CN106331142A - Cloud service based intelligent home control system - Google Patents
Cloud service based intelligent home control system Download PDFInfo
- Publication number
- CN106331142A CN106331142A CN201610796969.3A CN201610796969A CN106331142A CN 106331142 A CN106331142 A CN 106331142A CN 201610796969 A CN201610796969 A CN 201610796969A CN 106331142 A CN106331142 A CN 106331142A
- Authority
- CN
- China
- Prior art keywords
- cloud
- privately owned
- service
- home appliance
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
- H04L12/2818—Controlling appliance services of a home automation network by calling their functionalities from a device located outside both the home and the home network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a cloud service based intelligent home control system, which comprises an intelligent home control center, an intelligent home wireless router and a cloud resource service center, and is characterized in that the intelligent home control center and the cloud resource service center perform connection and control through signal transmission of the intelligent home wireless router; the intelligent home control center comprises household electrical appliances and household electrical appliance controller which are connected with a household router and located in a home local area network; the household electrical appliance controller is used for acquiring relevant information of each household electrical appliance through an interface provided by the corresponding household electrical appliance, uploading the relevant information to the cloud resource service center, receiving a working strategy sent by the cloud resource service center in allusion to the household electrical appliance, accepting control of the cloud resource service center and supporting a temporary host strategy. The single intelligent home control center can still work when the network is disconnected, and a temporary host of the intelligent home takes the place of the cloud resource service center to execute control management tasks on other household electrical appliances.
Description
Technical field
The present invention relates to Smart Home design field, be specifically related to a kind of intelligent home control system based on cloud service.
Background technology
In correlation technique, along with intelligent operating system and the development of development of Mobile Internet technology, intelligent residence has become house
One of development trend of electricity equipment.Smart Home concept in last century just it has been proposed that but do not have widely available so far, though present situation is such as
This, but Ge great household appliances enterprise still has an optimistic view of and changes development field, and manpower of injecting capital into is researched and developed, and by analysis, Smart Home
The reason not being widely popularized is: 1) communication protocol disunity between each home appliance, it is impossible to realize interconnection;2) the most existing
Intelligent appliance integrated scheme needs user to be equipped with single control main frame thus increases hardware cost;3) intelligent appliance integrates intelligence
Effect fails to reach user's expectation.
Summary of the invention
For solving the problems referred to above, the present invention provides a kind of intelligent home control system based on cloud service.
The purpose of the present invention realizes by the following technical solutions:
A kind of intelligent home control system based on cloud service, including Intelligent housing center, Smart Home without circuit
By device, cloud resource service center, described Intelligent housing center and cloud resource service are centrally through Smart Home wireless routing
The transmission of device signal is attached controlling;Described cloud resource service center is for managing in the Intelligent housing in units of family
The heart, inquires about according to the data that the home appliance at Intelligent housing center provides to cloud resource service center or analyzes, give
Go out the working strategies of respective electric home, and specify household electrical appliances to set according to the home appliance relevant information at Intelligent housing center
Standby interim main frame;Described Intelligent housing center includes being connected with home router and being positioned at each in family lan
Home appliance and home appliance modulator;Described home appliance modulator is obtained for the interface provided by home appliance should
The relevant information of home appliance is also uploaded to cloud resource service center, and receive that cloud resource service center issues sets for these household electrical appliances
Standby working strategies is to accept the control at cloud resource service center, and supports interim host policies.
The invention have the benefit that in cloud resource service center set and all Intelligent housing centers are carried out concentrate tube
Reason controls, and when network disconnects, single Intelligent housing center still can work, the interim main frame of Smart Home take over cloud
Resource service center performs the control management role to other home appliance.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is present configuration connection diagram.
During Fig. 2, the present invention is across the structure connection diagram of cloud customer certification system.
Reference:
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, across cloud user authentication system
System 4, service request terminal 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44, information storage
System 45, mixed cloud identity management module 421, mixed cloud administration by different levels module 422, across cloud authentication module 431, alarm module
432。
Detailed description of the invention
The invention will be further described with the following Examples.
Application scenarios 1
See Fig. 1, Fig. 2, the intelligent home control system based on cloud service of an embodiment of this application scene, including
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, described Intelligent housing center 1 with
Cloud resource service center 3 is attached controlling by the transmission of Smart Home wireless router 2 signal;Described cloud resource service center
3 for management Intelligent housing center 1 in units of family, according to the home appliance at Intelligent housing center 1 to cloud
The data that resource service center 3 provides are inquired about or are analyzed, and provide the working strategies of respective electric home, and according to intelligence
The home appliance relevant information of home control center 1 specifies the interim main frame of home appliance;Described Intelligent housing center 1 is wrapped
Include each home appliance and home appliance modulator being connected and be positioned in family lan with home router;Described household electrical appliances
Equipment modulator is obtained the relevant information of this home appliance for the interface provided by home appliance and is uploaded to cloud resource clothes
Business center 3, the working strategies for this home appliance that reception cloud resource service center 3 issues is to accept cloud resource service center
The control of 3, and support interim host policies.
Preferably, the relevant information of described home appliance includes the model of equipment, performance, stability parameter.
The cloud resource service center 3 of the above embodiment of the present invention is concentrated and is concentrated all Intelligent housing centers 1
Management controls, and when network disconnects, single Intelligent housing center 1 still can work, the interim main frame of Smart Home connect
The control management role to other home appliance is performed for cloud resource service center 3.
Preferably, described interim host policies refers to: Intelligent housing center 1 disconnects even with cloud resource service center 3
In the case of connecing, weighed by relatively interim chiller priority each home appliance, current online and face in selecting family lan
Time the chiller priority the highest home appliance of power accept the management strategy control of interim main frame as interim main frame, other home appliance
System.
This preferred embodiment is provided with the particular content of interim host policies, preferably realizes interim main when network disconnects
The machine control to remaining home appliance.
Preferably, described cloud resource service center 3 includes across cloud customer certification system 4, described across cloud customer certification system 4
Between each privately owned cloud managing cloud resource service center 3 across cloud verify, described across cloud customer certification system 4 include service
Request end 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44 and information storage system 45;
Described service request terminal 41 provides access interface for accessing the privately owned cloud service in mixed cloud for service requester;
Described mixed cloud management system 42 includes mixed cloud identity management module 421, mixed cloud administration by different levels module 422;
Described mixed cloud identity management module 421 is used for being managed, based on Certificate Authentication Mechanism, the privately owned cloud adding mixed cloud, and
Set up the trusting relationship between each privately owned cloud;Described mixed cloud administration by different levels module 422 is for the security classification according to privately owned cloud
Privately owned cloud is divided into open level, confidential and confidential, and takes different security strategies to be managed for different brackets;
Described include across cloud authentication module 431 and alarm module 432 across cloud authentication administrative system 43;Described across cloud certification mould
Block 431 for carrying out the attribute token of acquisition service requester when cloud accesses at service requester, and based on self-defining across
Cloud authentication protocol realizes the service requester of local privately owned cloud and the service of other privately owned clouds is carried out recognizing across cloud when cloud accesses
Card;Described alarm module 432 is for the alert when obtaining attribute token failure or deciphering unsuccessfully;
Described access monitoring system 44 is monitored for the process accessed service requester across cloud;
Described information storage system 45 is for storing access information and the warning message of service requester.
