CN107222373A - Control method, system, terminal, FIDO servers and the safety means of smart home - Google Patents
Control method, system, terminal, FIDO servers and the safety means of smart home Download PDFInfo
- Publication number
- CN107222373A CN107222373A CN201710311631.9A CN201710311631A CN107222373A CN 107222373 A CN107222373 A CN 107222373A CN 201710311631 A CN201710311631 A CN 201710311631A CN 107222373 A CN107222373 A CN 107222373A
- Authority
- CN
- China
- Prior art keywords
- safety means
- fido
- control terminal
- registration
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
- H04L12/2809—Exchanging configuration information on appliance services in a home automation network indicating that an appliance service is present in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
- H04L12/281—Exchanging configuration information on appliance services in a home automation network indicating a format for calling an appliance service function in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Selective Calling Equipment (AREA)
Abstract
The present invention relates to Smart Home technical field, it is proposed that a kind of control method of smart home, system, terminal, FIDO servers and safety means.The intelligent home control system includes outside control subsystem and internal control subsystem, the outside control subsystem includes control terminal and safety means, the safety means support the standard agreement of FIDO certifications, and the internal control subsystem includes FIDO servers, home controller and application server.The user account that the present invention is controlled intelligent domestic system using safety means and FIDO servers is registered and operating right certification, when user carries out online high safety rank operation, safety means are used as the second authentication factor, complete to carry out strong level of security authentication to user account, the security of intelligent domestic system control can be ensured on the basis of independent of conventional cipher complexity, it is to avoid user is when operating intelligent domestic system due to the various inconvenience for forgetting Password and occurring.
Description
Technical field
The present invention relates to Smart Home technical field, more particularly to the control method of smart home, system, terminal, FIDO
Server and safety means.
Background technology
Internet of Things is exactly the connected internet of thing thing, and its core and basis are still internet, are on Internet basic
Extension and the network of extension, its user terminal extend and extend between any article and article, enter row information and exchange and communicate.
Intelligent domestic system based on technology of Internet of things has the wide market demand, but the Internet of Things industry development of overall apparently China
Still in the primary stage.
The principal element for restricting Internet of Things development is safety issue, and the structure of safe Internet of Things relies solely on national formulation
Related policy and law is far from being enough, it is necessary to pass through technological means.It is currently based on the smart home of technology of Internet of things
System encrypts and carried out the means such as user authentication to solve safety issue frequently with configuration information, but the technological means is to password
Excessively rely on, great inconvenience can be brought if user forgets password.
The content of the invention
Set the embodiments of the invention provide a kind of control method of smart home, system, terminal, FIDO servers and safety
It is standby, it is intended to solve the problem of current security control intelligent domestic system excessively relies on password.
The first aspect of the embodiment of the present invention provides a kind of intelligent home furnishing control method, applied to Intelligent housing system
System, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller, the application service
Device supports the application of the control terminal;
The intelligent home furnishing control method includes:In the secure device enrollment user account, by under the user account
Operational order available for control smart home carries out mapping association with the user account, treats user's input object run instruction
Afterwards, the safety means verify the user account associated with object run instruction, are verified the rear home control
Device performs the object run instruction;
The process of registered user's account is:
The control terminal sends registration information to the FIDO servers;
The registration information is built into registration request order by the FIDO servers, by the registration request order
The safety means are sent to by the control terminal;
The safety means are received after the registration request order, judge whether the user account sets in the safety
Standby middle registration;
If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, will be described
The private key of unsymmetrical key pair is stored in the safety means, and the public key of the unsymmetrical key pair is whole by the control
End is sent to the FIDO servers;Public key described in the FIDO server storages, and by the public key and the user account
It is associated.
The second aspect of the embodiment of the present invention provides a kind of intelligent home control system, including:
Outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The safety means are used for registered user's account, the operation of control smart home will be can be used under the user account
Instruction carries out mapping association with the user account, and after after user's input object run instruction, checking refers to the object run
The associated user account of order, is verified the rear home controller and performs the object run instruction;
The internal control subsystem includes FIDO servers, application server and home controller, the application service
Device supports the application of the control terminal;
The control terminal includes:
Registration request generation module, for generating and sending registration information to the FIDO servers;
Registration request order transceiver module, for receiving the registration request order of the FIDO servers transmission and by described in
Registration request order is sent to the safety means;
Public key transceiver module, for receiving the public key of the safety means transmission and the public key being sent into the FIDO
Server;
The safety means include:
Registration request Order receiver module, for receiving that the control terminal sends by the FIDO server constructions
Registration request order;
Judge module is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module, for obtaining registration confirmation;
Public and private key generation module, if being registered for the user account not in the safety means, is getting note
After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored in the safety means, and will
The public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal;
The FIDO servers include:
Registration request order structure and sending module, the registration information for being sent according to the control terminal are built
The registration request order is simultaneously sent to the control terminal by registration request order;
Public key receiving module, for receiving the public key generated by the safety means;
Public key is stored and relating module, for storing the public key, and the public key is associated with the user account.
The third aspect of the embodiment of the present invention provides a kind of method that control terminal controls smart home, applied to intelligence
House control system, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The control terminal controls the method for smart home to be:
The control terminal receives the registration information of user, and is sent to FIDO servers;
The control terminal receives the registration request order sent by the FIDO servers, and the registration request order is
As the FIDO servers according to constructed by the registration information;
The registration request order is sent to the safety means by the control terminal, so that the safety means are received
To after the registration request order, judge whether the user account is registered in the safety means, it is described if unregistered
Safety means then after registration confirmation is got, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair,
And the public key of the unsymmetrical key pair is sent to the control terminal;
The public key is sent to the FIDO servers by the control terminal, so that described in the FIDO server storages
Public key, and the public key is associated with the user account;
The control terminal will can be used for the operational order and user's account of control smart home under the user account
Family carries out mapping association;
The control terminal receives object run instruction, so that safety means checking instructs phase with the object run
The user account of association, and the home controller is performed the object run instruction after being verified.
The fourth aspect of the embodiment of the present invention provides a kind of method of FIDO server controls smart home, applied to intelligence
Energy house control system, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The FIDO servers receive the registration information that the control terminal is sent;
The registration information is built into registration request order by the FIDO servers, by the registration request order
The safety means are sent to by the control terminal, so that the safety means are received after the registration request order,
Judge whether the user account is registered in the safety means, if unregistered, the safety means are then getting note
After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair
Public key the FIDO servers are sent to by the control terminal;
Public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the FIDO servers coordinate the safety means checking
The user account associated with object run instruction, so that the home controller performs the target after being verified
Operational order.
5th aspect of the embodiment of the present invention provides a kind of method that safety means control smart home, applied to intelligence
House control system, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The safety means receive the registration request order sent by the FIDO servers by the control terminal, institute
It is constructed by the registration information sent as the FIDO servers according to the control terminal to state registration request order;
Whether the safety means parse the registration request order, judge the user account in the safety means
Middle registration;
If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, and store institute
The private key of unsymmetrical key pair is stated, and the public key of the unsymmetrical key pair is sent to the FIDO by the control terminal
Server, so that public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the safety means are with reference to the FIDO server authentications
The user account associated with object run instruction, so that the home controller performs the target after being verified
Operational order.
6th aspect of the embodiment of the present invention provides a kind of control terminal, applied to intelligent home control system, difference
Data interaction is carried out with FIDO servers and safety means, the control terminal includes:
Registration information transceiver module, for receiving the registration information of user and being sent to the FIDO services
Device;
Registration request order transceiver module, for receiving the registration request order of the FIDO servers transmission and by described in
Registration request order is sent to the safety means, so that the safety means are received after the registration request order, judges
Whether the user account is registered in the safety means, if unregistered, and the safety means are then getting registration really
Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair
Key is sent to the control terminal, and the registration request order is that the FIDO servers are built according to the registration information
's;
Public key transceiver module, for receiving the public key of the safety means transmission and the public key being sent into the FIDO
Server, so that public key described in the FIDO server storages, and the public key is associated with the user account;
Operational order transceiver module, for receiving object run instruction, and after the user account is verified, by mesh
Mark operational order is sent to the home controller, so that the home controller performs the object run instruction;
Authentication module, for associated with object run instruction with reference to the FIDO servers and the safety means pair
User account is verified.
7th aspect of the embodiment of the present invention provides a kind of FIDO servers, applied to intelligent home control system, with
Control terminal is communicated to connect, and carries out data interaction by the control terminal and safety means, and the FIDO servers include:
Registration information receiving module, for receiving the registration information that the control terminal is sent;
Registration request order structure and sending module, for building registration request order and by institute according to registration information
State registration request order and the safety means are sent to by the control terminal, so that the safety means receive the note
After volume request command, judge whether the user account is registered in the safety means, if unregistered, the safety means
Then after registration confirmation is got, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and will be described
The public key of unsymmetrical key pair is sent to the control terminal;
Public key receiving module, for receiving public key from the control terminal;
Public key is stored and relating module, for storing the public key, and the public key is associated with the user account;
Authentication module, for instructing associated user to object run with reference to the control terminal and the safety means
Account is verified, so that the home controller performs the object run instruction after the user account is verified.
The eighth aspect of the embodiment of the present invention provides a kind of safety means, applied to intelligent home control system, passes through
Control terminal carries out data interaction with FIDO servers, and the safety means include:
Registration request Order receiver module, for receiving that the control terminal sends by the FIDO server constructions
Registration request order, the registration request order be as the FIDO servers according to constructed by registration information, it is described
Registration information is inputted in the control terminal by user and is sent to the FIDO servers by the control terminal;
Judge module is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module, for obtaining registration confirmation;
Public and private key generation module, if being registered for the user account not in the safety means, is getting note
After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair
Public key the FIDO servers are sent to by the control terminal so that public key described in the FIDO server storages, and
The public key is associated with the user account;
Authentication module, for instructing associated use to object run with reference to the control terminal and the FIDO servers
Family account is verified, is referred to so that the home controller performs the object run after the user account is verified
Order.
The user account that the present invention is controlled intelligent domestic system using safety means and FIDO servers carries out operating rights
Certification is limited, when user carries out online high safety rank operation, safety means are completed to user as the second authentication factor
Account carries out strong level of security authentication, can ensure intelligent domestic system on the basis of independent of conventional cipher complexity
The security of control, it is to avoid user is when operating intelligent domestic system due to the various inconvenience for forgetting Password and occurring, whole mistake
Journey is not influenceed by the power of conventional cipher, lifts the information security of user.
Brief description of the drawings
Fig. 1 is a kind of structural representation of intelligent home control system in the embodiment of the present invention;
Fig. 2 is a kind of control method for being used to control intelligent home control system as shown in Figure 1 in the embodiment of the present invention
Flow chart;
Fig. 3 is structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention;
Fig. 4 is used to control intelligent home control system as shown in Figure 3 in an application to be a kind of in the embodiment of the present invention
The flow chart of control method under scene;
Fig. 5 is structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention;
Fig. 6 is used to control intelligent home control system as shown in Figure 5 in an application to be a kind of in the embodiment of the present invention
The flow chart of control method under scene.
Embodiment
Set the embodiments of the invention provide a kind of control method of smart home, system, terminal, FIDO servers and safety
It is standby, the security of intelligent domestic system control can be ensured on the basis of independent of conventional cipher complexity, it is to avoid Yong Hu
Due to the various inconvenience for forgetting Password and occurring during operation intelligent domestic system.
To enable goal of the invention, feature, the advantage of the present invention more obvious and understandable, below in conjunction with the present invention
Accompanying drawing in embodiment, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of embodiment of the invention, and not all embodiment.Based on the embodiment in the present invention, this area
All other embodiment that those of ordinary skill is obtained under the premise of creative work is not made, belongs to protection of the present invention
Scope.
