CN107888603B - Internet of things intelligent equipment registration and authentication method and Internet of things - Google Patents

Internet of things intelligent equipment registration and authentication method and Internet of things Download PDF

Info

Publication number
CN107888603B
CN107888603B CN201711183397.2A CN201711183397A CN107888603B CN 107888603 B CN107888603 B CN 107888603B CN 201711183397 A CN201711183397 A CN 201711183397A CN 107888603 B CN107888603 B CN 107888603B
Authority
CN
China
Prior art keywords
control terminal
intelligent
information
access server
intelligent equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711183397.2A
Other languages
Chinese (zh)
Other versions
CN107888603A (en
Inventor
宁晓魁
张超
胡永亮
杨爱蓉
姚铸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Certification Technology (Chongqing) Co.,Ltd.
Original Assignee
Guomin Authentication Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guomin Authentication Technology Beijing Co ltd filed Critical Guomin Authentication Technology Beijing Co ltd
Priority to CN201711183397.2A priority Critical patent/CN107888603B/en
Publication of CN107888603A publication Critical patent/CN107888603A/en
Application granted granted Critical
Publication of CN107888603B publication Critical patent/CN107888603B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an Internet of things intelligent device registration and authentication method and an Internet of things, wherein the registration method comprises the following steps: the method comprises the steps that telecommunication terminal equipment is selected in advance to serve as a control terminal of intelligent equipment, the control terminal and an access server are provided with a public key and a private key which are matched, and user identity information is stored in the control terminal; the access server registers and binds the identities of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information and the intelligent equipment information which are sent by the private key signature of the control terminal; and after the identity registration and binding are successful, the control terminal and the intelligent equipment are informed of successful registration. The invention can effectively improve the safety of the intelligent equipment of the Internet of things.

Description

Internet of things intelligent equipment registration and authentication method and Internet of things
Technical Field
The invention relates to the technical field of Internet of things, in particular to an Internet of things intelligent device registration and authentication method and an Internet of things.
Background
The intelligent equipment of the internet of things is more and more popular, so that the safety management of the intelligent equipment is more and more urgent. The management of the intelligent device by adopting the mobile terminal such as a mobile phone is a common management mode, but the communication security among the mobile terminal, the access server and the intelligent device is weak.
Disclosure of Invention
The invention provides an Internet of things intelligent device registration and authentication method and an Internet of things, and solves the problem that in the prior art, the safety of Internet of things intelligent devices is weak.
The invention provides an Internet of things intelligent device registration method, which comprises the following steps:
the method comprises the steps that telecommunication terminal equipment is selected in advance to serve as a control terminal of intelligent equipment, the control terminal and an access server are provided with a public key and a private key which are matched, and user identity information is stored in the control terminal;
the access server registers and binds the identities of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information and the intelligent equipment information which are sent by the private key signature of the control terminal;
and after the identity registration and binding are successful, the control terminal and the intelligent equipment are informed of successful registration.
Preferably, the identity registration and binding of the intelligent device and the control terminal by the access server according to the user identity information, the control terminal device information and the intelligent device information sent by the control terminal private key signature comprises:
establishing a point-to-point communication link between the intelligent equipment and the control terminal;
the control terminal sends user identity information and a control terminal public key to the intelligent equipment;
the intelligent device creates an intelligent device private key and an intelligent device public key according to the control terminal public key, and then sends the intelligent device public key and the intelligent device information to the control terminal;
the control terminal sends the user identity information, the intelligent equipment information, the control terminal equipment information and the intelligent equipment public key to the access server;
the access server performs identity verification on the control terminal, and performs registration verification by using user identity information after the identity verification is passed;
and after the registration verification is passed, the access server performs identity combined authorization on the intelligent equipment and the control terminal according to the user identity information, the intelligent equipment information and the control terminal equipment information.
Preferably, the control terminal sends the user identity information, the control terminal equipment information, the intelligent equipment information and the intelligent equipment public key to the access server through the control terminal private key signature;
the access server performs identity verification through a public key matched with the private key of the control terminal, and then performs registration verification by using user identity information.
Preferably, after the registration is successful, the registration method further includes:
the intelligent device sends a message of the private key signature of the intelligent device to the access server to request connection with the access server;
the access server verifies the identity of the message by using the public key of the intelligent equipment, and the intelligent equipment is accessed after the identity verification is passed.
Correspondingly, the invention also provides an authentication method for the intelligent equipment of the Internet of things, which comprises the following steps:
the intelligent device performs identity verification and signature verification on the control terminal through the intelligent device public key and user authentication information containing user identity information;
when the identity verification and the signature verification pass, the intelligent equipment sends a message of the private key signature of the intelligent equipment to the access server to request to be connected with the access server;
the access server verifies the identity of the message by using the public key of the intelligent equipment, and the intelligent equipment is accessed after the identity verification is passed.
Preferably, the identity verification and signature verification performed by the intelligent device at the control terminal through the public key of the intelligent device and the user authentication information containing the user identity information includes:
establishing a point-to-point communication link between the intelligent equipment and the control terminal;
the intelligent equipment sends user authentication information encrypted by a control terminal public key to the control terminal;
the control terminal utilizes the control terminal private key to carry out identity verification and signature verification on the user authentication information, and informs the intelligent equipment after the user authentication information passes the identity verification and signature verification.
Preferably, after the control terminal performs identity verification and signature verification by using the control terminal private key, the authentication method further includes:
the control terminal sends a management instruction of the intelligent equipment to the access server;
and the access server sends the management instruction to the intelligent equipment.
Correspondingly, the invention also provides an internet of things, which comprises:
the intelligent device comprises an intelligent device, a control terminal and an access server which are in communication connection with each other, wherein the control terminal and the access server are provided with a public key and a private key which are matched with each other, and the control terminal stores user identity information;
the access server is used for performing identity registration and binding of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information, the intelligent equipment information and the intelligent equipment public key which are sent by the control terminal, performing identity verification on a message signed by the intelligent equipment private key, and accessing the intelligent equipment after the identity verification is passed;
the control terminal is used for carrying out identity verification and signature verification on the user authentication information of the intelligent equipment and the control terminal public key when the intelligent equipment requests to be connected with the access server, and informing the intelligent equipment that the intelligent equipment can request to be connected with the access server after the user authentication information and the control terminal public key pass the identity verification and signature verification.
Preferably, after the control terminal passes the identity verification and the signature verification by using the control terminal private key, the control terminal is further configured to send a management instruction of the intelligent device to the access server, and the access server sends the management instruction to the intelligent device to control the intelligent device.
Preferably, the control terminal is a mobile phone, and the user identity information includes any one or more of the following:
a mobile phone number, a user name and a mailbox address.
The invention provides an Internet of things intelligent device registration and authentication method and an Internet of things, comprising the following steps: the method comprises the steps that telecommunication terminal equipment is selected in advance to serve as a control terminal of intelligent equipment, the control terminal and an access server are provided with a public key and a private key which are matched, and user identity information is stored in the control terminal; the access server registers and binds the identities of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information and the intelligent equipment information which are sent by the private key signature of the control terminal; and after the identity registration and binding are successful, the control terminal and the intelligent equipment are informed of successful registration. Because the control terminal is successfully connected with the access server, the control terminal can be used as a safe control terminal, and then the user identity information, the control terminal equipment information and the intelligent equipment information are sent to the access server through the control terminal, so that the intelligent equipment can be subjected to identity registration through the safe control terminal to improve the networking safety of the intelligent equipment, and the intelligent equipment can be bound with the control terminal so as to be convenient for controlling the intelligent equipment through the control terminal.
Further, the method for registering the intelligent device of the internet of things provided by the embodiment of the invention establishes a point-to-point communication link between the intelligent device and the control terminal, so that insecurity caused by the fact that the intelligent device is exposed to the open environment of the internet under the unauthorized condition can be avoided, and the intelligent device can be registered through the control terminal under the environment that the intelligent device cannot be networked.
Furthermore, the method for registering and binding the intelligent device and the control terminal of the internet of things provided by the embodiment of the invention further provides a specific method for registering and binding the identities of the intelligent device and the control terminal, the method can be used for shaking hands with the intelligent device by using the safe terminal, the terminal is used as the control terminal of the intelligent device after the shaking hands are successful, the communication is carried out in an encryption mode, and then the public key of the intelligent device can be sent to the access server by the control terminal, so that the access server can verify the identity of the intelligent device by using the public key of the intelligent device, and the networking safety of the intelligent device is effectively improved.
Furthermore, according to the authentication method for the internet of things intelligent device provided by the embodiment of the invention, when the intelligent device requests to be connected with the access server, the control terminal is required to perform identity verification and signature verification on the intelligent device, and the intelligent device can request to be connected with the access server only on the premise of passing, so that the networking safety of the intelligent device is effectively increased.
Furthermore, the authentication method for the intelligent equipment of the internet of things provided by the embodiment of the invention establishes a point-to-point communication link between the intelligent equipment and the control terminal, and the point-to-point connection enables the intelligent equipment not to directly request connection with the access server under the condition that the intelligent equipment is not authorized by the control terminal, so that the networking safety of the intelligent equipment is improved.
Furthermore, the internet of things provided by the embodiment of the invention requests registration and binding through the control terminal, and performs identity verification and signature verification on the intelligent equipment when the intelligent equipment requests to be connected with the access server, so that the networking safety of the intelligent equipment is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a first flowchart of a method for registering an internet-of-things smart device according to an embodiment of the present invention;
fig. 2 is a second flowchart of a method for registering an internet of things smart device according to an embodiment of the present invention;
fig. 3 is a first flowchart of an authentication method for an internet of things smart device according to an embodiment of the present invention;
fig. 4 is a second flowchart of an authentication method for an internet of things smart device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an internet of things provided in an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar parameters or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
According to the intelligent equipment registration method of the Internet of things and the Internet of things, the control terminal and the access server are provided with the matched public key and private key, and communication can be carried out safely and reliably, so that the control terminal can be used as a safe control terminal of the intelligent equipment, and then user identity information, control terminal equipment information and intelligent equipment information are sent to the access server through the control terminal, so that the intelligent equipment can be subjected to identity registration through the safe control terminal to improve the networking safety of the intelligent equipment, and the intelligent equipment can be conveniently bound with the control terminal, so that the intelligent equipment can be conveniently controlled through the control terminal.
In order to better understand the technical scheme and technical effect of the present invention, the following detailed description will be made on specific embodiments with reference to a flow diagram. As shown in fig. 1, according to a first flowchart of a method for registering an internet of things smart device provided in an embodiment of the present invention, the method may include the following steps:
and step S01, selecting the telecommunication terminal equipment as a control terminal of the intelligent equipment in advance, wherein the control terminal and the access server have a public key and a private key which are matched, and the control terminal stores user identity information.
In the present embodiment, the telecommunications terminal provides the functions necessary for implementing the access protocol by the user. The telecommunication terminal equipment can convert voice, text, data and image information into electric signals or electromagnetic signals to be transmitted, and restore the received electric or electromagnetic signals into the original voice, text, data and image information. Specifically, the control terminal may be a telephone set, a telegraph, a mobile phone, a data terminal, a microcomputer, a facsimile machine, a television, an office automation system, a computer system, or the like. The control terminal is used for establishing a point-to-point communication link with the intelligent device, and for the external network, the control terminal is used as a terminal device of the external network to access under the unauthorized condition of the intelligent device, for example, the control terminal can be connected through a hard wire or wirelessly connected in a point-to-point manner through Bluetooth, WiFi and the like, and the intelligent device cannot be exposed in the open environment of the internet under the unauthorized condition through the point-to-point connection, so that the networking safety of the intelligent device is improved.
Preferably, the control terminal is a mobile phone, which has passed 3C authentication, SRMC authentication, CTA authentication, and the like, and a server provided by a telecommunications provider has a public key and a private key paired with each other, so that the security of communication between the mobile phone and the access server can be guaranteed, and therefore, the mobile phone can obtain a public key of the smart device and information of the smart device by establishing a point-to-point communication link between the mobile phone and the smart device, and then send the public key and the information of the smart device to the access server for identity registration and binding of the smart device and the control terminal, so that the smart device is not exposed to an open environment of the internet under an unauthorized condition, and the security of networking of the smart device is effectively improved.
And step S02, the access server registers and binds the identity of the intelligent device and the control terminal according to the user identity information, the control terminal device information and the intelligent device information sent by the control terminal private key signature.
In this embodiment, the user identity information may be a mobile phone number, a registration number of the control terminal in the access server, a user name, a user password, a mailbox, and the like, and the user identity information is used for performing registration, registration verification, identity verification, and the like in the access server. The control terminal device information and the intelligent device information may be device hardware information, for example, unique hardware information such as an MAC address and a CPU number, and the control terminal device information and the intelligent device information are sent to the access server so as to bind the control terminal device and the intelligent device.
Specifically, the control terminal may obtain the user identity information, the control terminal device information, and the intelligent device information through manual input or automatic acquisition. For example, the control terminal establishes a point-to-point communication link with the intelligent device, then sends an intelligent device information request message to the intelligent device, and the intelligent device receives the request message and then sends the intelligent device information to the control terminal. Of course, in order to improve information security, encrypted communication can be performed between the intelligent device and the control terminal.
In addition, the access server and the control terminal should also perform encrypted communication, for example, the control terminal sends the information to the access server through a private key signature, the access server performs identity verification by using a matched public key, and the information is obtained when the verification passes.
And step S03, after the identity registration and binding are successful, the control terminal and the intelligent device are informed that the registration is successful.
In this embodiment, after the identity registration and binding are successful, the access server performs joint authorization on the control terminal and the intelligent device, and sends the relevant information to the control terminal, and the control terminal notifies the intelligent device of successful registration after receiving the relevant information.
According to the method for registering the intelligent equipment of the Internet of things, the telecommunication terminal equipment is selected as the control terminal of the intelligent equipment, the control terminal and the access server have a matched public key and private key, and the control terminal stores user identity information. Because the control terminal is successfully connected with the access server, the control terminal can be used as a safe control terminal, and then the control terminal sends the user identity information, the control terminal equipment information and the intelligent equipment information to the access server, so that the intelligent equipment can be subjected to identity registration through the safe control terminal to improve the networking safety of the intelligent home before registration, and the intelligent equipment can be bound with the control terminal to be convenient for control.
Fig. 2 is a second flowchart of a method for registering an internet of things smart device according to an embodiment of the present invention.
In this embodiment, a method for specifically registering and binding identities of an intelligent device and a control terminal is provided, and specifically, the registering and binding identities of the intelligent device and the control terminal by an access server according to user identity information, control terminal device information, and intelligent device information sent by a private key signature of the control terminal includes:
1. and establishing a point-to-point communication link between the intelligent equipment and the control terminal.
In this embodiment, the control terminal may be connected through a hard wire or through a point-to-point connection through a wireless connection such as bluetooth or WiFi, and the point-to-point connection enables the smart device not to be exposed to an open environment of the internet without authorization, thereby improving the security of the networking.
2. And the control terminal sends the user identity information and the control terminal public key to the intelligent equipment.
The control terminal public key is different from a public key and a private key which are paired with the access server by the control terminal, and is another control terminal public key generated by the control terminal. It should be noted that the intelligent device may be one or more, that is, one control terminal may correspond to a plurality of intelligent devices.
3. And after the intelligent device creates an intelligent device private key and an intelligent device public key according to the control terminal public key, the intelligent device public key and the intelligent device information are sent to the control terminal.
The intelligent device public key needs to be sent to the access server through the control terminal in an encrypted manner, for example, the intelligent device public key is sent to the access server in a manner of controlling the signature of the terminal private key. When the intelligent device wants to send encrypted information only to the access server, the private key signature of the information to be sent can be carried out by using the private key of the intelligent device, then the information is sent to the internet, the access server receives the message signed by the private key and then carries out identity verification on the message by using the public key of the intelligent device, if the verification is passed, the message is sent to the access server, and other servers do not have the private keys of the intelligent device, so that the message cannot be correctly decoded, and the message is not sent to other servers or is a damaged message.
It should be noted that the smart device public key and the smart device information may be sent to the control terminal at the same time, for example, the smart device public key is encrypted by using the smart device information and then sent to the control terminal, and the control terminal acquires the smart device information and the smart device public key at the same time during decryption, or sends the smart device information and the smart device public key at different times. In addition, when there are a plurality of smart devices, each smart device has a smart device private key and a smart device public key that are different from each other.
4. And the control terminal sends the user identity information, the intelligent equipment information, the control terminal equipment information and the intelligent equipment public key to the access server.
Specifically, the control terminal sends the user identity information, the control terminal device information, the intelligent device information and the intelligent device public key to the access server through the control terminal private key signature. The access server stores user identity information, control terminal equipment information, intelligent equipment information and an intelligent equipment public key.
5. And the access server performs identity verification on the control terminal by using the paired public key, and performs registration verification by using the user identity information after the identity verification is passed.
Specifically, the access server performs identity verification on the control terminal through a public key matched with a private key of the control terminal, and then performs registration verification by using user identity information. The registration check includes, but is not limited to: whether the user name is available, whether the mailbox format is correct, whether the verification code is correct, whether the password meets the requirement, repeated password input verification and the like.
6. And after the registration verification is passed, the access server performs identity combined authorization on the intelligent equipment and the control terminal according to the user identity information, the intelligent equipment information and the control terminal equipment information.
This completes the registration and binding process. The access server can inform the control terminal that the registration is successful, and then the control terminal informs the intelligent device that the registration is successful.
Further, in order to facilitate the intelligent device to check whether the intelligent device can be connected with the access server, after the registration is successful, the registration method further includes:
7. the intelligent device sends a message of the private key signature of the intelligent device to the access server to request connection with the access server.
8. The access server verifies the identity of the message by using the public key of the intelligent equipment, accesses the intelligent equipment after the identity verification is passed, and then feeds back information.
According to the method for registering the intelligent equipment of the Internet of things, provided by the embodiment of the invention, the safe terminal can be used for shaking hands with the intelligent equipment, the terminal is used as the control terminal of the intelligent equipment after the shaking hands are successfully held, communication is carried out in an encryption mode, and then the public key of the intelligent equipment can be sent to the access server through the control terminal, so that the access server can conveniently verify the identity of the intelligent equipment by using the public key of the intelligent equipment, and the networking safety degree of the intelligent equipment is effectively improved.
Fig. 3 is a first flowchart of an authentication method for an internet of things smart device according to an embodiment of the present invention.
In this embodiment, the method for authenticating the internet of things intelligent device includes:
and step S31, the intelligent device performs identity verification and signature verification on the control terminal through the public key of the intelligent device and the user authentication information containing the user identity information.
Specifically, when the intelligent device requests to be connected with the access server, identity verification and signature verification authentication are firstly carried out through the intelligent device, and the access request message can be sent to the access server on the premise that the intelligent device passes the authentication, so that the networking safety of the intelligent device is improved.
Step S32, when the intelligent device passes the identity verification and the signature verification, the intelligent device sends the message of the private key signature of the intelligent device to the access server to request to connect with the access server.
The message may include information such as a user name and a password, and the information is signed by a private key of the smart device.
And step S33, the access server checks the identity of the message by using the public key of the intelligent device, and the access server accesses the intelligent device after the identity check is passed.
The access server checks the identity of the message by using the public key of the intelligent device sent to the access server by the control terminal in the registration process, and the intelligent device is accessed after the identity check is passed.
According to the method for registering the intelligent equipment of the Internet of things, when the intelligent equipment requests to be connected with the access server, identity verification and signature verification are firstly required to be carried out on the intelligent equipment and the control terminal, and the intelligent equipment can request to be connected with the access server on the premise of passing, so that the networking safety of the intelligent equipment is effectively improved.
Fig. 4 is a second flowchart of an authentication method for an internet of things smart device according to an embodiment of the present invention.
In this embodiment, a specific method for performing identity verification and signature verification authentication on a control terminal by an intelligent device is provided, where the performing, by the intelligent device, identity verification and signature verification authentication on the control terminal through a public key of the intelligent device and user authentication information including user identity information includes:
1. and establishing a point-to-point communication link between the intelligent equipment and the control terminal.
In this embodiment, the control terminal may be connected via a hard wire or via a point-to-point connection via wireless connection such as bluetooth or WiFi, and the point-to-point connection makes the smart device unable to directly request connection with the access server without authorization from the control terminal, thereby improving the security of the smart device networking.
2. And the intelligent equipment sends the user authentication information encrypted by the public key of the control terminal to the control terminal.
3. The control terminal utilizes the control terminal private key to carry out identity verification and signature verification on the user authentication information, and informs the intelligent equipment after the user authentication information passes the identity verification and signature verification.
Further, after the control terminal passes the identity verification and the signature verification by using the control terminal private key, the control terminal can consider that the intelligent device is connected with the access server, and further can control the intelligent device through the control terminal, and the authentication method further comprises the following steps:
6. and the control terminal sends a management instruction of the intelligent equipment to the access server.
7. And the access server sends the management instruction to the intelligent equipment. The access server can encrypt the management instruction by adopting the public key of the intelligent device and then send the management instruction to the intelligent device, and the intelligent device decrypts the management instruction by utilizing the private key of the intelligent device after receiving the encrypted management instruction.
According to the authentication method for the intelligent equipment of the Internet of things, provided by the embodiment of the invention, the point-to-point communication link between the intelligent equipment and the control terminal is established, and the intelligent equipment cannot directly request to be connected with the access server under the condition that the intelligent equipment is not authorized by the control terminal through the point-to-point connection, so that the networking safety of the intelligent equipment is improved.
Correspondingly, the present invention further provides an internet of things corresponding to the method, as shown in fig. 5, which is a schematic structural diagram of an internet of things provided according to an embodiment of the present invention, and the internet of things may include:
the intelligent device comprises an intelligent device, a control terminal and an access server which are in communication connection with each other, wherein the control terminal and the access server are provided with a public key and a private key which are matched with each other, and the control terminal stores user identity information.
The access server is used for performing identity registration and binding of the intelligent device and the control terminal according to the user identity information, the control terminal device information, the intelligent device information and the intelligent device public key which are sent by the control terminal, performing identity verification on the message signed by the intelligent device private key, and accessing the intelligent device after the identity verification is passed.
The control terminal is used for carrying out identity verification and signature verification on the user authentication information of the intelligent equipment and the control terminal public key when the intelligent equipment requests to be connected with the access server, and informing the intelligent equipment that the intelligent equipment can request to be connected with the access server after the user authentication information and the control terminal public key pass the identity verification and signature verification.
Wherein, the smart device includes but is not limited to: intelligent air purifier, intelligent (window) curtain, intelligent water heater, intelligent TV, intelligent refrigerator, intelligent camera, intelligent audio amplifier etc..
The control terminal can be a mobile terminal or a fixed terminal, and preferably adopts a mobile terminal, so that a user can conveniently control the intelligent equipment by using the control terminal at any time and any place. More preferably, the control terminal is a mobile phone, and the user identity information includes any one or more of the following: a mobile phone number, a user name and a mailbox address. Preferably, a point-to-point communication link is established between the intelligent device and the control terminal. It should be noted that, the number of the intelligent devices may be multiple, and a point-to-point communication link is respectively established between the intelligent devices and the control terminal, and correspondingly, each intelligent device has a set of unique intelligent device public key and an intelligent device private key.
In other embodiments, after the control terminal passes the identity verification and the signature verification by using the control terminal private key, the control terminal is further configured to send a management instruction of the intelligent device to the access server, and the access server sends the management instruction to the intelligent device to control the intelligent device.
The Internet of things provided by the embodiment of the invention requests registration and binding through the control terminal, and performs identity verification and signature verification on the user authentication information of the intelligent equipment and the control terminal public key when the intelligent equipment requests to be connected with the access server, thereby effectively increasing the networking safety of the intelligent equipment.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions in a system for multi-operator remote manipulation of a single operator according to embodiments of the present invention. The present invention may also be embodied as apparatus or system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from a website on the internet, provided on a carrier signal, or provided in any other form.

Claims (9)

1. An Internet of things intelligent device registration method is characterized by comprising the following steps:
the method comprises the steps that telecommunication terminal equipment is selected in advance to serve as a control terminal of intelligent equipment, the control terminal and an access server are provided with a public key and a private key which are matched, and user identity information is stored in the control terminal;
the access server registers and binds the identities of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information and the intelligent equipment information which are sent by the private key signature of the control terminal;
after the identity registration and binding are successful, the control terminal and the intelligent equipment are informed of successful registration;
the method further comprises the following steps:
the intelligent device creates an intelligent device private key and an intelligent device public key according to the control terminal public key;
after the registration is successful, the intelligent device sends a message of the private key signature of the intelligent device to the access server to request to be connected with the access server;
the access server verifies the identity of the message by using the public key of the intelligent equipment acquired by the control terminal, and the intelligent equipment is accessed after the identity verification is passed.
2. The registration method of claim 1, wherein the performing, by the access server, identity registration and binding of the smart device and the control terminal according to the user identity information, the control terminal device information, and the smart device information sent by the control terminal private key signature comprises:
establishing a point-to-point communication link between the intelligent equipment and the control terminal;
the control terminal sends user identity information and a control terminal public key to the intelligent equipment;
the intelligent device creates an intelligent device private key and an intelligent device public key according to the control terminal public key, and then sends the intelligent device public key and the intelligent device information to the control terminal;
the control terminal sends the user identity information, the intelligent equipment information, the control terminal equipment information and the intelligent equipment public key to the access server;
the access server performs identity verification on the control terminal, and performs registration verification by using user identity information after the identity verification is passed;
and after the registration verification is passed, the access server performs identity combined authorization on the intelligent equipment and the control terminal according to the user identity information, the intelligent equipment information and the control terminal equipment information.
3. The registration method according to claim 2, wherein the control terminal sends the user identity information, the control terminal device information, the intelligent device information and the intelligent device public key to the access server through a control terminal private key signature;
the access server performs identity verification through a public key matched with the private key of the control terminal, and then performs registration verification by using user identity information.
4. An Internet of things intelligent device authentication method is characterized by comprising the following steps:
the intelligent device creates an intelligent device private key and an intelligent device public key according to the control terminal public key, and then sends the intelligent device public key and the intelligent device information to the control terminal;
the control terminal sends the user identity information, the intelligent equipment information, the control terminal equipment information and the intelligent equipment public key to the access server;
the intelligent device performs identity verification and signature verification on the control terminal through the intelligent device public key and user authentication information containing user identity information;
when the identity verification and the signature verification pass, the intelligent equipment sends a message of the private key signature of the intelligent equipment to the access server to request to be connected with the access server;
the access server verifies the identity of the message by using the public key of the intelligent equipment, and the intelligent equipment is accessed after the identity verification is passed.
5. The authentication method according to claim 4, wherein the intelligent device performs identity verification and signature verification on the control terminal through the intelligent device public key and the user authentication information containing the user identity information, and comprises:
establishing a point-to-point communication link between the intelligent equipment and the control terminal;
the intelligent equipment sends user authentication information encrypted by a control terminal public key to the control terminal;
the control terminal utilizes the control terminal private key to carry out identity verification and signature verification on the user authentication information, and informs the intelligent equipment after the user authentication information passes the identity verification and signature verification.
6. The authentication method according to claim 4 or 5, wherein after the control terminal passes the identity verification and signature verification by using the control terminal private key, the authentication method further comprises:
the control terminal sends a management instruction of the intelligent equipment to the access server;
and the access server sends the management instruction to the intelligent equipment.
7. An internet of things, comprising:
the intelligent device comprises an intelligent device, a control terminal and an access server which are in communication connection with each other, wherein the control terminal and the access server are provided with a public key and a private key which are matched with each other, and the control terminal stores user identity information;
the access server is used for performing identity registration and binding of the intelligent equipment and the control terminal according to the user identity information, the control terminal equipment information, the intelligent equipment information and the intelligent equipment public key which are sent by the control terminal, performing identity verification on a message signed by the intelligent equipment private key, and accessing the intelligent equipment after the identity verification is passed;
the control terminal is used for carrying out identity verification and signature verification on the user authentication information of the intelligent equipment and the control terminal public key when the intelligent equipment requests to be connected with the access server, and informing the intelligent equipment that the intelligent equipment can request to be connected with the access server after the user authentication information and the control terminal public key pass the identity verification and signature verification.
8. The internet of things as claimed in claim 7, wherein after the control terminal passes identity verification and signature verification by using a control terminal private key, the control terminal is further configured to send a management instruction of the intelligent device to the access server, and the access server sends the management instruction to the intelligent device to control the intelligent device.
9. The internet of things of claim 7 or 8, wherein the control terminal is a mobile phone, and the user identity information comprises any one or more of the following:
a mobile phone number, a user name and a mailbox address.
CN201711183397.2A 2017-11-23 2017-11-23 Internet of things intelligent equipment registration and authentication method and Internet of things Active CN107888603B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711183397.2A CN107888603B (en) 2017-11-23 2017-11-23 Internet of things intelligent equipment registration and authentication method and Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711183397.2A CN107888603B (en) 2017-11-23 2017-11-23 Internet of things intelligent equipment registration and authentication method and Internet of things

Publications (2)

Publication Number Publication Date
CN107888603A CN107888603A (en) 2018-04-06
CN107888603B true CN107888603B (en) 2020-08-04

Family

ID=61774728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711183397.2A Active CN107888603B (en) 2017-11-23 2017-11-23 Internet of things intelligent equipment registration and authentication method and Internet of things

Country Status (1)

Country Link
CN (1) CN107888603B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540553B (en) * 2018-04-08 2019-08-13 中国联合网络通信集团有限公司 Internet of things data management method, platform and equipment
CN110113355B (en) * 2019-05-22 2022-05-31 北京安护环宇科技有限公司 Internet of things cloud access method and device
CN112422479B (en) * 2019-08-22 2024-05-14 北京奇虎科技有限公司 Equipment binding method, device and system
CN110932947A (en) * 2019-11-27 2020-03-27 南京创维信息技术研究院有限公司 Equipment control method and device based on television terminal
CN112464205A (en) * 2020-11-20 2021-03-09 南京酷开智慧屏科技有限公司 Authority authentication system and method for contact connection equipment
CN113329056B (en) * 2021-04-30 2023-12-01 河海大学 Binding method, binding device and binding system for Internet of things equipment and user terminal
CN113726863B (en) * 2021-08-20 2023-02-17 珠海格力电器股份有限公司 Internet of things data transmission method and device and Internet of things cloud platform server
CN113965379B (en) * 2021-10-21 2024-08-27 镇伟 Networking method of intelligent household equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404726A (en) * 2011-11-18 2012-04-04 重庆邮电大学 Distributed control method for information of accessing internet of things by user
CN103825745A (en) * 2014-03-13 2014-05-28 广州物联家信息科技股份有限公司 User authentication method and user authentication system based on Home-IOT cloud gate
CN103841119A (en) * 2014-03-25 2014-06-04 广州物联家信息科技股份有限公司 Method and system for achieving equipment access authentication based on Home-IOT cloud gateway
CN105467846A (en) * 2015-11-10 2016-04-06 广东安居宝数码科技股份有限公司 Intelligent household appliance control method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8990281B2 (en) * 2012-09-21 2015-03-24 International Business Machines Corporation Techniques for improving the efficiency of mixed radix fast fourier transform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404726A (en) * 2011-11-18 2012-04-04 重庆邮电大学 Distributed control method for information of accessing internet of things by user
CN103825745A (en) * 2014-03-13 2014-05-28 广州物联家信息科技股份有限公司 User authentication method and user authentication system based on Home-IOT cloud gate
CN103841119A (en) * 2014-03-25 2014-06-04 广州物联家信息科技股份有限公司 Method and system for achieving equipment access authentication based on Home-IOT cloud gateway
CN105467846A (en) * 2015-11-10 2016-04-06 广东安居宝数码科技股份有限公司 Intelligent household appliance control method and system

Also Published As

Publication number Publication date
CN107888603A (en) 2018-04-06

Similar Documents

Publication Publication Date Title
CN107888603B (en) Internet of things intelligent equipment registration and authentication method and Internet of things
CN107979514B (en) Method and device for binding devices
CN106790194B (en) Access control method and device based on SSL (secure socket layer) protocol
CN108933757B (en) Safe and reliable networking access method of hardware equipment
CN110290525A (en) A kind of sharing method and system, mobile terminal of vehicle number key
CN105306211B (en) A kind of identity identifying method of client software
CN110177354A (en) A kind of wireless control method and system of vehicle
EP3454504B1 (en) Service provider certificate management
CN110995710B (en) Smart home authentication method based on eUICC
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
CN113225352B (en) Data transmission method and device, electronic equipment and storage medium
WO2014183526A1 (en) Identity recognition method, device and system
CN110808991B (en) Method, system, electronic device and storage medium for secure communication connection
CN104144163A (en) Identity verification method, device and system
CN106656923A (en) Device association method, key update method and apparatuses
CN105491073B (en) Data downloading method, device and system
CA3058180A1 (en) Secure media casting bypassing mobile devices
CN111147740B (en) Method and device for controlling intelligent camera
CN111031540A (en) Wireless network connection method and computer storage medium
WO2018099407A1 (en) Account authentication login method and device
WO2014180431A1 (en) Network management security authentication method, device and system, and computer storage medium
CN109451504B (en) Internet of things module authentication method and system
CN104518874A (en) Network access control method and system
CN116032556B (en) Key negotiation method and device for applet application
CN109450887B (en) Data transmission method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Part 4-5, No. 789 Jingwei Avenue, Shiyou Road Street, Yuzhong District, Chongqing 400042

Patentee after: National Certification Technology (Chongqing) Co.,Ltd.

Address before: 100080 No.303, 3 / F, digital media building, No.7 Shangdi Information Road, Haidian District, Beijing

Patentee before: GUOMIN AUTHENTICATION TECHNOLOGY (BEIJING) CO.,LTD.

CP03 Change of name, title or address