Preferably, described service requester carry out when cloud accesses obtain service requester attribute token, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined password, and described self-defined password figure place have to be larger than 6, and by self-defined
Password and its identity by sending jointly to the certification of privately owned cloud together with described attribute request as message after encrypted signature
Agency, authentication proxy is decrypted checking by the private key of oneself and the PKI of user to message, after being verified, according to user
Attribute request dependence memory module in extract the attribute corresponding with attribute request sign and issue attribute token, generation session is close
Key, is sent to user after encrypted signature together with described attribute token and self-defined password;
(4), after user receives message, utilize the private key of oneself and the public key certificate of authentication proxy that message is decrypted, if
Containing self-defined password in information, then have authenticated the identity of described authentication proxy, also obtain attribute token simultaneously.
Preferably, the described alert when obtaining attribute token failure or deciphering unsuccessfully, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 432 sends alarm
Information, attribute token obtains after being sent to user, and information cannot be decrypted by user, it is impossible to complete authentication, alarm module
432 also alerts.
The above embodiment of the present invention devises the acquisition mode of attribute token, improve attribute token obtain safety and
Efficiency;Construct towards mixed cloud across cloud Verification System, user under mixed cloud environment can be met and adhere to different privately owned clouds separately
Authenticated domain, service access demand frequently.
Preferably, described mixed cloud identity management module 421 includes:
(1) certificate issuance unit: for when privately owned cloud adds or exits mixed cloud being authentication proxy's label of this privately owned cloud
Send out or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxy unit: for receiving the registration of the privately owned cloud being newly added, the privately owned cloud that management is newly added
The log-on message of authentication proxy, thus set up the trusting relationship between itself and privately owned cloud.
Preferably, the authentication proxy of described privately owned cloud supports ID authentication mechanism and Certificate Authentication Mechanism, is used for managing private
There is signing and issuing of the authentication in cloud and attribute token, and when carrying out across cloud certification across cloud authentication module 431, by described registration
Information is submitted to mixed cloud identity management module 421 and is registered, and receives the PKI card that mixed cloud identity management module 421 is signed and issued
Book;The log-on message of the authentication proxy of the privately owned cloud that described management is newly added, including: the certification generation of the privately owned cloud that examination & verification is newly added
The log-on message of reason, receive the authentication proxy of privately owned cloud being newly added log-on message, log-on message is stored in safety database,
The log-on message of the privately owned cloud exited is deleted when privately owned cloud exits mixed cloud.
Above-mentioned two preferred embodiment achieves the management to the privately owned cloud in mixed cloud, and the authentication proxy of privately owned cloud supports
ID authentication mechanism and Certificate Authentication Mechanism, make the management more science to the privately owned cloud in mixed cloud, and safety is high.
Preferably, privately owned cloud is divided into open level, confidential and confidential, bag by the described security classification according to privately owned cloud
Include:
(1) if certain privately owned cloud only allows this privately owned cloud founder self to access, then this privately owned cloud is confidential;
(2) if the user that certain privately owned cloud allows this privately owned cloud founder to authorize accesses, then this privately owned cloud is confidential;
(3) if certain privately owned cloud allows all users setting up trusting relationship with this privately owned cloud to access, then this privately owned cloud is public
Open level.
Preferably, described security strategy includes:
(1) for confidential privately owned cloud, using elliptic curve cipher system to be encrypted, visitor needs to carry out fingerprint inspection
Card could send access request;
(2) cloud privately owned for confidential, uses RSA cryptographic algorithms to be encrypted, and visitor needs to authorize U-shield to visit
Ask;
(3) for the open privately owned cloud of level, using des encryption algorithm to be encrypted, the visitor setting up trusting relationship is permissible
Directly transmit access request.
This preferred embodiment divides security classification to different privately owned clouds and designs corresponding security strategy, is ensureing safety
On the premise of different privately owned clouds can be conducted interviews.
Preferably, described information storage system 45 uses multilayered model to store information, including accumulation layer, management level
And interface layer, described accumulation layer is in the bottom of memory module, is made up of different equipment, described management level be positioned at accumulation layer it
On, by various softwares, storage device being managed, described interface layer user oriented provides service, it is possible to according to client's need
Ask, it is provided that different service interfaces.
This preferred embodiment is easy to be easy to manager's queried access information and warning message, it is simple to subsequent examination.
Preferably, described self-defining across cloud authentication protocol it is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester
Return to the random number of service requester together as message with carrying out servicing S when cloud accesses, after encrypted signature, be sent to clothes
Business S;
(2) after service S receives message, close to message solution label with the private key of oneself and the PKI of service requester, if message
Return to the random number of service requester containing described service S, then service requester authentication is passed through, service S and then generation
Another random number, carries out encrypted signature to another random number described and described self-defined numeral, forms feedback information, is sent to clothes
Business requestor;
(3) after service requester receives described feedback information, with the PKI of oneself private key and service S to feedback information solution
Sign close, if feedback information contains described self-defined numeral, then have authenticated the identity of service S, it is achieved thereby that both sides' recognizes each other mutually
Card.
This preferred embodiment devises self-defining across cloud authentication protocol, it is achieved that service requester and service between two-way
Certification, improves the safety of system and across the efficiency of cloud certification.
Preferably, described access monitoring system 44 is by access process vector X=(a1、a2、a3) be indicated, a1Represent
A situation arises for warning message, a2Represent user accesses whether meet security strategy, a3Represent running situation;Work as warning message
When not occurring, a1Take 1, otherwise take 0;User accesses when meeting security strategy, a2Take 1, otherwise take 0;The a when system normal operation3
Take 1, otherwise take 0;Only monitor system identification to access successfully when X=(1,1,1);Access monitoring system 44 at work to visit
Ask that unsuccessful time and number of times carry out record, in setting the time period, access unsuccessful number of times reach set point number, access prison
Examining system 44 sends warning information.
This preferred embodiment achieves the monitoring to user's access process, improves the safety of system.
In this application scenarios, described self-defined password figure place is 11, and certification speed improves 10%, and safety improves
12%.
Application scenarios 2
See Fig. 1, Fig. 2, the intelligent home control system based on cloud service of an embodiment of this application scene, including
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, described Intelligent housing center 1 with
Cloud resource service center 3 is attached controlling by the transmission of Smart Home wireless router 2 signal;Described cloud resource service center
3 for management Intelligent housing center 1 in units of family, according to the home appliance at Intelligent housing center 1 to cloud
The data that resource service center 3 provides are inquired about or are analyzed, and provide the working strategies of respective electric home, and according to intelligence
The home appliance relevant information of home control center 1 specifies the interim main frame of home appliance;Described Intelligent housing center 1 is wrapped
Include each home appliance and home appliance modulator being connected and be positioned in family lan with home router;Described household electrical appliances
Equipment modulator is obtained the relevant information of this home appliance for the interface provided by home appliance and is uploaded to cloud resource clothes
Business center 3, the working strategies for this home appliance that reception cloud resource service center 3 issues is to accept cloud resource service center
The control of 3, and support interim host policies.
Preferably, the relevant information of described home appliance includes the model of equipment, performance, stability parameter.
The cloud resource service center 3 of the above embodiment of the present invention is concentrated and is concentrated all Intelligent housing centers 1
Management controls, and when network disconnects, single Intelligent housing center 1 still can work, the interim main frame of Smart Home connect
The control management role to other home appliance is performed for cloud resource service center 3.
Preferably, described interim host policies refers to: Intelligent housing center 1 disconnects even with cloud resource service center 3
In the case of connecing, weighed by relatively interim chiller priority each home appliance, current online and face in selecting family lan
Time the chiller priority the highest home appliance of power accept the management strategy control of interim main frame as interim main frame, other home appliance
System.
This preferred embodiment is provided with the particular content of interim host policies, preferably realizes interim main when network disconnects
The machine control to remaining home appliance.
Preferably, described cloud resource service center 3 includes across cloud customer certification system 4, described across cloud customer certification system 4
Between each privately owned cloud managing cloud resource service center 3 across cloud verify, described across cloud customer certification system 4 include service
Request end 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44 and information storage system 45;
Described service request terminal 41 provides access interface for accessing the privately owned cloud service in mixed cloud for service requester;
Described mixed cloud management system 42 includes mixed cloud identity management module 421, mixed cloud administration by different levels module 422;
Described mixed cloud identity management module 421 is used for being managed, based on Certificate Authentication Mechanism, the privately owned cloud adding mixed cloud, and
Set up the trusting relationship between each privately owned cloud;Described mixed cloud administration by different levels module 422 is for the security classification according to privately owned cloud
Privately owned cloud is divided into open level, confidential and confidential, and takes different security strategies to be managed for different brackets;
Described include across cloud authentication module 431 and alarm module 432 across cloud authentication administrative system 43;Described across cloud certification mould
Block 431 for carrying out the attribute token of acquisition service requester when cloud accesses at service requester, and based on self-defining across
Cloud authentication protocol realizes the service requester of local privately owned cloud and the service of other privately owned clouds is carried out recognizing across cloud when cloud accesses
Card;Described alarm module 432 is for the alert when obtaining attribute token failure or deciphering unsuccessfully;
Described access monitoring system 44 is monitored for the process accessed service requester across cloud;
Described information storage system 45 is for storing access information and the warning message of service requester.
Preferably, described service requester carry out when cloud accesses obtain service requester attribute token, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined password, and described self-defined password figure place have to be larger than 6, and by self-defined
Password and its identity by sending jointly to the certification of privately owned cloud together with described attribute request as message after encrypted signature
Agency, authentication proxy is decrypted checking by the private key of oneself and the PKI of user to message, after being verified, according to user
Attribute request dependence memory module in extract the attribute corresponding with attribute request sign and issue attribute token, generation session is close
Key, is sent to user after encrypted signature together with described attribute token and self-defined password;
(4), after user receives message, utilize the private key of oneself and the public key certificate of authentication proxy that message is decrypted, if
Containing self-defined password in information, then have authenticated the identity of described authentication proxy, also obtain attribute token simultaneously.
Preferably, the described alert when obtaining attribute token failure or deciphering unsuccessfully, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 432 sends alarm
Information, attribute token obtains after being sent to user, and information cannot be decrypted by user, it is impossible to complete authentication, alarm module
432 also alerts.
The above embodiment of the present invention devises the acquisition mode of attribute token, improve attribute token obtain safety and
Efficiency;Construct towards mixed cloud across cloud Verification System, user under mixed cloud environment can be met and adhere to different privately owned clouds separately
Authenticated domain, service access demand frequently.
Preferably, described mixed cloud identity management module 421 includes:
(1) certificate issuance unit: for when privately owned cloud adds or exits mixed cloud being authentication proxy's label of this privately owned cloud
Send out or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxy unit: for receiving the registration of the privately owned cloud being newly added, the privately owned cloud that management is newly added
The log-on message of authentication proxy, thus set up the trusting relationship between itself and privately owned cloud.
Preferably, the authentication proxy of described privately owned cloud supports ID authentication mechanism and Certificate Authentication Mechanism, is used for managing private
There is signing and issuing of the authentication in cloud and attribute token, and when carrying out across cloud certification across cloud authentication module 431, by described registration
Information is submitted to mixed cloud identity management module 421 and is registered, and receives the PKI card that mixed cloud identity management module 421 is signed and issued
Book;The log-on message of the authentication proxy of the privately owned cloud that described management is newly added, including: the certification generation of the privately owned cloud that examination & verification is newly added
The log-on message of reason, receive the authentication proxy of privately owned cloud being newly added log-on message, log-on message is stored in safety database,
The log-on message of the privately owned cloud exited is deleted when privately owned cloud exits mixed cloud.
Above-mentioned two preferred embodiment achieves the management to the privately owned cloud in mixed cloud, and the authentication proxy of privately owned cloud supports
ID authentication mechanism and Certificate Authentication Mechanism, make the management more science to the privately owned cloud in mixed cloud, and safety is high.
Preferably, privately owned cloud is divided into open level, confidential and confidential, bag by the described security classification according to privately owned cloud
Include:
(1) if certain privately owned cloud only allows this privately owned cloud founder self to access, then this privately owned cloud is confidential;
(2) if the user that certain privately owned cloud allows this privately owned cloud founder to authorize accesses, then this privately owned cloud is confidential;
(3) if certain privately owned cloud allows all users setting up trusting relationship with this privately owned cloud to access, then this privately owned cloud is public
Open level.
Preferably, described security strategy includes:
(1) for confidential privately owned cloud, using elliptic curve cipher system to be encrypted, visitor needs to carry out fingerprint inspection
Card could send access request;
(2) cloud privately owned for confidential, uses RSA cryptographic algorithms to be encrypted, and visitor needs to authorize U-shield to visit
Ask;
(3) for the open privately owned cloud of level, using des encryption algorithm to be encrypted, the visitor setting up trusting relationship is permissible
Directly transmit access request.
This preferred embodiment divides security classification to different privately owned clouds and designs corresponding security strategy, is ensureing safety
On the premise of different privately owned clouds can be conducted interviews.
Preferably, described information storage system 45 uses multilayered model to store information, including accumulation layer, management level
And interface layer, described accumulation layer is in the bottom of memory module, is made up of different equipment, described management level be positioned at accumulation layer it
On, by various softwares, storage device being managed, described interface layer user oriented provides service, it is possible to according to client's need
Ask, it is provided that different service interfaces.
This preferred embodiment is easy to be easy to manager's queried access information and warning message, it is simple to subsequent examination.
Preferably, described self-defining across cloud authentication protocol it is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester
Return to the random number of service requester together as message with carrying out servicing S when cloud accesses, after encrypted signature, be sent to clothes
Business S;
(2) after service S receives message, close to message solution label with the private key of oneself and the PKI of service requester, if message
Return to the random number of service requester containing described service S, then service requester authentication is passed through, service S and then generation
Another random number, carries out encrypted signature to another random number described and described self-defined numeral, forms feedback information, is sent to clothes
Business requestor;
(3) after service requester receives described feedback information, with the PKI of oneself private key and service S to feedback information solution
Sign close, if feedback information contains described self-defined numeral, then have authenticated the identity of service S, it is achieved thereby that both sides' recognizes each other mutually
Card.
This preferred embodiment devises self-defining across cloud authentication protocol, it is achieved that service requester and service between two-way
Certification, improves the safety of system and across the efficiency of cloud certification.
Preferably, described access monitoring system 44 is by access process vector X=(a1、a2、a3) be indicated, a1Represent
A situation arises for warning message, a2Represent user accesses whether meet security strategy, a3Represent running situation;Work as warning message
When not occurring, a1Take 1, otherwise take 0;User accesses when meeting security strategy, a2Take 1, otherwise take 0;The a when system normal operation3
Take 1, otherwise take 0;Only monitor system identification to access successfully when X=(1,1,1);Access monitoring system 44 at work to visit
Ask that unsuccessful time and number of times carry out record, in setting the time period, access unsuccessful number of times reach set point number, access prison
Examining system 44 sends warning information.
This preferred embodiment achieves the monitoring to user's access process, improves the safety of system.
In this application scenarios, described self-defined password figure place is 10, and certification speed improves 11%, and safety improves
11%.
Application scenarios 3
See Fig. 1, Fig. 2, the intelligent home control system based on cloud service of an embodiment of this application scene, including
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, described Intelligent housing center 1 with
Cloud resource service center 3 is attached controlling by the transmission of Smart Home wireless router 2 signal;Described cloud resource service center
3 for management Intelligent housing center 1 in units of family, according to the home appliance at Intelligent housing center 1 to cloud
The data that resource service center 3 provides are inquired about or are analyzed, and provide the working strategies of respective electric home, and according to intelligence
The home appliance relevant information of home control center 1 specifies the interim main frame of home appliance;Described Intelligent housing center 1 is wrapped
Include each home appliance and home appliance modulator being connected and be positioned in family lan with home router;Described household electrical appliances
Equipment modulator is obtained the relevant information of this home appliance for the interface provided by home appliance and is uploaded to cloud resource clothes
Business center 3, the working strategies for this home appliance that reception cloud resource service center 3 issues is to accept cloud resource service center
The control of 3, and support interim host policies.
Preferably, the relevant information of described home appliance includes the model of equipment, performance, stability parameter.
The cloud resource service center 3 of the above embodiment of the present invention is concentrated and is concentrated all Intelligent housing centers 1
Management controls, and when network disconnects, single Intelligent housing center 1 still can work, the interim main frame of Smart Home connect
The control management role to other home appliance is performed for cloud resource service center 3.
Preferably, described interim host policies refers to: Intelligent housing center 1 disconnects even with cloud resource service center 3
In the case of connecing, weighed by relatively interim chiller priority each home appliance, current online and face in selecting family lan
Time the chiller priority the highest home appliance of power accept the management strategy control of interim main frame as interim main frame, other home appliance
System.
This preferred embodiment is provided with the particular content of interim host policies, preferably realizes interim main when network disconnects
The machine control to remaining home appliance.
Preferably, described cloud resource service center 3 includes across cloud customer certification system 4, described across cloud customer certification system 4
Between each privately owned cloud managing cloud resource service center 3 across cloud verify, described across cloud customer certification system 4 include service
Request end 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44 and information storage system 45;
Described service request terminal 41 provides access interface for accessing the privately owned cloud service in mixed cloud for service requester;
Described mixed cloud management system 42 includes mixed cloud identity management module 421, mixed cloud administration by different levels module 422;
Described mixed cloud identity management module 421 is used for being managed, based on Certificate Authentication Mechanism, the privately owned cloud adding mixed cloud, and
Set up the trusting relationship between each privately owned cloud;Described mixed cloud administration by different levels module 422 is for the security classification according to privately owned cloud
Privately owned cloud is divided into open level, confidential and confidential, and takes different security strategies to be managed for different brackets;
Described include across cloud authentication module 431 and alarm module 432 across cloud authentication administrative system 43;Described across cloud certification mould
Block 431 for carrying out the attribute token of acquisition service requester when cloud accesses at service requester, and based on self-defining across
Cloud authentication protocol realizes the service requester of local privately owned cloud and the service of other privately owned clouds is carried out recognizing across cloud when cloud accesses
Card;Described alarm module 432 is for the alert when obtaining attribute token failure or deciphering unsuccessfully;
Described access monitoring system 44 is monitored for the process accessed service requester across cloud;
Described information storage system 45 is for storing access information and the warning message of service requester.
Preferably, described service requester carry out when cloud accesses obtain service requester attribute token, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined password, and described self-defined password figure place have to be larger than 6, and by self-defined
Password and its identity by sending jointly to the certification of privately owned cloud together with described attribute request as message after encrypted signature
Agency, authentication proxy is decrypted checking by the private key of oneself and the PKI of user to message, after being verified, according to user
Attribute request dependence memory module in extract the attribute corresponding with attribute request sign and issue attribute token, generation session is close
Key, is sent to user after encrypted signature together with described attribute token and self-defined password;
(4), after user receives message, utilize the private key of oneself and the public key certificate of authentication proxy that message is decrypted, if
Containing self-defined password in information, then have authenticated the identity of described authentication proxy, also obtain attribute token simultaneously.
Preferably, the described alert when obtaining attribute token failure or deciphering unsuccessfully, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 432 sends alarm
Information, attribute token obtains after being sent to user, and information cannot be decrypted by user, it is impossible to complete authentication, alarm module
432 also alerts.
The above embodiment of the present invention devises the acquisition mode of attribute token, improve attribute token obtain safety and
Efficiency;Construct towards mixed cloud across cloud Verification System, user under mixed cloud environment can be met and adhere to different privately owned clouds separately
Authenticated domain, service access demand frequently.
Preferably, described mixed cloud identity management module 421 includes:
(1) certificate issuance unit: for when privately owned cloud adds or exits mixed cloud being authentication proxy's label of this privately owned cloud
Send out or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxy unit: for receiving the registration of the privately owned cloud being newly added, the privately owned cloud that management is newly added
The log-on message of authentication proxy, thus set up the trusting relationship between itself and privately owned cloud.
Preferably, the authentication proxy of described privately owned cloud supports ID authentication mechanism and Certificate Authentication Mechanism, is used for managing private
There is signing and issuing of the authentication in cloud and attribute token, and when carrying out across cloud certification across cloud authentication module 431, by described registration
Information is submitted to mixed cloud identity management module 421 and is registered, and receives the PKI card that mixed cloud identity management module 421 is signed and issued
Book;The log-on message of the authentication proxy of the privately owned cloud that described management is newly added, including: the certification generation of the privately owned cloud that examination & verification is newly added
The log-on message of reason, receive the authentication proxy of privately owned cloud being newly added log-on message, log-on message is stored in safety database,
The log-on message of the privately owned cloud exited is deleted when privately owned cloud exits mixed cloud.