Referring to Fig. 1, a kind of intelligent home control system includes in the embodiment of the present invention:
Outside control subsystem 10 and internal control subsystem 11;
The outside control subsystem includes control terminal 101 and the safety means 102 communicated with the control terminal;Institute
State the standard agreement that safety means support FIDO certifications;
The safety means are used for registered user's account, the operation of control smart home will be can be used under the user account
Instruction carries out mapping association with the user account, and after after user's input object run instruction, checking refers to the object run
The associated user account of order, is verified the rear home controller and performs the object run instruction;
The internal control subsystem includes FIDO servers 111, home controller 112 and application server 113, described
FIDO servers and home controller communication connection, the application server support the application of the control terminal;
The control terminal 101 includes:
Registration request generation module 1010, for generating and sending registration information to the FIDO servers;
Registration request order transceiver module 1011, for receiving the registration request order of the FIDO servers transmission and inciting somebody to action
The registration request order is sent to the safety means;
Public key transceiver module 1012, for receiving the public key of the safety means transmission and being sent to the public key described
FIDO servers;
The safety means 102 include:
Registration request Order receiver module 1020, for receiving that the control terminal sends by the FIDO servers structure
The registration request order built;
Judge module 1021 is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module 1022, for obtaining registration confirmation;
Public and private key generation module 1023, if being registered for the user account not in the safety means, is being obtained
To after registration confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored in the safety means,
And the public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal;
The FIDO servers 111 include:
Registration request order structure and sending module 1110, for the registration information sent according to the control terminal
Build registration request order and the registration request order is sent to the control terminal;
Public key receiving module 1111, for receiving the public key generated by the safety means;
Public key store with relating module 1112, for storing the public key, and by the public key and the user account phase
Association.
Wherein, the internal control subsystem is to be located at the control system within home-ranges, the outside control subsystem
System is can be located at the control system of optional position (including beyond home-ranges) remote control intelligent household electrical equipment.
The control terminal refers to the movement or fixed terminal for controlling the intelligent domestic system, can install
Intelligent domestic system operation APP all kinds of smart mobile phones, intelligent watch, notebook, tablet personal computer, POS even include vehicle-mounted
Computer, the communication modes with safety means can be being mutually combined between USB, bluetooth, NFC or three, the present embodiment pair
Its communication modes is not construed as limiting.
The safety means support the standard agreement of FIDO certifications, belong to safety secret key equipment, for combining FIDO services
Device realizes registration and operating right certification of the user account under FIDO authentication systems, and the communication modes with control terminal can be
Being mutually combined between USB, bluetooth, NFC or three, the present embodiment is not construed as limiting or built-in to its communication modes
In the module or equipment of control terminal, with control terminal data communication inside control terminal.
The FIDO servers refer to the server for supporting FIDO (Fast Identity Online) authentication protocol, include two
Part a, part is used for authentication storage key, the device certificate that another part is used for the characteristic of authentication storage equipment and trusted.
The home controller include household electric appliances controlling switch and household electric appliances monitoring unit, realize to illumination, TV,
The switch control and the monitoring of all kinds of parameters of the electrical equipment such as air-conditioning, water heater.Household electric appliances controlling switch can using relay or
The electrical equipment control device of other forms, it would however also be possible to employ intelligent switch.
Further, the home controller can have multiple, and each home controller needs the family of control with it respectively
Occupy electrical equipment connection.
The application server is mainly used in providing the reliable running environment of global function to smart home operation APP, can
Support the standard agreement of FIDO certifications.
Further, the control terminal also includes:
Acquisition module 1013, for obtaining object run instruction, the object run instruction is selected for user in control terminal
The operational order selected;
Checking request sending module 1014, please for instructing corresponding user account to send checking according to the object run
Ask to the FIDO servers;
Signal dispatcher module 1015 to be verified, for receiving challenge data that the FIDO servers produce and described
Verification command that FIDO servers are built according to the checking request simultaneously sends the challenge data and verification command to described
Safety means;
Signing messages transceiver module 1016, for receive the signing messages from the safety means and will described in
Signing messages is sent to the FIDO servers;
Operational order sending module 1017, will if being sign test success for the sign test result from the FIDO servers
The object run instruction is sent to home controller.
Further, the safety means can also include:
Information receiving module 1024 to be verified, for receiving that the control terminal sends by the FIDO server constructions
Challenge data and verification command;
FIDO server authentications module 1025, for parsing the verification command and verifying the true of the FIDO servers
It is pseudo-;
Validation confirmation information acquisition module 1026, for obtaining validation confirmation information;
Signature blocks 1027, if being true for the FIDO servers, after validation confirmation information is got, choose to described
War data are signed signing messages;
Signing messages sending module 1028, for the signing messages to be back into the control terminal;
The confirmation acquisition module 1022 is additionally operable to obtain validation confirmation information;
Further, the FIDO servers can also include:
Checking request receiving module 1113, is used for receiving the control terminal according to object run instruction is corresponding
The checking request that family account is sent;
Information architecture module 1114 to be verified, for producing challenge data and building checking life according to the checking request
Order;
Information sending module 1115 to be verified, for the challenge data and verification command to be sent into the control eventually
End;
Signing messages receiving module 1116, for receiving being generated by the safety means from the control terminal
Signing messages;
Sign test module 1117, for carrying out sign test to the signing messages, obtains sign test result.
Further, the FIDO servers 111 can also include:
Mapping block 1118, for operational order and the user account to be carried out into mapping association.
Further, the FIDO servers 111 are additionally operable to different operational orders and identical or different user's account
Family mapping association;Different user accounts is registered in same or different safety means.
Household electric appliances different operating instruction can with same user account carry out mapping association, also can respectively from it is different
User account carries out mapping association;It is also registrable in difference and different user accounts is registrable in same safety means
Safety means in.
For example:A user account is registered in a safety means, all operationss instruction and the user account are carried out
Mapping association;Or, multiple user accounts are registered in a safety means, by all operationss instruction packet and different users
Account carries out mapping association;Or, register one or more user accounts in multiple different safety means.
It can be grouped, be registered respectively using same safety means corresponding many according to the operational order of different household electric appliances
Individual user account, by household electric appliances operational order by packet respectively with corresponding user account mapping association.Log in one of them
The operational order associated with the user account can only be sent during user account, so that the control to household electric appliances is managed more
Convenient, Consumer's Experience is good.
Further, different privacy class are may relate to for multiple household electric appliances, household electric appliances are corresponded to
The more than two situation of quantity of home controller, can be set the safety means of respective numbers, to identical by privacy class
The user account of the operational control of the household electric appliances of privacy class is registered under corresponding safety means respectively.Each safety means
Under user account operation is controlled to the household electric appliances of different privacy class respectively, only needing to control corresponding privacy level
Further taken out during other household electric appliances and use its safety means, reduced the utilization rate of individual security equipment, especially reduce privacy
The utilization rate of the corresponding safety means of the higher household electric appliances of rank.It will not so be led because of the loss of one of safety means
Cause the security control to whole intelligent domestic system to paralyse to fail, safety and reliability, user are controlled to the privacy of household electric appliances
Experience is more preferable.
Further, the FIDO servers can also include Registering modules 1119;
The Registering modules are used to judge that whether the safety means are located in predeterminable area, and/or judge the safety
Whether equipment specifies user to hold or known safety means, if the safety means are located in predeterminable area, and/or the peace
Full equipment is to specify user to hold or known safety means, then performs the FIDO servers by the registration information structure
The step of building up registration request order;Otherwise registration process is terminated.
Further, the safety means 102 can be the U2F equipment with button;
The confirmation data obtaining module of the safety means can specifically include:
Detection unit, for detecting whether the button is pressed;
First acquisition unit, if being pressed for the button, obtains the registration confirmation and validation confirmation information.
U2F equipment refers to the safety secret key equipment for supporting U2F agreements, and the communication modes with control terminal can be USB, indigo plant
Being mutually combined between tooth, NFC or three, the present embodiment is not construed as limiting to its communication modes.U2F(UniversalSecond
Factor Protocol) agreement is general " factor Ⅱ " agreement, with double factor (password and equipment that can be with user mutual) come
Protect the account and privacy of user.U2F is that increase by one is safer on the basis of existing user name+cipher authentication
The certification factor is used for login authentication.User can be as before by user name and password login service, and service can point out to use
Family shows a factor Ⅱ equipment to be authenticated.U2F can use simple password (such as 4 digital PIN) without
Sacrificing security, show factor Ⅱ is generally in the form of the button clicked in U2F equipment.
Specifically, the U2F equipment can include:
U2F clients, refer to the software entity of processing U2F information, for being operated with the smart home on control terminal 101
APP is interacted, and using the interface realization and the communication of FIDO servers of user terminal, receives the order of the FIDO servers
And parsed, set up corresponding command information and be sent to ASM modules progress associative operation;
ASM modules, are the associated with U2F authenticators of one unified interface of offer between hardware and U2F clients
Telecommunication media between module, specifically U2F clients and U2F authenticators;
U2F authenticators, meet U2F agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation
Confirm body.
Further, intelligent domestic system user account is being carried out under FIDO authentication systems using the U2F equipment
During registration, in generation public and private key to before, that is, it is necessary to enter line activating to the U2F equipment before confirming to be registered.It is described
Activation manipulation can be that user presses button in the U2F equipment, can point out to use when waiting user to press button
Press button indication and confirm to perform the registration operation of user account in family.
Further, when carrying out the operating right certification of the user account using the U2F equipment, in the U2F
, it is necessary to enter line activating to the U2F equipment before equipment is signed to checking information.The activation manipulation can be that user presses
Button in the U2F equipment, can point out user to press button indication when waiting user to press button and confirm execution
The operating right certification of user account.
Further, the safety means 102 can also be UAF equipment;
The confirmation data obtaining module of the safety means can specifically include:
Collecting unit, for gather the first biometric information for being used to register of specified user and for checking the
Two biometric informations;
Second acquisition unit, if for collecting first biometric information, storing first bio-identification
Information simultaneously confirms to obtain the registration confirmation,
Authentication unit is contrasted, if for collecting second biometric information, by second biometric information
Certification is compared with first biometric information;
3rd acquiring unit, if the contrast certification for the contrast authentication unit passes through, obtains the checking and confirms
Information.
UAF equipment refers to the safety secret key equipment for supporting UAF agreements, without using user cipher, directly utilizes bio-identification
Mode carries out checking transaction, can be built in PC or smart mobile phone directly with control terminal data communication or outer
Connect equipment.When UAF be control terminal external equipment when, the communication modes with control terminal can be USB, bluetooth, NFC or
Being mutually combined between three, the present embodiment is not construed as limiting to its communication modes.UAF(UniversalAuthentication
Framework Protocol) agreement is universal authentication framework agreement, it is intended to the Consumer's Experience of " going encipherment " is realized, there is a variety of
ID authentication mechanism is available for user to select, the bio-identification mode such as voice, iris, fingerprint, face recognition.
Specifically, the UAF equipment can include:
UAF clients, refer to the software entity of processing UAF information, for being operated with the smart home on control terminal 101
APP is interacted, and using the interface realization and the communication of FIDO servers of user terminal, receives the order of the FIDO servers
And parsed, set up corresponding command information and be sent to ASM modules progress associative operation;
ASM modules, are the associated with UAF authenticators of one unified interface of offer between hardware and UAF clients
Telecommunication media between module, specifically UAF clients and UAF authenticators;
UAF authenticators, meet UAF agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation
Confirm body.
The user account that the embodiment of the present invention is controlled intelligent domestic system using safety means and FIDO servers is carried out
Registration and operating right certification, when user carries out the operation of online high safety rank, safety means as the second authentication because
Element, completes to carry out strong level of security authentication to user account, can be protected on the basis of independent of conventional cipher complexity
Demonstrate,prove the security of intelligent domestic system control, it is to avoid user is each due to what is forgotten Password and occur when operating intelligent domestic system
Inconvenience is planted, whole process is not influenceed by the power of conventional cipher, lift the information security of user.
The concrete operating principle of intelligent home control system disclosed in the embodiment of the present invention and detailed operating procedure referring to
The specific descriptions of following intelligent home system control method.
Referring to Fig. 2, a kind of control method bag for being used to control intelligent domestic system as shown in Figure 1 in the present embodiment
Include:
In the secure device enrollment user account, the operation that control smart home is can be used under the user account is referred to
Order carries out mapping association with the user account, after after user's input object run instruction, safety means checking with it is described
The associated user account of object run instruction, is verified the rear home controller and performs the object run instruction.
The process of registered user's account includes:
201st, the control terminal sends registration information to the FIDO servers;
If user account is registered not under FIDO authentication systems, it is possible to use the safety means are carried out to user account
Registration, the operation interface of the control terminal smart home APP can eject the interface of a FIDO identifications registration, point out to use
Whether family will carry out the registration of FIDO authentication systems.User will be carried out by the module determination with user mutual on safety means
After the registration of FIDO authentication systems, the control terminal generates and sends registration information to the FIDO servers.
Further, in order that registration process is safer, the FIDO servers can also include Registering modules, in institute
State FIDO servers the registration information is built into before registration request order, can also include:
The Registering modules judge that whether the safety means are located in predeterminable area, and/or judge the safety means
Whether user is specified to hold or known safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known
Safety means, then perform the step of registration information is built into registration request order by the FIDO servers;Otherwise
Terminate registration process.
Above-mentioned predeterminable area refers to spatial dimension set in advance, for example, can be default by home dwelling range set
Region.Distance-sensor can be set for portion position within the family, obtain between the safety means and distance-sensor away from
From information.Then judge whether the distance is less than some threshold value (such as 20 meters) set again, if it is judge the safety
Equipment is located in the range of home dwelling, namely in predeterminable area.It can also be judged by wireless communication modes such as GPS locations
Whether the safety means are located in preset range, do not limit herein.Above-mentioned steps are defined to registered range, only
Safety means, which are located in preset range, can just carry out the registration of user account, further ensure that the safety of registration process.
FIDO servers can send safety means to after the registration request is received with direct construction registration request order,
Whether be specify user hold or known safety means, confirmation is to specify user to hold if can also first judge the safety means
Have or known safety means after build registration request order again and send safety means to, be further ensured that the peace of registration process
Entirely.
202nd, the registration information is built into registration request order by the FIDO servers, by the registration request
Order is sent to the safety means by the control terminal;
The FIDO servers are after the registration information that the control terminal is sent is received, by the registration request
Information architecture is sent to the safety means into registration request order.
Whether the 203rd, the safety means are received after the registration request order, judge the user account in the peace
Registered in full equipment;
Whether the safety means are received after the registration request order, judge the user account in the safety
Registered in equipment, if registered, represent the accounts information associated with the user account in the safety means
Middle generation, now jumps out the operation of registration.
If the 204, unregistered, the safety means generate unsymmetrical key pair, by institute after registration confirmation is got
The private key for stating unsymmetrical key pair is stored in the safety means, and the public key of the unsymmetrical key pair is passed through into the control
Terminal is sent to the FIDO servers;
If the user account is registered not in the safety means in step 203, the safety means are being obtained
Get after registration confirmation, generate unsymmetrical key pair, the private key of the unsymmetrical key pair is stored in the safety and set
It is standby, and the public key of the unsymmetrical key pair is sent to the FIDO servers by the control terminal.The safety is set
The standby registration confirmation got refers to the safety means is used for confirmation progress by what the means with user mutual were got
The information of registration, the means can be pushed button, detect the means such as fingerprint, sound or iris.
205th, public key described in the FIDO server storages, and the public key is associated with the user account.
The FIDO servers preserve the public key that the safety means are sent, and by the public key and the user account phase
Association, shows that corresponding user account has succeeded in registration.
In addition, the safety means generate unsymmetrical key pair when, also be the unsymmetrical key to distribution one key
Handle, and the key handles and public key are transmitted into the FIDO servers, the FIDO servers are by the user account phase of registration
Information, public key, key handles are closed all to be associated together and preserve.
Further, it can also include after above-mentioned steps 205:The FIDO servers use operational order with described
Family account carries out mapping association.
In order to make the different user accounts possess the operating right for sending different operating instruction, it is possible to use
Operational order and the user account are carried out mapping association by FIDO servers, equivalent to establishing operational order and the user
Corresponding relation between account, is represented as the user account and sets the operating right for possessing and sending the operational order.
Further, can be in the control terminal in order to more facilitate, intuitively household electric appliances are controlled
On the control to household electric appliances is built into operational order in smart home operation APP, and by operational order and the user
Account carries out mapping association.
, can also be by for example, the control (such as fan opening) of single household electric appliances can be built into an operational order
The control (such as fan is opened, electric light is opened) of multiple household electric appliances is built into an operational order.This step is equivalent to be each
The authority of the control household electric appliances of user account is configured, that is, determines that some user account for having completed FIDO registrations specifically may be used
So which control action to which electrical equipment performed.The user account that some operational order has been completed into FIDO registrations with some enters
Row mapping association, then represent this user account and possess the authority for performing this operational order.For example, can be by " fan opening "
An operational order is built into, the operational order of " fan opening " is carried out with having completed the user account A of FIDO registrations by described in
Mapping association, then represent the operating right that user account A possesses execution " fan opening " this operational order.
Further, different operational orders can be with identical or different user account mapping association, different users
Account can be registered in same or different safety means.
For example, " fan and electric light are all opened ", " air-conditioning opening ", " all electrical equipment are all closed " can be built into 3 respectively
Individual operational order, use of the operational order of " fan and electric light are all opened " and " air-conditioning opening " with having completed FIDO registrations by described in
Family account B carries out mapping association, user account of the operational order of " all electrical equipment are all closed " with having completed FIDO registrations by described in
Family C carries out mapping association.Then represent user account B and possess execution " fan and electric light are all opened " and " air-conditioning opening " the two behaviour
Make the operating right instructed, do not possess the operating right of execution " all electrical equipment are all closed " this operational order;And user account C
Then possess the operating right of execution " all electrical equipment are all closed " this operational order, do not possess execution " fan and electric light are all opened "
The operating right of " air-conditioning opening " the two operational orders.Combination of the above can have a lot, not limit herein.Again such as,
The registered user account A of safety means 1 can be used, user account A and conventional residential electrical equipment (lamp, fan etc.) operational order are entered
Row mapping association, illustrates that user account A possesses the authority of operating routine household electric appliances, and correlation is selected in login user account A
After operational order purview certification is carried out using the safety means 1.The registered user account B of safety means 2 can be used, by user account
B and the stronger household electric appliances of privacy (such as imaging first-class) operational order carry out mapping association, illustrate that user account B possesses behaviour
Make the authority of the stronger household electric appliances of privacy, set after related operational order is selected in login user account B using the safety
Standby 2 carry out purview certification.Certainly, above-mentioned user account A and B can also be carried out registering with same safety means and recognized with authority
Card.
Be grouped according to the operation of different household electric appliances, can in the multiple user accounts of same secure device enrollment,
So as to which different user accounts has the authority of each self-grouping household electric appliances operation of different controls, the control to household electric appliances is realized
Tubulation reason is more convenient, and Consumer's Experience is good.Can also be by the stronger household electricity of the operating right of conventional residential electrical equipment and privacy
The operating right of device assigns different user accounts respectively, and is registered in different safety means to carry out recognizing for operating right
Card, can preferably protect the privacy of user, Consumer's Experience is more preferable.
After registration process completion, it is possible to utilize the control terminal, the FIDO servers and the peace
Full equipment verifies that the object run instruction is the operational order that user selects in control terminal to object run instruction.
The process of the checking user account may comprise steps of A to F:
A, the control terminal obtain object run instruction;
User can install smart home operation APP on control terminal, and user is set on the APP to smart home
The various operational orders of electrical equipment, can be opening or close some or multiple household electric appliances equipment, show or adjust some or
The instructions such as the related warning message of the various state parameters of multiple household electric appliances equipment, processing.Control terminal obtains mesh by APP
Mark the operational order of operational order, i.e. user's input.
Further, user first can be logged in before using the APP with oneself account and password, due to described
Intelligent home control system has used safety means and FIDO servers carry out the registration and operating right certification of user account, profit
It can be protected with password and safety means with the characteristic (such as button or collection identification user biological identification information) of user mutual
The account privacy of user is protected, security can be ensured in the case of independent of the high complexity of password, therefore user is in the APP
The login password of setting can be very simple, such as password of 4 digits, it might even be possible to do not set password.
B, the control terminal instruct corresponding user account to send checking request to described according to the object run
FIDO servers;
The control terminal is got after object run instruction, and corresponding user account is instructed according to the object run
Checking request is sent to the FIDO servers.
Must assure that before performing stepb safety means with control terminal proper communication, the safety means with
The communication mode of the control terminal can be being mutually combined between USB, bluetooth, NFC or three, and the present embodiment is logical to it
News mode is not construed as limiting;In addition, the safety means can also be the module or equipment for being built in control terminal, safety means exist
With being communicated between control terminal inside control terminal.If it is USB connected mode, then be inserted in institute by the USB port of safety means
State on the USB interface of control terminal, making can normal communication between safety means and control terminal.If the safety means are built-in
In the module of control terminal, the finger print acquisition module on control terminal can be integrated with.The user account is using described
What safety means were generated when being registered under FIDO authentication systems, the information of the user account and the FIDO server storages
Public key is associated.The information to be verified is to judge the registration whether user account has been completed under FIDO authentication systems
Foundation, only completing the user account of the registration just has the authority for sending object run instruction.
C, the FIDO servers produce challenge data, build verification command according to the checking request, and choose described
War data and verification command are sent to the safety means by the control terminal;
The challenge data can be random number or other arbitrary datas, the verification command bag of the FIDO server constructions
Include the relevant information and the key handles related to the user account of the FIDO servers.With reference to what is generated in registration process
Public key and private key verify the FIDO servers and the safety means, so as to verify the legitimacy of user account.
D, the safety means parse the verification command, and verify the true and false of the FIDO servers;
The control terminal is received after challenge data and the verification command of the FIDO server constructions, by the challenge
Data and verification command are sent to the safety means, and the safety means are parsed to the verification command, and checking is described
The true and false of FIDO servers.
The safety means verify that the process of the true and false of the FIDO servers is:Safety means use the key received
Handle finds corresponding key pair, if key to existing, examine the corresponding FIDO server infos of key whether with it is incoming
FIDO server infos are matched:If mismatched, it is to forge or incorrect to illustrate FIDO servers, terminates checking;If
Matching, it is true to illustrate FIDO servers.
If E, the FIDO servers are true, the safety means are after validation confirmation information is got, to the challenge
Data are signed signing messages, and the signing messages is sent to the FIDO by the control terminal and serviced
Device;
If the FIDO servers are genuine, then the safety means will be called after validation confirmation information is got
In registration, the private key that generates is signed signing messages to the challenge data, then will described in signing messages hair
Send the control terminal back to.
Signature refers to some data being attached in data cell, or the cryptographic transformation made to data cell.The private
Key is that the user account is generated when being registered under FIDO authentication systems, in the place of safety for being stored in the safety means.
Signing messages is obtained after carrying out encrypted signature to the information to be verified, it is necessary to could be into the public key matched with the private key
Work(carries out sign test to the signing messages.The validation confirmation information that the safety means are got refers to the safety means and passed through
Confirm the information verified with being used for of getting of the means of user mutual, the means can be pushed button, detect and refer to
Line, the detection means such as sound or iris.
F, the FIDO servers carry out sign test to the signing messages, obtain sign test result.
The control terminal is after the signing messages that the safety means are sent is received, and signing messages is sent out by described in
The FIDO servers are delivered to, now public key described in the FIDO server calls is tested the signing messages progress parsing
Label, obtain sign test result.The public key is that the user account is generated when being registered under FIDO authentication systems, is stored in described
In FIDO servers.If the public key is matched with the private key, it will be unable to parse the signing messages, sign test is lost
Lose, the user account does not possess the operating right for sending the object run instruction, it is impossible to send the object run instruction
Household electric appliances are operated.
If sign test success, illustrate that the user account has completed the registration under FIDO authentication systems and operated and have
Preparation send the authority of the object run instruction, then the object run is instructed successfully is sent to the family by the control terminal
Controller is occupied, the operational control to household electric appliances is completed by home controller.
Optionally, the safety means can be the U2F equipment with button, the acquisition process of the registration confirmation
Including:
Detect whether the button is pressed;
If the button is pressed, the registration confirmation is got;
The acquisition process of the validation confirmation information includes:
Detect whether the button is pressed;
If the button is pressed, the validation confirmation information is got.
U2F equipment refers to the safety secret key equipment for supporting U2F agreements, and the communication modes with control terminal can be USB, indigo plant
Being mutually combined between tooth, NFC or three, the present embodiment is not construed as limiting to its communication modes.U2F(UniversalSecond
Factor Protocol) agreement is general " factor Ⅱ " agreement, with double factor (password and equipment that can be with user mutual) come
Protect the account and privacy of user.U2F is that increase by one is safer on the basis of existing user name+cipher authentication
The certification factor is used for login authentication.User can be as before by user name and password login service, and service can point out to use
Family shows a factor Ⅱ equipment to be authenticated.U2F can use simple password (such as 4 digital PIN) without
Sacrificing security, show factor Ⅱ is generally in the form of the button clicked in U2F equipment.
In the registration process of the user account, safety means are generated asymmetric after registration confirmation is got
Key pair.If the safety means are the U2F equipment with button, progress is clearly recognized for pressing the button by user
Registration.In the object run instructs the verification process with the user account operation authority, the safety means are being obtained
To after validation confirmation information, private key is called to be signed to the information to be verified signing messages.If the safety is set
Standby is the U2F equipment with button, then presses clearly to recognize for the button by user and verified.
Specifically, the U2F equipment can include:
U2F clients, refer to the software entity of processing U2F information, for entering with the smart home operation APP on control terminal
Row interaction, and using the interface realization and the communication of FIDO servers of user terminal, the order for receiving the FIDO servers is gone forward side by side
Row parsing, sets up corresponding command information and is sent to ASM modules progress associative operation;
ASM modules, are the associated with U2F authenticators of one unified interface of offer between hardware and U2F clients
Telecommunication media between module, specifically U2F clients and U2F authenticators;
U2F authenticators, meet U2F agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation
Confirm body.
Step (3) and step (4) in registration process of the user account under FIDO authentication systems can specifically be wrapped
Include:The registration request order sends U2F clients to, and U2F clients are parsed after receiving order, according to order class
Type sets up corresponding command information and is sent to ASM modules.ASM modules are received after the command information, start registration operation, generation
The numerical value of one protection authenticator order.U2F authenticators are received after the numerical value that the ASM modules are sent, according to the close of storage
Code material judges whether the user account has been registered.If do not registered, the APP ejection accreditation verifications on control terminal are reminded
Frame, if user confirms to need registered user's account, the button that user is pressed in U2F equipment is confirmed after needing to register, U2F authenticators
Generation includes the asymmetric public private key pair and key handles of the user account information, and private key is stored in into what is specified in U2F equipment
Place of safety, U2F clients are returned to by public key and key handles by ASM modules.U2F clients are by public key and key handles structure
Make registration response command and be returned to FIDO servers.
The object run instructs step 204 of the corresponding user account in operating right verification process specifically to wrap
Include:U2F clients are parsed after receiving the information to be verified, and setting up corresponding command information according to information type sends
Give ASM modules.ASM modules are received after the command information, are started authentication operation, are sent commands to the U2F authenticators.Deng use
The button that family is pressed in U2F equipment is confirmed after checking, calls the private key pair generated when user account is registered in U2F equipment safeties area
The information to be verified carries out signature operation, the signing messages finally is returned into U2F clients through ASM modules, by institute
State U2F clients and the signing messages is back to the control terminal.
Optionally, the safety means can be UAF equipment, and the acquisition process of the registration confirmation includes:
The first biometric information for being used to register of user is specified in collection;
If collecting first biometric information, store first biometric information and confirm to get institute
State registration confirmation;
The acquisition process of the validation confirmation information includes:
Gather the second biometric information for being used to verify of user;
If collecting second biometric information, by second biometric information and first bio-identification
Information compares certification;
If the contrast certification passes through, the validation confirmation information is got.
UAF equipment refers to the safety secret key equipment for supporting UAF agreements, without using user cipher, directly utilizes bio-identification
Mode carries out checking transaction, can be built in PC or smart mobile phone or external equipment.When UAF equipment is control
During the external equipment of terminal, the communication modes with control terminal can be mutual group between USB, bluetooth, NFC or three
Close, the present embodiment is not construed as limiting to its communication modes.UAF(UniversalAuthentication Framework
Protocol) agreement is universal authentication framework agreement, it is intended to realize the Consumer's Experience of " going encipherment ", there is a variety of authentication machines
System is available for user to select, the bio-identification mode such as voice, iris, fingerprint, face recognition.
In the registration process of the user account, safety means are generated asymmetric after registration confirmation is got
Key pair.If the safety means are UAF equipment, the first step of the acquisition process of the registration confirmation is that collection is specified
The first biometric information for being used to register of user.Specified user refers to some positive validated user for carrying out registration operation, biological
The species of identification information has a lot, such as voice, iris, fingerprint and face recognition, and the first biometric information is to be used to note
The biometric information of volume.After first biometric information is collected (fingerprint for such as collecting specified user), then
Store first biometric information and confirm to get the registration confirmation.The object run instruction with it is described
In the verification process of user account operation authority, the safety means call private key to institute after validation confirmation information is got
Information to be verified is stated to be signed signing messages.If the safety means are UAF equipment, being used for for user is gathered first
Second biometric information of checking, i.e. active user inputs itself corresponding biometric information (finger of such as active user
Line), then, if collecting second biometric information, by second biometric information and the described first biological knowledge
Other information compares certification (such as when the fingerprint of active user and registration the fingerprint of user being specified to compare).Finally, if institute
State contrast certification to pass through, then illustrate that current user identities information is correct, get the validation confirmation information.If the contrast is recognized
Mistake is demonstrate,proved, then illustrates current user identities information errors, the verification process is terminated.
Specifically, the UAF equipment can include:
UAF clients, refer to the software entity of processing UAF information, for entering with the smart home operation APP on control terminal
Row interaction, and using the interface realization and the communication of FIDO servers of user terminal, the order for receiving the FIDO servers is gone forward side by side
Row parsing, sets up corresponding command information and is sent to ASM modules progress associative operation;
ASM modules, are the associated with UAF authenticators of one unified interface of offer between hardware and UAF clients
Telecommunication media between module, specifically UAF clients and UAF authenticators;
UAF authenticators, meet UAF agreements, recognizes with user authentication function and the cryptographic material for preserving trusted party accreditation
Confirm body.
Step (3) and step (4) in registration process of the user account under FIDO authentication systems can specifically be wrapped
Include:The registration request order sends UAF clients to, and UAF clients are parsed after receiving order, according to order class
Type sets up corresponding command information and is sent to ASM modules.ASM modules are received after the command information, start registration operation, generation
The numerical value of one protection authenticator order.UAF authenticators are received after the numerical value that the ASM modules are sent, according to the close of storage
Code material judges whether the user account has been registered.If do not registered, the biological knowledge that can be supported according to the UAF equipment
Other mode is selected for user, and prompting user provides identity identification information material on the APP on control terminal, and collection user is corresponding
Biometric information.Then the generation of UAF authenticators includes the asymmetric public private key pair and key handles of the user account information,
Private key is stored in the place of safety specified in UAF equipment, public key and key handles are returned to UAF clients by ASM modules.
UAF clients are by public key and key handles construction registration response command and are returned to FIDO servers.
The object run instructs step 204 of the corresponding user account in operating right verification process specifically to wrap
Include:UAF clients are parsed after receiving the information to be verified, and setting up corresponding command information according to information type sends
Give ASM modules.ASM modules are received after the command information, and the command information is sent into UAF authenticators, UAF authenticator roots
Whether be true, if the FIDO servers are true if the FIDO servers are examined according to key handles, collection active user's input
Biometric information, by its with registration when specify user storage biometric information carry out contrast certification.If described right
Pass through than certification, then call the private key generated when user account is registered in UAF equipment safeties area to carry out the information to be verified
Signature operation, is finally returned to UAF clients by the signing messages through ASM modules, described in UAF clients general
Signing messages is back to the control terminal.
The user account that the embodiment of the present invention is controlled intelligent domestic system using safety means and FIDO servers is carried out
Registration and operating right certification, when user carries out the operation of online high safety rank, safety means as the second authentication because
Element, completes to carry out strong level of security authentication to user account, can be protected on the basis of independent of conventional cipher complexity
Demonstrate,prove the security of intelligent domestic system control, it is to avoid user is each due to what is forgotten Password and occur when operating intelligent domestic system
Inconvenience is planted, whole process is not influenceed by the power of conventional cipher, lift the information security of user.
Fig. 3 shows structural representation of a kind of intelligent home control system under an application scenarios in the embodiment of the present invention
Figure.
Referring to Fig. 3, intelligent home control system of the embodiment of the present invention shown under an application scenarios includes:It is outside
Control subsystem 30 and internal control subsystem 31;
The outside control subsystem includes control terminal 301 and the U2F equipment 302 being connected with the control terminal;
The U2F equipment 302 includes:
U2F clients 3021, refer to the software entity of processing U2F information, for being grasped with the smart home on control terminal 101
Interacted as APP, and using the interface realization and the communication of FIDO servers of control terminal, receive the FIDO servers
Order and parsed, set up corresponding command information and be sent to ASM modules progress associative operation;
ASM modules 3022, are the related to U2F authenticators of one unified interface of offer between hardware and U2F clients
Telecommunication media between the module of connection, specifically U2F clients and U2F authenticators;
U2F authenticators 3023, meet U2F agreements, the cryptographic material with user authentication function and preservation trusted party accreditation
Certification entity.
The internal control subsystem includes FIDO servers 311, application server 312 and home controller 313.
Fig. 4 shows a kind of control method of control intelligent home control system as shown in Figure 3 in the embodiment of the present invention
Flow chart under an application scenarios.
Referring to Fig. 4, a kind of control method for controlling intelligent home control system as shown in Figure 3 includes:
401st, user installs smart home operation APP on control terminal, and input username and password logs in described
APP;
Various operations of the smart home operation APP, the APP comprising control household electric appliances are installed on control terminal to refer to
Order, such as open or close some or multiple household electric appliances equipment, show some or the various shapes of multiple household electric appliances equipment
State parameter warning message related to processing etc., user needs to carry out login behaviour with oneself account and password before using the APP
Make.Because the intelligent home control system has used U2F equipment and FIDO servers to carry out the registration and operation of user account
Purview certification, can ensure security in the case of independent of password, therefore user can set in the login password of the APP
Put very simple, for example the password of 4 digits, it might even be possible to do not set password.The APP, input account and password are run, using clothes
Business device, which is demonstrated, enters APP (supporting U2F agreements) after the account and password.
402nd, whether the APP promptings carry out registration of the user account under FIDO authentication systems;
The operation interface of the control terminal can eject the interface of a FIDO identifications registration, and prompting the user whether will
Carry out the registration of FIDO authentication systems.User's determination will be carried out after the registration of FIDO authentication systems, and the control terminal generation is simultaneously
Registration information is sent to the FIDO servers, the U2F equipment and the positive normal open of the control terminal is now must determine
News.
Before the control terminal sends registration information to the FIDO servers, the note of the FIDO servers
Volume module judges whether the U2F equipment is located in predeterminable area, if the U2F equipment is located in predeterminable area, the control
Terminal then sends registration information to the FIDO servers.The FIDO servers are received after registration information, first
Whether be specify user hold or known safety means, confirming it is to specify user to hold or known peace if judging U2F equipment
After full equipment, registration request order is built according to registration information, and U2F equipment is sent to by control terminal.
U2F clients are parsed after receiving registration request order, and setting up corresponding order according to command type believes
Breath is sent to ASM modules.ASM modules are received after the command information, start registration operation, generate a protection authenticator order
Numerical value.U2F authenticators are received after the numerical value that the ASM modules are sent, and the user is judged according to the cryptographic material of storage
Whether account has been registered, if do not registered, and wait user to press the button in U2F equipment (needs to remind on the APP of control terminal
User key-press confirms) confirm after registration, asymmetric public private key pair and key handles comprising the user account information can be generated, will
Private key is stored in the place of safety specified in U2F equipment, and public key and key handles are returned into U2F clients by ASM modules,
U2F clients are by public key and key handles construction registration response command and are returned to FIDO servers.
403rd, user account and operational order are associated;
, can will be to family on the control terminal in order to more facilitate, intuitively household electric appliances are operated
The control for occupying electrical equipment is built into operational order in smart home operation APP, and by the operational order and the user account
Carry out mapping association.This step is configured equivalent to the authority of the control household electric appliances for each user account, that is, determines certain
The individual user account for having completed FIDO registrations can specifically perform which control action to which electrical equipment.By some operational order
With some completed FIDO registration user account carry out mapping association, then represent this user account possess execution this operation
The authority of instruction.For example, " fan opening " can be built into an operational order, the operational order of " fan opening " by described in
With completed FIDO registration user account A carry out mapping association, then represent user account A possess execution " fan opening " this
The operating right of operational order.
404th, specific operational order is selected;
User according to want to household electric appliances carry out operation specific operational order is selected on control terminal, it is assumed that user
Login user account A have selected the operational order of " fan opening ".
405th, operating right certification is carried out to the user account using the U2F equipment;
Whether completed in FIDO certifications using user account described in the U2F equipment and the FIDO server authentications
Registration under system.
The step 405 is specifically as follows:The operational order that user selects on control terminal, as object run refer to
Order.Control terminal obtains object run instruction, and instructs corresponding user account transmission checking please according to the object run
Ask to the FIDO servers, so that the FIDO servers build verification command, the checking life according to the checking request
Order includes the relevant informations such as key handles.FIDO servers also produce challenge data, by verification command and challenge data send to
The control terminal;The control terminal sends the verification command received and challenge data to the U2F equipment
U2F clients, U2F clients are parsed after receiving the verification command, and setting up corresponding order according to information type believes
Breath is sent to ASM modules.ASM modules are received after the command information, are started authentication operation, are sent commands to the U2F certifications
Device, the U2F authenticators examine whether the FIDO servers are true according to key handles.If the FIDO servers are true,
The button in U2F equipment is pressed Deng user to confirm after checking, calls the private generated when user account is registered in U2F equipment safeties area
Key carries out signature operation to the challenge data, obtains signing messages, finally passes the signing messages through ASM modules back
U2F clients are given, the signing messages is back to the control terminal by the U2F clients.The control terminal will
The signing messages is sent to the FIDO servers, so that the FIDO server calls public key is to the signing messages
Carry out sign test.
If the 406, the operating right certification passes through, the home controller is operated to household electric appliances.
If the sign test result of step 405 is sign test success, it is validated user to represent user account, i.e., the user has target
The operating right of operational order, the home controller receives object run and instructs and household electric appliances are operated.If with
It is sign test success that family account A, which sends the sign test result of " fan opening " operational order, then illustrates that user account A possesses execution " wind
Fan is opened " operating right of this operational order, then the home controller control fan open.If testing in step 405
Sign result for sign test to fail, then illustrate that user account A does not possess the operating right of execution " fan opening " this operational order, nothing
Method opens fan.
Can be seen that by this application scene can press because the intelligent home control system has been used with user mutual
The U2F equipment and FIDO servers of button carry out the registration and operating right certification of user account, can be in the feelings independent of password
Ensure security under condition, therefore user can set very simple in the login password of the APP, such as password of 4 digits, very
Password can not extremely be set.
Referring to Fig. 5, intelligent home control system of the embodiment of the present invention shown under an application scenarios includes:It is outside
Control subsystem 50 and internal control subsystem 51;
The outside control subsystem includes control terminal 501 and the UAF equipment 502 being connected with the control terminal;
The UAF equipment 502 includes:
UAF clients 5021, refer to the software entity of processing UAF information, for being grasped with the smart home on control terminal 101
Interacted as APP, and using the interface realization and the communication of FIDO servers of user terminal, receive the life of the FIDO servers
Make and parsed, set up corresponding command information and be sent to ASM modules progress associative operation;
ASM modules 5022, are the related to UAF authenticators of one unified interface of offer between hardware and UAF clients
Telecommunication media between the module of connection, specifically UAF clients and UAF authenticators;
UAF authenticators 5023, meet UAF agreements, the cryptographic material with user authentication function and preservation trusted party accreditation
Certification entity.
The internal control subsystem includes FIDO servers 511, application server 512 and home controller 513.
Fig. 6 shows a kind of control method of control intelligent home control system as shown in Figure 5 in the embodiment of the present invention
Flow chart under an application scenarios.
Referring to Fig. 6, a kind of control method for controlling intelligent home control system as shown in Figure 5 includes:
601st, user installs smart home operation APP on control terminal, and input username and password logs in described
APP;
Various operations of the smart home operation APP, the APP comprising control household electric appliances are installed on control terminal to refer to
Order, such as open or close some or multiple household electric appliances equipment, show some or the various shapes of multiple household electric appliances equipment
State parameter warning message related to processing etc., user needs to carry out login behaviour with oneself account and password before using the APP
Make.Because the intelligent home control system has used UAF equipment and FIDO servers to carry out the registration and operation of user account
Purview certification, can ensure security in the case of independent of password, therefore user can set in the login password of the APP
Put very simple, for example the password of 4 digits, it might even be possible to do not set password.The APP, input account and password are run, using clothes
Business device, which is demonstrated, enters APP (supporting UAF agreements) after the account and password.
602nd, whether the APP promptings carry out registration of the user account under FIDO authentication systems;
The operation interface of the control terminal can eject the interface of a FIDO identifications registration, and prompting the user whether will
Carry out the registration of FIDO authentication systems.User's determination will be carried out after the registration of FIDO authentication systems, and the control terminal generation is simultaneously
Registration information is sent to the FIDO servers, the UAF equipment and the positive normal open of the control terminal is now must determine
News.
Before the control terminal sends registration information to the FIDO servers, the note of the FIDO servers
Volume module judges whether the UAF equipment is located in predeterminable area, if the UAF equipment is located in predeterminable area, the control
Terminal then sends registration information to the FIDO servers.FIDO servers are received after registration information, are first judged
Whether UAF equipment is to specify user to hold or known safety means, is confirming it is that specified user holds or known safety is set
After standby, registration request order is built according to registration information, and UAF equipment is sent to by control terminal.
UAF clients are parsed after receiving registration request order, and setting up corresponding order according to command type believes
Breath is sent to ASM modules.ASM modules are received after the command information, start registration operation, generate a protection authenticator order
Numerical value.UAF authenticators are received after the numerical value that the ASM modules are sent, and the user is judged according to the cryptographic material of storage
Whether account has been registered.If do not registered, selected according to the bio-identification mode that the UAF equipment can be supported for user,
Point out user to provide identity identification information material on APP on control terminal, gather the corresponding biometric information of user.So
The generation of UAF authenticators includes the asymmetric public private key pair and key handles of the user account information afterwards, and private key is stored in into UAF and set
The standby interior place of safety specified, UAF clients are returned to by public key and key handles by ASM modules.UAF clients by public key and
Key handles construction registration response command is simultaneously returned to FIDO servers.
603rd, user account and operational order are associated;
, can will be to family on the control terminal in order to more facilitate, intuitively household electric appliances are operated
The control for occupying electrical equipment is built into operational order in smart home operation APP, and by the operational order and the user account
Carry out mapping association.This step is configured equivalent to the authority of the control household electric appliances for each user account, that is, determines certain
The individual user account for having completed FIDO registrations can specifically perform which control action to which electrical equipment.By some operational order
With some completed FIDO registration user account carry out mapping association, then represent this user account possess execution this operation
The operating right of instruction.For example, " fan opening " can be built into an operational order, the operation of " fan opening " by described in
Instruction carries out mapping association with having completed the user account A of FIDO registrations, then represents user account A and possess execution " fan opening "
The operating right of this operational order.
604th, specific operational order is selected;
User constitutes target according to wanting to select specific operational order on control terminal to the operation that household electric appliances are carried out
Operational order, it is assumed that User logs in user account A have selected the operational order of " fan opening ".
605th, operating right certification is carried out to the user account using the UAF equipment;
Whether completed in FIDO certifications using user account described in the UAF equipment and the FIDO server authentications
Registration under system.
The step 605 is specifically as follows:The operational order that user selects on control terminal, as object run refer to
Order.Control terminal obtains object run instruction, and instructs corresponding user account transmission checking please according to the object run
Ask to the FIDO servers, so that the FIDO servers build verification command, the checking life according to the checking request
Order includes the relevant informations such as key handles.FIDO servers also produce challenge data, by verification command and challenge data send to
The control terminal;The control terminal sends the verification command received to the UAF clients of the UAF equipment,
UAF clients are parsed after receiving the verification command, and setting up corresponding command information according to information type is sent to ASM
Module.ASM modules are received after the command information, the command information are sent into UAF authenticators, UAF authenticators are according to close
Key handle examines whether the FIDO servers are true, if the FIDO servers are true, the life of collection active user's input
Thing identification information, specifies the biometric information of user's storage to carry out contrast certification during by it with registration.If the contrast is recognized
Card passes through, then calls the private key generated when user account is registered in UAF equipment safeties area to carry out signature operation to challenge data, obtain
To signing messages, the signing messages is finally returned to UAF clients through ASM modules, by the UAF clients by institute
State signing messages and be back to the control terminal.The signing messages is sent to the FIDO and serviced by the control terminal
Device, so that the FIDO server calls public key carries out sign test to the signing messages.
If the 606, the operating right certification passes through, the home controller is operated to household electric appliances.
If the sign test result of step 605 is sign test success, it is validated user to represent user account, i.e., the user has target
The operating right of operational order, the home controller receives object run and instructs and household electric appliances are operated.If with
It is sign test success that family account A, which sends the sign test result of " fan opening " operational order, then illustrates that user account A possesses execution " wind
Fan is opened " operating right of this operational order, then the home controller control fan open.If testing in step 605
Sign result for sign test to fail, then explanation checking account A does not possess the operating right of execution " fan opening " this operational order, nothing
Method opens fan.
Can be seen that by this application scene can gather user biological knowledge because the intelligent home control system has been used
The UAF equipment and FIDO servers of other information carry out the registration and operating right certification of user account, can be independent of password
In the case of ensure security, therefore user can set very simple in the login password of the APP, and for example 4 digits is close
Code, it might even be possible to do not set password.
The embodiment of the present invention also provides a kind of method that control terminal controls smart home, applied to Intelligent housing system
System, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The control terminal controls the method for smart home to be:
The control terminal receives the registration information of user, and is sent to FIDO servers;
The control terminal receives the registration request order sent by the FIDO servers, and the registration request order is
As the FIDO servers according to constructed by the registration information;
The registration request order is sent to the safety means by the control terminal, so that the safety means are received
To after the registration request order, judge whether the user account is registered in the safety means, it is described if unregistered
Safety means then after registration confirmation is got, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair,
And the public key of the unsymmetrical key pair is sent to the control terminal;
The public key is sent to the FIDO servers by the control terminal, so that described in the FIDO server storages
Public key, and the public key is associated with the user account;
The control terminal will can be used for the operational order and user's account of control smart home under the user account
Family carries out mapping association;
The control terminal receives object run instruction, so that safety means checking instructs phase with the object run
The user account of association, and the home controller is performed the object run instruction after being verified.
Further, the FIDO servers include Registering modules, and the control terminal sends out the registration information
It can also include before giving the FIDO servers:
The control terminal obtains the positional information and/or facility information of the safety means from the safety means;
The positional information and/or facility information are set up into registration information by the control terminal, so that the note
Volume module judges the safety means whether in the predeterminable area according to the positional information received, and/or according to connecing
The facility information received judges whether the safety means specify user to hold or known safety means, if the safety
Equipment is located in predeterminable area, and/or the safety means are to specify user to hold or known safety means, the FIDO clothes
Business device performs the step of registration information is built into registration request order.
The embodiment of the present invention also provides a kind of method of FIDO server controls smart home, applied to Intelligent housing
System, the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The FIDO servers receive the registration information that the control terminal is sent;
The registration information is built into registration request order by the FIDO servers, by the registration request order
The safety means are sent to by the control terminal, so that the safety means are received after the registration request order,
Judge whether the user account is registered in the safety means, if unregistered, the safety means are then getting note
After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair
Public key the FIDO servers are sent to by the control terminal;
Public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the FIDO servers coordinate the safety means checking
The user account associated with object run instruction, so that the home controller performs the target after being verified
Operational order.
Further, the FIDO servers include Registering modules, and the registration information includes the control terminal
The positional information and/or facility information of the safety means obtained from the safety means, in the FIDO servers by institute
State registration information to be built into before registration request order, can also include:
The Registering modules receive the registration information,
The Registering modules judge whether the safety means are located in predeterminable area according to the positional information, and/or
Judge whether the safety means specify user to hold or known safety means according to the facility information;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known
Safety means, the FIDO servers perform the step of registration information is built into registration request order, otherwise eventually
Only registration process.
The embodiment of the present invention also provides a kind of method that safety means control smart home, applied to Intelligent housing system
System, it is characterised in that the intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, described
Safety means support the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The safety means receive the registration request order sent by the FIDO servers by the control terminal, institute
It is constructed by the registration information sent as the FIDO servers according to the control terminal to state registration request order;
Whether the safety means parse the registration request order, judge the user account in the safety means
Middle registration;
If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, and store institute
The private key of unsymmetrical key pair is stated, and the public key of the unsymmetrical key pair is sent to the FIDO by the control terminal
Server, so that public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the safety means are with reference to the FIDO server authentications
The user account associated with object run instruction, so that the home controller performs the target after being verified
Operational order.
Further, the FIDO servers include Registering modules, and the safety means receive the registration request order
It can also include before:
The safety means send the positional information and/or facility information of the safety means to the control terminal, with
The control terminal is set to set up the registration information, and the registration according to the positional information and/or facility information
Module judges whether the safety means are located in default scope according to the positional information, and/or is believed according to the equipment
Breath judges whether user holds or known safety means the safety means;
When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety
Equipment, performs the safety means and receives the registration request order that the FIDO servers are sent.
The embodiment of the present invention also provides a kind of control terminal, applied to intelligent home control system, is serviced respectively with FIDO
Device and safety means carry out data interaction, and the control terminal includes:
Registration information transceiver module, for receiving the registration information of user and being sent to the FIDO services
Device;
Registration request order transceiver module, for receiving the registration request order of the FIDO servers transmission and by described in
Registration request order is sent to the safety means, so that the safety means are received after the registration request order, judges
Whether the user account is registered in the safety means, if unregistered, and the safety means are then getting registration really
Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair
Key is sent to the control terminal, and the registration request order is that the FIDO servers are built according to the registration information
's;
Public key transceiver module, for receiving the public key of the safety means transmission and the public key being sent into the FIDO
Server, so that public key described in the FIDO server storages, and the public key is associated with the user account;
Operational order transceiver module, for receiving object run instruction, and after the user account is verified, by mesh
Mark operational order is sent to the home controller, so that the home controller performs the object run instruction.
Authentication module, for associated with object run instruction with reference to the FIDO servers and the safety means pair
User account is verified.
Further, the FIDO servers include Registering modules, and the registration information transceiver module can also be used
In:
The positional information and/or facility information of the safety means are obtained from the safety means, and sets up into registration and is asked
Seek information;
The positional information and/or facility information are sent to the Registering modules, so that the Registering modules are according to institute
State positional information and judge whether the safety means are located in predeterminable area, and/or the peace is judged according to the facility information
Whether full equipment specifies user to hold or known safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known
Safety means, make the FIDO servers perform the step of registration information is built into registration request order.
The control terminal is applied to intelligent home control system, carries out data friendship with FIDO servers and safety means respectively
Mutually, with verify user account whether have control smart home operating right.When user needs control smart home, in control
Terminal selection operation instruction processed, is verified by safety means and FIDO servers to the user account corresponding to operational order
Whether it has the authority of the operational order, and if the verification passes, i.e., the user has the authority of selected operational order, control
Terminal processed is to send operational order to home controller, and home controller performs operational order, completes the control to smart home.
Therefore, this control terminal is applied to intelligent home control system so that system completes the checking to user account, protects
Demonstrate,prove the security of intelligent domestic system control, it is to avoid user is each due to what is forgotten Password and occur when operating intelligent domestic system
Inconvenience is planted, whole process is not influenceed by the power of conventional cipher, lift the information security of user.
The embodiment of the present invention also provides a kind of FIDO servers, logical with control terminal applied to intelligent home control system
Letter connection, and data interaction is carried out by the control terminal and safety means, the FIDO servers include:
Registration information receiving module, for receiving the registration information that the control terminal is sent;
Registration request order structure and sending module, for building registration request order and by institute according to registration information
State registration request order and the safety means are sent to by the control terminal, so that the safety means receive the note
After volume request command, judge whether the user account is registered in the safety means, if unregistered, the safety means
Then after registration confirmation is got, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and will be described
The public key of unsymmetrical key pair is sent to the control terminal;
Public key receiving module, for receiving public key from the control terminal;
Public key is stored and relating module, for storing the public key, and the public key is associated with the user account;
Authentication module, for instructing associated user to object run with reference to the control terminal and the safety means
Account is verified, so that the home controller performs the object run instruction after the user account is verified.
Further, the FIDO servers also include Registering modules, and the registration information is set including the safety
Standby positional information and/or facility information, the Registering modules are used for:
The registration information is received, and whether the safety means are judged according to the positional information of the safety means
Judge whether the safety means specify user to hold or known in predeterminable area, and/or according to the facility information
Safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known
Safety means, make the FIDO servers perform the step of registration information is built into registration request order, otherwise
Terminate registration process.
The FIDO server applications carry out data in intelligent home control system by the control terminal and safety means
Interaction, operating right of the checking user account to smart home.When user needs control smart home, in control terminal selection
Operational order, carrying out checking to the user account corresponding to operational order by the FIDO servers and safety means, whether it has
There is the authority of the operational order, if the verification passes, i.e., the user has the authority of selected operational order, and control terminal is again
Operational order is sent to home controller, home controller performs operational order, completes the control to smart home.
Therefore, this FIDO server applications are in intelligent home control system so that system can be independent of conventional cipher
On the basis of complexity, the checking to user account is completed, it is ensured that the security of intelligent domestic system control, it is to avoid user is in behaviour
Due to the various inconvenience for forgetting Password and occurring when making intelligent domestic system, whole process is not influenceed by the power of conventional cipher,
Lift the information security of user.
The embodiment of the present invention also provides a kind of safety means, applied to intelligent home control system, by control terminal with
FIDO servers carry out data interaction, and the safety means include:
Registration request Order receiver module, for receiving that the control terminal sends by the FIDO server constructions
Registration request order, the registration request order be as the FIDO servers according to constructed by registration information, it is described
Registration information is inputted in the control terminal by user and is sent to the FIDO servers by the control terminal;
Judge module is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module, for obtaining registration confirmation;
Public and private key generation module, if being registered for the user account not in the safety means, is getting note
After volume confirmation, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and by the unsymmetrical key pair
Public key the FIDO servers are sent to by the control terminal so that public key described in the FIDO server storages, and
The public key is associated with the user account;
Authentication module, for instructing associated use to object run with reference to the control terminal and the FIDO servers
Family account is verified, is referred to so that the home controller performs the object run after the user account is verified
Order.
Further, the FIDO servers include Registering modules, and the safety means can also include positional information hair
Module is sent, the positional information sending module is used for:
The positional information and/or facility information of the safety means are sent into the control terminal please to set up into registration
Information is sought, so that the Registering modules judge whether the safety means are located at default model according to the positional information received
In enclosing, and/or judge whether user holds or known safety means the safety means according to the facility information;
When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety
Equipment, the safety means receive the registration request order that the FIDO servers are sent.
The safety means are applied to intelligent home control system, and data friendship is carried out by the control terminal and safety means
Mutually, operating right of the checking user account to smart home.When user needs control smart home, select to grasp in control terminal
Instruct, carrying out checking to the user account corresponding to operational order by the safety means and FIDO servers, whether it has
The authority of the operational order, if the verification passes, i.e., the user has the authority of selected operational order, and control terminal is sent out again
Send operational order to home controller, home controller performs operational order, completes the control to smart home.
Therefore, safety equipment application is in intelligent home control system so that system can be multiple independent of conventional cipher
On the basis of miscellaneous degree, the checking to user account is completed, it is ensured that the security of intelligent domestic system control, it is to avoid user is in operation
Due to the various inconvenience for forgetting Password and occurring during intelligent domestic system, whole process is not influenceed by the power of conventional cipher, is carried
Rise the information security of user.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially
The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding
State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (24)
1. a kind of intelligent home furnishing control method, applied to intelligent home control system, it is characterised in that the Intelligent housing
System includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety
Equipment supports the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller, the application server branch
Support the application of the control terminal;
The intelligent home furnishing control method includes:In the secure device enrollment user account, it will can be used under the user account
In the operational order and user account progress mapping association of control smart home, after user's input object run is instructed,
The safety means verify the user account associated with object run instruction, are verified the rear home controller and hold
The row object run instruction;
The process of registered user's account is:
The control terminal sends registration information to the FIDO servers;
The registration information is built into registration request order by the FIDO servers, and the registration request order is passed through
The control terminal is sent to the safety means;
Whether the safety means are received after the registration request order, judge the user account in the safety means
Registration;
If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, will be described non-right
Claim the private key of key pair to be stored in the safety means, and the public key of the unsymmetrical key pair is sent out by the control terminal
Give the FIDO servers;Public key described in the FIDO server storages, and the public key is related to the user account
Connection.
2. intelligent home furnishing control method according to claim 1, it is characterised in that different operational orders with it is identical or not
Same user account mapping association, different user account is registered in same or different safety means.
3. intelligent home furnishing control method according to claim 1, it is characterised in that the FIDO servers include registration mould
The registration information is built into before registration request order by block, the FIDO servers, in addition to:
The Registering modules judge that whether the safety means are located in predeterminable area, and/or whether judge the safety means
Specified user holds or known safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety
Equipment, then perform the step of registration information is built into registration request order by the FIDO servers;Otherwise terminate
Registration process.
4. intelligent home furnishing control method according to claim 1, it is characterised in that the process of the checking user account is:
The control terminal obtains object run instruction;
The control terminal is serviced according to the corresponding user account transmission checking request of object run instruction to the FIDO
Device;
The FIDO servers produce challenge data, and verification command is built according to the checking request, and by the challenge data
Sent with verification command by the control terminal to the safety means;
The safety means parse the verification command, and verify the true and false of the FIDO servers;
If the FIDO servers are true, the safety means enter after validation confirmation information is got to the challenge data
Row signature obtains signing messages, and the signing messages is sent to the FIDO servers by the control terminal;
The FIDO servers carry out sign test to the signing messages, obtain sign test result.
5. intelligent home furnishing control method according to claim 4, it is characterised in that the safety means are with button
U2F equipment;
The acquisition process of the registration confirmation includes:
Detect whether the button is pressed;
If the button is pressed, the registration confirmation is got;
The acquisition process of the validation confirmation information includes:
Detect whether the button is pressed;
If the button is pressed, the validation confirmation information is got.
6. intelligent home furnishing control method according to claim 4, it is characterised in that the safety means are UAF equipment;
The acquisition process of the registration confirmation includes:
The first biometric information for being used to register of user is specified in collection;
If collecting first biometric information, store first biometric information and confirm to get the note
Volume confirmation;
The acquisition process of the validation confirmation information includes:
Gather the second biometric information for being used to verify of user;
If collecting second biometric information, by second biometric information and first biometric information
Compare certification;
If the contrast certification passes through, the validation confirmation information is got.
7. a kind of intelligent home control system, it is characterised in that including:
Outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety
Equipment supports the standard agreement of FIDO certifications;
The safety means are used for registered user's account, the operational order of control smart home will be can be used under the user account
Mapping association is carried out with the user account, after after user's input object run instruction, checking instructs phase with the object run
The user account of association, is verified the rear home controller and performs the object run instruction;
The internal control subsystem includes FIDO servers, application server and home controller, the application server branch
Support the application of the control terminal;
The control terminal includes:
Registration request generation module, for generating and sending registration information to the FIDO servers;
Registration request order transceiver module, for receiving registration request order that the FIDO servers send and by the registration
Request command is sent to the safety means;
Public key transceiver module, is serviced for receiving the public key of the safety means transmission and the public key being sent into the FIDO
Device;
The safety means include:
Registration request Order receiver module, for receiving the registration by the FIDO server constructions that the control terminal is sent
Request command;
Judge module is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module, for obtaining registration confirmation;
Public and private key generation module, it is true getting registration if being registered for the user account not in the safety means
Recognize after information, generate unsymmetrical key pair, the private key of the unsymmetrical key pair is stored in the safety means, and will be described
The public key of unsymmetrical key pair is sent to the FIDO servers by the control terminal;
The FIDO servers include:
Registration request order structure and sending module, the registration information for being sent according to the control terminal, which is built, to be registered
The registration request order is simultaneously sent to the control terminal by request command;
Public key receiving module, for receiving the public key generated by the safety means;
Public key is stored and relating module, for storing the public key, and the public key is associated with the user account.
8. intelligent home control system according to claim 7, it is characterised in that the FIDO servers are used for difference
Operational order and identical or different user account mapping association;Different user accounts is registered in same or different peace
In full equipment.
9. intelligent home control system according to claim 7, it is characterised in that the FIDO servers also include registration
Module;
The Registering modules are used to judge that whether the safety means are located in predeterminable area, and/or judge the safety means
Whether user is specified to hold or known safety means, if the safety means are located in predeterminable area, and/or the safety is set
Standby is to specify user to hold or known safety means, then performs the FIDO servers and be built into the registration information
The step of registration request order;Otherwise registration process is terminated.
10. intelligent home control system according to claim 7, it is characterised in that
The control terminal also includes:
Acquisition module, for obtaining object run instruction, the operation that the object run instruction selects for user in control terminal
Instruction;
Checking request sending module, for instructing corresponding user account to send checking request to described according to the object run
FIDO servers;
Signal dispatcher module to be verified, for receiving challenge data and the FIDO servers that the FIDO servers are produced
According to the verification command of checking request structure and the challenge data and verification command are sent to the safety means;
Signing messages transceiver module, for receive the signing messages from the safety means and will described in signing messages
Send to the FIDO servers;
Operational order sending module, if being sign test success for the sign test result from the FIDO servers, by the target
Operational order is sent to home controller;
The safety means also include:
Information receiving module to be verified, for receiving the challenge number by the FIDO server constructions that the control terminal is sent
According to and verification command;
FIDO server authentication modules, for parsing the verification command and verifying the true and falses of the FIDO servers;
Signature blocks, if being true for the FIDO servers, after validation confirmation information is got, enter to the challenge data
Row signature obtains signing messages;
Signing messages sending module, for the signing messages to be back into the control terminal;
The confirmation acquisition module is additionally operable to obtain validation confirmation information;
The FIDO servers also include:
Checking request receiving module, sends out for receiving the control terminal according to the corresponding user account of object run instruction
The checking request sent;
Information architecture module to be verified, for producing challenge data and building verification command according to the checking request;
Information sending module to be verified, for the challenge data and verification command to be sent into the control terminal;
Signing messages receiving module, for receiving the A.L.S. generated by the safety means from the control terminal
Breath;
Sign test module, for carrying out sign test to the signing messages, obtains sign test result.
11. intelligent home control system according to claim 10, it is characterised in that the safety means are to carry button
U2F equipment;
The confirmation data obtaining module of the safety means is specifically included:
Detection unit, for detecting whether the button is pressed;
First acquisition unit, if being pressed for the button, obtains the registration confirmation and validation confirmation information.
12. intelligent home control system according to claim 10, it is characterised in that the safety means are UAF equipment;
The confirmation data obtaining module of the safety means is specifically included:
Collecting unit, for gathering the first biometric information for being used to register of specified user and being given birth to for the second of checking
Thing identification information;
Second acquisition unit, if for collecting first biometric information, storing first biometric information
And confirm to obtain the registration confirmation,
Authentication unit is contrasted, if for collecting second biometric information, by second biometric information and institute
State the first biometric information and compare certification;
3rd acquiring unit, if the contrast certification for the contrast authentication unit passes through, obtains the validation confirmation information.
13. a kind of method that control terminal controls smart home, applied to intelligent home control system, it is characterised in that described
Intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety
Equipment supports the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The control terminal controls the method for smart home to be:
The control terminal receives the registration information of user, and is sent to FIDO servers;
The control terminal receives the registration request order sent by the FIDO servers, and the registration request order is by institute
FIDO servers are stated according to constructed by the registration information;
The registration request order is sent to the safety means by the control terminal, so that the safety means receive institute
State after registration request order, judge whether the user account is registered in the safety means, if unregistered, the safety
Equipment then after registration confirmation is got, generates unsymmetrical key pair, stores the private key of the unsymmetrical key pair, and will
The public key of the unsymmetrical key pair is sent to the control terminal;
The public key is sent to the FIDO servers by the control terminal, so that public described in the FIDO server storages
Key, and the public key is associated with the user account;
The control terminal enters the operational order that can be used for control smart home under the user account with the user account
Row mapping association;
The control terminal receives object run instruction, so that safety means checking is associated with object run instruction
User account, and the home controller is performed the object run instruction.
14. the method that control terminal according to claim 13 controls smart home, it is characterised in that the FIDO services
Device includes Registering modules, and the control terminal also includes before the registration information is sent into the FIDO servers:
The control terminal obtains the positional information and/or facility information of the safety means from the safety means;
The positional information and/or facility information are set up into registration information by the control terminal, so that the registration mould
Root tuber judges the safety means whether in predeterminable area according to the positional information that receives, and/or according to receiving
The facility information judge the safety means whether specify user hold or known safety means, if the safety means
In predeterminable area, and/or the safety means are to specify user to hold or known safety means, the FIDO servers
The step of registration information is built into registration request order by execution.
15. a kind of method of FIDO server controls smart home, applied to intelligent home control system, it is characterised in that institute
Stating intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety
Equipment supports the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The FIDO servers receive the registration information that the control terminal is sent;
The registration information is built into registration request order by the FIDO servers, and the registration request order is passed through
The control terminal is sent to the safety means, so that the safety means are received after the registration request order, judges
Whether the user account is registered in the safety means, if unregistered, and the safety means are then getting registration really
Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair
Key is sent to the FIDO servers by the control terminal;
Public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the FIDO servers coordinate the safety means checking and institute
The associated user account of object run instruction is stated, so that the home controller performs the object run after being verified
Instruction.
16. the method for FIDO server controls smart home according to claim 15, it is characterised in that the FIDO clothes
Business device includes Registering modules, and the registration information includes the safety that the control terminal is obtained from the safety means
The positional information and/or facility information of equipment, registration request is built into the FIDO servers by the registration information
Before order, in addition to:
The Registering modules receive the registration information;
The Registering modules judge whether the safety means are located in predeterminable area according to the positional information, and/or according to
The facility information judges whether the safety means specify user to hold or known safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety
Equipment, the FIDO servers perform the step of registration information is built into registration request order, otherwise terminate note
Volume process.
17. a kind of method that safety means control smart home, applied to intelligent home control system, it is characterised in that described
Intelligent home control system includes outside control subsystem and internal control subsystem;
The outside control subsystem includes control terminal and the safety means communicated to connect with the control terminal, the safety
Equipment supports the standard agreement of FIDO certifications;
The internal control subsystem includes FIDO servers, application server and home controller;
The intelligent home furnishing control method is:
The safety means receive the registration request order sent by the FIDO servers by the control terminal, the note
Volume request command is constructed by the registration information sent as the FIDO servers according to the control terminal;
The safety means parse the registration request order, judge whether the user account is noted in the safety means
Volume;
If unregistered, the safety means generate unsymmetrical key pair after registration confirmation is got, and store described non-
The private key of symmetric key pair, and the public key of the unsymmetrical key pair is sent to the FIDO services by the control terminal
Device, so that public key described in the FIDO server storages, and the public key is associated with the user account;
After the control terminal receives object run instruction, the safety means are with reference to the FIDO server authentications and institute
The associated user account of object run instruction is stated, so that the home controller performs the object run after being verified
Instruction.
18. the method that safety means according to claim 17 control smart home, it is characterised in that the FIDO services
Device includes Registering modules, and the safety means also include before receiving the registration request order:
The safety means send the positional information and/or facility information of the safety means to the control terminal, so that institute
State control terminal and the registration information, and the Registering modules are set up according to the positional information and/or facility information
Judge whether the safety means are located in default scope according to the positional information, and/or sentenced according to the facility information
Breaking, whether user holds or known safety means the safety means;
When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety means,
Perform the safety means and receive the registration request order that the FIDO servers are sent.
19. a kind of control terminal, applied to intelligent home control system, carries out data with FIDO servers and safety means respectively
Interaction, it is characterised in that the control terminal includes:
Registration information transceiver module, for receiving the registration information of user and being sent to the FIDO servers;
Registration request order transceiver module, for receiving registration request order that the FIDO servers send and by the registration
Request command is sent to the safety means, so that the safety means are received after the registration request order, judges described
Whether user account is registered in the safety means, if unregistered, the safety means are then getting registration confirmation
After breath, unsymmetrical key pair is generated, the private key of the unsymmetrical key pair is stored, and the public key of the unsymmetrical key pair is sent out
The control terminal is given, the registration request order is that the FIDO servers are built according to the registration information;
Public key transceiver module, is serviced for receiving the public key of the safety means transmission and the public key being sent into the FIDO
Device, so that public key described in the FIDO server storages, and the public key is associated with the user account;
Operational order transceiver module, for receiving object run instruction, and after the user account is verified, target is grasped
The home controller is sent to as instruction, so that the home controller performs the object run instruction;
Authentication module, for reference to the FIDO servers user associated with object run instruction with the safety means pair
Account is verified.
20. control terminal according to claim 19, it is characterised in that the FIDO servers include Registering modules, institute
Registration information transceiver module is stated to be additionally operable to:
The positional information and/or facility information of the safety means are obtained from the safety means, and sets up into registration request letter
Breath;
The positional information and/or facility information are sent to the Registering modules, so that the Registering modules are according to institute's rheme
Confidence breath judges whether the safety means are located in predeterminable area, and/or judges that the safety is set according to the facility information
It is standby whether to specify user to hold or known safety means;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety
Equipment, makes the FIDO servers perform the step of registration information is built into registration request order.
21. a kind of FIDO servers, applied to intelligent home control system, are communicated to connect, and pass through the control with control terminal
Terminal processed carries out data interaction with safety means, it is characterised in that the FIDO servers include:
Registration information receiving module, for receiving the registration information that the control terminal is sent;
Registration request order structure and sending module, for building registration request order and by the note according to registration information
Volume request command is sent to the safety means by the control terminal, so that the safety means receive the registration and asked
Ask after order, judge whether the user account is registered in the safety means, if unregistered, the safety means then exist
Get after registration confirmation, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and will be described non-right
The public key of key pair is claimed to be sent to the control terminal;
Public key receiving module, for receiving public key from the control terminal;
Public key is stored and relating module, for storing the public key, and the public key is associated with the user account;
Authentication module, for instructing associated user account to object run with reference to the control terminal and the safety means
Verified, so that the home controller performs the object run instruction after the user account is verified.
22. FIDO servers according to claim 21, it is characterised in that also including Registering modules, the registration request
Information includes the positional information and/or facility information of the safety means, and the Registering modules are used for:
The registration information is received, and judges whether the safety means are located at according to the positional information of the safety means
In predeterminable area, and/or according to the facility information judge the safety means whether specify user hold or known safety
Equipment;
If the safety means are located in predeterminable area, and/or the safety means are to specify user to hold or known safety
Equipment, makes the FIDO servers perform the step of registration information is built into registration request order, otherwise terminates
Registration process.
23. a kind of safety means, applied to intelligent home control system, data friendship is carried out by control terminal and FIDO servers
Mutually, it is characterised in that the safety means include:
Registration request Order receiver module, for receiving the registration by the FIDO server constructions that the control terminal is sent
Request command, the registration request order is the registration as the FIDO servers according to constructed by registration information
Solicited message is inputted in the control terminal by user and is sent to the FIDO servers by the control terminal;
Judge module is registered, for judging whether the user account is registered in the safety means;
Confirmation acquisition module, for obtaining registration confirmation;
Public and private key generation module, it is true getting registration if being registered for the user account not in the safety means
Recognize after information, generate unsymmetrical key pair, store the private key of the unsymmetrical key pair, and by the public affairs of the unsymmetrical key pair
Key is sent to the FIDO servers by the control terminal, so that public key described in the FIDO server storages, and by institute
State public key associated with the user account;
Authentication module, for instructing associated user's account to object run with reference to the control terminal and the FIDO servers
Family is verified, so that the home controller performs the object run instruction after the user account is verified.
24. safety means according to claim 23, it is characterised in that the FIDO servers include Registering modules, institute
Stating safety means also includes positional information sending module, and the positional information sending module is used for:
The positional information and/or facility information of the safety means are sent into the control terminal to set up into registration request letter
Breath, so that the Registering modules judge whether the safety means are located at default scope according to the positional information received
It is interior, and/or judge whether user holds or known safety means the safety means according to the facility information;
When the safety means are located in predeterminable area, and/or the safety means are that user holds or known safety means,
The safety means receive the registration request order that the FIDO servers are sent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710311631.9A CN107222373B (en) | 2017-05-05 | 2017-05-05 | Control method, system and terminal of smart home, FIDO server and safety equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710311631.9A CN107222373B (en) | 2017-05-05 | 2017-05-05 | Control method, system and terminal of smart home, FIDO server and safety equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107222373A true CN107222373A (en) | 2017-09-29 |
CN107222373B CN107222373B (en) | 2020-01-24 |
Family
ID=59943833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710311631.9A Active CN107222373B (en) | 2017-05-05 | 2017-05-05 | Control method, system and terminal of smart home, FIDO server and safety equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107222373B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108337253A (en) * | 2018-01-29 | 2018-07-27 | 苏州南尔材料科技有限公司 | A kind of computer based intelligent electrical appliance control |
CN108365952A (en) * | 2018-01-25 | 2018-08-03 | 深圳市文鼎创数据科技有限公司 | A kind of method of registration, system and intelligent key safety equipment |
CN108427315A (en) * | 2018-06-01 | 2018-08-21 | 武汉科技大学 | A kind of intelligent home control system and its control method based on mobile phone A pp |
CN108932424A (en) * | 2018-06-26 | 2018-12-04 | 山东威尔数据股份有限公司 | A kind of device registering system and method |
CN109116748A (en) * | 2018-10-30 | 2019-01-01 | 滁州市易搜信息技术有限公司 | Smart home interaction platform management system based on Internet of Things |
CN109302286A (en) * | 2018-10-26 | 2019-02-01 | 江苏恒宝智能系统技术有限公司 | A kind of generation method of Fido device keys index |
EP3490220A1 (en) * | 2017-11-22 | 2019-05-29 | Canon Kabushiki Kaisha | Information processing apparatus |
CN110266107A (en) * | 2019-06-25 | 2019-09-20 | 浙江矗立建筑装饰工程有限公司 | House wireless power supply system |
CN111274596A (en) * | 2020-01-23 | 2020-06-12 | 百度在线网络技术(北京)有限公司 | Device interaction method, authority management method, interaction device and user side |
CN113806723A (en) * | 2021-09-27 | 2021-12-17 | 三星电子(中国)研发中心 | Double-factor authentication method and device |
US12015498B1 (en) * | 2018-11-09 | 2024-06-18 | Amazon Technologies, Inc. | Electronic device configuration using dummy devices |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104283885A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Multi-SP safety binding implementation method based on intelligent terminal local authentication |
CN105007164A (en) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | Centralized safety control method and device |
CN105259771A (en) * | 2015-10-29 | 2016-01-20 | 东莞酷派软件技术有限公司 | Authentication method and associated device |
CN105580314A (en) * | 2013-09-23 | 2016-05-11 | 三星电子株式会社 | Apparatus and method by which user device in home network system transmits home-device-related information |
CN105763559A (en) * | 2016-04-12 | 2016-07-13 | 北京握奇智能科技有限公司 | Intelligent household control system and method |
CN106534189A (en) * | 2016-12-14 | 2017-03-22 | 宁夏煜隆科技有限公司 | Bi-directional interactive center control server |
-
2017
- 2017-05-05 CN CN201710311631.9A patent/CN107222373B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105580314A (en) * | 2013-09-23 | 2016-05-11 | 三星电子株式会社 | Apparatus and method by which user device in home network system transmits home-device-related information |
CN104283885A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Multi-SP safety binding implementation method based on intelligent terminal local authentication |
CN105007164A (en) * | 2015-07-30 | 2015-10-28 | 青岛海尔智能家电科技有限公司 | Centralized safety control method and device |
CN105259771A (en) * | 2015-10-29 | 2016-01-20 | 东莞酷派软件技术有限公司 | Authentication method and associated device |
CN105763559A (en) * | 2016-04-12 | 2016-07-13 | 北京握奇智能科技有限公司 | Intelligent household control system and method |
CN106534189A (en) * | 2016-12-14 | 2017-03-22 | 宁夏煜隆科技有限公司 | Bi-directional interactive center control server |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3490220A1 (en) * | 2017-11-22 | 2019-05-29 | Canon Kabushiki Kaisha | Information processing apparatus |
US11093602B2 (en) | 2017-11-22 | 2021-08-17 | Canon Kabushiki Kaisha | Information processing apparatus, method for information processing apparatus, and program storage medium |
CN108365952A (en) * | 2018-01-25 | 2018-08-03 | 深圳市文鼎创数据科技有限公司 | A kind of method of registration, system and intelligent key safety equipment |
CN108337253A (en) * | 2018-01-29 | 2018-07-27 | 苏州南尔材料科技有限公司 | A kind of computer based intelligent electrical appliance control |
CN108427315A (en) * | 2018-06-01 | 2018-08-21 | 武汉科技大学 | A kind of intelligent home control system and its control method based on mobile phone A pp |
CN108932424A (en) * | 2018-06-26 | 2018-12-04 | 山东威尔数据股份有限公司 | A kind of device registering system and method |
CN108932424B (en) * | 2018-06-26 | 2020-10-02 | 山东威尔数据股份有限公司 | Equipment registration system and method |
CN109302286A (en) * | 2018-10-26 | 2019-02-01 | 江苏恒宝智能系统技术有限公司 | A kind of generation method of Fido device keys index |
CN109302286B (en) * | 2018-10-26 | 2021-03-16 | 江苏恒宝智能系统技术有限公司 | Fido equipment key index generation method |
CN109116748A (en) * | 2018-10-30 | 2019-01-01 | 滁州市易搜信息技术有限公司 | Smart home interaction platform management system based on Internet of Things |
US12015498B1 (en) * | 2018-11-09 | 2024-06-18 | Amazon Technologies, Inc. | Electronic device configuration using dummy devices |
CN110266107A (en) * | 2019-06-25 | 2019-09-20 | 浙江矗立建筑装饰工程有限公司 | House wireless power supply system |
CN111274596A (en) * | 2020-01-23 | 2020-06-12 | 百度在线网络技术(北京)有限公司 | Device interaction method, authority management method, interaction device and user side |
CN113806723A (en) * | 2021-09-27 | 2021-12-17 | 三星电子(中国)研发中心 | Double-factor authentication method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107222373B (en) | 2020-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107222373A (en) | Control method, system, terminal, FIDO servers and the safety means of smart home | |
CN107426160A (en) | Control method, system, terminal, FIDO servers and the safety means of smart home | |
CN107800725A (en) | A kind of digital certificate remote online managing device and method | |
EP2579220A1 (en) | Entrance guard control method and system thereof | |
CN103136820A (en) | Remote access control system based on terminal fingerprint identification | |
CN110126782A (en) | A kind of Vehicular intelligent key application method and device | |
CN106034123B (en) | Authentication method, application system server and client | |
CN102037706B (en) | Method for the temporary personalization of a communication device | |
CN105939197B (en) | A kind of identity identifying method and system | |
CN103489233A (en) | Electronic door control system with dynamic password | |
CN104253818B (en) | Server, terminal authentication method and server, terminal | |
CN109121124A (en) | A kind of client-based bluetooth mesh equipment networking process implementation method | |
CN102412970A (en) | Pervasive-network-oriented remote identity authentication system and method | |
US11637826B2 (en) | Establishing authentication persistence | |
CN109600343A (en) | Control method, device, mobile terminal, vehicle and the remote server of vehicle | |
CN110535882A (en) | Identity authentication service method and system based on heterogeneous terminal | |
CN110163998A (en) | A kind of intelligent door lock application method of intelligent door lock system and offline authentication | |
CN107113613A (en) | Server, mobile terminal, real-name network authentication system and method | |
CN207939549U (en) | A kind of digital certificate remote online managing device | |
CN107517217A (en) | A kind of multiple-factor wireless key fill system based on fingerprint recognition | |
CN109409057A (en) | Security system and its control method, control device and storage medium | |
CN110278083A (en) | ID authentication request treating method and apparatus, equipment replacement method and apparatus | |
CN106790080A (en) | Secure communication of network method and apparatus between operation system and electronic certificate system | |
CN109587123A (en) | Double factor verification method and certificate server, biometric authentication service device | |
CN111946163A (en) | Method and system for remotely opening door by visual intelligent lock |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |