Beijing Co Ltd
Priority date: 2019-09-20
Filing date: 2019-09-20
Publication date: 2021-12-07
Anticipated expiration: 2039-09-20
Also published as: CN110636063A

Abstract

The application discloses a method and a device for controlling the safety interaction of equipment, electronic equipment and a storage medium, and relates to the technical field of network safety. The specific implementation scheme is as follows: receiving an instruction of discovering a controlled device, wherein the controlled device is a login-free device; sending an instruction for finding the controlled equipment to the cloud end, and receiving verification information returned by the cloud end according to the instruction; requesting the controlled equipment for the equipment identifier of the controlled equipment according to the verification information, and receiving the equipment identifier of the controlled equipment returned by the controlled equipment; sending the equipment identification to a cloud end; and uploading the first verification code displayed on the controlled equipment to the cloud end to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful. According to the method and the device, the controlled device in the non-login state, the control device in the login state and the user identity logged in the device in the login state are bound through identity verification, and the safe interaction control of the device in the non-login state is guaranteed.

Description

Method and device for controlling secure interaction of equipment, electronic equipment and storage medium

Technical Field

The application relates to the technical field of information, in particular to the technical field of network security.

Background

The login-free device means that the user does not log in an account on the device. Taking the smart television as an example, televisions produced by many manufacturers have a weak demand on whether account login is needed or not, and in addition, many users have weak operation capability and cannot complete complex login operation, so that a large amount of non-login televisions exist. In the smart home era, the entry devices represented by the sound boxes need to be bound and authorized with the devices in the non-login state, so that the devices in the non-login state can be directly operated through the entry devices, and the security problem needs to be avoided.

The wide area network interactive control technology of the current equipment is currently and generally solved by adopting the following schemes:

(1) and sharing the devices. The device host (owner) is used as a primary account number, the device has complete control right, and the third party can obtain partial authority for operating the device by sharing the intelligent device.

(2) The device logs in the account and shares the operation right of the device through an OAuth (Open Authorization protocol). The equipment owner has the ability to operate the equipment by other equipment or platforms through the OAuth account authorization mode.

The two schemes have different use scenes, but the basic principle needs account login, and the problem of the safety interaction control of equipment in a login-free state is not solved.

Disclosure of Invention

The embodiment of the application provides a content implantation method, a content implantation device, an electronic device and a storage medium, so as to at least solve the above technical problems in the prior art.

In a first aspect, an embodiment of the present application provides a method for controlling secure interaction of a device, including:

receiving an instruction of discovering a controlled device, wherein the controlled device is a login-free device;

sending an instruction for finding the controlled equipment to the cloud end, and receiving verification information returned by the cloud end according to the instruction;

requesting the controlled equipment for the equipment identifier of the controlled equipment according to the verification information, and receiving the equipment identifier of the controlled equipment returned by the controlled equipment;

sending the equipment identification to a cloud end;

and uploading the first verification code displayed on the controlled equipment to the cloud end to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

In the embodiment of the application, the identity is verified through interaction among the control equipment, the controlled equipment and the cloud, and the controlled equipment in the non-login state, the control equipment in the login state and the user identity logged in on the equipment in the login state are bound together, so that the safe interaction control of the equipment in the non-login state is ensured.

In one embodiment, the authentication information includes an IP address of the controlled device and a second authentication code; the IP address is an unbound IP address in the local area network where the controlled equipment inquired by the cloud is located.

In the embodiment of the application, the device identification is requested to the non-login state device according to the IP address of the non-login state device inquired by the cloud, so that the control device can interact with the non-login state controlled device, and the safe interaction with the non-login state device is ensured through the second verification code.

In one embodiment, receiving the device identification of the controlled device returned by the controlled device includes:

and receiving the device identification which is returned by the controlled device and encrypted by the second verification code.

In the embodiment of the application, the second verification code is used, so that safe interaction among the controlled equipment in the non-login state, the control equipment in the login state and the cloud end is guaranteed.

In one embodiment, after sending the device identifier to the cloud, the method includes:

and receiving a message of successful verification returned by the cloud terminal after the verification of the equipment identification is passed.

In the embodiment of the application, the device identifier is sent to the cloud end to indicate the cloud end to check the device identifier, and the successful check of the device identifier can ensure the subsequent safe interaction with the equipment in the login-free state and the safe control of the equipment in the login-free state.

In one embodiment, the first verification code is pushed to the controlled device after the cloud passes the device identification verification.

In the embodiment of the application, the cloud terminal can simultaneously push the first verification code to the controlled device after the device identifier passes the verification, and display the first verification code on the controlled device, so that the control device can acquire the first verification code from the controlled device and upload the first verification code to the cloud terminal for further verification, and the secure interaction control of the device in the login-free state is ensured.

In one embodiment, the method further comprises:

receiving an operation instruction for a controlled device;

and sending the operation instruction to the cloud.

In the embodiment of the application, on the basis of binding the controlled device, the control device and the user information logged in the control device by the method, the control device can implement security control on the controlled device in a non-login state through the cloud end.

In a second aspect, an embodiment of the present application provides a method for controlling secure interaction of a device, including:

receiving an instruction for discovering controlled equipment from the control equipment, and returning verification information to the control equipment according to the instruction, wherein the controlled equipment is equipment in a login-free state;

receiving a device identifier of a controlled device sent by a control device;

verifying the equipment identifier of the controlled equipment, and pushing a first verification code to the controlled equipment after the verification is passed;

receiving a first verification code from the control equipment, and verifying the first verification code;

and binding the controlled equipment, the control equipment and the user information logged on the control equipment after the verification is successful.

In one embodiment, after the controlled device, the control device and the user information logged in the control device are bound after the verification is successful, the method further includes:

generating a binding certificate after the verification is successful;

and issuing the binding certificate to the controlled equipment.

In one embodiment, the method further comprises:

receiving an operation instruction aiming at the controlled equipment from the control equipment, wherein the operation instruction carries user information logged in the control equipment and equipment identification of the controlled equipment;

sending an operation instruction for the controlled equipment to the controlled equipment;

receiving a binding credential from a controlled device;

checking the binding certificate according to the user information logged in the control equipment and the equipment identification of the controlled equipment;

and issuing a retrieval result corresponding to the operation instruction to the controlled equipment after the verification is successful.

In a third aspect, an embodiment of the present application provides a method for controlling secure interaction of a device, including:

receiving authentication information from the control device;

returning the equipment identifier of the controlled equipment to the control equipment according to the verification information, wherein the controlled equipment is equipment in a login-free state;

receiving a first verification code pushed by a cloud end;

the first verification code is displayed.

In one embodiment, returning the device identification of the controlled device to the control device according to the verification information comprises:

and returning the equipment identification encrypted by the second verification code to the control equipment.

In one embodiment, the method further comprises:

and receiving the binding certificate issued by the cloud.

In one embodiment, the method further comprises:

receiving an operation instruction aiming at the controlled equipment sent by the cloud;

returning a binding certificate of the controlled equipment to the cloud end so that the cloud end checks the binding certificate;

and receiving a retrieval result which is issued after the cloud verification is successful and corresponds to the operation instruction.

In a fourth aspect, an embodiment of the present application provides a device for controlling secure interaction, including:

the first interaction unit is used for receiving an instruction of discovering the controlled equipment, wherein the controlled equipment is equipment in a login-free state;

the second interaction unit is used for sending the command for finding the controlled equipment to the cloud end and receiving verification information returned by the cloud end according to the command;

the third interaction unit is used for requesting the controlled equipment for the equipment identifier of the controlled equipment according to the verification information and receiving the equipment identifier of the controlled equipment returned by the controlled equipment;

the fourth interaction unit is used for sending the equipment identifier to the cloud end;

and the fifth interaction unit is used for uploading the first verification code displayed on the controlled equipment to the cloud end so as to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

In one embodiment, the third interaction unit is configured to:

In one embodiment, the fourth interaction unit is further configured to:

and after the equipment identification is sent to the cloud end, a message of successful verification returned by the cloud end after the equipment identification is verified by the cloud end is received.

In one embodiment, the apparatus further comprises a control unit configured to:

receiving an operation instruction for a controlled device;

and sending the operation instruction to the cloud.

In a fifth aspect, an embodiment of the present application provides a device for controlling secure interaction, including:

the sixth interaction unit is used for receiving an instruction for discovering the controlled equipment from the control equipment and returning verification information to the control equipment according to the instruction, wherein the controlled equipment is equipment in a login-free state;

a first receiving unit, configured to receive a device identifier of a controlled device sent by a control device;

the first verification unit is used for verifying the equipment identifier of the controlled equipment and pushing a first verification code to the controlled equipment after the verification is passed;

the second verification unit is used for receiving the first verification code from the control equipment and verifying the first verification code;

and the binding unit is used for binding the controlled equipment, the control equipment and the user information logged on the control equipment after the verification is successful.

In one embodiment, the above apparatus further comprises:

the generating unit is used for generating a binding certificate after the verification is successful;

and the first sending unit is used for sending the binding certificate to the controlled equipment.

In one embodiment, the above apparatus further comprises:

a second receiving unit, configured to receive an operation instruction for the controlled device from the control device, where the operation instruction carries user information logged in the control device and a device identifier of the controlled device;

a second transmitting unit configured to transmit an operation instruction to the controlled device;

a third receiving unit, configured to receive a binding credential from the controlled device;

the third verification unit is used for verifying the binding certificate according to the user information logged in the control equipment and the equipment identifier of the controlled equipment;

and the third sending unit is used for issuing a retrieval result corresponding to the operation instruction to the controlled equipment after the verification is successful.

In a sixth aspect, an embodiment of the present application provides a device for controlling secure interaction, including:

a fourth receiving unit configured to receive the authentication information from the control apparatus;

the fourth sending unit is used for returning the equipment identifier of the controlled equipment to the control equipment according to the verification information, wherein the controlled equipment is equipment in a login-free state;

the fifth receiving unit is used for receiving the first verification code pushed by the cloud end;

and the display unit is used for displaying the first verification code.

In one embodiment, the fourth sending unit is configured to:

In one embodiment, the above apparatus further comprises:

and the sixth receiving unit is used for receiving the binding certificate issued by the cloud.

In one embodiment, the above apparatus further comprises:

the seventh receiving unit is used for receiving an operation instruction which is sent by the cloud and aims at the controlled equipment;

the fifth sending unit is used for returning the binding certificate of the controlled equipment to the cloud end so that the cloud end can check the binding certificate;

and the eighth receiving unit is used for receiving a retrieval result which is issued after the cloud verification is successful and corresponds to the operation instruction.

In a seventh aspect, an embodiment of the present application provides an electronic device, including:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to cause the at least one processor to perform a method provided by any one of the embodiments of the present application.

In an eighth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform a method provided by any one of the embodiments of the present application.

One embodiment in the above application has the following advantages or benefits: identity verification is carried out through interaction among the control equipment, the controlled equipment and the cloud, and the controlled equipment in a login-free state, the control equipment in a login state and the identity of a user logged in on the equipment in the login state are bound together, so that safe interaction control of the equipment in the login-free state is guaranteed.

Other effects of the above-described alternative will be described below with reference to specific embodiments.

Drawings

The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:

fig. 1 is a flow chart of a secure interaction control method of a device according to an embodiment of the present application;

fig. 2 is a flowchart of a binding method applied to a control device according to a secure interaction control method of the device according to an embodiment of the present application;

fig. 3 is a flowchart of a binding method applied to a cloud in a secure interaction control method of a device according to an embodiment of the present application;

fig. 4 is a flowchart of a binding method applied to a controlled device according to a secure interaction control method of a device according to an embodiment of the present application;

fig. 5 is a flowchart of a unbinding method implemented at a control device side of a secure interaction control method of a device according to an embodiment of the present application;

fig. 6 is a flowchart of a unbinding method implemented at a controlled device side of a secure interaction control method of a device according to an embodiment of the present application;

FIG. 7 is a control flow diagram of a secure interaction control method of a device according to an embodiment of the application;

FIG. 8 is a schematic structural diagram of a safety interaction control device of a device according to an embodiment of the present application applied to a control device;

fig. 9 is a schematic structural diagram illustrating a secure interaction control apparatus of a device according to an embodiment of the present application, applied to a cloud;

fig. 10 is a schematic structural diagram of a safety interaction control device of a device according to an embodiment of the present application applied to a controlled device;

fig. 11 is a block diagram of an electronic device for implementing a secure interaction control method of the device according to an embodiment of the present application.

Detailed Description

The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

The login-free device means that the user does not log in an account on the device. The technology for controlling the wide area network security interaction of the equipment in the non-login state needs to solve the problem how to safely bind and authorize the equipment in the non-login state and then perform the wide area network interaction control. In the embodiment of the application, the controlled device in the login-free state takes an intelligent television as an example, the control device in the login state takes a sound box as an example, and the device in the login-free state (such as a television), the device in the login state (such as a sound box) and the user identity logged in on the device in the login state are bound together through identity verification. Through binding certificate issuing and identity verification, the safe interaction control of the equipment in a login-free state is ensured.

The operation flow of the wide area network security interaction control of the device in the login-free state is shown in fig. 1:

step 0.1: and immediately reporting the information of the loudspeaker box end to the cloud after the loudspeaker boxes are networked.

The speaker side information may include: the speaker end < router MAC address, local area network IP address >. The MAC Address (translated to the MAC Address) is an Address used to identify the location of the device on the network. The IP Address (Internet Protocol Address) is a unified Address format provided by the IP Protocol, and it allocates a logical Address to each network and each host on the Internet, so as to shield the difference of physical addresses. In the embodiment of the application, cookies (user information) can be simultaneously carried in http (Hypertext Transfer Protocol over Secure Socket Layer or Hypertext Transfer Protocol Secure) messages of information at the sound box end, namely, user information logged in the sound box.

Step 0.2: and immediately reporting the television terminal information to the cloud after the television is networked. The television side information may include: the television side has < router MAC address, local area network IP address (tv _ IP) >.

In one example, the device identification and the accesstocken may be carried in a DCS protocol (DuerOS conversion Service).

Step 0.3: the cloud checks whether the deviceid (equipment identification of the television) carried by the current DCS has the same online equipment as the deviceid. If the online device with the same deviceid exists, the cloud end records the device identifier of the television, and only the reported information needs to be recorded in the log, and the device identifier of the television does not need to be recorded again.

Step 1: the user sends a voice command of 'find television' to the sound box.

Step 2: the sound box sends a television finding instruction to the cloud.

And step 3: the cloud inquires an IP address of the television local area network which is not bound under the same router as the sound box, and sends the IP address and a second verification code (random) to the sound box.

In one example, the cloud may send a network response message DoHTTPRequest (http:// { ip }: port }/getdeviceiidrandom ═ {947105 }). In the above message, the port represents a port number of the television service; the second captcha (random) may be a random captcha, such as 947105; getDeviceID indicates that the speaker is requesting deviceid from the television.

And 4, step 4: the sound box sends an HTTP (HyperText Transfer Protocol) request to the television in the local area network according to the IP address and the second verification code, and requests a device ID (device identifier) of the television.

In one example, the cloud may send an Http request in the local area network: 172.16.176.110: 12345/getDeviceIDrandom 947105. In the above message 172.16.176.110 is the IP address and 12345 is the port number for the television service.

And 5: and the television returns the equipment ID of the television encrypted by the second verification code to the sound box.

In one example, the television may reply with the verification information in a local area network: HMacSha256 random (deviceid). Wherein, HMac is the abbreviation of Hash-based Message Authentication Code, namely Hash Message Authentication Code; the hashed message authentication code includes many kinds of hashed encryption algorithms, of which sha256 is one. And encrypting deviceid by using random through the HMacSha256, assigning the encrypted result to the variable id, and returning the value of the variable id to the sound box as the content of the check information.

Step 6: and the sound box sends a message to the cloud so as to check the equipment ID of the television.

In one example, the speaker sends a network response message to the cloud, for example, the message content is DoHTTPRequest (http:// { ip }: port }/verifydeviceid ═ id }). The verifyDeviceID indicates an indication for approving the device ID, and the deviceid { ID } indicates that the sound box sends the encrypted device ID to the cloud. The encrypted device ID is also encrypted the deviceid using random in step 5. In step 5, the television sends the encrypted device ID to the sound box, and the sound box receives the encrypted device ID and then sends the encrypted device ID to the cloud.

And 7: and after the cloud verification is passed, sending a message of successful verification to the sound box. In one example, the cloud sends a network response message http response to the speaker: success, indicating that the verification was successful.

In one example of a check, if random is within the validity period, the device ID check passes.

And 8: the cloud end pushes the first verification code to the television after passing the verification, for example, the first verification code may be a 6-digit number, and instructs the television to display the first verification code. And the cloud sends a message of successful verification to the sound box and simultaneously prompts: please enter the verification code in the tv.

The user inputs the first verification code displayed on the television to the sound box, for example, the first verification code can be input by means of voice input.

And step 9: and the sound box uploads the first verification code displayed by the television to the cloud so that the cloud checks.

And after the cloud verification is successful, generating a binding certificate (DCSULoginKey) to bind the television, the sound box and the user identity logged in the sound box together. In one example, the following information may be bound together: < sound, user, television and dcsulginkey > records.

Step 10: and the cloud end pushes and issues the binding certificate to the television. The television stores the binding certificate as an interactive certificate in a subsequent control flow.

In the above operation flow, the 6-digit digital code (first verification code) is displayed on the television interface in a popup window. And after the user inputs the first verification code at the loudspeaker box end, the first verification code is sent to the cloud for verification. And after the cloud verification is passed, issuing a binding certificate DCSULoginKey. 5-tuple identity binding is carried out at the cloud: sound box deviceid, television deviceid, Cookie, dcsulloginkey, and accessotken. When the follow-up intelligent sound box operates the maintenance television, the cloud end needs to verify the user identity cookie and the deviceid of the sound box, and when the television voice is unbound to the equipment, the DCSULoginKey and the accessToken are verified.

In an example, in step 3 of the above operation flow, the random issued by the cloud end is valid within a preset time threshold, for example, within a half hour. Then, in step 5, the television returns id HMACSha256 random (deviceid), and the cloud verifies whether the validity period and id of random are legal.

In one example, the dcsulginkey in step 10 of the above operation flow may be issued only once. After binding, if the binding voucher dcsulginkey is lost on the television, the binding process needs to be executed again, and the cloud deletes the old binding record and records the new 5-tuple identity binding record.

Fig. 2 is a flowchart of a binding method applied to a control device according to a secure interaction control method of the device in an embodiment of the present application. Referring to fig. 1 and 2, a secure interaction control method applied to a device for controlling the device includes:

step S110, receiving an instruction of discovering a controlled device, wherein the controlled device is a login-free device;

step S120, sending an instruction for finding the controlled equipment to the cloud end, and receiving verification information returned by the cloud end according to the instruction;

step S130, requesting the controlled device for the device identifier of the controlled device according to the verification information, and receiving the device identifier of the controlled device returned by the controlled device;

step S140, sending the device identification to a cloud end;

and S150, uploading the first verification code displayed on the controlled equipment to the cloud end to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

The controlled device in the non-login state is, for example, an intelligent telephone, and the control device in the login state is, for example, a sound box, see step S110 in fig. 2 and step 1 in fig. 1, where the sound box receives a voice command of "finding tv" sent by a user.

Referring to step S120 in fig. 2 and step 3 in fig. 1, the speaker sends a "find tv" instruction to the cloud. The cloud inquires the unbound IP address of the television local area network under the same router as the sound box, and sends the verification information to the sound box. The authentication information may include an IP address and a second authentication code (random).

In one embodiment, in step S130 in fig. 2, receiving the device identifier of the controlled device returned by the controlled device includes:

Referring to step S130 in fig. 2 and step 4 and step 5 in fig. 1, the sound box sends an HTTP request to the television in the local area network according to the IP address and the second verification code, requesting a device ID (device ID) of the television. And the television returns the equipment ID of the television encrypted by the second verification code to the sound box.

Referring to step S140 in fig. 2 and step 6 and step 7 in fig. 1, the speaker sends a message to the cloud, where the message carries the device ID to instruct the cloud to check the device ID of the television. And after the cloud verification is passed, sending a message of successful verification to the sound box.

Referring to step S150 in fig. 2 and step 9 in fig. 1, the cloud end sends the first verification code to the television after the cloud end passes the verification, for example, the first verification code may be a 6-digit number, and instructs the television to display the first verification code. And the cloud sends a message of successful verification to the sound box and simultaneously prompts: please enter the verification code in the tv. The user inputs the first verification code displayed on the television to the sound box, for example, the first verification code can be input by means of voice input. And the sound box uploads the first verification code displayed by the television to the cloud so that the cloud checks. And after the cloud verification is successful, generating a binding certificate (DCSULoginKey) to bind the television, the sound box and the user identity logged in the sound box together.

Fig. 3 is a flowchart of a binding method applied to a cloud in a secure interaction control method of a device according to an embodiment of the present application. Referring to fig. 1 and 3, a secure interaction control method applied to a cloud device includes:

step S210, receiving an instruction for discovering a controlled device from a control device, and returning verification information to the control device according to the instruction, wherein the controlled device is a login-free device;

step S220, receiving the device identification of the controlled device sent by the control device;

step S230, verifying the equipment identification of the controlled equipment, and pushing a first verification code to the controlled equipment after the verification is passed;

step S240, receiving a first verification code from the control equipment, and verifying the first verification code;

and step S250, binding the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

The controlled device in the non-login state takes the smart phone as an example, the control device in the login state takes the sound box as an example, see step S210 in fig. 3 and step 2 and step 3 in fig. 1, and the cloud receives the command of "finding tv" sent by the sound box. The cloud inquires the unbound television local area network IP address under the same router as the sound box according to the instruction, and sends the verification information to the sound box. Authentication information may include the IP address and a second authentication code (random).

Referring to step S220 in fig. 3 and step 6 and step 7 in fig. 1, the cloud receives a message sent by the sound box, where the message carries the device ID of the television. The message is used for indicating the cloud to check the equipment ID of the television. And after the cloud verification is passed, sending a message of successful verification to the sound box.

Referring to step S230 in fig. 3 and step 8 in fig. 1, the cloud end pushes the first verification code to the television after the cloud end passes the verification, for example, the first verification code may be a 6-digit number, and instructs the television to display the first verification code. And the cloud sends a message of successful verification to the sound box and simultaneously prompts: please enter the verification code in the tv. The user inputs the first verification code displayed on the television to the sound box, for example, the first verification code can be input by means of voice input.

Referring to step S240 in fig. 3 and step S9 in fig. 1, the cloud receives the first verification code that is uploaded by the sound box and displayed on the television, and checks the first verification code.

Referring to fig. 3 and fig. 1, in step S250, after the cloud verification is successful, a binding certificate (dcsulginkey) is generated, and the television, the sound box, and the user identity logged in the sound box are bound together. In one example, the following information may be bound together: < sound, user, television and dcsulginkey > records.

In one embodiment, in step S250 in fig. 3, after the controlled device, the control device and the user information logged in the control device are bound after the verification is successful, the method further includes:

generating a binding certificate after the verification is successful;

and issuing the binding certificate to the controlled equipment.

Referring to fig. 3 and to step 10 in fig. 1, after step S250 in fig. 3, the cloud pushes the issuing binding credential to the television. The television stores the binding certificate as an interactive certificate in a subsequent control flow.

Fig. 4 is a flowchart of a binding method applied to a controlled device according to a secure interaction control method of a device in an embodiment of the present application. Referring to fig. 1 and 4, the method includes:

step S310, receiving verification information from the control device;

step S320, returning the device identification of the controlled device to the control device according to the verification information, wherein the controlled device is a login-free device;

step S330, receiving a first verification code pushed by a cloud end;

step S340, displaying the first verification code.

The controlled device in the non-login state takes the intelligent telephone as an example, and the control device in the login state takes the sound box as an example, see step 0.2 in fig. 1: and immediately reporting the television terminal information to the cloud after the television is networked. The television side information may include: the television side has < router MAC address, local area network IP address (tv _ IP) >. In one example, the device identification and the accesstocken may be carried in a DCS protocol (DuerOS conversion Service).

Referring to step S310 in fig. 4 and step 4 in fig. 1, the sound box sends an HTTP (HyperText Transfer Protocol) request to the tv in the local area network according to the IP address and the second verification code, the HTTP request requests a device ID (device identification) of the tv.

Referring to step S320 in fig. 4 and step 5 in fig. 1, the television returns the device ID of the television encrypted with the second verification code to the soundbox.

Referring to step S330, step S340 in fig. 4 and step 8 in fig. 1, the cloud end pushes the first verification code to the television after the cloud end passes the verification, for example, the first verification code may be 6 digits, and instructs the television to display the first verification code. And the cloud sends a message of successful verification to the sound box and simultaneously prompts: please enter the verification code in the tv. The user inputs the first verification code displayed on the television to the sound box, for example, the first verification code can be input by means of voice input. In step 9 of fig. 1, the sound box uploads the first verification code displayed by the television to the cloud, so that the cloud performs verification.

In one embodiment, the method further comprises:

and receiving the binding certificate issued by the cloud.

Referring to step 10 in fig. 1, the cloud pushes the issued binding credential to the television. The television stores the binding certificate as an interactive certificate in a subsequent control flow.

After the controlled device, the control device and the user information logged in the control device are bound by the method, the binding relationship can be released in the subsequent situations of device deployment and control relationship change, and the interactive control process of unbinding implemented at the control device end is as shown in fig. 5. The controlled device in the non-login state takes an intelligent telephone as an example, the control device in the login state takes a sound box as an example, and a user makes a request to the sound box through voice: "to unbind TV. ". And the sound box sends a television unbinding instruction to the cloud, wherein the instruction carries Cookie and sound box deviceid. And after receiving the instruction, the cloud deletes the 5-tuple identity binding information, namely deletes the binding relationship among the sound box deviceid, the television deviceid, the Cookie, the DCSULoginKey and the accessToken, and returns the unbinding result to the sound box.

Similarly, the interactive control process of unbinding implemented at the controlled device side is shown in fig. 6. The controlled device in the non-login state takes an intelligent television as an example, the control device in the login state takes a sound box as an example, and a user makes a request to the television through voice: "to unbind TV. ". And the television sends a television unbinding instruction to the cloud, wherein the instruction carries DCSULoginKey. And after receiving the instruction, the cloud deletes the 5-tuple identity binding information, namely deletes the binding relationship among the sound box deviceid, the television deviceid, the Cookie, the DCSULoginKey and the accessToken, and returns the unbinding result to the television.

After the controlled equipment, the control equipment and the user information logged on the control equipment are bound by the method, the subsequent controlled equipment and the control equipment can be interactively controlled. The controlled device in the non-login state takes an intelligent electronic watch as an example, the control device in the login state takes a sound box as an example, and the interactive control process is shown in fig. 7:

the user sends a voice command to the loudspeaker that "i want to watch a movie".

The sound box sends a command of 'i want to watch a movie' to the cloud, and the command carries cookie + deviceid.

The cloud sends an authorized operation instruction of 'i want to watch a movie' to the television. In one example, the cloud sends a DCS delegatequery command as an authorized operation command to the television via the DCS protocol.

And after the cloud sends an authorized operation instruction to the television, replying an execution result, such as 'good', to the sound box.

After receiving the authorization operation instruction, the television sends a request to the cloud end to obtain a video retrieval result corresponding to the authorization operation instruction. For example, the television sends a request to the cloud through the DCS protocol: "I want to watch movie + DCSULoginKey + dcs".

And the cloud end verifies the DCSULoginKey.

And after cloud verification, issuing a video retrieval result to the television. For example, in the case of a failure in verification, the video search result is/error, and MSG is dcsullingkey invalid, that is, dcsullingkey which reports an error and is invalid.

Referring to fig. 7, in an implementation manner, the method for controlling the device by applying the secure interaction control method of the device of the embodiment of the present application further includes:

in one embodiment, the method further comprises:

receiving an operation instruction for a controlled device;

and sending the operation instruction to the cloud.

Referring to fig. 7, the speaker receives a voice command "i want to watch a movie" sent by the user. The sound box sends a command of 'i want to watch a movie' to the cloud, and the command carries cookie + deviceid.

Referring to fig. 7, in an implementation manner, the method for applying the secure interaction control method of the device in the embodiment of the present application to the cloud further includes:

receiving a binding credential from a controlled device;

Referring to fig. 7, an exemplary control method applied to the cloud includes the following steps:

the cloud receives a 'i want to watch a movie' instruction sent by the sound box, and the instruction carries cookie + deviceid.

The cloud sends an authorized operation instruction of 'i want to watch a movie' to the television; in one example, the cloud sends a DCS delegatequery command as an authorized operation command to the television via the DCS protocol.

After receiving the authorization operation instruction, the television sends a request to the cloud end to obtain a video retrieval result corresponding to the authorization operation instruction. For example, the television sends a request to the cloud through the DCS protocol: "I want to watch movie + DCSULoginKey + dcs". The cloud receives the binding certificate from the television.

And the cloud end verifies the DCSULoginKey.

And after cloud verification, issuing a video retrieval result to the television. For example, in case of successful verification, video content is delivered to the television; in the case of a failure in the verification, the video retrieval result is/error, and MSG is dcsullingkey invalid, that is, dcsullingkey which reports an error and is invalid.

Referring to fig. 7, in an implementation manner, the method of the secure interaction control method for a device of the embodiment of the present application, applied to a controlled device, further includes:

and receiving the binding certificate issued by the cloud.

In one embodiment, the method further comprises:

the cloud sends an authorized operation instruction of 'i want to watch a movie' to the television; in one example, the cloud sends a DCS, delegatequery instruction as an authorized operation instruction to the television through a DCS protocol; and the television receives an operation instruction aiming at the controlled equipment sent by the cloud.

After receiving the authorization operation instruction, the television sends a request to the cloud end to obtain a video retrieval result corresponding to the authorization operation instruction. For example, the television sends a request to the cloud through the DCS protocol: "I want to watch movie + DCSULoginKey + dcs". And the cloud end verifies the DCSULoginKey.

And after cloud verification, issuing a video retrieval result to the television. For example, in the case of a failure in verification, the video search result is/error, and MSG is dcsullingkey invalid, that is, dcsullingkey which reports an error and is invalid. And the television receives a retrieval result which is issued after the cloud verification is successful and corresponds to the operation instruction.

Fig. 8 is a schematic structural diagram of a safety interaction control device of a device according to an embodiment of the present application applied to a control device. As shown in fig. 8, the device for controlling secure interaction according to the embodiment of the present application includes:

the first interaction unit 110 is configured to receive an instruction to discover a controlled device, where the controlled device is a login-free device;

the second interaction unit 120 is configured to send an instruction for discovering a controlled device to the cloud, and receive verification information returned by the cloud according to the instruction;

a third interaction unit 130, configured to request the device identifier of the controlled device from the controlled device according to the verification information, and receive the device identifier of the controlled device returned by the controlled device;

a fourth interaction unit 140, configured to send the device identifier to the cloud;

the fifth interaction unit 150 is configured to upload the first verification code displayed on the controlled device to the cloud, so as to instruct the cloud to verify the first verification code and bind the controlled device, the control device, and the user information logged in the control device after the verification is successful.

In one embodiment, the third interaction unit 130 is configured to:

In one embodiment, the fourth interaction unit 140 is further configured to:

receiving an operation instruction for a controlled device;

and sending the operation instruction to the cloud.

Fig. 9 is a schematic structural diagram of a secure interaction control apparatus of a device according to an embodiment of the present application, applied to a cloud. As shown in fig. 9, the device for controlling secure interaction according to the embodiment of the present application includes:

a sixth interaction unit 210, configured to receive an instruction for discovering a controlled device from the control device, and return verification information to the control device according to the instruction, where the controlled device is a login-free device;

a first receiving unit 220, configured to receive a device identifier of a controlled device sent by a control device;

the first verifying unit 230 is configured to verify the device identifier of the controlled device, and push a first verification code to the controlled device after the verification is passed;

the second checking unit 240 is configured to receive the first verification code from the control device and check the first verification code;

and a binding unit 250, configured to bind the controlled device, the control device, and the user information logged in the control device after the verification is successful.

In one embodiment, the above apparatus further comprises:

Fig. 10 is a schematic structural diagram of a device under control to which a secure interaction control apparatus according to an embodiment of the present application is applied. As shown in fig. 10, the safety interaction control device of the apparatus according to the embodiment of the present application includes:

a fourth receiving unit 310 for receiving authentication information from the control device;

a fourth sending unit 320, configured to return a device identifier of the controlled device to the control device according to the verification information, where the controlled device is a login-free device;

a fifth receiving unit 330, configured to receive the first verification code pushed by the cloud;

the display unit 340 is configured to display the first verification code.

In one embodiment, the fourth sending unit 320 is configured to:

In one embodiment, the above apparatus further comprises:

The functions of each unit in the device security interaction control apparatus according to the embodiment of the present application may refer to the corresponding description in the above method, and are not described herein again.

According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.

Fig. 11 is a block diagram of an electronic device according to the secure interaction control method of the device according to the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.

As shown in fig. 11, the electronic apparatus includes: one or more processors 1101, a memory 1102, and interfaces for connecting the various components, including a high speed interface and a low speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display Graphical information for a Graphical User Interface (GUI) on an external input/output device, such as a display device coupled to the Interface. In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 11, a processor 1101 is taken as an example.

The memory 1102 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by at least one processor to cause the at least one processor to perform the method for controlling secure interaction of the device provided by the present application. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to execute the secure interaction control method of the device provided by the present application.

The memory 1102 serves as a non-transitory computer readable storage medium, and may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the secure interaction control method of the device in the embodiment of the present application (for example, the first interaction unit 110, the second interaction unit 120, the third interaction unit 130, the fourth interaction unit 140, and the fifth interaction unit 150 shown in fig. 8, the sixth interaction unit 210, the first receiving unit 220, the first verification unit 230, the second verification unit 240, the binding unit 250 shown in fig. 9, the fourth receiving unit 310, the fourth sending unit 320, the fifth receiving unit 330, and the display unit 340 shown in fig. 10). The processor 1101 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 1102, that is, implements the secure interaction control method of the device in the above-described method embodiment.

The memory 1102 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of an electronic device that performs a secure interaction control method of the device, and the like. Further, the memory 1102 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 1102 may optionally include a memory remotely located from the processor 1101, and these remote memories may be connected over a network to an electronic device that performs the secure interaction control method of the device. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The electronic device performing the secure interaction control method of the device may further include: an input device 1103 and an output device 1104. The processor 1101, the memory 1102, the input device 1103 and the output device 504 may be connected by a bus or other means, and fig. 11 illustrates an example of connection by a bus.

The input device 1103 may receive input numeric or character information and generate key signal inputs related to user settings and function control of an electronic apparatus performing a secure interaction control method of the apparatus, such as an input device like a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer, one or more mouse buttons, a track ball, a joystick, etc. The output devices 1104 may include a display device, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The Display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) Display, and a plasma Display. In some implementations, the display device can be a touch screen.

Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, Integrated circuitry, Application Specific Integrated Circuits (ASICs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (Cathode Ray Tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the internet.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

According to the technical scheme of the embodiment of the application, the identity is verified through interaction among the control equipment, the controlled equipment and the cloud, and the controlled equipment in the login-free state, the control equipment in the login state and the user identity logged in on the equipment in the login state are bound together, so that the safe interaction control of the equipment in the login-free state is guaranteed.

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.

The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims

1. A safety interaction control method of equipment is applied to control equipment and is characterized by comprising the following steps:

sending the command for finding the controlled equipment to a cloud end, and receiving verification information returned by the cloud end according to the command;

sending the device identification to a cloud;

and uploading the first verification code displayed on the controlled equipment to a cloud end so as to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

2. The method of claim 1, wherein the authentication information includes an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

3. The method of claim 2, wherein receiving the device identification of the controlled device returned by the controlled device comprises:

4. The method of claim 3, wherein after sending the device identifier to the cloud, the method comprises:

5. The method of claim 4, wherein the first verification code is pushed to the controlled device after the cloud checks for the device identity.

6. The method according to any one of claims 1-5, further comprising:

receiving an operation instruction for a controlled device;

and sending the operation instruction to a cloud.

7. A method for controlling secure interaction of a device, comprising:

receiving an instruction for discovering controlled equipment from control equipment, and returning verification information to the control equipment according to the instruction, wherein the controlled equipment is equipment in a login-free state;

receiving the device identification of the controlled device sent by the control device;

8. The method of claim 7, wherein the authentication information includes an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

9. The method of claim 7, wherein after the controlled device, the control device and the user information logged on the control device are bound after the verification is successful, the method further comprises:

generating a binding certificate after the verification is successful;

and issuing the binding certificate to the controlled equipment.

10. The method according to any one of claims 7-9, further comprising:

receiving an operation instruction aiming at the controlled equipment from the control equipment, wherein the operation instruction carries user information logged in the control equipment and an equipment identifier of the controlled equipment;

sending the operation instruction of the controlled equipment to the controlled equipment;

receiving a binding credential from the controlled device;

verifying the binding certificate according to the user information logged in the control equipment and the equipment identifier of the controlled equipment;

11. A method for controlling secure interaction of a device, comprising:

receiving authentication information from the control device;

returning the device identification of the controlled device to the control device according to the verification information, wherein the controlled device is a login-free device;

receiving a first verification code pushed by a cloud end;

displaying the first verification code;

and the first verification code is used for indicating the cloud terminal to verify the first verification code and binding the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful under the condition that the first verification code is uploaded to the cloud terminal by the control equipment.

12. The method of claim 11, wherein the authentication information includes an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

13. The method of claim 12, wherein returning the device identification of the controlled device to the controlling device based on the authentication information comprises:

14. The method of claim 13, further comprising:

and receiving the binding certificate issued by the cloud.

15. The method according to any one of claims 11-14, further comprising:

returning a binding certificate of the controlled equipment to a cloud end so that the cloud end checks the binding certificate;

16. A safety interaction control device of equipment is applied to control equipment and is characterized by comprising:

the device comprises a first interaction unit, a second interaction unit and a control unit, wherein the first interaction unit is used for receiving an instruction of discovering controlled equipment, and the controlled equipment is equipment in a login-free state;

the second interaction unit is used for sending the command for finding the controlled equipment to a cloud end and receiving verification information returned by the cloud end according to the command;

a third interaction unit, configured to request, according to the verification information, a device identifier of the controlled device from the controlled device, and receive the device identifier of the controlled device returned by the controlled device;

the fourth interaction unit is used for sending the equipment identifier to a cloud end;

and the fifth interaction unit is used for uploading the first verification code displayed on the controlled equipment to a cloud end so as to indicate the cloud end to verify the first verification code and bind the controlled equipment, the control equipment and the user information logged in the control equipment after the verification is successful.

17. The apparatus of claim 16, wherein the authentication information comprises an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

18. The apparatus of claim 17, wherein the third interaction unit is configured to:

19. The apparatus of claim 18, wherein the fourth interaction unit is further configured to:

and after the equipment identification is sent to the cloud end, a message of successful verification returned by the cloud end after the equipment identification passes verification is received.

20. The apparatus of claim 19, wherein the first verification code is pushed to the controlled device after the cloud checks for the device identifier.

21. The apparatus according to any of claims 16-20, further comprising a control unit for:

receiving an operation instruction for a controlled device;

and sending the operation instruction to a cloud.

22. A secure interaction control apparatus for a device, comprising:

a first receiving unit, configured to receive a device identifier of the controlled device sent by the control device;

the first checking unit is used for checking the equipment identifier of the controlled equipment and pushing a first verification code to the controlled equipment after the checking is passed;

23. The apparatus of claim 22, wherein the authentication information comprises an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

24. The apparatus of claim 22, further comprising:

25. The apparatus according to any one of claims 22-24, further comprising:

a second receiving unit, configured to receive an operation instruction for a controlled device from the control device, where the operation instruction carries user information logged in the control device and a device identifier of the controlled device;

a second transmitting unit configured to transmit the operation instruction to the controlled device;

26. A secure interaction control apparatus for a device, comprising:

a fourth sending unit, configured to return an equipment identifier of the controlled equipment to the control equipment according to the verification information, where the controlled equipment is a login-free equipment;

the display unit is used for displaying the first verification code;

27. The apparatus of claim 26, wherein the authentication information comprises an IP address of the controlled device and a second authentication code; and the IP address is an unbound IP address in the local area network where the controlled equipment is located and inquired by the cloud.

28. The apparatus of claim 27, wherein the fourth sending unit is configured to:

29. The apparatus of claim 28, further comprising:

30. The apparatus of any one of claims 26-29, further comprising:

a fifth sending unit, configured to return a binding credential of the controlled device to a cloud, so that the cloud checks the binding credential;

31. An electronic device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-15.

32. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-15.