Above-mentioned two preferred embodiment achieves the management to the privately owned cloud in mixed cloud, and the authentication proxy of privately owned cloud supports
ID authentication mechanism and Certificate Authentication Mechanism, make the management more science to the privately owned cloud in mixed cloud, and safety is high.
Preferably, privately owned cloud is divided into open level, confidential and confidential, bag by the described security classification according to privately owned cloud
Include:
(1) if certain privately owned cloud only allows this privately owned cloud founder self to access, then this privately owned cloud is confidential;
(2) if the user that certain privately owned cloud allows this privately owned cloud founder to authorize accesses, then this privately owned cloud is confidential;
(3) if certain privately owned cloud allows all users setting up trusting relationship with this privately owned cloud to access, then this privately owned cloud is public
Open level.
Preferably, described security strategy includes:
(1) for confidential privately owned cloud, using elliptic curve cipher system to be encrypted, visitor needs to carry out fingerprint inspection
Card could send access request;
(2) cloud privately owned for confidential, uses RSA cryptographic algorithms to be encrypted, and visitor needs to authorize U-shield to visit
Ask;
(3) for the open privately owned cloud of level, using des encryption algorithm to be encrypted, the visitor setting up trusting relationship is permissible
Directly transmit access request.
This preferred embodiment divides security classification to different privately owned clouds and designs corresponding security strategy, is ensureing safety
On the premise of different privately owned clouds can be conducted interviews.
Preferably, described information storage system 45 uses multilayered model to store information, including accumulation layer, management level
And interface layer, described accumulation layer is in the bottom of memory module, is made up of different equipment, described management level be positioned at accumulation layer it
On, by various softwares, storage device being managed, described interface layer user oriented provides service, it is possible to according to client's need
Ask, it is provided that different service interfaces.
This preferred embodiment is easy to be easy to manager's queried access information and warning message, it is simple to subsequent examination.
Preferably, described self-defining across cloud authentication protocol it is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester
Return to the random number of service requester together as message with carrying out servicing S when cloud accesses, after encrypted signature, be sent to clothes
Business S;
(2) after service S receives message, close to message solution label with the private key of oneself and the PKI of service requester, if message
Return to the random number of service requester containing described service S, then service requester authentication is passed through, service S and then generation
Another random number, carries out encrypted signature to another random number described and described self-defined numeral, forms feedback information, is sent to clothes
Business requestor;
(3) after service requester receives described feedback information, with the PKI of oneself private key and service S to feedback information solution
Sign close, if feedback information contains described self-defined numeral, then have authenticated the identity of service S, it is achieved thereby that both sides' recognizes each other mutually
Card.
This preferred embodiment devises self-defining across cloud authentication protocol, it is achieved that service requester and service between two-way
Certification, improves the safety of system and across the efficiency of cloud certification.
Preferably, described access monitoring system 44 is by access process vector X=(a1、a2、a3) be indicated, a1Represent
A situation arises for warning message, a2Represent user accesses whether meet security strategy, a3Represent running situation;Work as warning message
When not occurring, a1Take 1, otherwise take 0;User accesses when meeting security strategy, a2Take 1, otherwise take 0;The a when system normal operation3
Take 1, otherwise take 0;Only monitor system identification to access successfully when X=(1,1,1);Access monitoring system 44 at work to visit
Ask that unsuccessful time and number of times carry out record, in setting the time period, access unsuccessful number of times reach set point number, access prison
Examining system 44 sends warning information.
This preferred embodiment achieves the monitoring to user's access process, improves the safety of system.
In this application scenarios, described self-defined password figure place is 9, and certification speed improves 12%, and safety improves
10%.
Application scenarios 4
See Fig. 1, Fig. 2, the intelligent home control system based on cloud service of an embodiment of this application scene, including
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, described Intelligent housing center 1 with
Cloud resource service center 3 is attached controlling by the transmission of Smart Home wireless router 2 signal;Described cloud resource service center
3 for management Intelligent housing center 1 in units of family, according to the home appliance at Intelligent housing center 1 to cloud
The data that resource service center 3 provides are inquired about or are analyzed, and provide the working strategies of respective electric home, and according to intelligence
The home appliance relevant information of home control center 1 specifies the interim main frame of home appliance;Described Intelligent housing center 1 is wrapped
Include each home appliance and home appliance modulator being connected and be positioned in family lan with home router;Described household electrical appliances
Equipment modulator is obtained the relevant information of this home appliance for the interface provided by home appliance and is uploaded to cloud resource clothes
Business center 3, the working strategies for this home appliance that reception cloud resource service center 3 issues is to accept cloud resource service center
The control of 3, and support interim host policies.
Preferably, the relevant information of described home appliance includes the model of equipment, performance, stability parameter.
The cloud resource service center 3 of the above embodiment of the present invention is concentrated and is concentrated all Intelligent housing centers 1
Management controls, and when network disconnects, single Intelligent housing center 1 still can work, the interim main frame of Smart Home connect
The control management role to other home appliance is performed for cloud resource service center 3.
Preferably, described interim host policies refers to: Intelligent housing center 1 disconnects even with cloud resource service center 3
In the case of connecing, weighed by relatively interim chiller priority each home appliance, current online and face in selecting family lan
Time the chiller priority the highest home appliance of power accept the management strategy control of interim main frame as interim main frame, other home appliance
System.
This preferred embodiment is provided with the particular content of interim host policies, preferably realizes interim main when network disconnects
The machine control to remaining home appliance.
Preferably, described cloud resource service center 3 includes across cloud customer certification system 4, described across cloud customer certification system 4
Between each privately owned cloud managing cloud resource service center 3 across cloud verify, described across cloud customer certification system 4 include service
Request end 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44 and information storage system 45;
Described service request terminal 41 provides access interface for accessing the privately owned cloud service in mixed cloud for service requester;
Described mixed cloud management system 42 includes mixed cloud identity management module 421, mixed cloud administration by different levels module 422;
Described mixed cloud identity management module 421 is used for being managed, based on Certificate Authentication Mechanism, the privately owned cloud adding mixed cloud, and
Set up the trusting relationship between each privately owned cloud;Described mixed cloud administration by different levels module 422 is for the security classification according to privately owned cloud
Privately owned cloud is divided into open level, confidential and confidential, and takes different security strategies to be managed for different brackets;
Described include across cloud authentication module 431 and alarm module 432 across cloud authentication administrative system 43;Described across cloud certification mould
Block 431 for carrying out the attribute token of acquisition service requester when cloud accesses at service requester, and based on self-defining across
Cloud authentication protocol realizes the service requester of local privately owned cloud and the service of other privately owned clouds is carried out recognizing across cloud when cloud accesses
Card;Described alarm module 432 is for the alert when obtaining attribute token failure or deciphering unsuccessfully;
Described access monitoring system 44 is monitored for the process accessed service requester across cloud;
Described information storage system 45 is for storing access information and the warning message of service requester.
Preferably, described service requester carry out when cloud accesses obtain service requester attribute token, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined password, and described self-defined password figure place have to be larger than 6, and by self-defined
Password and its identity by sending jointly to the certification of privately owned cloud together with described attribute request as message after encrypted signature
Agency, authentication proxy is decrypted checking by the private key of oneself and the PKI of user to message, after being verified, according to user
Attribute request dependence memory module in extract the attribute corresponding with attribute request sign and issue attribute token, generation session is close
Key, is sent to user after encrypted signature together with described attribute token and self-defined password;
(4), after user receives message, utilize the private key of oneself and the public key certificate of authentication proxy that message is decrypted, if
Containing self-defined password in information, then have authenticated the identity of described authentication proxy, also obtain attribute token simultaneously.
Preferably, the described alert when obtaining attribute token failure or deciphering unsuccessfully, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 432 sends alarm
Information, attribute token obtains after being sent to user, and information cannot be decrypted by user, it is impossible to complete authentication, alarm module
432 also alerts.
The above embodiment of the present invention devises the acquisition mode of attribute token, improve attribute token obtain safety and
Efficiency;Construct towards mixed cloud across cloud Verification System, user under mixed cloud environment can be met and adhere to different privately owned clouds separately
Authenticated domain, service access demand frequently.
Preferably, described mixed cloud identity management module 421 includes:
(1) certificate issuance unit: for when privately owned cloud adds or exits mixed cloud being authentication proxy's label of this privately owned cloud
Send out or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxy unit: for receiving the registration of the privately owned cloud being newly added, the privately owned cloud that management is newly added
The log-on message of authentication proxy, thus set up the trusting relationship between itself and privately owned cloud.
Preferably, the authentication proxy of described privately owned cloud supports ID authentication mechanism and Certificate Authentication Mechanism, is used for managing private
There is signing and issuing of the authentication in cloud and attribute token, and when carrying out across cloud certification across cloud authentication module 431, by described registration
Information is submitted to mixed cloud identity management module 421 and is registered, and receives the PKI card that mixed cloud identity management module 421 is signed and issued
Book;The log-on message of the authentication proxy of the privately owned cloud that described management is newly added, including: the certification generation of the privately owned cloud that examination & verification is newly added
The log-on message of reason, receive the authentication proxy of privately owned cloud being newly added log-on message, log-on message is stored in safety database,
The log-on message of the privately owned cloud exited is deleted when privately owned cloud exits mixed cloud.
Above-mentioned two preferred embodiment achieves the management to the privately owned cloud in mixed cloud, and the authentication proxy of privately owned cloud supports
ID authentication mechanism and Certificate Authentication Mechanism, make the management more science to the privately owned cloud in mixed cloud, and safety is high.
Preferably, privately owned cloud is divided into open level, confidential and confidential, bag by the described security classification according to privately owned cloud
Include:
(1) if certain privately owned cloud only allows this privately owned cloud founder self to access, then this privately owned cloud is confidential;
(2) if the user that certain privately owned cloud allows this privately owned cloud founder to authorize accesses, then this privately owned cloud is confidential;
(3) if certain privately owned cloud allows all users setting up trusting relationship with this privately owned cloud to access, then this privately owned cloud is public
Open level.
Preferably, described security strategy includes:
(1) for confidential privately owned cloud, using elliptic curve cipher system to be encrypted, visitor needs to carry out fingerprint inspection
Card could send access request;
(2) cloud privately owned for confidential, uses RSA cryptographic algorithms to be encrypted, and visitor needs to authorize U-shield to visit
Ask;
(3) for the open privately owned cloud of level, using des encryption algorithm to be encrypted, the visitor setting up trusting relationship is permissible
Directly transmit access request.
This preferred embodiment divides security classification to different privately owned clouds and designs corresponding security strategy, is ensureing safety
On the premise of different privately owned clouds can be conducted interviews.
Preferably, described information storage system 45 uses multilayered model to store information, including accumulation layer, management level
And interface layer, described accumulation layer is in the bottom of memory module, is made up of different equipment, described management level be positioned at accumulation layer it
On, by various softwares, storage device being managed, described interface layer user oriented provides service, it is possible to according to client's need
Ask, it is provided that different service interfaces.
This preferred embodiment is easy to be easy to manager's queried access information and warning message, it is simple to subsequent examination.
Preferably, described self-defining across cloud authentication protocol it is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester
Return to the random number of service requester together as message with carrying out servicing S when cloud accesses, after encrypted signature, be sent to clothes
Business S;
(2) after service S receives message, close to message solution label with the private key of oneself and the PKI of service requester, if message
Return to the random number of service requester containing described service S, then service requester authentication is passed through, service S and then generation
Another random number, carries out encrypted signature to another random number described and described self-defined numeral, forms feedback information, is sent to clothes
Business requestor;
(3) after service requester receives described feedback information, with the PKI of oneself private key and service S to feedback information solution
Sign close, if feedback information contains described self-defined numeral, then have authenticated the identity of service S, it is achieved thereby that both sides' recognizes each other mutually
Card.
This preferred embodiment devises self-defining across cloud authentication protocol, it is achieved that service requester and service between two-way
Certification, improves the safety of system and across the efficiency of cloud certification.
Preferably, described access monitoring system 44 is by access process vector X=(a1、a2、a3) be indicated, a1Represent
A situation arises for warning message, a2Represent user accesses whether meet security strategy, a3Represent running situation;Work as warning message
When not occurring, a1Take 1, otherwise take 0;User accesses when meeting security strategy, a2Take 1, otherwise take 0;The a when system normal operation3
Take 1, otherwise take 0;Only monitor system identification to access successfully when X=(1,1,1);Access monitoring system 44 at work to visit
Ask that unsuccessful time and number of times carry out record, in setting the time period, access unsuccessful number of times reach set point number, access prison
Examining system 44 sends warning information.
This preferred embodiment achieves the monitoring to user's access process, improves the safety of system.
In this application scenarios, described self-defined password figure place is 8, and certification speed improves 13%, and safety improves
9%.
Application scenarios 5
See Fig. 1, Fig. 2, the intelligent home control system based on cloud service of an embodiment of this application scene, including
Intelligent housing center 1, Smart Home wireless router 2, cloud resource service center 3, described Intelligent housing center 1 with
Cloud resource service center 3 is attached controlling by the transmission of Smart Home wireless router 2 signal;Described cloud resource service center
3 for management Intelligent housing center 1 in units of family, according to the home appliance at Intelligent housing center 1 to cloud
The data that resource service center 3 provides are inquired about or are analyzed, and provide the working strategies of respective electric home, and according to intelligence
The home appliance relevant information of home control center 1 specifies the interim main frame of home appliance;Described Intelligent housing center 1 is wrapped
Include each home appliance and home appliance modulator being connected and be positioned in family lan with home router;Described household electrical appliances
Equipment modulator is obtained the relevant information of this home appliance for the interface provided by home appliance and is uploaded to cloud resource clothes
Business center 3, the working strategies for this home appliance that reception cloud resource service center 3 issues is to accept cloud resource service center
The control of 3, and support interim host policies.
Preferably, the relevant information of described home appliance includes the model of equipment, performance, stability parameter.
The cloud resource service center 3 of the above embodiment of the present invention is concentrated and is concentrated all Intelligent housing centers 1
Management controls, and when network disconnects, single Intelligent housing center 1 still can work, the interim main frame of Smart Home connect
The control management role to other home appliance is performed for cloud resource service center 3.
Preferably, described interim host policies refers to: Intelligent housing center 1 disconnects even with cloud resource service center 3
In the case of connecing, weighed by relatively interim chiller priority each home appliance, current online and face in selecting family lan
Time the chiller priority the highest home appliance of power accept the management strategy control of interim main frame as interim main frame, other home appliance
System.
This preferred embodiment is provided with the particular content of interim host policies, preferably realizes interim main when network disconnects
The machine control to remaining home appliance.
Preferably, described cloud resource service center 3 includes across cloud customer certification system 4, described across cloud customer certification system 4
Between each privately owned cloud managing cloud resource service center 3 across cloud verify, described across cloud customer certification system 4 include service
Request end 41, mixed cloud manage system 42, across cloud authentication administrative system 43, access monitoring system 44 and information storage system 45;
Described service request terminal 41 provides access interface for accessing the privately owned cloud service in mixed cloud for service requester;
Described mixed cloud management system 42 includes mixed cloud identity management module 421, mixed cloud administration by different levels module 422;
Described mixed cloud identity management module 421 is used for being managed, based on Certificate Authentication Mechanism, the privately owned cloud adding mixed cloud, and
Set up the trusting relationship between each privately owned cloud;Described mixed cloud administration by different levels module 422 is for the security classification according to privately owned cloud
Privately owned cloud is divided into open level, confidential and confidential, and takes different security strategies to be managed for different brackets;
Described include across cloud authentication module 431 and alarm module 432 across cloud authentication administrative system 43;Described across cloud certification mould
Block 431 for carrying out the attribute token of acquisition service requester when cloud accesses at service requester, and based on self-defining across
Cloud authentication protocol realizes the service requester of local privately owned cloud and the service of other privately owned clouds is carried out recognizing across cloud when cloud accesses
Card;Described alarm module 432 is for the alert when obtaining attribute token failure or deciphering unsuccessfully;
Described access monitoring system 44 is monitored for the process accessed service requester across cloud;
Described information storage system 45 is for storing access information and the warning message of service requester.
Preferably, described service requester carry out when cloud accesses obtain service requester attribute token, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined password, and described self-defined password figure place have to be larger than 6, and by self-defined
Password and its identity by sending jointly to the certification of privately owned cloud together with described attribute request as message after encrypted signature
Agency, authentication proxy is decrypted checking by the private key of oneself and the PKI of user to message, after being verified, according to user
Attribute request dependence memory module in extract the attribute corresponding with attribute request sign and issue attribute token, generation session is close
Key, is sent to user after encrypted signature together with described attribute token and self-defined password;
(4), after user receives message, utilize the private key of oneself and the public key certificate of authentication proxy that message is decrypted, if
Containing self-defined password in information, then have authenticated the identity of described authentication proxy, also obtain attribute token simultaneously.
Preferably, the described alert when obtaining attribute token failure or deciphering unsuccessfully, including:
(1) service requester is to send access service request across the service S of other privately owned clouds that cloud accesses;
(2), after service S response accesses service request, attribute request is sent to service requester;
(3) service requester inputs self-defined code error, obtains attribute token failure, and alarm module 432 sends alarm
Information, attribute token obtains after being sent to user, and information cannot be decrypted by user, it is impossible to complete authentication, alarm module
432 also alerts.
The above embodiment of the present invention devises the acquisition mode of attribute token, improve attribute token obtain safety and
Efficiency;Construct towards mixed cloud across cloud Verification System, user under mixed cloud environment can be met and adhere to different privately owned clouds separately
Authenticated domain, service access demand frequently.
Preferably, described mixed cloud identity management module 421 includes:
(1) certificate issuance unit: for when privately owned cloud adds or exits mixed cloud being authentication proxy's label of this privately owned cloud
Send out or revoked public key certificate, and the public key certificate signed and issued in mixed cloud is managed collectively;
(2) Yun Jian authentication proxy unit: for receiving the registration of the privately owned cloud being newly added, the privately owned cloud that management is newly added
The log-on message of authentication proxy, thus set up the trusting relationship between itself and privately owned cloud.
Preferably, the authentication proxy of described privately owned cloud supports ID authentication mechanism and Certificate Authentication Mechanism, is used for managing private
There is signing and issuing of the authentication in cloud and attribute token, and when carrying out across cloud certification across cloud authentication module 431, by described registration
Information is submitted to mixed cloud identity management module 421 and is registered, and receives the PKI card that mixed cloud identity management module 421 is signed and issued
Book;The log-on message of the authentication proxy of the privately owned cloud that described management is newly added, including: the certification generation of the privately owned cloud that examination & verification is newly added
The log-on message of reason, receive the authentication proxy of privately owned cloud being newly added log-on message, log-on message is stored in safety database,
The log-on message of the privately owned cloud exited is deleted when privately owned cloud exits mixed cloud.
Above-mentioned two preferred embodiment achieves the management to the privately owned cloud in mixed cloud, and the authentication proxy of privately owned cloud supports
ID authentication mechanism and Certificate Authentication Mechanism, make the management more science to the privately owned cloud in mixed cloud, and safety is high.
Preferably, privately owned cloud is divided into open level, confidential and confidential, bag by the described security classification according to privately owned cloud
Include:
(1) if certain privately owned cloud only allows this privately owned cloud founder self to access, then this privately owned cloud is confidential;
(2) if the user that certain privately owned cloud allows this privately owned cloud founder to authorize accesses, then this privately owned cloud is confidential;
(3) if certain privately owned cloud allows all users setting up trusting relationship with this privately owned cloud to access, then this privately owned cloud is public
Open level.
Preferably, described security strategy includes:
(1) for confidential privately owned cloud, using elliptic curve cipher system to be encrypted, visitor needs to carry out fingerprint inspection
Card could send access request;
(2) cloud privately owned for confidential, uses RSA cryptographic algorithms to be encrypted, and visitor needs to authorize U-shield to visit
Ask;
(3) for the open privately owned cloud of level, using des encryption algorithm to be encrypted, the visitor setting up trusting relationship is permissible
Directly transmit access request.
This preferred embodiment divides security classification to different privately owned clouds and designs corresponding security strategy, is ensureing safety
On the premise of different privately owned clouds can be conducted interviews.
Preferably, described information storage system 45 uses multilayered model to store information, including accumulation layer, management level
And interface layer, described accumulation layer is in the bottom of memory module, is made up of different equipment, described management level be positioned at accumulation layer it
On, by various softwares, storage device being managed, described interface layer user oriented provides service, it is possible to according to client's need
Ask, it is provided that different service interfaces.
This preferred embodiment is easy to be easy to manager's queried access information and warning message, it is simple to subsequent examination.
Preferably, described self-defining across cloud authentication protocol it is:
(1) service requester randomly selects self-defined numeral as fresh number, the attribute token obtained with service requester
Return to the random number of service requester together as message with carrying out servicing S when cloud accesses, after encrypted signature, be sent to clothes
Business S;
(2) after service S receives message, close to message solution label with the private key of oneself and the PKI of service requester, if message
Return to the random number of service requester containing described service S, then service requester authentication is passed through, service S and then generation
Another random number, carries out encrypted signature to another random number described and described self-defined numeral, forms feedback information, is sent to clothes
Business requestor;
(3) after service requester receives described feedback information, with the PKI of oneself private key and service S to feedback information solution
Sign close, if feedback information contains described self-defined numeral, then have authenticated the identity of service S, it is achieved thereby that both sides' recognizes each other mutually
Card.
This preferred embodiment devises self-defining across cloud authentication protocol, it is achieved that service requester and service between two-way
Certification, improves the safety of system and across the efficiency of cloud certification.
Preferably, described access monitoring system 44 is by access process vector X=(a1、a2、a3) be indicated, a1Represent
A situation arises for warning message, a2Represent user accesses whether meet security strategy, a3Represent running situation;Work as warning message
When not occurring, a1Take 1, otherwise take 0;User accesses when meeting security strategy, a2Take 1, otherwise take 0;The a when system normal operation3
Take 1, otherwise take 0;Only monitor system identification to access successfully when X=(1,1,1);Access monitoring system 44 at work to visit
Ask that unsuccessful time and number of times carry out record, in setting the time period, access unsuccessful number of times reach set point number, access prison
Examining system 44 sends warning information.
This preferred embodiment achieves the monitoring to user's access process, improves the safety of system.
In this application scenarios, described self-defined password figure place is 7, and certification speed improves 14%, and safety improves
8%.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. an intelligent home control system based on cloud service, it is characterised in that include Intelligent housing center, intelligence man
Occupying wireless router, cloud resource service center, described Intelligent housing center and cloud resource service are centrally through Smart Home
The transmission of wireless router signal is attached controlling;Described cloud resource service center is for managing the intelligent family in units of family
Occupy control centre, the data provided to cloud resource service center according to the home appliance at Intelligent housing center carry out inquiring about or
Analyze, provide the working strategies of respective electric home, and refer to according to the home appliance relevant information at Intelligent housing center
Determine the interim main frame of home appliance;Described Intelligent housing center includes being connected with home router and being positioned at family lan
In each home appliance and home appliance modulator;Described home appliance modulator is for by connecing that home appliance provides
Mouthful obtain the relevant information of this home appliance and be uploaded to cloud resource service center, receive that cloud resource service center issues for
The working strategies of this home appliance is to accept the control at cloud resource service center, and supports interim host policies.
A kind of intelligent home control system based on cloud service the most according to claim 1, it is characterised in that described household electrical appliances
The relevant information of equipment includes the model of equipment, performance, stability parameter.
A kind of intelligent home control system based on cloud service the most according to claim 2, it is characterised in that described temporarily
Host policies refers to: in the case of Intelligent housing center and cloud resource service center disconnect, by each home appliance
Weighed by relatively interim chiller priority, the home appliance that in selecting family lan, the most online and interim chiller priority power is the highest
As interim main frame, other home appliance accepts the management strategy of interim main frame and controls.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610796969.3A CN106331142A (en) | 2016-08-31 | 2016-08-31 | Cloud service based intelligent home control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610796969.3A CN106331142A (en) | 2016-08-31 | 2016-08-31 | Cloud service based intelligent home control system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106331142A true CN106331142A (en) | 2017-01-11 |
Family
ID=57788083
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610796969.3A Pending CN106331142A (en) | 2016-08-31 | 2016-08-31 | Cloud service based intelligent home control system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106331142A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109428756A (en) * | 2017-08-31 | 2019-03-05 | 捷讯科技股份有限公司 | The proxy management method of radio zone net |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103607446A (en) * | 2013-11-15 | 2014-02-26 | 四川长虹电器股份有限公司 | An intelligent household cloud control system |
CN104035415A (en) * | 2014-06-13 | 2014-09-10 | 上海应用技术学院 | Cloud computing based smart home energy management system |
CN105577486A (en) * | 2014-10-15 | 2016-05-11 | 珠海格力电器股份有限公司 | Control method of intelligent household electrical appliance and household control center |
CN105676665A (en) * | 2016-01-29 | 2016-06-15 | 宇龙计算机通信科技(深圳)有限公司 | Control processing method and device based on smart home device and terminal |
-
2016
- 2016-08-31 CN CN201610796969.3A patent/CN106331142A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103607446A (en) * | 2013-11-15 | 2014-02-26 | 四川长虹电器股份有限公司 | An intelligent household cloud control system |
CN104035415A (en) * | 2014-06-13 | 2014-09-10 | 上海应用技术学院 | Cloud computing based smart home energy management system |
CN105577486A (en) * | 2014-10-15 | 2016-05-11 | 珠海格力电器股份有限公司 | Control method of intelligent household electrical appliance and household control center |
CN105676665A (en) * | 2016-01-29 | 2016-06-15 | 宇龙计算机通信科技(深圳)有限公司 | Control processing method and device based on smart home device and terminal |
Non-Patent Citations (1)
Title |
---|
朱智强: ""混合云服务安全若干理论与关键技术研究"", 《中国博士学位论文全文数据库-信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109428756A (en) * | 2017-08-31 | 2019-03-05 | 捷讯科技股份有限公司 | The proxy management method of radio zone net |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101951603B (en) | Access control method and system for wireless local area network | |
CN112187831B (en) | Equipment network access method and device, storage medium and electronic equipment | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
CN110958111B (en) | Block chain-based identity authentication mechanism of electric power mobile terminal | |
CN105210327A (en) | Providing devices as a service | |
CN107277079A (en) | A kind of across cloud customer certification system towards mixed cloud | |
US9755824B2 (en) | Power line based theft protection of electronic devices | |
CN105247528A (en) | Continuous multi-factor authentication | |
CN108259467A (en) | A kind of encryption and authentication method of block chain communication system | |
CN102984045B (en) | The cut-in method and Virtual Private Network client of Virtual Private Network | |
CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
CN109831410A (en) | Smart machine right management method, distribution net equipment, server and electronic equipment | |
CN103647788B (en) | A kind of node security authentication method in intelligent grid | |
CN105142134B (en) | Parameter acquisition and parameter transmission method and device | |
CN109104475A (en) | Connect restoration methods, apparatus and system | |
CN101436936A (en) | Access authentication method and system based on DHCP protocol | |
CN106302425A (en) | A kind of virtualization system communication method between nodes and virtualization system thereof | |
CN103781026A (en) | Authentication method of general authentication mechanism | |
CN106331136A (en) | Health record information processing system | |
CN110198538A (en) | A kind of method and device obtaining device identification | |
CN113037736A (en) | Authentication method, device, system and computer storage medium | |
CN106331142A (en) | Cloud service based intelligent home control system | |
CN106230976A (en) | The social intercourse system for intelligent residential district based on cloud platform | |
CN109088731B (en) | Internet of things cloud communication method and device | |
EP1530343B1 (en) | Method and system for creating authentication stacks in communication networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |