Detailed description of the invention
For making the purpose of the present invention, technical characteristic and advantage, can more correlative technology field personnel be understood
And it is carried out the present invention, coordinate institute's accompanying drawings at this, illustrate the technology of the present invention in follow-up description
Feature and embodiment, and enumerate preferred embodiment and further illustrate, the explanation of right following example is not used
To limit the present invention and graphic with hereinafter compareed, express the signal relevant with feature of present invention.
First, refer to Fig. 1, be that the Internet of Things of the present invention connects configuration diagram.As it is shown in figure 1,
It is by client terminal device (client device) 100, high in the clouds device (cloud that Internet of Things connects framework
Device) 500 and at least one agent apparatus (broker device) 700 formed;Wherein, client
End device 100 is a kind of device having radio communication function and having particular user identifier;High in the clouds fills
Put 500, there is the function communicated with client 100, by the particular user identifier of client 100
Confirm that client terminal device 100 is one of them client terminal device 100 in Internet of Things;And agency watches
Clothing put 700, have its network address and password, and can communicate with high in the clouds device 500.
Internet of Things in the present invention connects in framework, and client terminal device 100 is a kind of floating changed at any time
The device of the radio communication function of IP (Internet Protocol) is (such as: personal computer, notebook
Computer, intelligent mobile phone, intelligent portable equipment, intelligent reading device etc.), and each visitor
The most unique identifier of family end device 100 is (such as: the volume that manufacturer is set in time dispatching from the factory
Code;The most such as: the hardware datas such as MAC Address), in order to be used for producing the logical of client terminal device 100
With unique identifier (Universally Unique Identifier;It is abbreviated as uuid), in order to distinguish
Know or prevent hacker from invading.Additionally, the Internet of Things in the present invention connects in framework, high in the clouds device 500 is
A kind of fixed domain name system (Domain Name System;It is abbreviated as DNS), it has server
(sever) function and there is the function communicated with client terminal device 100, high in the clouds device 500 simultaneously
At least it is made up of devices such as reception/transmission interface module, data processing module and memory modules;Therefore,
High in the clouds device 500 has record the uuid of all clients belonged in Internet of Things of the present invention
It is stored in memory modules, forms data base.Furthermore, acting on behalf of servomechanism installation 700 is that one changes at any time
Floating IP address, its topmost work is to will confirm that it is that the client terminal device 100 by Internet of Things is transmitted
Coded data string after the receipt, directly send out to high in the clouds device 500;It is noted that generation especially
Reason servomechanism installation 700, after receiving the serial data that client terminal device is transmitted, is left intact, but
Directly directly being sent out by the data string received, device 500 receives and acts on behalf of servomechanism installation 700 beyond the clouds
Serial data after, then after solution, at the serial data that just client terminal device 100 can be transmitted
Reason.It will be apparent that the Internet of Things in the present invention connects in framework, at whole client terminal device 100 by number
During passing high in the clouds device 500 according to string, high in the clouds device 500 can't directly expose the ground of oneself
Location, therefore high in the clouds device 500 can be reduced by the probability of assault, Internet of Things can be greatly improved
Safety.
And in the Internet of Things of the present invention connects the preferred embodiment of framework, can be by multiple client terminal devices
100 are divided into multiple group, and each group is corresponding respectively or pairing acts on behalf of servomechanism installation 700 to one, therefore
Internet of Things in the present invention connects in framework, can have multiple servomechanism installation 700 of acting on behalf of, as shown in Figure 2.
When high in the clouds device 500 judges that one of them acts on behalf of after servomechanism installation 700 suffers assault, can select
The servomechanism installation 700 of acting on behalf of being hacked cuts out, or re-establishes one again and new act on behalf of servomechanism installation 700
Network address and password, can more guarantee the safety of Internet of Things of the present invention.Additionally, in the enforcement of the present invention
In example, acting on behalf of servomechanism installation 700 is to select to use MQTT (Message Queuing Telemetry
Transport) communication standard (protocol) does the transmission of serial data.Owing to MQTT is for thing
The agreement networked and design, is based particularly on the lightweight messages host-host protocol of publish/subscribe pattern, and it is
Andy doctor Stanford-Clark of IBM and Arlen doctor Nipper of Arcom company are in 1999
Year invention;Initially limited for a large amount of computing capabilitys and be operated in low bandwidth, insecure network long-range
Communication between sensor and control equipment and the agreement that designs.Therefore, MQTT have data transmission little and
Light and handy advantage, can have great advantage in bandwidth and speed;Also due to its required Netowrk tape
Width is the lowest, so that its required hardware resource is also low, therefore can be by Internet of things system
Or use the various commercial operation system (productions of such as logistics management or product of this Internet of Things framework
Resume etc.) efficiency promote;The most therefore the cost of commercial operation can be effectively reduced.
Then, the Internet of Things describing the present invention in detail actually accomplishes process and the method thereof of connection.
Please continue to refer to Fig. 1, first, by client terminal device 100 to high in the clouds device 500 carry out logging in (as
The communication direction that S1 in Fig. 1 indicates), such as: client terminal device 100 is filled to high in the clouds by https
Put 500 logins, in order to start Internet of things system.Then, client terminal device is received when high in the clouds device 500
After the request of 100 (communication direction indicated such as the S2 in Fig. 1), high in the clouds device 500 can first verify client
In the MAC Address that end device 100 is used whether data base already stored in high in the clouds device 500;
If the MAC Address that confirmation client terminal device 100 is used is already stored in the number of high in the clouds device 500
During according to storehouse, then produce a dialectical code of client (client uuid);Then, high in the clouds device 500 produces one
The key that exclusive client is used;In the preferred embodiment, this key is to use RSM non-right
Title formula key (Asymmetric Key);Therefore can produce a pair client_pub_key and
client_pri_key;Wherein, it is long that RSM asymmetric key has the solution time, so safety is high.
Additionally, in a further preferred embodiment, high in the clouds device 500 can also optionally produce a client
Symmetric key (Symmetric Key) client_share_key that device 100 is exclusive.Therefore at this
In bright preferred embodiment, optionally RSM asymmetric key and symmetric key can be coordinated and make
With;Due to, it is short that symmetric key has decoding time, and relatively safety is relatively low, it is therefore desirable at any time
Variation client_share_key, to guarantee safety;To this end, high in the clouds device 500 also can produce further
Raw/to set the time (share_key_expiry date time) changed, by variable interval more
Change share_key_expiry date time to promote safety;Therefore when high in the clouds device 500 detects
The client_share_key changed at any time has been over share_key_expiry date time and sets
After the time of fixed variation, i.e. can automatically generate new client_share_key, to guarantee safety.When
High in the clouds device 500 confirm a client terminal device 100 MAC Address data be stored in data
In storehouse identical time, then judge that this client terminal device 100 is as the client in this Internet of Things, afterwards, high in the clouds
The messages such as produced uuid and key can be back to client terminal device 100 (in Fig. 1 by device 500
S3 indicate mark communication direction), these are back to the message bag of client terminal device 100
Include: (this sever_pub_key is i.e. client_pub_key for client_uuid, sever_pub_key;
Because all client terminal devices 100 all can use same pub_key, so can be described as again
And client_pri_key sever_pub_key).
If it addition, after high in the clouds device 500 receives the request of client terminal device 100, high in the clouds device 500
Comparison goes out the data base of the MAC Address device 500 the most beyond the clouds that client terminal device 100 is used
Time middle, and judge the visitor in MAC Address not this Internet of Things that this client terminal device 100 is used
Family end device, then by this MAC Address message storage in another data base, in order to follow-up comparison.
It is important to explanation, the passback mechanism of S3 communication direction, it is however generally that, it is will not be vicious, but also
It is to have the mechanism made a mistake;Such as, wait that Server reflecting time causes this time online failure after for a long time,
Then can be re-executed once by client terminal device 100 again, but high in the clouds device 500 now can judge this
Secondary MAC address is recorded in data base, thus or can be by this MAC address couple
The uuid passback answered, now, high in the clouds device 500 is produced and is returned to a pair of client terminal device 100
Key can update.Therefore, even if there being the device of vacation to use any method this client terminal device 100 counterfeit
MAC address also cannot obtain same key.In other words, only have a uuid determined can deposit
Live in systems.
Then, the communication direction indicated such as the S4 in Fig. 1, after client terminal device 100 is with coding
Client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key) passes through https
" require " to obtain client_share_key, share_key_expiry date time, MQTT_Broker
IP and MQTT_Broker account number and password (username/passward);And when high in the clouds device 500 is received
After changing into the client_uuid of mess code, i.e. can decode according to sever_pri_key, to confirm
Client_uuid is the most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds fills
Put 500 by client_share_key, share_key_expiry date time, MQTT_Broker IP
And MQTT_Broker account number and password etc. are to be back to client terminal device after client_pub_key coding
100 (communication directions indicated such as the S5 in Fig. 1).
Additionally, in a preferred embodiment of the present invention, the IP of MQTT_Broker, account number and password
Can select to obtain at twice;Such as, for the first time (such as the communication direction of the S4 sign in Fig. 1), client
(i.e. client_uuid can be according to sever_pub_key with the client_uuid after coding for end device 100
Change into mess code) " require " to obtain client_share_key, share_key_expiry by https
Date time and MQTT_Broker IP;And change into mess code when high in the clouds device 500 receives
After client_uuid, i.e. can decode according to sever_pri_key, to confirm client_uuid
The most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds device 500 will
Client_share_key, share_key_expiry date time and MQTT_Broker IP etc. with
Client terminal device 100 (the communication party indicated such as the S5 in Fig. 1 it is back to after client_pub_key coding
To).For the second time (communication direction indicated such as the S6 in Fig. 1), after client terminal device 100 is again with coding
Client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key), pass through
Https " requires " to obtain MQTT_Broker account number and password;And change into when high in the clouds device 500 receives
After the client_uuid of mess code, i.e. can decode according to sever_pri_key, to confirm
Client_uuid is the most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds fills
Put 500 by MQTT_Broker account number and password etc. to be back to client after client_pub_key coding
End device 100 (communication direction indicated such as the S7 in Fig. 1).It is important to explanation, first time and second
In secondary content to be obtained, only require and the IP of MQTT_Broker, account number and password obtained at twice,
Other are not any limitation as.
It is clear that during client terminal device 100 and high in the clouds device 500 carry out identification and confirm,
The https used is belonging to mixed type password and prevents astonished, secure communications protocols (Secure Sockets
Layer;Or Transport Layer Security (Transport Layer Security SSL);TLS), itself
Belong to generally acknowledged security protocol, and the generally acknowledged voucher having required for high in the clouds device 500 end, can be by client
By the digital signature of authentication center, end device 100 end confirms that message is the most direct by high in the clouds device 500
Spread out of;Therefore, when there being hacker to carry out altering, usurp or denying etc. behavior at message transmittance process, all
Can prevent password from being altered by these safety certifications or usurp.
Then, the communication direction indicated such as the S8 in Fig. 1, when client terminal device 100 is from high in the clouds device
After 500 obtain related data, client terminal device 100 can be attached with acting on behalf of servomechanism installation 700 immediately;
But carry out be connected and act on behalf of servomechanism installation 700 before, it is necessary to confirm that the message received must be complete, this
Complete message includes: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker IP;
4.MQTT_Broker username/passward;5.client_Share_key;
6.Share_key_expiry date time.When client terminal device 100 is acknowledging receipt of complete message
After, client_share_key can be used client_uuid and client terminal device 100 to be passed to
After the data content (data involved) in high in the clouds encodes, then it is uploaded to act on behalf of servomechanism installation 700 (i.e.
MQTT Broker)。
In the preferred embodiment, client terminal device 100 can check further
The timeliness of Share_key_expiry date time has expired (such as: the Expiration Date is
2015/0501);If have passed through the timeliness of Share_key_expiry date time (such as: inspection
The result looking into day phase is 2015/0502), then after client terminal device 100 can be again with coding
Client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key), passes through https
Requirement obtains newMessage;And when high in the clouds device 500 receives
After changing into the client_uuid of mess code, i.e. can decode according to sever_pri_key, to confirm
Client_uuid is the most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds fills
Put 500 by new share_key_expiry date time to return after client_pub_key coding
To client terminal device 100.Additionally, for increasing safety, share_key-_expiry date time
The set time can be periodic, it is also possible to is stochastic variable, can be by high in the clouds device 500
Determine.
When client terminal device 100 is after confirming to have been received by complete message, and now client terminal device 100 is
Through knowing the MQTT_Broker IP and MQTT_Broker account number and password acting on behalf of servomechanism installation 700,
Therefore the client_uuid of coding and serial data can be uploaded to act on behalf of servomechanism installation by client terminal device 100
700 (communication directions indicated such as the S8 in Fig. 1);Then, act on behalf of servomechanism installation 700 and receive client
After coding client_uuid that end device 100 is uploaded and serial data, with will client terminal device 100
The message uploaded directly (it is to say, being left intact) sends high in the clouds device 500 end to;The brightest
Aobvious ground, whole Internet of Things during its message string is passed high in the clouds device 500 by client terminal device 100,
High in the clouds device 500 can't directly expose the address of oneself, therefore can reduce high in the clouds device 500 and be hacked
The probability that visitor attacks.It is that the data uploaded by client terminal device 100 are straight owing to acting on behalf of servomechanism installation 700
Connect and send high in the clouds device 500 to, thus can reduce act on behalf of servomechanism installation 700 MQTT_Broker IP and
The probability that MQTT_Broker account number and password are cracked, can more increase the safety of Internet of Things communication process
Property.
Then, the communication direction indicated such as the S9 in Fig. 1, high in the clouds device 500 acts on behalf of servo receiving
After the data (client_uuid after the most encoded and serial data) that device 700 directly transmits, with
I.e. use client_share_key to carry out decoding (Decode), and can verify and received
Client_uuid and serial data are the most complete and correct;If time correct, stored the most again to memory modules
In, wait that the serial data that these are received by user is specifically applied;If checking is received
Client_uuid and serial data imperfect or incorrect time, then note down.It is noted that and to test
Demonstrate,prove out the purpose of incorrect message, be can by Internet of things system by artificial intelligence make the degree of depth study or
The authentication mechanism artificially increasing, change or revising, prevents or reduces by astonished successful probability.In this reality
Executing in example, incorrect message includes, such as: (1) is captured news releasing system some business instantly by web crawlers
The adulterant of product is rampant;The most also or the same client_uuid that initially sets of (2) program, the most unexpectedly
Occurring in two diverse places in the same time, now Internet of things system is notified that company checks people
Member or sound a warning, and the action such as the disposal options that inspector can make at least is observed or ignores, reach
To prior early warning and anti-astonished effect;The most also or (3) device 500 is persistently watched by certain particular agent itself
When 700 transmission suspicious information put by clothing, such as: during the client_uuid information failed to understand;When incorrect
Message when persistently occurring, then judging to act on behalf of servomechanism installation 700 may be by assault, then high in the clouds device
500 can select to close this acts on behalf of servomechanism installation 700 (communication direction indicated such as the S10 in Fig. 1).
In an embodiment of the present invention, client_share_key coded system can coordinate hash function
Preventing from altering, wherein hash function can select MD5, SHA-1 or SHA-256 etc..Meanwhile,
Client_share_key can also coordinate different decoding (decode) modes, such as: block codes,
Crossfire password, ecb mode or aforesaid mixed method etc., crack difficulty except can more effectively improve
It is outside one's consideration, it is also possible to do not lose the solution time.
Refer to Fig. 2, be the schematic diagram of Internet of Things connection another embodiment of framework of the present invention.Such as Fig. 2
Shown in, Internet of Things connect framework be made up of multiple client terminal devices 100, high in the clouds device 500 and extremely
A few agent apparatus 700 is formed;Wherein, each client terminal device 100 is and has channel radio
Telecommunication function and there is the device of particular user identifier;High in the clouds device 500, has and each client
The function of 100 communications, the particular user identifier the most exclusive by each client 100 confirms
Client terminal device 100 is one of them client terminal device 100 in Internet of Things;Act on behalf of servomechanism installation 700,
There is its network address and password, and can communicate with high in the clouds device 500.Owing to the embodiment of Fig. 2 is with Fig. 1's
Embodiment is identical at the basic framework connected, and difference between the two is only that high in the clouds device 500
There is provided each to act on behalf of the network address of servomechanism installation, account number and password and give the client at least one Internet of Things
Device 100 after forming pairing, the client terminal device 100 after these are paired can only be with the agency of pairing
Servomechanism installation 700 communicates, and communicates with high in the clouds device 500 by acting on behalf of servomechanism installation 700 again, in order to will
Serial data on each client terminal device 100 reaches in high in the clouds device 500.Therefore the Internet of Things of Fig. 2 is real
The process that border completes to connect is briefly described as follows.
Please continue to refer to Fig. 2, first, each client terminal device 100 each passes through https to high in the clouds
Device 500 logs in.Then, each client terminal device 100 is received respectively when high in the clouds device 500
Request after, high in the clouds device 500 can first verify the MAC that each client terminal device 100 is used
In Address whether data base already stored in high in the clouds device 500;If confirming, each client fills
When putting the 100 MAC Address used all already stored in the data base of high in the clouds device 500, then divide
Do not produce the respective dialectical code of each client (client uuid);Then, high in the clouds device 500 is according to often
One client terminal device 100 produces the key of a pair exclusive client use;When high in the clouds device 500 judges often
After the client that one client terminal device 100 is in this Internet of Things, high in the clouds device 500 can will be produced
Each raw message such as uuid and key is back in each client terminal device 100 corresponding, these
The message being back to each client terminal device 100 includes: client_uuid, sever_pub_key and
client_pri_key。
Then, the client_uuid after each client terminal device 100 can be encoded passes through https
" require " obtain client_share_key, share_key_expiry date time,
MQTT_Broker IP and MQTT_Broker account number and password (username/passward);And work as cloud
After end device 500 receives the client_uuid changing into mess code, i.e. can be according to respective sever_pri_key
Decode, the most correct to confirm each client_uuid received;Treat that high in the clouds device 500 is true
Recognize client_uuid correct after, high in the clouds device 500 by client_share_key,
Share_key_expiry date time, MQTT_Broker IP and MQTT_Broker account number and close
Codes etc. are back to client terminal device 100 after encoding with client_pub_key.Such as: by agent apparatus
(Broker-1) IP, account number and password return to Client-1~Client-5;By agent apparatus
(Broker-2) IP, account number and password return to Client-6~Client-15;By agent apparatus
(Broker-3) IP, account number and password return to Client-16~Client-50;It will be apparent that this
50 other client terminal devices 100 have been matched and have been acted on behalf of servomechanism installation 700 by 3 by Internet of Things respectively
Communicate with high in the clouds device 500.Then, when each client terminal device 100 is each through high in the clouds device
500 obtain after related datas, the pairing that client terminal device 100 can be obtained with it immediately act on behalf of servo
Device 700 is attached;Meanwhile, confirm that it is by high in the clouds device 500 when each client terminal device 100
The message received includes: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker
IP;4.MQTT_Broker username/passward;5.Client_Share_key;
After 6.Share_key_expiry date time, client_share_key can be used to incite somebody to action
After the data content in client_uuid and this client terminal device 100 high in the clouds to be passed to encodes, then
It is uploaded to act on behalf of servomechanism installation 700 (i.e. MQTT Broker).
Due to, when each client terminal device 100 is after confirming to have been received by complete message, now client
End device 100 its MQTT_Broker IP acting on behalf of servomechanism installation 700 matched already known and
MQTT_Broker account number and password, therefore client terminal device 100 can be by coding client_uuid and news
Breath string be uploaded to pairing act on behalf of servomechanism installation 700;Then, each acts on behalf of servomechanism installation 700 in receipts
After the coding client_uuid that uploaded of client terminal device 100 and message string of pairing, with will visitor
The message that family end device 100 is uploaded directly (it is to say, being left intact) sends high in the clouds device to
500 ends;It is clear that its message string is passed high in the clouds device at client terminal device 100 by whole Internet of Things
During 500, high in the clouds device 500 can't directly expose the address of oneself, therefore can reduce cloud
End device 500 is by the probability of assault.Owing to each acts on behalf of servomechanism installation 700 simply by client
The data that device 100 is uploaded are transmitted directly to high in the clouds device 500, therefore can reduce and act on behalf of servomechanism installation 700
MQTT_Broker IP and the probability that is cracked of MQTT_Broker account number and password, can more increase
The safety of Internet of Things communication process.Then, high in the clouds device 500 receive each act on behalf of servo dress
After putting 700 data directly transmitted (client_uuid after the most encoded and serial data), immediately
Use each client_share_key to decode, and received client_uuid can be verified
And serial data is the most complete and correct;If time correct, stored the most again to memory modules, wait user
The serial data these received specifically is applied;If the client_uuid that checking is received and data
Go here and there imperfect or incorrect time, then note down;In the present embodiment, the generation of incorrect message may
Have certain regularity including: each client frequency that releases news, if produce certain client with
Abnormal or that multi-frequency is issued excessively information, then be considered as incorrect message;Or act on behalf of servomechanism installation 700
Frequency own releases news non-through MQTT mode, and attempts a connection to high in the clouds device 500 etc.;When incorrect
When message persistently occurs, then judging to act on behalf of servomechanism installation 700 may be by assault;Then high in the clouds device 500
Can select to close this and act on behalf of servomechanism installation 700.
Summary, the Internet of Things of the present invention connects the technical way of framework, is device 500 beyond the clouds
After confirming the user that each client terminal device 100 is this Internet of Things, high in the clouds device 500 can will be acted on behalf of
MQTT_Broker IP, MQTT_Broker account number of servomechanism installation 700 and password return to each visitor
Family end device 100, afterwards, each client terminal device 100 according to the MQTT_Broker IP received,
MQTT_Broker account number and password are connected with acting on behalf of servomechanism installation 700, and each client are filled
After putting 100 serial data codings to be transmitted, it is uploaded to together act on behalf of servomechanism installation 700, then, generation
Reason servomechanism installation 700 is under the situation that the serial data not transmitted client terminal device 100 processes, directly
Connect and the serial data that client terminal device 100 transmits is transferred to high in the clouds device 500 decodes and process.Very
It is divided into two stages to be attached it will be evident that the Internet of Things of the present invention connects framework, and in the first stage
After completing the identification of client terminal device 100, client terminal device 100, can only be with agency in second stage
Servomechanism installation 700 connects;Due to the first stage be before client terminal device 100 is attached the completeest
Become, therefore when client terminal device 100 transmits serial data just, all can only connect with acting on behalf of servomechanism installation 700
Connect and communicate;Therefore, high in the clouds device 500 can't directly expose the address of oneself, therefore can reduce
High in the clouds device 500, by the probability of assault, can effectively improve Internet of Things and connect the safety of framework.
Followed by, the Internet of Things describing the present invention in detail connects method of attachment and the process of framework, through this
Internet of Things connects method of attachment and the process of framework, can be better understood upon present invention use and act on behalf of servo
The innovative point of device 700.
Refer to Fig. 3, be the flow chart of the Internet of Things method of attachment of the present invention.As it is shown on figure 3, this
Bright Internet of Things method of attachment includes:
Step 1: logged in high in the clouds device 500 by client terminal device 100, such as: client fills
Put 100 to be logged in high in the clouds device 500 by https, in order to start Internet of things system.
Step 2: after high in the clouds device 500 receives the request of client terminal device 100, high in the clouds device 500 meeting
Whether the MAC Address that first checking client terminal device 100 is used is already stored in high in the clouds device 500
Data base in.
Step 3: when high in the clouds device 500 confirms that MAC Address that client terminal device 100 used is
In time being stored in the data base of high in the clouds device 500, then judging that client terminal device 100 data are correct, it is
Client terminal device 100 in this Internet of Things, then high in the clouds device 500 can produce a dialectical code of client
(client uuid), the key of a pair exclusive client use.In the present embodiment, this key is to use peace
The RSM asymmetric key (Asymmetric Key) of Quan Xinggao;Therefore can produce a pair
Client_pub_key and client_pri_key;And by the message such as uuid and key produced by it
Passback client terminal device 100, the message of these passback client terminal devices 100 includes: client_uuid,
(this sever_pub_key is i.e. client_pub_key to sever_pub_key.If additionally, working as high in the clouds
After device 500 receives the request of client terminal device 100, high in the clouds device 500 comparison goes out client terminal device 100
Time in the data base of the MAC Address used device 500 the most beyond the clouds, and judge this client
Client terminal device in MAC Address not this Internet of Things that device 100 is used, then by this MAC
Address message storage is in another data base, in order to follow-up comparison.
Step 4: client terminal device 100 judges the message such as uuid and key produced by high in the clouds device 500
Whether to be properly received;When client terminal device 100 confirms to be correctly received the message such as uuid and key
After, client terminal device 100 immediately can be with client_uuid (the i.e. client_uuid meeting root after coding
Mess code is changed into according to sever_pub_key) obtained to high in the clouds device 500 requirement by https
Client_share_key, the MQTT_Broker IP acting on behalf of servomechanism installation 700 and MQTT_Broker account
Number and password (username/passward).
Step 5: after high in the clouds device 500 receives and changes into the client_uuid of mess code, i.e. can basis
Sever_pri_key decodes, to confirm that client_uuid is the most correct;Treat high in the clouds device 500
After confirming that client_uuid is correct, high in the clouds device 500 by client_share_key, act on behalf of servo dress
Put 700 MQTT_Broker IP and MQTT_Broker account number and password etc. with client_pub_key
Client terminal device 100 it is back to after coding.
Step 6: when client terminal device 100 is after high in the clouds device 500 obtains related data, client fills
Putting 100 can use client_pri_key to decode immediately, and confirms that received message must be complete,
This complete message includes: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker
IP;4.MQTT_Broker username/passward;5.client_Share_key.Work as client
Device 100, after acknowledging receipt of complete message, i.e. can be attached with acting on behalf of servomechanism installation 700;If
Client terminal device 100 judges, when the message that received is imperfect, to return to step 4, again require to cloud
End device 500 requirement obtains client_share_key, acts on behalf of the MQTT_Broker of servomechanism installation 700
IP and MQTT_Broker account number and password (username/passward).
Step 7: client terminal device 100 use MQTT_Broker IP and MQTT_Broker account number and
Password connects acts on behalf of servomechanism installation 700;Meanwhile, also use client_share_key by client_uuid
And the data content (data involved) of client terminal device 100 high in the clouds to be passed to device 500 compiles
After Ma, then it is uploaded to act on behalf of servomechanism installation 700.
Step 8: act on behalf of servomechanism installation 700 and receiving the coding that client terminal device 100 is uploaded
After client_uuid and message string, with will the message uploaded of client terminal device 100 (the most namely
Say, be left intact) send high in the clouds device 500 end to.
Step 9: high in the clouds device 500 after receiving and acting on behalf of the data that servomechanism installation 700 directly transmits,
Use client_share_key to decode immediately, and received client_uuid can be verified
And serial data is the most complete and correct.
Step 10: client_uuid and serial data that high in the clouds device 500 judgement is received are complete and correct
Time, then the client data string after decoding is stored to memory modules, wait what these were received by user
Serial data is specifically applied;If the client_uuid that received of checking and serial data is imperfect or not
Time correct, then note down;In the present embodiment, incorrect message includes that (1) certain ip corresponds to
Client_uuid incorrect, then may have theft (2) if certain client_uuid has cooperation
The data of upper Geo Location are uploaded, and can verify by the reasonability of checking GeoLocation (are
Certain this minute of client_uuid no, next minute was in North America in Asia);When incorrect message is held
Continuous when occurring, then judging to act on behalf of servomechanism installation 700 may be by assault;Then high in the clouds device 500 is permissible
Select to close this and act on behalf of servomechanism installation 700.
It is clear that during the method for attachment of whole Internet of Things framework, from step 1 to step 6 all
Just to complete to be connected with high in the clouds device 500 before each client terminal device 100 dispatches from the factory, i.e. each visitor
After family end device 100 dispatches from the factory, the most obtain complete message bag from high in the clouds device 500
Include: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker IP;4.MQTT_Broker
username/passward;5.client_Share_key.After Internet of things system starts, each
The serial data that client terminal device 100 high in the clouds to be sent to device 500 processes, all can basis
MQTT_Broker IP is sent to act on behalf of servomechanism installation 700, then by acting on behalf of servomechanism installation 700 directly by visitor
Family end device 100 serial data sends high in the clouds device 500 to.Therefore the message between step 7 to step 10
In transmittance process, high in the clouds device 500 can't directly expose the address of oneself, therefore can reduce high in the clouds
Device 500 is by the probability of assault.Owing to acting on behalf of servomechanism installation 700 simply by client terminal device 100
The data uploaded are transmitted directly to high in the clouds device 500, therefore can reduce and act on behalf of servomechanism installation 700
The probability that MQTT_Broker IP and MQTT_Broker account number and password are cracked, can more increase Internet of Things
The safety of Network Communication process.
Then, refer to Fig. 4, be the flow chart of Internet of Things another embodiment of method of attachment of the present invention.
As shown in Figure 4, the Internet of Things method of attachment of the present invention includes:
Step 1: logged in high in the clouds device 500 by client terminal device 100, such as: client fills
Put 100 to be logged in high in the clouds device 500 by https, in order to start Internet of things system.
Step 2: after high in the clouds device 500 receives the request of client terminal device 100, high in the clouds device 500 meeting
Whether the MAC Address that first checking client terminal device 100 is used is already stored in high in the clouds device 500
Data base in.
Step 3: when high in the clouds device 500 confirms that MAC Address that client terminal device 100 used is
In time being stored in the data base of high in the clouds device 500, then judging that client terminal device 100 data are correct, it is
Client terminal device 100 in this Internet of Things, then high in the clouds device 500 can produce a dialectical code of client
(client uuid), the key of a pair exclusive client use.In the present embodiment, this key is to use peace
The RSM asymmetric key (Asymmetric Key) of Quan Xinggao;Therefore can produce a pair
Client_pub_key and client_pri_key;And by the message such as uuid and key produced by it
Passback client terminal device 100, the message of these passback client terminal devices 100 includes: client_uuid,
(this sever_pub_key is i.e. client_pub_key to sever_pub_key.If additionally, working as high in the clouds
After device 500 receives the request of client terminal device 100, high in the clouds device 500 comparison goes out client terminal device 100
Time in the data base of the MAC Address used device 500 the most beyond the clouds, and judge this client
Client terminal device in MAC Address not this Internet of Things that device 100 is used, then by this MAC
Address message storage is in another data base, in order to follow-up comparison.
Step 4: client terminal device 100 judges the message such as uuid and key produced by high in the clouds device 500
Whether to be properly received;When client terminal device 100 confirms to be correctly received the message such as uuid and key
After, client terminal device 100 immediately can be with client_uuid (the i.e. client_uuid meeting root after coding
Mess code is changed into according to sever_pub_key) obtained to high in the clouds device 500 requirement by https
Client_share_key, share_key_expiry date time, act on behalf of servomechanism installation 700
MQTT_Broker IP and MQTT_Broker account number and password (username/passward).
In the preferred embodiment, this key is to use RSM asymmetric key (Asymmetric
Key);Therefore a pair client_pub_key and client_pri_key can be produced;Wherein, RSM
It is long that asymmetric key has the solution time, so safety is high.Additionally, in a further preferred embodiment,
High in the clouds device 500 can also optionally produce an exclusive symmetric key of client terminal device 100
(Symmetric Key)client_share_key.Therefore in the preferred embodiment, Ke Yixuan
Selecting property by RSM asymmetric key and symmetric key with the use of;Due to, symmetric key has
Decoding time is short, and relatively safety is relatively low, it is therefore desirable to change client_share_key at any time, with
Guarantee safety;Change at any time to this end, high in the clouds device 500 also can produce one further
Share_key_expiry date time, carries by the change client_share_key of variable interval
Rise safety;Therefore already more than when high in the clouds device 500 detects the client_share_key changed at any time
After setting the time of variation, i.e. can automatically generate new client_share_key, to guarantee safety.
Step 5: after high in the clouds device 500 receives and changes into the client_uuid of mess code, i.e. can basis
Sever_pri_key decodes, to confirm that client_uuid is the most correct;Treat high in the clouds device 500
After confirming that client_uuid is correct, high in the clouds device 500 by client_share_key,
Share_key_expiry date time, act on behalf of servomechanism installation 700 MQTT_Broker IP and
MQTT_Broker account number and password etc. are back to client terminal device after encoding with client_pub_key
100。
Step 6: when client terminal device 100 is after high in the clouds device 500 obtains related data, client fills
Putting 100 can use client_pri_key to decode immediately, and confirms that received message must be complete,
This complete message includes: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker
IP;4.MQTT_Broker username/passward;5.client_Share_key;
6.share_key_expiry date time.When client terminal device 100 is acknowledging receipt of complete message
After, i.e. can be attached with acting on behalf of servomechanism installation 700;If client terminal device 100 judges the news received
When ceasing imperfect, step 4 can be returned to, again require to obtain to high in the clouds device 500 requirement.
Step 7: client terminal device 100 use MQTT_Broker IP and MQTT_Broker account number and
Password connects acts on behalf of servomechanism installation 700;Meanwhile, also use client_share_key by client_uuid
And the data content (data involved) of client terminal device 100 high in the clouds to be passed to device 500 compiles
After Ma, then it is uploaded to act on behalf of servomechanism installation 700.
Step 8: whether client terminal device 100 checks the timeliness of Share_key_expiry date time
Expire;If checking, result not yet arrives after date, the then client_uuid after coding and serial data content
It is uploaded to act on behalf of servomechanism installation 700;If after checking that result is expired state, then step 4 can be returned to, again
Require to obtain new Share_key_expiry date time to high in the clouds device 500 requirement.Such as: arrive
When day phase is 2015/0501;If checking that result have passed through Share_key_expiry date time
Timeliness time (such as: the result of check data is 2015/0502), then client terminal device 100 can again
With the client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key) after coding,
New share_key_expiry date time is obtained by https requirement;And when high in the clouds device 500
Receive after changing into the client_uuid of mess code, i.e. can decode according to sever_pri_key, with really
Recognize client_uuid the most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds
Device 500 returns after being encoded with client_pub_key by new share_key_expiry date time
Reach client terminal device 100.Additionally, for increasing safety, share_key_expiry date time
The set time can be periodic, it is also possible to is stochastic variable, can be by high in the clouds device 500
Determine.
Step 9: act on behalf of servomechanism installation 700 and receiving the coding that client terminal device 100 is uploaded
After client_uuid and message string, with will the message uploaded of client terminal device 100 (the most namely
Say, be left intact) send high in the clouds device 500 end to.
Step 10: high in the clouds device 500 after receiving and acting on behalf of the data that servomechanism installation 700 directly transmits,
Use client_share_key to decode immediately, and received client_uuid can be verified
And serial data is the most complete and correct.
Step 11: client_uuid and serial data that high in the clouds device 500 judgement is received are complete and correct
Time, then the client data string after decoding is stored to memory modules, wait what these were received by user
Serial data is specifically applied;If the client_uuid that received of checking and serial data is imperfect or not
Time correct, then note down;In the present embodiment, incorrect message includes that (1) certain IP corresponds to
Client_uuid incorrect, then may have theft (2) if certain client_uuid has cooperation
The data of upper Geo Location are uploaded, and can verify by the reasonability of checking GeoLocation (are
Certain this minute of client_uuid no, next minute was in North America in Asia).When incorrect message is held
Continuous when occurring, then judging to act on behalf of servomechanism installation 700 may be by assault;Then high in the clouds device 500 is permissible
Select to close this and act on behalf of servomechanism installation 700.
It is clear that during the method for attachment of whole Internet of Things framework, from step 1 to step 6 all
Just to complete to be connected with high in the clouds device 500 before each client terminal device 100 dispatches from the factory, i.e. each visitor
After family end device 100 dispatches from the factory, the most obtain complete message bag from high in the clouds device 500
Include: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker IP;4.MQTT_Broker
username/passward;5.client_Share_key;6.share_key_expiry date time.
After Internet of things system starts, each client terminal device 100 high in the clouds to be sent to device 500 processes
Serial data, all can be sent to act on behalf of servomechanism installation 700 according to MQTT_Broker IP, then be watched by agency
Clothing are put 700 and are directly sent client terminal device 100 serial data to high in the clouds device 500.Therefore from step 7
In message transmittance process between step 10, high in the clouds device 500 can't directly expose the ground of oneself
Location, therefore high in the clouds device 500 can be reduced by the probability of assault.Owing to acting on behalf of servomechanism installation 700
It is that the data that client terminal device 100 is uploaded are transmitted directly to high in the clouds device 500, therefore agency can be reduced
The probability that the MQTT_Broker IP of servomechanism installation 700 and MQTT_Broker account number and password are cracked,
Can more increase the safety of Internet of Things communication process.
Then, the present invention can also be in the step 4 of Fig. 3, by client terminal device 100 to high in the clouds device
500 obtain act on behalf of servomechanism installation 700 MQTT_Broker IP, MQTT_Broker account number and
The process of MQTT_Broker password, is divided into twice and performing;Such as: be client terminal device 100 for the first time
With the client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key) after coding
Client_share_key and MQTT_Broker IP is obtained by https requirement;And when high in the clouds device
After 500 receive the client_uuid changing into mess code, i.e. can decode according to sever_pri_key,
To confirm that client_uuid is the most correct;After high in the clouds device 500 confirms that client_uuid is correct,
High in the clouds device 500 by client_share_key and MQTT_Broker IP etc. with client_pub_key
Client terminal device 100 it is back to after coding;Second time be client terminal device 100 again with coding after
Client_uuid (i.e. client_uuid can change into mess code according to sever_pub_key), passes through https
Requirement obtains MQTT_Broker account number and password;And change into mess code when high in the clouds device 500 receives
After client_uuid, i.e. can decode according to sever_pri_key, to confirm client_uuid
The most correct;After high in the clouds device 500 confirms that client_uuid is correct, high in the clouds device 500 will
MQTT_Broker account number and password etc. are back to client terminal device after encoding with client_pub_key
100.Be important to explanation, for the first time and in second time content to be obtained, only require by
The IP of MQTT_Broker, account number and password obtain at twice, and other are not any limitation as.
Then, the Internet of Things framework describing the present invention in detail applies the reality on the logistic management system of product
Execute mode.
First, refer to Fig. 5, be the Internet of Things product stream management system architecture schematic diagram of the present invention.
As it is shown in figure 5, the logistic management system of a kind of product of the present invention, including: multiple products 10, configuration
Electronic tag 12 on each product, at least one client terminal device 100 (such as: personal computer,
Notebook, intelligent mobile phone, intelligent portable equipment, intelligent reading device etc.), and each
Individual client terminal device 100 can read and transmit the message within electronic tag 12 and watch by an agency
Clothing put 700 transmission electronic tag 12 inner messages to high in the clouds device 500 and one and high in the clouds device 500
The display device 600 connected is formed, and uses wireless network to form communication link between logistic management system;
Wherein, each client terminal device 100 is a kind of radio communication device with Floating IP address, and each
Individual client terminal device 100 is respectively provided with specific user identifier;High in the clouds processing means 500, is a kind of solid
Fixed pattern domain name system (DNS), it has the function of server (sever) and has and each client
The function of device 100 communication, confirms every by the particular user identifier of each client terminal device 100
The client terminal device of one of them that one client terminal device 100 is in Internet of Things;Act on behalf of servomechanism installation
700 (i.e. MQTT Broker), are a kind of Floating IP address changed at any time, have network address and password, and it is the most main
The work wanted is to will confirm that the coded data string being to be transmitted by the client terminal device 100 in Internet of Things is connecing
After receipts, directly send out to high in the clouds device 500, and can communicate with high in the clouds device 100;Wherein, Yu Yun
End device 500 provides acts on behalf of the network address of servomechanism installation 700 and each client that password gives in Internet of Things
After device 100, these client terminal devices 100 can only communicate with acting on behalf of servomechanism installation 700, and again by generation
Reason servomechanism installation 700 communicates with high in the clouds device 500, in order to be passed by each client terminal device 100
Product 10 message sent reaches in high in the clouds device 100, and after high in the clouds device 100 processes, after processing
Result show on a display device 600.
Then, refer to Fig. 6, be the client terminal device of the present invention (such as: personal computer, notebook
Computer, intelligent mobile phone, intelligent portable equipment, intelligent reading device etc.) structural representation;As
Shown in Fig. 6, client terminal device 100 includes controller 110, multiple antenna 120, multiple output/input interface
130 and a wireless transport module 140 formed;Followed by, refer to Fig. 7 A, be the cloud of the present invention
End device structural representation;As shown in Figure 7 A, high in the clouds device 500 is by a reception/emission interface mould
Block 510, data processing module 520 are formed with memory modules 530, wherein, at memory modules 530
In established analysis data base, including numbering, user identifier (such as: MAC Address),
The data such as the coordinate (including longitude and latitude) of the title in warehouse, place or numbering and its position, therefore data
Processing module 520 can perform comparison and checking, such as, at least each client terminal device 100 institute of comparison
Whether the user identifier (such as: MAC Address) used is already stored in the internal memory of high in the clouds device 500
In module 530 data base;Additionally, high in the clouds device 500 can also pass through reception/transmission interface module 510
With each client terminal device 100, act on behalf of servomechanism installation 700 and display module 600 communicates.
When logistic management system operates, each client terminal device 100 wireless transport module 140 the most
Logged in high in the clouds device 500 by https, and it has been acknowledged that each client terminal device 100
The client terminal device being in Internet of Things, meanwhile, each client terminal device 100 is also it has been acknowledged that receive
Complete message, including: 1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker IP;
4.MQTT_Broker username/passward;5.client_Share_key;
6.Share_key_expiry date time;It logs in and proof procedure, as in the foregoing embodiment.
And the client terminal device 100 in this logistic management system embodiment is a kind of read-write equipment, it can be with mat
Sent the electric signal electronic tag 12 to product 10 by antenna 120, and trigger electronic tag 12 by storage
The message being stored in inside sends out, then is received what electronic tag 12 transmitted by the antenna 120 of read-write equipment
Message, is transferred to controller 110 again through output/input interface 130 and processes, and is using
After client_uuid and electronic tag 12 message data are encoded by client_share_key, by
Message after coding is sent to act on behalf of servomechanism installation 700 by wireless transport module 140;And act on behalf of servo dress
Put 700 after receiving the serial data that client terminal device is transmitted, be left intact, but directly will connect
The data string received directly sends out;Reception/the transmission interface module 510 of device 500 receives beyond the clouds
After acting on behalf of the serial data of servomechanism installation 700, can decode through data processing module 520 again, now, can
With by the message storage within electronic tag 12 to the storage area set by memory modules 530, such as,
Store to the storage area set by specific company;Or can synchronize the message within electronic tag 12
It is sent on display module 600 demonstrate information;Also or pending data processing module 520 is by many electronics
Message within label 12 is after particular procedure, then is sent on display module 600 demonstrate setting
Information status;Wherein, data processing module 520 is when carrying out safety identification and processing, it is also possible to will receive/
The numbering of each read-write equipment 100 that transmission interface module 510 receives, user identifier, storehouse, place
The data such as the coordinate (including longitude and latitude) of the title in storehouse or numbering and its position be stored in internal memory mould
Data in block 530 are compared, and as shown in Figure 7 B, are that the present invention is stored in memory modules 530
Analysis schematic diagram data;If the client_uuid that received of checking and serial data is imperfect or the most just
Time really, then note down.
In the present embodiment, the generation of incorrect message potentially includes: each client terminal device 100 is issued
Information frequency has certain regularity, if producing certain client terminal device 100 with abnormal or mistake multi-frequency
The information issued;Or client_uuid that the ip of certain client terminal device 100 corresponds to is incorrect,
Then may there is theft;Or, if certain client_uuid has the number coordinating upper Geo Location
According to uploading, (whether certain client_uuid can be verified by the reasonability of checking GeoLocation
This minute, next minute was in North America in Asia);Or act on behalf of the frequency of servomechanism installation 700 own and release news
Non-through MQTT mode, and attempt a connection to high in the clouds device 500 etc.;Then it is considered as incorrect message.When the most just
When true message persistently occurs, then judging to act on behalf of servomechanism installation 700 may be by assault;Then high in the clouds dress
Put 500 to select to close this and act on behalf of servomechanism installation 700.Additionally, after high in the clouds device 500 is processed
Message is sent to the mode of display module 600, can show and is wirelessly transferred (WiFi, Bluetooth) or has
Line transmits.It will be apparent that the Internet of Things in the present invention connects in framework, at whole client terminal device 100
During serial data is passed high in the clouds device 500, high in the clouds device 500 can't directly expose oneself
Address, therefore high in the clouds device 500 can be reduced by the probability of assault, thing can be greatly improved
The safety of networking.
It is emphasized that via aforesaid detailed description, the product stream management system after the present invention
In embodiment declarative procedure, each of which client terminal device 100 passed through wireless transport module 140 to
High in the clouds device 500 logs in, and it has been acknowledged that each client terminal device 100 is in Internet of Things
Client terminal device, meanwhile, each client terminal device 100 also it has been acknowledged that receive complete message,
Including acting on behalf of MQTT_Broker IP and MQTT_Broker account number and the password etc. of servomechanism installation 700,
No longer it is described in detail.
Then, refer to Fig. 8, the Internet of Things product stream management system first embodiment signal of the present invention
Figure.As shown in Figure 8, the product stream management system of the present invention includes primary importance region (1), such as, produce
The warehouse that product are deposited;And product 10 can be any goods, such as, sport shoes, suitcase, clothes etc. disappear
Expense property product.Deposit in primary importance region 1 and all configure on multiple product 10, and each product 10
Having an electronic tag 12, these a little electronic tags 12 can select to deposit in primary importance district at product 10
Behind territory 1, then stick one by one;Meanwhile, this electronic tag 12 at least stores product 10 the name of an article and
Recognition coding (ID code);Primary importance region 1 has a gateway, and is configured with on this gateway
At least one can as the first read-write equipment 31/32/33 of family end device 100 (such as: three first
The safety identification code of read-write equipment is respectively A001, A002 and A003), each first read-write equipment
31/32/33 all has a safety identification code, the title in warehouse, place or numbering and the seat of its position
The messages such as mark (including longitude and latitude);And on gateway, configure the purpose of multiple first read-write equipment, it is to work as
When product is increased by the quantity of gateway in unit interval, can effectively improve Products Information read-write
Speed and accuracy, and reduce the fault rate of Products Information read-write.
When the product 10 depositing in primary importance region 1 needs to be transported to sell strong point, each product
10 all must pass through at least one first read-write equipment 31/32/33 being arranged on gateway, and each
First antenna 120 on individual first read-write equipment 31/32/33 can launch signal so that each passes through
The electronic tag 12 of the first read-write equipment 31/32/33 is receiving the news that first antenna 120 can be launched
After number, i.e. can trigger electronic tag 12 and the Products Information being stored in inside is sent out, then be read by first
The first antenna 120 of write device 31/32/33 receives the message that electronic tag 12 transmits, through import and export
After interface 130 is transferred to controller 110 process, and will at use client_share_key
After client_uuid and electronic tag 12 message data encode, will compile wireless transport module 140
Message after Ma is sent to act on behalf of servomechanism installation 700;And act on behalf of servomechanism installation 700 and receiving client dress
After putting 100 serial datas transmitted, it is left intact, but direct by direct for the data string received
Send out;Reception/the transmission interface module 510 of device 500 receives and acts on behalf of servomechanism installation 700 beyond the clouds
Serial data after, can decode through data processing module 520 again, at this point it is possible to by electronic tag 12
Internal message storage is to the storage area set by memory modules 530, such as, stores to specific company
Set storage area;Or can synchronize the message within electronic tag 12 is sent to display module
Information is demonstrated on 600;Also or pending data processing module 520 is by the news within many electronic tags 12
Breath is after particular procedure, then is sent to demonstrate on display module 600 information status of setting so that
Which product high in the clouds device 500 can grasp and quantity has moved out primary importance region 1;Thus,
Can compare with the storage data left in memory modules 530 further, have confirmed that both quantity
The most identical.
Then, the above-mentioned product 10 being moved out of needs to be transported to another region when peddling, Ke Nengxu
Store in a warehouse in the region that these products are delivered to set by conveying arrangement to be passed through;Such as, Shanghai will to be placed on
10,000 pairs of sport shoess in free trade area are transported to the point of sale storage of Wangfujing Dajie, Beijing.In order to really
Protect sport shoes the to be transported region delivering to set the most in full to store in a warehouse, therefore, enter transport
During the entrance of device, being necessary for confirmation is that those sport shoess enter conveying arrangement (such as: a counter), with
Time it must also ensure that during whole transport, the product being placed in conveying arrangement is not lacked.
In order to solve the demand, the product stream of present invention management system first embodiment then carry out as
Under program.One gateway of counter (or referred to as second position region 2) configuration on conveying arrangement, goes out
Configure on entrance at least one can as family end device 100 the second read-write equipment 41/42/43 (such as:
The safety identification code of three the second read-write equipments is respectively P004, P005 and P006), and each second
The second antenna 220 on read-write equipment 41/42/43 can launch signal so that each is by the second reading
The electronic tag 12 of write device 41/42/43 after receiving the signal that the second antenna 220 can be launched,
I.e. can trigger electronic tag 12 to be sent out by the Products Information being stored in inside, then by the second read-write equipment
Second antenna 220 of 41/42/43 receives the message that electronic tag 12 transmits, through output/input interface 130
Be transferred to after controller 210 processes, and using client_share_key by client_uuid and
After electronic tag 12 message data encode, by wireless transport module 240 by the message transmission after coding
To acting on behalf of servomechanism installation 700;And act on behalf of servomechanism installation 700 and receiving the data that client terminal device is transmitted
After string, it is left intact, but directly the data string received directly is sent out;Fill beyond the clouds
Put after the reception/transmission interface module 510 of 500 receives the serial data acting on behalf of servomechanism installation 700, can warp again
Cross data processing module 520 to decode, at this point it is possible to by the message storage within electronic tag 12 to internal memory
Storage area set by module 530, such as, stores to the storage area set by specific company;Or
Person can synchronize to be sent on display module 600 demonstrate information by the message within electronic tag 12;Also
Or pending data processing module 520 by the message within many electronic tags 12 after particular procedure, then
It is sent to demonstrate on display module 600 information status of setting;Make high in the clouds device 500 it is known that
It is sent into the product quantity in second position region 2 and the name of an article of each product and recognition coding, Ke Yijin
One step is compared with the storage data in memory modules 530 so that high in the clouds device 500 can have been grasped
Which product and quantity come into be deposited to second position region 2;Additionally, the present embodiment is to second
The safety verification mode of the transmitted message of read-write equipment 41/42/43 as hereinbefore, illustrates the most separately;
Being safety identification code at difference therein, for the present embodiment, the P in P004 represents and is disposed on
Read-write equipment on freight container, therefore it can select transmit or do not transmit coordinate (including through/latitude)
Message.
Followed by, refer to Fig. 9, in the Internet of Things product stream management system first embodiment of the present invention
Second position area schematic.In second position region 2, it is further configured with at least one permissible
As family end device 100 third reading write device 51/52/53 (such as: the peace of three third reading write devices
Full identification code is respectively G007, G008 and G009), wherein, each third reading write device 51/52/53
It is that at least one third antenna the 320, the 3rd control module 310, positioner 150 and the 3rd are wirelessly transferred
Module 340 is formed.These third reading write devices 51/52/53 are in order to being placed in the second position 2
Product 10 is scanned or monitors, the safest to guarantee the product quantity leaving second position region 2 in
It is placed in second position region 2;It will be apparent that in the present embodiment, this second position region 2 is
A kind of freight container transporting product, has made whole product 10 during transporting, and these third reading write dress
Put 51/52/53 and all can send the message electronic tag to product 10 via third antenna 320 constantly
After 12, i.e. can trigger electronic tag 12 and the Products Information being stored in inside is emitted, then by the 3rd
The third antenna 320 of read-write equipment 51/52/53 receives the message that electronic tag 12 is launched, through output
After incoming interface 130 is transferred to controller 110 process, and will at use client_share_key
After client_uuid and electronic tag 12 message data encode, will compile wireless transport module 140
Message after Ma is sent to act on behalf of servomechanism installation 700;And act on behalf of servomechanism installation 700 and receiving client dress
After putting transmitted serial data, it is left intact, but directly the data string received directly is transmitted
Go out;Reception/the transmission interface module 510 of device 500 receives the number acting on behalf of servomechanism installation 700 beyond the clouds
After string, can decode through data processing module 520 again, at this point it is possible to by within electronic tag 12
Message storage is to the storage area set by memory modules 530, such as, stores to set by specific company
Storage area;Or can synchronize the message within electronic tag 12 is sent to display module 600
On demonstrate information;Also or pending data processing module 520 is by the message warp within many electronic tags 12
After crossing particular procedure, then it is sent to demonstrate on display module 600 information status of setting;Make high in the clouds
By gps coordinate message, device 500 can judge that product is transported to where at present.
Additionally, it is emphasized that electronic tag described in above-described embodiment can include NFC, RFID,
The one of which such as ID stamp or ID paster;Wherein, if placed at the product in the second position (counter) 2
When electronic tag 12 on product 10 is RFID, then the third reading being arranged in the second position (counter) 2 is write
Device 51/52/53 can be fixed on a position;And if when being placed in the second position (counter) 2
When electronic tag 12 on product 10 is NFC, ID stamp or ID paster, then it is arranged in the second position
Third reading write device 51/52/53 in 2 is necessary for wanting to move in the second position (counter) 2, with really
Scan each product 10 surely.Furthermore, electronic tag in system 12 and first antenna 120, the
The frequency of two antennas 220 and third antenna 320 is to be mutually matched.
It addition, it is also to be stressed that, high in the clouds device 500 is a kind of fixed domain name system (DNS), its tool
There is the function of server (sever) and there is the function communicated with client terminal device 100, being to be connect by one
Transmit/receive and penetrate interface module 510, data processing module 520 is formed with memory modules 530, and permissible
It is connected with display module 600 by reception/transmission interface module 510;Data processing module 520 has been incited somebody to action
At least one first read-write equipment 31/32/33 being arranged on first gateway in primary importance region 1
Safety identification code, the title in warehouse, place or the numbering of (such as configuration 3 the first read-write equipments) and its
The messages such as the coordinate (including longitude and latitude) of position are noted down and are stored in the internal memory of memory modules 530;
Same, data processing module 520 is the most by the second gateway being arranged in second position region 2
At least one the second read-write equipment 41/42/43 safety identification code (such as configuration 3 second read-write dress
Put), the message record such as the coordinate (including longitude and latitude) of the title in warehouse, place or numbering and its position
And be stored in memory modules 530 internal memory in;And be arranged in the second position 2 at least one the 3rd
Read-write equipment 51/52/53, its safety identification code, the title in warehouse, place or numbering and its position
The message such as coordinate (including longitude and latitude), also can be recorded and be stored in the internal memory of memory modules 530,
As shown in Fig. 7 B and Fig. 7 C, wherein, the storage data signal that Fig. 7 C present invention is stored in memory modules
Figure.When the client_uuid that data processing module 520 judgement is received and serial data are correct, so that it may
With by these message storage to the dedicated storage space set by memory modules 530;When judging to be received
When client_uuid and serial data are incorrect or time wrong, represent the read-write equipment not thing received
Workflow Management System is transmitted, and hacker's message may be had to invade or client data is abnormal, therefore high in the clouds device
It is to ignore this message or permissible that the data processing module 520 of 500 will determine according to differentiating result
Select to close this and act on behalf of servomechanism installation 700 or the notice that gives a warning, do not carry out follow-up process.
Additionally, product 10 message in primary importance region 1 can enter primary importance at product 10
Before region 1 the most just already recorded in high in the clouds device 500 at data processing module 520 or memory modules 530
In;It can also select by a plurality of products 10 all through first read-write equipment in primary importance region 1
After 31/32/33, by by product 10 quantity in primary importance region 1 and the name of an article of each product
And after recognition coding all records, resettle product product quantity in primary importance region 1 and each
The name of an article of individual product and recognition coding data, and also record beyond the clouds device 500 at data processing module 520
Or in memory modules 530, as seen in figure 7 c;Now, high in the clouds device 500 is at data processing module 520
Perform to store to memory modules 530, also can increase the time record that data store, with
One of data as follow-up comparison.And select with in which kind of mode record primary importance region 1 aforementioned
Product quantity and the name of an article of each product and recognition coding data, the present invention is not any limitation as.
It will be apparent that when product quantity in primary importance region 1 and the name of an article of each product and knowledge
After the data such as coding do not have built up the memory modules 530 of device 500 beyond the clouds, i.e. can be filled by high in the clouds
The data processing module 520 put in 500 carries out processing and comparison;When data processing module 520 is through peace
Complete judge and after message processes, i.e. will appreciate that the product quantity by primary importance region 1 and each
The name of an article of product and recognition coding, can further with the storage data in memory modules 530 (such as Fig. 7 C
Shown in) compare so which product high in the clouds device 500 can grasp and quantity has moved out first
The band of position 1.Now, high in the clouds device 500 can pass through reception/transmission interface module 510 and display
With regard to 600 connect, in order to by former be stored in the product quantity in primary importance region 1, the name of an article of product and
The time of record all shows;Or demonstrate having which product and quantity to have moved out
Primary importance region 1, and during also how many products and quantity also leave primary importance region 1 in;Permissible
Manager is made to will appreciate that the name of an article of the product quantity in primary importance region 1 and product;Certainly, pipe
Reason person can also be through the mode of high in the clouds device 500 inquiry it is known that leave the product in primary importance region 1 in
The product name of an article and recognition coding thereof.
Finally, after the product stream of the present invention manages the running of system first embodiment, manager can
Also to deposit how many in warehouse up till now at the display module 600 being connected with high in the clouds device 500
Product, there are how many products transporting in way at present, have been transported at present where and predetermined when can arrive
The messages such as destination (Wangfujing Dajie);Meanwhile, manager can also be by high in the clouds device 500 to management
Product in system inquires about the name of an article and the recognition coding of its product.Same, preferable at another of the present invention
In embodiment, the first read-write equipment 31/32/33 being arranged in the second position 1 can also be write such as third reading
Device 51/52/53 is necessary for wanting to move in primary importance 1, can scan each product to determine
10。
Articla management system in the present invention can be integrated into article storage and sale management system further
Being a complete system, its detailed operation is described as follows.
Refer to Figure 10, be the article storage of Internet of Things product stream of the present invention management system the second embodiment
Management schematic diagram.First, it is placed into the first storage when multiple products 10 posting electronic tag 12
Region 1, the most in the first embodiment, is transported to Wangfujing Dajie by product (10,000 pairs of sport shoess)
The first storage region 1 in deposit, and be positioned over the product quantity in the first storage region 1, product
In the name of an article and recognition coding also memory already stored in high in the clouds device;It will be apparent that the first storage
Region 1 has a gateway, and is configured with at least one first read-write equipment on this gateway, each
Individual first read-write equipment all has a numbering 31/32/33 (such as: the safety of three the first read-write equipments is distinguished
Know code and be respectively A001, A002 and A003), the title in warehouse, place or numbering and its position
The messages such as coordinate (including longitude and latitude), and noted down or be stored in the memory of high in the clouds device
In.Then, the product being positioned in the first storage region (1) is delivered to different pins respectively as manager
When selling strong point, i.e. can be stored in a warehouse by the article of the present invention and sale management system is reached.
When the product (10,000 pairs of sport shoess) being positioned in the first storage region 1 to be sent five by manager respectively
Thousand pairs of sport shoess sell strong point, 3,000 pairs of sport shoess to the second sale strong point and 1,000 pairs of sport shoess to first
Strong point is sold to the 3rd;Now, the first pin is transported to when the sport shoes of production code member 1 to numbering 5000
When selling strong point, the gateway by the first storage region 1 is understood in the sport shoes of these numberings 1 to numbering 5000,
And on gateway, it is configured with at least one first read-write equipment, and wherein, each first read-write equipment
First antenna 120 on 31/32/33 can launch signal so that each passes through the first read-write equipment
The electronic tag 12 of 31/32/33, after receiving the signal that first antenna 120 can be launched, i.e. can touch
The Products Information being stored in inside is emitted by generating subtab 12, then by the first read-write equipment
The first antenna 120 of 31/32/33 receives the message that electronic tag 12 is launched, through output/input interface 130
Be transferred to after controller 110 processes, and using client_share_key by client_uuid and
After electronic tag 12 message data encode, by wireless transport module 140 by the message transmission after coding
To acting on behalf of servomechanism installation 700;And act on behalf of servomechanism installation 700 and receiving the data that client terminal device is transmitted
After string, it is left intact, but directly the data string received directly is sent out;Fill beyond the clouds
Put after the reception/transmission interface module 510 of 500 receives the serial data acting on behalf of servomechanism installation 700, can warp again
Cross data processing module 520 to decode, at this point it is possible to by the message storage within electronic tag 12 to internal memory
Storage area set by module 530, such as, stores to the storage area set by specific company;Its
In, the message that the first read-write equipment 31/32/33 is transmitted includes its numbering, the title in warehouse, place or volume
Number, the product name of an article in the coordinate (including longitude and latitude) of its position, electronic tag and recognition coding;
When the sport shoes of numbering 1 to numbering 5000 is all through first read-write equipment in the first storage region 1
After 31/32/33, it is evident that after the data processing module 520 of high in the clouds device 500 processes, i.e. can know
Road numbering 1 has moved out the first storage region 1 to the sport shoes of numbering 5000, and in high in the clouds device 500
Data processing module 520 sport shoes of numbering 1 to numbering 5000 will be removed the first storage region 1
Time record, such as: morning 9 point.And at the data processing module 520 of device 500 beyond the clouds
During reason, data processing module 520 can first confirm these messages received, if for management system
The first read-write equipment 31/32/33 sent;Such as, data processing module 520 confirms each to I haven't seen you for ages
The numbering of the first read-write equipment, the title in warehouse, place or numbering that individual feeding comes and its position
The messages such as coordinate (including longitude and latitude), if identical with the record message being stored in memory modules 530;
When the message that judgement is received is correct, it is possible to these first read-write equipments 31/32/33 are transmitted
Message storage is to the dedicated storage space set by memory modules 530 or can synchronize electronic tag 12
Internal message is sent on display module 600 demonstrate information;Also or pending data processing module 520
By the message within many electronic tags 12 after particular procedure, then it is sent on display module 600 aobvious
The information status of setting is shown;Make high in the clouds device 500;When the message that judgement is received is incorrect,
The hacker's message that expressed possibility to be invaded, therefore data processing module ignores that this message, does not carry out follow-up
Process or can select close this and act on behalf of servomechanism installation 700 or be further sent out warning to high in the clouds
Device.
Same, when the discrepancy in the first storage region 1 is passed through in the sport shoes of numbering 5001 to numbering 8000
After at least one on mouth the first read-write equipment 31/32/33, by identical System Operation, high in the clouds device
500 i.e. will appreciate that numbering 5001 to the sport shoes of numbering 8000 has moved out the first storage region 1, and cloud
The sport shoes of numbering 5001 to numbering 8000 will be moved by the data processing module 520 in end device 500
Go out the time record in the first storage region 1, such as: morning 10 point.When numbering 8001 is to numbering 9000
Sport shoes by first storage region 1 gateway at least one first read-write equipment 31/32/33
After, by identical System Operation, high in the clouds device 500 i.e. will appreciate that numbering 8001 is to numbering 9000
Sport shoes has moved out the first storage region 1, and the data processing module 520 in high in the clouds device 500 is just
The sport shoes of numbering 8001 to numbering 9000 can be removed the time record in the first storage region 1, such as:
Morning 11 point.When the second embodiment operates now, manager can be connected with high in the clouds device 500
See on display module 600 and in warehouse, also deposit numbering 9001 up till now to the motion of numbering 10000
Footwear;And numbering 1 is to sport shoes, the sport shoes of numbering 5001 to numbering 8000 and the numbering of numbering 5000
8001 then show to the sport shoes of numbering 9000 and to have moved out the first storage region 1 in the different time.
Then, after the sport shoes of numbering 1 to numbering 5000 has been conveyed into the first sale strong point, i.e. can
By the read-write equipment 61 (such as: safety identification code is S010) being arranged in the first sale strong point, therefore,
Through after the running that system is same as before, manager can be at the display module being connected with high in the clouds device 500
See on 600 and in warehouse, also deposit numbering 9001 up till now to the sport shoes of numbering 10000;And number
1 to numbering 5000 sport shoes in the morning 11 left in the first sale strong point, and manager
Can also be carried out the inquiry of Products Information by high in the clouds device 500, such as number of queries 1 is to numbering 5000
The size message of sport shoes.Same, when numbering 5001 has been conveyed into the sport shoes of numbering 8000
Second sells behind strong point, i.e. can by the read-write equipment 62 that is arranged in the second sale strong point (such as: peace
Full identification code is S011), therefore, through after the running that system is same as before, manager can with cloud
See on the display module 600 that end device 500 connects in warehouse, also deposit numbering 9001 to volume up till now
The sport shoes of numbers 10000, the sport shoes of numbering 1 to numbering 5000 in the morning 11 left in
One sells strong point and numbering 5001 to the sport shoes of numbering 8000 has deposited in the morning for 11: 30
It is placed in the second sale strong point, and manager can also carry out looking into of Products Information by high in the clouds device 500
Ask, the size message of such as number of queries 5001 to numbering 8000 sport shoes.Followed by, when numbering 8001
After extremely the sport shoes of numbering 9000 has been conveyed into the 3rd sale strong point, i.e. can be by being arranged in the 3rd sale
Read-write equipment 63 (such as: safety identification code is S012) in strong point, therefore, same as before through system
Running after, manager can exist up till now at the display module 600 being connected with high in the clouds device 500
Warehouse is also deposited numbering 9001 to the sport shoes of numbering 10000, the fortune of numbering 1 to numbering 5000
Dynamic footwear in the morning 11 left the first sale strong point, the sport shoes of numbering 5001 to numbering 8000 in
The second sale strong point and numbering 8001 within 11: 30, are left in the morning in numbering 9000
Sport shoes in the morning 12 left in the 3rd sale strong point, and manager can also be filled by high in the clouds
Put 500 inquiries carrying out Products Information, such as number of queries 8001 to the size of numbering 9000 sport shoes
Message.
Finally, the sale running of this second embodiment is described, refer to Figure 11, be the Internet of Things of the present invention
The sales management schematic diagram of product stream management system the second embodiment.As shown in figure 11, when client
After determining product (such as: sport shoes numbering the 999th) to be bought, service personal can carry product 10
Settle accounts to sales counter.Now, the electronic tag 12 on product 10 can be taken to being arranged in by salesman
Read-write equipment 71 (such as: numbered CS0100) on sales counter, wherein, the read-write dress being arranged on sales counter
Put 71 in addition to having identical structure with general read-write equipment, have demagnetization module 170 the most further;When really
Determine after client is complete payment, i.e. to be sent the sport shoes of numbering the 999th by sales counter notice read-write equipment 71
The message having been sold out, due to the numbering of read-write equipment 71 being arranged on sales counter, the name of point of sale, place
Claim or the message such as coordinate (including longitude and latitude) of numbering and position thereof be already stored in the device of high in the clouds,
Therefore after the message completing production marketing is sent by the read-write equipment 71 being arranged on sales counter, through high in the clouds
After the data processing module 520 of device 500 processes, will be by reception/transmission interface module 510 aobvious
Show that the sport shoes demonstrating the numbering the 999th originally leaving the first point of sale in module 600 has been sold out
Message.Therefore, through after the running that system is same as before, manager can with high in the clouds device 500
See that the sport shoes of the numbering the 999th leaving the first point of sale in is sold on commission on the display module 600 connected
The message gone out.Same, when volume sent by the read-write equipment (not shown in the figures) leaving the second point of sale in
Message that the sport shoes of number the 5999th has been sold out and the read-write equipment leaving the 3rd point of sale in (do not show
In figure) send the message that the sport shoes of numbering the 8999th has been sold out after, through high in the clouds device 500
After data processing module 520 processes, will be by reception/transmission interface module 510 at display module 600
Message that the sport shoes of the numbering the 999th of upper display the first point of sale has been sold out, the volume of the second point of sale
Message that the sport shoes of number the 5999th has been sold out and the sport shoes of the numbering the 8999th of the 3rd point of sale
The message having been sold out;It is finally shown on display module 600, and it sells the display result of message,
As shown in figure 12, it is the schematic diagram that shows of the manager's message in the present invention.
Additionally, when the electronic tag being arranged on product 10 is to use RFID, then this RFID can return
Receipts re-use;Certainly these electronic tags 12 being arranged on product can also use other patterns, such as:
Including NFC, ID stamp or ID paster etc..And the electronic tag 12 of this second embodiment with in system
The frequency of each antenna 120/220/320 be mutually matched.
After the detailed description with the second embodiment of the above-mentioned first embodiment, the present invention can be entered
After one step combination, i.e. can form the complete article storage of the present invention, logistics and sale management system, therefore not
Describe in detail again.
Although the present invention is disclosed above with aforesaid preferred embodiment, so it is not limited to the present invention,
Any it is familiar with this area those skilled in the art, without departing from the spirit and scope of the present invention, when making a little change
With retouching, therefore the scope of patent protection of the present invention must be defined depending on this specification appending claims
Person is as the criterion.