CN114329424A

CN114329424A - Authority determination method and device, computer equipment and computer readable storage medium

Info

Publication number: CN114329424A
Application number: CN202111590477.6A
Authority: CN
Inventors: 李辉
Original assignee: Shenzhen TCL New Technology Co Ltd
Current assignee: Shenzhen TCL New Technology Co Ltd
Priority date: 2021-12-23
Filing date: 2021-12-23
Publication date: 2022-04-12

Abstract

The embodiment of the invention discloses a permission determination method, a permission determination device, computer equipment and a computer readable storage medium; in the embodiment of the application, distribution network information broadcasted by the Internet of things equipment is received, wherein the distribution network information comprises a random number; generating a first public key according to the random number, and sending the first public key to a target server so that the target server signs the first public key to obtain a first digital certificate; receiving a first digital certificate and a second digital certificate returned by a target server; and sending the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate. In the embodiment of the application, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be ensured when the internet of things device is controlled through the target application program.

Description

Authority determination method and device, computer equipment and computer readable storage medium

Technical Field

The invention relates to the technical field of Internet of things equipment, in particular to a permission determination method and device, computer equipment and a computer readable storage medium.

Background

With the development of science and technology, Internet of Things (IOT) devices are increasingly widely used.

At present, in order to ensure safety, the internet of things equipment is generally controlled through an Application program (Application) of the internet of things equipment, so that a user needs to download a new Application program every time one internet of things equipment is added, which is troublesome. And if the internet of things equipment is controlled through other application programs, the safety cannot be guaranteed.

Disclosure of Invention

The embodiment of the invention provides a permission determining method and device, computer equipment and a computer readable storage medium, which can ensure safety when other application programs are used for controlling Internet of things equipment.

A permission determination method is applied to a control device and comprises the following steps:

receiving distribution network information broadcasted by Internet of things equipment, wherein the distribution network information comprises a random number;

generating a first public key according to the random number, and sending the first public key to a target server so that the target server signs the first public key to obtain a first digital certificate;

receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is a certificate obtained after a certification authority certifies the target server;

and sending the first digital certificate and the second digital certificate to the internet of things equipment through a target application program on the control equipment, so that the internet of things equipment determines the control authority of the target application program on the internet of things equipment based on the first digital certificate and the second digital certificate.

A permission determination method is applied to Internet of things equipment and comprises the following steps:

broadcasting distribution network information, wherein the distribution network information comprises a random number, so that a control device generates a first public key based on the random number, and sends the first public key to a target server for signature to obtain a first digital certificate;

receiving a first digital certificate and a second digital certificate which are sent by the control equipment through a target application program, wherein the second digital certificate is a certificate obtained after a certification authority certifies the target server;

and determining the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

A permission determination method is applied to a target server and comprises the following steps:

receiving a first public key sent by control equipment, wherein the first public key is generated by the control equipment based on a random number broadcasted by Internet of things equipment;

signing the first public key to obtain a first digital certificate;

and sending the first digital certificate and the second digital certificate to the control equipment so that the control equipment sends the first digital certificate and the second digital certificate to the internet of things equipment through a target application program, wherein the first digital certificate and the second digital certificate are used for determining the control authority of the target application program to the internet of things equipment by the internet of things equipment, and the second digital certificate is a certificate obtained after an authentication authority authenticates the target server.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, which is applied to a control device, and includes:

the first receiving module is used for receiving distribution network information broadcasted by the Internet of things equipment, and the distribution network information comprises a random number;

a generating module, configured to generate a first public key according to the random number, and send the first public key to a target server, so that the target server signs the first public key to obtain a first digital certificate;

a second receiving module, configured to receive a first digital certificate and a second digital certificate returned by the target server, where the second digital certificate is a certificate obtained after an authentication authority authenticates the target server;

the first sending module is configured to send the first digital certificate and the second digital certificate to the internet of things device through a target application program on the control device, so that the internet of things device determines a control right of the target application program on the internet of things device based on the first digital certificate and the second digital certificate.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, which is applied to an internet of things device, and includes:

the distribution network information comprises a random number, so that the control equipment generates a first public key based on the random number and sends the first public key to a target server for signature to obtain a first digital certificate;

a third receiving module, configured to receive a first digital certificate and a second digital certificate that are sent by a control device through a target application program, where the second digital certificate is a certificate obtained after an authentication mechanism authenticates a target server;

and the determining module is used for determining the control authority of the target application program on the internet of things equipment based on the first digital certificate and the second digital certificate.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, applied to a target server, including:

the third receiving module is used for receiving a first public key sent by the control equipment, wherein the first public key is generated by the control equipment based on a random number broadcasted by the internet of things equipment;

the signature module is used for signing the first public key to obtain a first digital certificate;

the second sending module is configured to send the first digital certificate and the second digital certificate to the control device, so that the control device sends the first digital certificate and the second digital certificate to the internet of things device through a target application program, where the first digital certificate and the second digital certificate are used by the internet of things device to determine a control authority of the target application program on the internet of things device, and the second digital certificate is a certificate obtained after an authentication authority authenticates the target server.

In addition, an embodiment of the present invention further provides a computer device, which includes a processor and a memory, where the memory stores a computer program, and the processor is configured to run the computer program in the memory to implement the method for determining an authority provided in the embodiment of the present invention.

In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and the computer program is suitable for being loaded by a processor to perform any one of the steps in the method for determining an authority provided by the embodiment of the present invention.

In the embodiment of the application, the distribution network information broadcasted by the internet of things equipment is received first, and the distribution network information comprises the random number. And then generating a first public key according to the random number, and sending the first public key to the target server so that the target server signs the first public key to obtain a first digital certificate. And secondly, receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is a certificate obtained after the target server is authenticated by an authentication authority. And finally, the first digital certificate and the second digital certificate are sent to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

That is, in the embodiment of the present application, since the target server and the target application belong to the same merchant, the target server trusts the target application. When the verification of the second digital certificate by the internet of things equipment is passed, the second digital certificate is the certificate authenticated by the certificate authority. Because the certification authority is the authority trusted by the internet of things device, the internet of things device can trust the second digital certificate so that whether the target application program can be trusted can be determined according to whether the second digital certificate and the first digital certificate can trust the target server, and therefore, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be guaranteed when the internet of things device is controlled through the target application program on the control device.

And the first digital certificate is obtained by signing the first public key by the target server, and the first public key is generated by the control device according to the random number of the internet of things device, so that the first public key is different in each verification process, and even if the first private key corresponding to the current first public key is cracked, the device or application program without authority cannot control the internet of things device according to the current first private key next time, so that when the internet of things device determines whether the target server can be trusted according to the second digital certificate and the first digital certificate, the security can be improved.

In addition, after the control device receives the first digital certificate and the second digital certificate sent by the target server, the control device does not need to interact with the target server, and even if the control device is in an offline state, the internet of things device can verify the authority of the target application program on the control device.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flowchart of a method for determining a permission according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of another method for determining permissions according to an embodiment of the present invention;

fig. 3 is a schematic flowchart of another method for determining permissions according to an embodiment of the present invention;

fig. 4 is an interaction diagram of another permission determination method provided in the embodiment of the present invention;

fig. 5 is a schematic structural diagram of a permission determination apparatus according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of another permission determination apparatus according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of another permission determination apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the invention provides a permission determination method, a permission determination device, computer equipment and a computer readable storage medium. The permission determination device may be integrated in a computer device, and the computer device may be a server, a control device, or an internet of things device.

The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Network acceleration service (CDN), big data and an artificial intelligence platform.

The control device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.

The internet of things device refers to a device capable of performing network communication with other devices, for example, the internet of things device can be an intelligent air conditioner, an intelligent sound box and other devices.

The server, the control device and the internet of things device may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.

In the related art, the process of controlling the internet of things device may be as follows: and sending a control instruction to the Internet of things equipment through an application program corresponding to the Internet of things equipment on the control equipment, and executing operation corresponding to the control instruction by the Internet of things equipment.

In order to ensure the safety, before the internet of things equipment is controlled through the application program corresponding to the internet of things equipment on the control equipment, the authority of the application program corresponding to the internet of things equipment is checked. The checking process may be: the method comprises the steps of loading and unloading an application program corresponding to the Internet of things equipment on the control equipment, storing a private key carried by the application program, setting a public key corresponding to the private key on the Internet of things equipment, and determining the safety of the control equipment through the public key.

However, the stored private key on the control device is easy to crack, and when cracked, the control device without authority can control the internet of things device according to the cracked private key, so that insecurity is caused.

In addition, if the user wants to control the internet of things device through other application programs on the control device, since the other application programs do not carry the private key (the other application programs and the internet of things device do not belong to the same merchant, the merchant of the internet of things device cannot set the private key on the other application programs), the authority of the other application programs on the control device cannot be verified, and therefore the problem of safety exists. Therefore, in the related art, it is not yet possible to control the internet of things device through other application programs.

In order to solve the above security problem, an embodiment of the present application provides an authority determining method, where in the method, distribution network information broadcasted by an internet of things device is received first, and the distribution network information includes a random number. And then generating a first public key according to the random number, and sending the first public key to the target server so that the target server signs the first public key to obtain a first digital certificate. And secondly, receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is a certificate obtained after the target server is authenticated by an authentication authority. And finally, the first digital certificate and the second digital certificate are sent to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

The following describes in detail a method for determining a right provided in an embodiment of the present application. As shown in fig. 1, the specific process of the method for determining the authority is as follows:

s101, receiving distribution network information broadcasted by the Internet of things equipment, wherein the distribution network information comprises a random number.

The random number is a character string randomly generated by the internet of things device, so that a first private key and a first public key generated by the control device according to the random number are different every time, and even if the current first private key is cracked, the first private key generated by the control device next time is different from the current first private key, so that the control device without permission can not control the internet of things device according to the current first private key next time.

The distribution network information may further include a merchant identifier of the internet of things device, device information (the device information may include a device identifier of the internet of things device and/or a serial number of the internet of things device), a Media Access Control Address (MAC), and the like.

Because the capacity of the broadcasted information is limited, the serial number of the internet of things device in the device information may be the tail number of the serial number of the internet of things device.

The internet of things equipment can broadcast the distribution network information all the time or can broadcast the distribution network information after receiving a starting broadcast instruction of a user.

In addition, the internet of things equipment can broadcast the distribution network information through Bluetooth, or the internet of things equipment also broadcasts the distribution network information through a soft wireless access point (softAP).

S102, generating a first public key according to the random number, and sending the first public key to the target server so that the target server signs the first public key to obtain a first digital certificate.

The algorithm for generating the first public key according to the random number may be selected according to an actual situation, for example, the first public key is generated according to the random number by using an asymmetric algorithm and a hash algorithm, which is not limited herein.

It will be appreciated that the control device generates the first public key from the random number and also generates the first private key.

When the distribution network information comprises the equipment information, the control equipment can also generate a first public key and a first private key according to the equipment information and the random number, so that the difficulty of cracking the first private key is improved.

The control device may send the first public key to the target server through the target application. Because the target server and the target application program belong to the same merchant, the target server can directly sign the first public key after receiving the first public key to obtain the first digital certificate.

Alternatively, in order to further improve security, the target server may verify the target application after receiving the first public key.

For the method for verifying the target application program by the target server, the user may select the method according to the actual situation, and this embodiment is not limited herein.

For example, the token and the first public key may be sent to the target server through the target application program, after the token is received by the target server, the token is compared with the token stored in the target server, and if the token is the same as the token stored in the target server, the verification of the target application program is passed.

For another example, the target server obtains the random number according to the first public key, checks the digit of the random number, and if the digit of the random number meets the rule, it indicates that the target application program of the control device is safe, that is, the check on the target application program passes. Then, the first public key is signed.

The target server may be an initial server produced by a merchant of the internet of things device, and the target application program is an application program corresponding to the internet of things device at this time.

Alternatively, the target server may be a server of another merchant (a merchant other than the merchant that produces the internet of things device), and in this case, the target application is another application on the control device (the other application refers to an application installed on the control device other than the application corresponding to the internet of things device).

For example, if the internet of things device is a device produced by a manufacturer a, the application program corresponding to the internet of things device is an application program a. And the business B develops the application program B, the target server can be the server of the business B, and the target application program can be the application program B.

The target application program refers to an application program for actually controlling the internet of things device, and the target application program may be an application program developed by a merchant of the internet of things device, that is, an application program corresponding to the internet of things device, or an application program developed by another merchant (when the target application program is an application program corresponding to the internet of things device, the permission determination method provided by the embodiment of the present application may also provide security for controlling the internet of things device).

S103, receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is obtained after the target server is authenticated by an authentication authority.

And after the target server signs the first public key to obtain the first digital certificate, returning the first digital certificate and the second digital certificate to the control equipment.

The certification Authority refers to an e-commerce Certification Authority (CA). Because the authentication structure is a trusted third party, after the authentication structure authenticates the target server, the target server is trusted by the authentication mechanism, and the target server can be trusted by the internet of things device.

When the target application program is another application program on the control device, the target server corresponding to the another application program is a server of another merchant, so that the merchant producing the internet of things device cannot store the private key of the internet of things device on the target server. Therefore, an authentication mechanism trusted by the internet of things equipment can authenticate the target server by using the authentication private key to obtain the second digital certificate. And then setting an authentication public key of an authentication mechanism on the equipment of the Internet of things.

The second digital certificate refers to a string of numbers that can indicate identity information of the target server. The target server is authenticated on the authentication mechanism first, and then the second digital certificate can be obtained.

The control device may receive the first digital certificate and the second digital certificate through a target application on the control device.

It should be understood that, in the method embodiment of the present application, the control device may implement information interaction with the target server and the internet of things device through the target application program. For example, the first digital certificate and the second digital certificate may be sent to the internet of things device through the target application program, and for example, the first public key may be sent to the target server through the target application program.

S104, the first digital certificate and the second digital certificate are sent to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

After receiving the distribution network information, the control device may establish a connection with the internet of things device based on the distribution network information, so that the first digital certificate and the second digital certificate may be sent to the internet of things device through the connection.

Therefore, after the control device receives the distribution network information, the distribution network information can be displayed so that the user can know the distribution network information. And the user selects the displayed distribution network information, and the control equipment responds to the selection operation of the user and establishes connection with the Internet of things equipment corresponding to the distribution network information.

It should be noted that, in the process of establishing connection between the control device and the internet of things device, in order to ensure security, the user may be prompted to input a Personal Identification Number (PIN) of the internet of things device.

When the control device cannot use the network, that is, the control device is in an offline state (for example, the control device establishes a connection with the internet of things device through the SoftAP), since the internet of things device determines the control authority of the target application program of the control device on the internet of things device based on the first digital certificate and the second digital certificate, the internet of things device can also determine the control authority of the target application program on the internet of things device even if the control device is in the offline state at this time.

The process of determining, by the internet of things device, the control authority of the target application program on the internet of things device based on the first digital certificate and the second digital certificate may be:

the Internet of things equipment firstly adopts a built-in authentication public key to verify the second digital certificate, and when the verification is passed, the content of the second digital certificate is obtained. And then, the first digital certificate is verified according to the content of the second digital certificate, and if the verification is passed, the target server is trusted, that is, the target application program can be marked as the application program with the control authority of the internet of things device.

Because the random number in the first digital certificate can be obtained when the first digital certificate passes the verification, the internet of things device can compare the random number obtained by the verification with the random number broadcasted when the first digital certificate passes the verification, and if the random number obtained by the verification is the same as the random number broadcasted, the internet of things device can trust the target server, that is, the target application program on the control device can be marked as the application program with the control authority for the internet of things device.

If the verification of the second digital certificate is not passed and/or the verification of the first digital certificate is not passed, the target server is not trustable, that is, the target application program can be marked as an application program without control authority of the internet of things device.

The content of the second digital certificate may include, but is not limited to, identity information of the target server, information of the certification authority, and a second public key of the target server.

As can be seen from the above, in the embodiment of the application, the distribution network information broadcasted by the internet of things device is received first, and the distribution network information includes the random number. And then generating a first public key according to the random number, and sending the first public key to the target server so that the target server signs the first public key to obtain a first digital certificate. And secondly, receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is a certificate obtained after the target server is authenticated by an authentication authority. And finally, the first digital certificate and the second digital certificate are sent to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

In some embodiments, generating a first public key according to the random number, and sending the first public key to the target server, so that the target server signs the first public key, to obtain the first digital certificate, includes:

generating a first public key according to the random number, and sending the first public key to a target server so that the target server signs the first public key by adopting a second private key to obtain a first digital certificate;

receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is obtained after a certification authority certifies a second public key of the target server by using a certification private key;

correspondingly, the method for determining the control authority of the target application program on the internet of things device by the internet of things device includes the steps of sending the first digital certificate and the second digital certificate to the internet of things device through the target application program on the control device, so that the internet of things device determines the control authority of the target application program on the internet of things device based on the first digital certificate and the second digital certificate, and the method includes the following steps:

and sending the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the first digital certificate and the second digital certificate, and when the verification is passed, marking the target application program as an application program with a control authority for the Internet of things equipment.

The process of verifying the first digital certificate and the second digital certificate by the internet of things device by using the built-in authentication public key can be as follows:

and verifying the second digital certificate by adopting a built-in authentication public key, and obtaining the second public key when the verification is passed. And verifying the first digital certificate by adopting the second public key, and marking the target application program as the application program with the control authority on the Internet of things equipment when the verification is passed.

And if the verification of the second digital certificate and the first digital certificate by adopting the built-in authentication public key is not passed, marking the target application program as the application program without the control authority of the equipment of the Internet of things.

In this embodiment, the certification authority signs the second public key of the target server by using the certification private key to obtain the second digital certificate. After the internet of things equipment verifies the second digital certificate by adopting the authentication public key, if the verification is passed, the second public key can be obtained, and the internet of things equipment can trust the second public key. And then the Internet of things equipment verifies the first digital certificate obtained after signature by the second private key by using the second public key, if the verification is passed, the target server can be trusted by the Internet of things equipment, and the target application program is trusted by the target server, so that the target application program can be trusted by the Internet of things equipment, namely the target application program is marked as the application program with the control authority of the Internet of things equipment.

Although the internet of things device verifies the authority of the target application program of the control device, the target application program does not verify the authority of the internet of things device. Therefore, in other embodiments, before the sending, by the target application on the control device, the first digital certificate and the second digital certificate to the internet of things device, so that the internet of things device determines the control authority of the target application on the internet of things device based on the first digital certificate and the second digital certificate, the method further includes:

sending a certificate acquisition request to the Internet of things equipment;

receiving a third digital certificate and a fourth digital certificate which are returned by the Internet of things equipment based on the certificate acquisition request, wherein the third digital certificate is obtained after a third public key of the Internet of things equipment is signed by a certification authority by using a certification private key, and the fourth digital certificate is obtained after the Internet of things equipment signs preset information by using the third private key;

verifying the third digital certificate by using a built-in authentication public key, and obtaining a third public key of the Internet of things equipment when the verification is passed;

verifying the fourth digital certificate by adopting the third public key;

and when the verification is passed, the equipment of the Internet of things is marked as the safety equipment.

It should be understood that, in the process of verifying the authority of the internet of things device by the target application program, the control device may also implement information interaction with the internet of things device through the target application program. The control equipment can verify the equipment information of the Internet of things equipment while checking the third digital certificate and the fourth digital certificate. The device information includes, but is not limited to, a merchant identifier of the internet of things device, a device identifier of the internet of things device, a serial number of the internet of things device, and the like.

In this embodiment, the control device trusts the certificate authority. And (3) an authentication public key is built in the Internet of things equipment, the authentication public key is adopted to verify the third digital certificate signed by the authentication private key, if the verification is passed, the third public key can be obtained, and the third digital certificate is a certificate authenticated by an authentication organization, namely the control equipment can trust the third public key. When the control device passes the verification of the fourth digital certificate by using the third public key, it is described that the control device can trust the internet of things device, that is, it is described that the target application program on the control device can trust the internet of things device.

It should be noted that the control device may also send the certificate acquisition request to the internet of things device together while sending the first digital certificate and the second digital certificate to the internet of things device through the target application program on the control device.

In other embodiments, after the target application on the control device sends the first digital certificate and the second digital certificate to the internet of things device, so that the internet of things device verifies the first digital certificate and the second digital certificate by using a built-in authentication public key, and when the verification passes, the target application is marked as an application having a control right on the internet of things device, the method further includes:

sending original control information to the Internet of things equipment for storage through a target application program;

and sending the control instruction and the target control information to the Internet of things equipment through the target application program so that the Internet of things equipment determines whether to execute the operation corresponding to the control instruction or not based on the original control information and the target control information.

After the target application program is marked as the application program with the control authority for the internet of things equipment by the internet of things equipment, the control equipment can send original control information to the internet of things equipment for storage, so that when the control instruction and the target control information are sent to the internet of things equipment through the target application program, the internet of things equipment can match the target control information with the original control information, and if the target control information is the same as the original control information, the target application program is verified, is safe and can execute the operation corresponding to the control instruction. That is, the subsequent internet of things device can determine the authority of the target application program based on the target control information and the original control information, and the authority of the target application program does not need to be determined according to the first digital certificate and the second digital certificate.

The original Control information may be at least one of a token and an Access Control List (ACL).

Or, the control device may send the original control information to the internet of things device for storage when the check on the internet of things device is passed.

In addition, when the control device sends the control instruction and the target control information to the internet of things device through the target application program based on the router, if the control device and the internet of things device are not connected to the same router, the control device may be connected to the router first. And then, sending the Service Set Identifier (SSID) and the password of the connected router to the Internet of things equipment, wherein the Internet of things equipment is connected to the router based on the Service Set Identifier and the password. And then the control equipment sends the control instruction and the target control information to the Internet of things equipment through the router.

Or, if the control device and the internet of things device have established the bluetooth connection, the control device may also send a control instruction to the internet of things device through the target application program based on the bluetooth connection, so that the internet of things device executes an operation corresponding to the control instruction.

Another method for determining authority provided in the embodiment of the present application is described in detail below. As shown in fig. 2, the specific process of the method for determining the authority is as follows:

s201, broadcasting distribution network information, wherein the distribution network information comprises a random number, so that the control device generates a first public key based on the random number, and sends the first public key to a target server for signature to obtain a first digital certificate.

S202, receiving a first digital certificate and a second digital certificate which are sent by the control equipment through the target application program, wherein the second digital certificate is a certificate obtained after the certification authority certifies the target server.

The certification Authority refers to a Certification Authority (CA) for electronic commerce. Because the authentication structure is a trusted third party, after the authentication structure authenticates the target server, the target server is trusted by the authentication mechanism, and the target server can be trusted by the internet of things device.

When the target application program is another application program on the control device, the target server corresponding to the another application program is a server of another merchant, so that the merchant producing the internet of things device also stores the private key of the internet of things device on the target server. Therefore, an authentication mechanism trusted by the internet of things equipment can authenticate the target server by using the authentication private key to obtain the second digital certificate. And then setting an authentication public key of an authentication mechanism on the equipment of the Internet of things.

S202, determining the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

After the internet of things equipment receives the first digital certificate and the second digital certificate, the internet of things equipment firstly adopts a built-in authentication public key to verify the second digital certificate, and when the verification is passed, the content of the second digital certificate is obtained. And then, the first digital certificate is verified according to the content of the second digital certificate, and if the verification is passed, the target server is trusted, that is, the target application program can be marked as the application program with the control authority of the internet of things device.

In this embodiment, the internet of things device first receives a first digital certificate and a second digital certificate, where the first digital certificate and the second digital certificate are sent by the control device through the target application program, the first digital certificate is a digital certificate obtained by a target server signing a first public key, the first public key is a public key generated by the control device based on a random number, and the second digital certificate is a certificate obtained by a certification authority certifying the target server. And then determining the control authority of the target application program on the equipment of the Internet of things based on the first digital certificate and the second digital certificate.

That is, in this embodiment, the target application is trusted by the target server because the target server and the target application belong to the same merchant. When the verification of the second digital certificate by the internet of things equipment is passed, the second digital certificate is the certificate authenticated by the certificate authority. Because the certification authority is the authority trusted by the internet of things device, the internet of things device can trust the second digital certificate so that whether the target application program can be trusted can be determined according to whether the second digital certificate and the first digital certificate can trust the target server, and therefore, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be guaranteed when the internet of things device is controlled through the target application program on the control device.

In some embodiments, receiving a first digital certificate and a second digital certificate that are sent by a control device through a target application program, where the first digital certificate is a digital certificate obtained after a target server signs a first public key, the first public key is a public key generated by the control device based on a random number, and the second digital certificate is a certificate obtained after a certification authority certifies the target server, includes:

receiving a first digital certificate and a second digital certificate which are sent by a control device through a target application program, wherein the first digital certificate is obtained after a target server signs a first public key by adopting a second private key, the first public key is a public key generated by the control device based on a random number, and the second digital certificate is obtained after a certification authority signs a second public key of the target server by adopting a certification private key;

correspondingly, the control authority of the target application program on the internet of things device is determined based on the first digital certificate and the second digital certificate, and the method comprises the following steps:

verifying the second digital certificate by using a built-in authentication private key, and acquiring a second public key when the verification is passed;

and verifying the first digital certificate by adopting the second public key, and marking the target application program as the application program with the control authority when the verification is passed.

In other embodiments, after marking the target application as an application with control authority when the verification passes, the method further includes:

receiving original control information sent by control equipment through a target application program;

storing the original control information;

receiving target control information and a control instruction sent by control equipment through a target application program;

matching the target control information with the original control information;

and if the target control information is consistent with the original control information, executing the operation corresponding to the control instruction.

In this embodiment, after the target application is marked as an application with control authority, if the original control information sent by the target application is received, the original control information is stored.

And then, when target control information and a control instruction which are sent by the control equipment through the target application program are received, the target control information can be matched with the original control information, if the target control information is the same as the original control information, the target application program is verified and safe, and the operation corresponding to the control instruction can be executed. That is, the subsequent internet of things device can determine the authority of the target application program based on the target control information and the original control information, and the authority of the target application program does not need to be determined according to the first digital certificate and the second digital certificate.

The original Control information may be at least one of a token and an Access Control List (ACL)

Other implementation processes and corresponding beneficial effects in this embodiment may refer to the above method embodiment, and this implementation is not described herein again.

Another method for determining rights provided in the embodiments of the present application is described in detail below, and is applied to a target server. As shown in fig. 3, the specific process of the method for determining the authority is as follows:

s301, receiving a first public key sent by the control device, wherein the first public key is generated by the control device based on a random number broadcasted by the Internet of things device.

The control device can also generate a first public key and a first private key based on the device information and the random number of the Internet of things, so that the difficulty of cracking the first private key is improved.

S302, signing the first public key to obtain a first digital certificate.

Optionally, the target server may sign the first public key with a second private key.

And S303, sending the first digital certificate and the second digital certificate to the control equipment so that the control equipment sends the first digital certificate and the second digital certificate to the Internet of things equipment through the target application program, wherein the first digital certificate and the second digital certificate are used for the Internet of things equipment to determine the control authority of the target application program to the Internet of things equipment, and the second digital certificate is obtained after the certification authority certifies the target server.

The target server is authenticated on the authentication mechanism first, and then the second digital certificate can be obtained. And then the target server sends the first digital certificate and the second digital certificate to the control equipment after obtaining the first digital certificate.

After the internet of things equipment receives the first digital certificate and the second digital certificate, the built-in authentication public key is adopted to verify the second digital certificate. If the verification is passed, the second digital certificate is a certificate which is authenticated by a certificate authority, namely the content of the second digital certificate can be trusted by the equipment of the internet of things, and then the first digital certificate is verified according to the content of the second digital certificate. And if the verification is passed, the Internet of things equipment marks the target application program as the application program with the control authority.

When the target server signs the first public key by using the second private key and the certification authority signs the second public key by using the certification private key, the content of the second digital certificate may be the second public key.

As can be seen from the above, in the embodiment of the present application, the target server first receives the first public key sent by the control device, where the first public key is a public key generated by the control device based on the random number. And then signing the first public key to obtain a first digital certificate. And finally, sending the first digital certificate and the second digital certificate to the control equipment so that the control equipment sends the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program, wherein the first digital certificate and the second digital certificate are used for determining the control authority of the target application program to the Internet of things equipment by the Internet of things equipment, and the second digital certificate is obtained after the target server is authenticated by an authentication authority.

Another method for determining rights provided by the present application is described below. Referring to fig. 4, the authority determination method includes:

the Internet of things equipment broadcasts equipment information and random numbers. After receiving the device information and the random number, the control device establishes connection with the Internet of things device based on the device information, generates a first private key and a first public key based on the device information and the random number, and sends the first public key to the target server.

And after receiving the first public key, the target server obtains a random number according to the first public key and checks the digit of the random number. And if the digit of the random number accords with a preset rule, signing the first public key by using a second private key to obtain a first digital certificate. And sending the first digital certificate and a second digital certificate to the control equipment together, wherein the second digital certificate is obtained after the certification authority certifies a second public key of the target server by using a certification private key.

And the control equipment sends the first digital certificate, the second digital certificate and the certificate acquisition request to the control equipment through a target application program. And the Internet of things equipment adopts a built-in authentication public key to verify the second digital certificate. And when the verification is passed, obtaining a second public key. The Internet of things equipment verifies the first digital certificate by adopting the second public key, and if the verification is passed, the first public key and the random number can be obtained. If the random number is the same as the random number broadcasted by the internet of things equipment, the internet of things equipment can mark the target application program as the application program with the control authority.

The Internet of things equipment returns a third digital certificate and a fourth digital certificate to the control equipment based on the certificate acquisition request, the third digital certificate is obtained after a third public key of the Internet of things equipment is signed by a certification authority through a certification private key, and the fourth digital certificate is obtained after the Internet of things equipment signs preset information through the third private key.

And the control equipment adopts the built-in authentication public key to verify the third digital certificate, and when the verification is passed, the third public key is obtained. And the control equipment verifies the fourth digital certificate by adopting the third public key, and when the verification is passed, the Internet of things equipment is safe, namely the Internet of things equipment is marked as safe equipment.

The control equipment sends the original control information to the Internet of things equipment for storage through the adoption of the target application program. And the control equipment sends the target control information and the control instruction to the Internet of things equipment.

And matching the target control information with the original control information by the Internet of things equipment, and executing operation corresponding to the control instruction if the target control information is the same as the original control information.

The terms in this embodiment have the same meanings as those in the above-described method for determining the authority, and details of implementation may refer to the descriptions in the above-described method embodiments.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination apparatus, which is applied in a control device, for example, as shown in fig. 5, the authority determination apparatus may include:

the first receiving module 501 is configured to receive distribution network information broadcasted by an internet of things device, where the distribution network information includes a random number.

The generating module 502 is configured to generate a first public key according to the random number, and send the first public key to the target server, so that the target server signs the first public key to obtain a first digital certificate.

The second receiving module 503 is configured to receive the first digital certificate and the second digital certificate returned by the target server, where the second digital certificate is a certificate obtained after the target server is authenticated by the authentication authority.

The first sending module 504 is configured to send the first digital certificate and the second digital certificate to the internet of things device through a target application on the control device, so that the internet of things device determines a control right of the target application to the internet of things device based on the first digital certificate and the second digital certificate.

Optionally, the generating module 502 is specifically configured to perform:

and generating a first public key according to the random number, and sending the first public key to the target server so that the target server signs the first public key by adopting a second private key to obtain a first digital certificate.

The second receiving module 503 is specifically configured to perform:

and receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is obtained after the certification authority certifies a second public key of the target server by using a certification private key.

The first sending module 504 is specifically configured to perform:

Optionally, the permission determination apparatus further includes:

and the control information sending module is used for sending the original control information to the Internet of things equipment for storage through the target application program.

The instruction sending module is used for sending the control instruction and the target control information to the Internet of things equipment through the target application program so that the Internet of things equipment can determine whether to execute the operation corresponding to the control instruction or not based on the original control information and the target control information.

Optionally, the distribution network information further includes device information of the internet of things device.

Accordingly, the generating module 502 is specifically configured to perform:

a first public key is generated from the device information and the random number.

Optionally, the permission determination apparatus further includes:

and the request sending module is used for sending a certificate acquisition request to the Internet of things equipment.

Accordingly, the first receiving module 501 is further configured to perform:

and receiving a third digital certificate and a fourth digital certificate which are returned by the Internet of things equipment based on the certificate acquisition request, wherein the third digital certificate is obtained after a third public key of the Internet of things equipment is signed by a certification authority by using a certification private key, and the fourth digital certificate is obtained after the Internet of things equipment signs the preset information by using the third private key.

Accordingly, the authority determination device further includes:

the verification module is used for verifying the third digital certificate by adopting a built-in authentication public key, and acquiring a third public key of the Internet of things equipment when the verification is passed; verifying the fourth digital certificate by adopting the third public key; and when the verification is passed, the equipment of the Internet of things is marked as the safety equipment.

In a specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as one or several entities, and the specific implementation method and corresponding beneficial effects of the above modules may refer to the foregoing method embodiments, which are not described herein again.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination apparatus, which is applied in an internet of things device, for example, as shown in fig. 6, the authority determination apparatus may include:

the broadcasting module 601 is configured to broadcast distribution network information, where the distribution network information includes a random number, so that the control device generates a first public key based on the random number, and sends the first public key to the target server for signature, so as to obtain a first digital certificate;

a third receiving module 602, configured to receive a first digital certificate and a second digital certificate that are sent by a control device through a target application program, where the second digital certificate is a certificate obtained after an authentication authority authenticates a target server;

a determining module 603, configured to determine, based on the first digital certificate and the second digital certificate, a control authority of the target application on the internet of things device.

Optionally, the third receiving module 602 is specifically configured to perform:

receiving a first digital certificate and a second digital certificate which are sent by a control device through a target application program, wherein the second digital certificate is obtained after a certification authority signs a second public key of a target server by using a certification private key;

accordingly, the determining module 603 is specifically configured to perform:

Optionally, the third receiving module 602 is further configured to perform:

storing the original control information;

matching the target control information with the original control information;

In specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and specific implementation manners and corresponding beneficial effects of the above modules may refer to the foregoing method embodiments, which are not described herein again.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination device, which is applied in a target server, for example, as shown in fig. 7, the authority determination device may include:

a third receiving module 701, configured to receive a first public key sent by the control device, where the first public key is a public key generated by the control device based on a random number broadcasted by the internet of things device.

The signature module 702 is configured to sign the first public key to obtain a first digital certificate.

The second sending module 703 is configured to send the first digital certificate and the second digital certificate to the control device, so that the control device sends the first digital certificate and the second digital certificate to the internet of things device through the target application program, where the first digital certificate and the second digital certificate are used by the internet of things device to determine a control authority of the target application program on the internet of things device, and the second digital certificate is a certificate obtained after the certification authority authenticates the target server.

An embodiment of the present invention further provides a computer device, as shown in fig. 8, which shows a schematic structural diagram of a computer device according to an embodiment of the present invention, specifically:

the computer device may include components such as a processor 801 of one or more processing cores, memory 802 of one or more computer-readable storage media, a power supply 803, and an input unit 804. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 8 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components. Wherein:

the processor 801 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, and performs various functions of the computer device and processes data by running or executing computer programs and/or modules stored in the memory 802 and calling data stored in the memory 802, thereby monitoring the computer device as a whole. Alternatively, processor 801 may include one or more processing cores; preferably, the processor 801 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 801.

The memory 802 may be used to store computer programs and modules, and the processor 801 executes various functional applications and data processing by operating the computer programs and modules stored in the memory 802. The memory 802 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, a computer program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 802 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 802 may also include a memory controller to provide the processor 801 access to the memory 802.

The computer device further includes a power supply 803 for supplying power to the various components, and preferably, the power supply 803 is logically connected to the processor 801 via a power management system, so that functions such as managing charging, discharging, and power consumption are performed via the power management system. The power supply 803 may also include one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and any like components.

The computer device may further include an input unit 804, the input unit 804 being operable to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.

Although not shown, the computer device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 801 in the computer device loads an executable file corresponding to one or more processes of the computer program into the memory 802 according to the following instructions, and the processor 801 executes the computer program stored in the memory 802, thereby implementing various functions, such as:

receiving distribution network information broadcasted by the Internet of things equipment, wherein the distribution network information comprises a random number;

receiving a first digital certificate and a second digital certificate returned by a target server, wherein the second digital certificate is a certificate obtained after a certification authority certifies the target server;

The specific implementation of the above operations and the corresponding beneficial effects can be referred to the foregoing embodiments, and are not described herein again.

It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by a computer program, which may be stored in a computer-readable storage medium and loaded and executed by a processor, or by related hardware controlled by the computer program.

To this end, the embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, where the computer program can be loaded by a processor to execute the steps in any one of the permission determination methods provided by the embodiment of the present invention.

Wherein the computer-readable storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.

Since the computer program stored in the computer-readable storage medium can execute the steps in any permission determination method provided in the embodiment of the present invention, beneficial effects that can be achieved by any permission determination method provided in the embodiment of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.

According to an aspect of the application, there is provided, among other things, a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute the authority determination method.

The method, the apparatus, the computer device and the computer-readable storage medium for determining permission provided by the embodiments of the present invention are described in detail above, and a specific example is applied in the present disclosure to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. An authority determination method applied to a control device includes:

receiving a first digital certificate and a second digital certificate returned by the target server, wherein the second digital certificate is a certificate obtained after the target server is authenticated by an authentication authority;

2. The method for determining authority according to claim 1, wherein the generating a first public key according to the random number and sending the first public key to a target server, so that the target server signs the first public key to obtain a first digital certificate includes:

correspondingly, the receiving a first digital certificate and a second digital certificate returned by the target server, where the second digital certificate is a certificate obtained after the target server is authenticated by an authentication authority, includes:

correspondingly, the sending, by the target application on the control device, the first digital certificate and the second digital certificate to the internet of things device, so that the internet of things device determines the control authority of the target application on the internet of things device based on the first digital certificate and the second digital certificate includes:

and sending the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the first digital certificate and the second digital certificate, and when the verification is passed, marking the target application program as an application program with a control authority over the Internet of things equipment.

3. The permission determination method according to claim 2, wherein after the first digital certificate and the second digital certificate are sent to the internet of things device through a target application on the control device, so that the internet of things device verifies the first digital certificate and the second digital certificate with a built-in authentication public key, and when the verification is passed, the target application is marked as an application having a control permission for the internet of things device, the method further includes:

original control information is sent to the Internet of things equipment through the target application program to be stored;

sending a control instruction and target control information to the internet of things equipment through the target application program, so that the internet of things equipment determines whether to execute an operation corresponding to the control instruction or not based on the original control information and the target control information.

4. The permission determination method of claim 1, wherein the distribution network information further includes device information of the internet of things device;

accordingly, generating a first public key from the random number comprises:

and generating a first public key according to the equipment information and the random number.

5. The permission determination method according to claim 1, before the sending, by a target application on the control device, the first digital certificate and the second digital certificate to the internet of things device so that the internet of things device determines the control permission of the target application to the internet of things device based on the first digital certificate and the second digital certificate, further comprising:

sending a certificate acquisition request to the Internet of things equipment;

receiving a third digital certificate and a fourth digital certificate which are returned by the Internet of things equipment based on the certificate acquisition request, wherein the third digital certificate is obtained after a third public key of the Internet of things equipment is signed by the certification authority by using the certification private key, and the fourth digital certificate is obtained after the Internet of things equipment signs preset information by using the third private key;

verifying the fourth digital certificate by adopting the third public key;

and when the check is passed, the equipment of the Internet of things is marked as safety equipment.

6. An authority determination method applied to Internet of things equipment comprises the following steps:

receiving a first digital certificate and a second digital certificate which are sent by the control equipment through a target application program, wherein the second digital certificate is a certificate obtained after an authentication authority authenticates the target server;

7. The method according to claim 6, wherein the receiving the first digital certificate and the second digital certificate sent by the control device through the target application program, the second digital certificate being a certificate obtained after the certification authority certifies the target server, comprises:

receiving a first digital certificate and a second digital certificate which are sent by a control device through a target application program, wherein the second digital certificate is obtained after a certification authority signs a second public key of a target server by adopting a certification private key;

correspondingly, the determining the control authority of the target application program on the internet of things device based on the first digital certificate and the second digital certificate comprises:

8. The method of claim 7, wherein after the step of marking the target application as an application with control authority when the check is passed, the method further comprises:

receiving original control information sent by the control equipment through the target application program;

storing the original control information;

receiving target control information and a control instruction sent by the control equipment through the target application program;

matching the target control information with the original control information;

9. An authority determination method applied to a target server includes:

signing the first public key to obtain a first digital certificate;

the first digital certificate and the second digital certificate are sent to the control equipment, so that the control equipment sends the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program, the first digital certificate and the second digital certificate are used for the Internet of things equipment to determine the control authority of the target application program to the Internet of things equipment, and the second digital certificate is a certificate obtained after an authentication organization authenticates a target server.

10. An authority determination device applied to a control apparatus, comprising:

the generation module is used for generating a first public key according to the random number and sending the first public key to a target server so that the target server signs the first public key to obtain a first digital certificate;

the second receiving module is used for receiving the first digital certificate and the second digital certificate returned by the target server, wherein the second digital certificate is obtained after the target server is authenticated by an authentication authority;

the first sending module is used for sending the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program on the control equipment, so that the Internet of things equipment determines the control authority of the target application program on the Internet of things equipment based on the first digital certificate and the second digital certificate.

11. An authority determination device applied to Internet of things equipment comprises:

the third receiving module is used for receiving a first digital certificate and a second digital certificate which are sent by the control equipment through a target application program, wherein the second digital certificate is a certificate obtained after the certification of the target server by a certification authority;

a determining module, configured to determine, based on the first digital certificate and the second digital certificate, a control right of the target application program to the internet of things device.

12. An authority determination device applied to a target server, comprising:

the second sending module is used for sending the first digital certificate and the second digital certificate to the control equipment so that the control equipment sends the first digital certificate and the second digital certificate to the Internet of things equipment through a target application program, the first digital certificate and the second digital certificate are used for the Internet of things equipment to determine the control authority of the target application program on the Internet of things equipment, and the second digital certificate is a certificate obtained after a certification authority authenticates the target server.

13. A computer device comprising a processor and a memory, the memory storing a computer program, the processor being configured to execute the computer program in the memory to perform the method of determining rights of any of claims 1 to 5, the method of determining rights of any of claims 6 to 8 or the method of determining rights of claim 9.

14. A computer-readable storage medium, characterized in that it stores a computer program adapted to be loaded by a processor to perform the method of determining rights of any one of claims 1 to 5, the method of determining rights of any one of claims 6 to 8 or the method of determining rights of claim 9.