CN108769186B - Service authority control method and device - Google Patents
Service authority control method and device Download PDFInfo
- Publication number
- CN108769186B CN108769186B CN201810520536.4A CN201810520536A CN108769186B CN 108769186 B CN108769186 B CN 108769186B CN 201810520536 A CN201810520536 A CN 201810520536A CN 108769186 B CN108769186 B CN 108769186B
- Authority
- CN
- China
- Prior art keywords
- terminal
- service
- service configuration
- home gateway
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012545 processing Methods 0.000 claims description 12
- 239000000284 extract Substances 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 14
- 238000004590 computer program Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method and a device for controlling service authority, comprising the following steps: performing service configuration on a second terminal according to the service configuration request of the first terminal; extracting feature data of the current service configuration, wherein the feature data comprise service attributes of the first terminal for performing service configuration on the second terminal; and generating a block corresponding to the service configuration according to the characteristic data and issuing the block to a block chain network. The scheme can quickly and safely carry out service authority authentication based on the established block chain network, thereby timely and accurately responding to the service access request and simultaneously ensuring that the service authority is not tampered.
Description
Technical Field
The present application relates to the field of internet, and in particular, to a method and an apparatus for controlling service permissions.
Background
With the development of industries and technologies such as smart homes, smart homes and the like, more and more services enter people's lives, operators and third-party service systems can provide richer internet basic services and value-added services for users, access capabilities are provided for the users through home gateways, the home gateways can limit service access of the users, service access functions of various terminals (namely terminals accessing the home gateways) in the home internet can be controlled through clients (installed in user terminals, for example) bound with the home gateways, and access of the user terminals to the third-party services or owned services can be achieved after authorization.
At present, with the development of home internet services, more and more users access to a third-party service system through a home gateway, and meanwhile, the home gateway needs to perform service authority control on a terminal requesting access, and the terminal authorized by a service can access to a corresponding service system, but in actual operation, the following problems exist: 1) in order to ensure data security, a terminal authorizing a service and a corresponding service authority are both stored in an authentication system, the terminal needs to apply for a token in the authentication system when initiating service access every time, and the process is complex; 2) the authentication system is easy to be attacked, the service authority is easy to be tampered, and the safety of service access cannot be guaranteed.
Disclosure of Invention
The application provides a service authority control method and device, which are used for safely and reliably realizing service authority control.
A first aspect of the present application provides a service right control method, including: performing service configuration on a second terminal according to the service configuration request of the first terminal; extracting feature data of the current service configuration, wherein the feature data comprise service attributes of the first terminal for performing service configuration on the second terminal; and generating a block corresponding to the service configuration according to the characteristic data and issuing the block to a block chain network.
A second aspect of the present application provides a service right control apparatus, including: the processing module is used for carrying out service configuration on the second terminal according to the service configuration request of the first terminal; the extracting module is used for extracting the feature data of the current service configuration, wherein the feature data comprises the service attribute of the service configuration of the first terminal to the second terminal; and the block chain module is used for generating a block corresponding to the service configuration according to the characteristic data and issuing the block to a block chain network.
According to the service authority control method and device, the service authority distributed by the terminal accessed to the home gateway is generated into the block and stored in the block chain network after feature extraction, so that when a user initiates a service access request, service authority authentication can be rapidly and safely carried out based on the established block chain network, the service access request can be timely and accurately responded, and meanwhile, the service authority can be guaranteed not to be tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flowchart of a service right control method according to an embodiment of the present application;
FIG. 2 is a diagram illustrating an exemplary architecture according to a first embodiment of the present application;
fig. 3 is a schematic flowchart of a service right control method according to a second embodiment of the present application;
fig. 4 is a schematic flowchart of a service right control method according to a third embodiment of the present application;
fig. 5 is a schematic flowchart of a service right control method according to a fourth embodiment of the present application;
fig. 6 is a schematic structural diagram of a service right control device according to a sixth embodiment of the present application;
fig. 7 is a schematic structural diagram of a service right control apparatus according to a seventh embodiment of the present application;
fig. 8 is a schematic structural diagram of a service right control apparatus according to an eighth embodiment of the present application;
fig. 9 is a schematic structural diagram of a service right control apparatus according to a ninth embodiment of the present application;
fig. 10 is a schematic structural diagram of a service right control apparatus according to a tenth embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims. The embodiments in the present application may be implemented individually or in combination without conflict.
Fig. 1 is a schematic flow diagram of a service right control method provided in an embodiment of the present application, and referring to fig. 1, a service right control method is provided in this embodiment for safely and reliably implementing service access control, specifically, the embodiment is exemplified by applying the service right control method to a service right control device, and the method includes:
101. performing service configuration on a second terminal according to the service configuration request of the first terminal;
102. extracting feature data of the current service configuration, wherein the feature data comprise service attributes of the first terminal for performing service configuration on the second terminal;
103. and sending the characteristic data to a node server so that the node server generates a block corresponding to the current service configuration and distributes the block to a block chain network.
In practical applications, the execution main body of this embodiment may also be a service authority control device, where the service authority control device may be a driver, program software, or a medium storing a related computer program, such as a usb disk; alternatively, the service authority control device may also be a physical device, such as a chip, a processor, etc., integrated with or installed with the relevant computer program.
Combining the actual scene for example: fig. 2 is a diagram of an architecture according to a first embodiment of the present application, and as an example, a solution of the present application may be implemented based on the architecture shown in fig. 2. Optionally, the home gateway and the node server may be integrally used as a service right control device. Optionally, this embodiment does not limit a specific implementation manner of the service right control apparatus to execute the flow steps, for example, the home gateway may extract the feature data and send the feature data to the node server, and the node server generates the block according to the feature data and issues the block to the block chain network.
The home gateway is the core of the intelligent home service, has two functions of an intelligent home control hub and a wireless router, and is connected to a service network or the internet through a broadband access and bearer network. Various home network terminals realize equipment interconnection through a home gateway, simultaneously access a broadband IP network through the home gateway, and are matched with a service platform on the broadband IP network or other various terminals, so that wider home network service capability is further provided for users.
The second terminal in the scheme refers to various home terminals connected to a network through a home gateway in a home, such as a mobile phone, a tablet personal computer (PAD), a Personal Computer (PC), an intelligent household appliance, a wearable device, and the like. Different home terminals can be set with different service attributes through service configuration, and the authorized service allows the home terminals to access to the corresponding service system. In practical applications, the number of the home terminals accessing the home gateway may be unlimited, for example, may be one or at least two, and the second terminal is described herein as an example.
In practical applications, the management client may be installed in a user terminal (the first terminal in the present solution) used by the user. The user terminal provided with the management client is a mobile phone used by a user generally, and mainly provides the control capability of the user for using the intelligent gateway function and the service.
Specifically, in the scheme, when the first terminal performs service configuration on the second terminal through the home gateway, or after performing service configuration, the home gateway extracts feature data about the service configuration, where the feature data is used to represent the service permission of the current service configuration, optionally, the feature data may include a service attribute of the current service configuration performed by the first terminal on the second terminal, and subsequently, based on the feature data, the permission allowing the first terminal to control the second terminal to access the service system may be accurately determined. In practical application, the first terminal sends a service access request for accessing the second terminal to the service system to the home gateway, and the second terminal is accessed to the service system after authentication.
Further, the characteristic data extracted by the home gateway is sent to a node server, the node server is located in a block chain network, can receive the characteristic data sent by the home gateway, encrypts the characteristic data to generate a block, and writes the block into the block chain network; meanwhile, the method can also receive a service access request sent by the home gateway and search a corresponding block to verify whether the corresponding service system is allowed to be accessed. Optionally, the node server generates corresponding blocks for different home terminals respectively, and issues the generated blocks to the block chain network. The blockchain network is composed of a plurality of blockchain nodes (namely node servers), and the generated blocks can be stored in the network. Optionally, different home gateways may correspond to different node servers.
Specifically, the block chain technology is a distributed ledger which is a chain data structure formed by combining data blocks in a sequential connection manner according to a time sequence and is cryptographically guaranteed to be not falsifiable and counterfeitable. Broadly, the blockchain technique is a completely new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data. The user queries, stores, retrieves, and writes to blockchain data, each process being a track and not an elimination. Therefore, the block is generated according to the feature data configured by the service and is issued to the block chain network, the authority authentication is subsequently carried out according to the feature data related to the service authority in the block chain network, the safe and reliable authentication control of the home terminal is realized, the storage function in the block chain network is provided for the service attribute of the home terminal linked to the home network, and the accuracy and the safety of the feature data can be ensured.
Further, there are various methods for recording feature data based on the blockchain technique, and optionally, the feature data may be specifically used for performing hash value calculation, so as to generate a block according to the calculated hash value and issue the block to a blockchain network. For example, in combination with the foregoing architecture, the home gateway extracts feature data about the current service configuration and sends the feature data to the node server, and accordingly, the node server performs hash value calculation according to the feature data, and generates a corresponding block according to the calculated hash value, and then issues the block to the blockchain network, thereby completing data storage about the current service configuration, and the block can be subsequently used for performing access authority authentication of the second terminal.
According to the service authority control method, the service authority distributed by the terminal accessed to the home gateway is generated into the block and stored in the block chain network after feature extraction, so that when a user initiates a service access request, service authority authentication can be rapidly and safely carried out based on the established block chain network, the service access request can be timely and accurately responded, and meanwhile, the service authority can be guaranteed not to be tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
Optionally, to further ensure security of service access, fig. 3 is a schematic flow diagram of a service right control method provided in a second embodiment of the present application, and referring to fig. 3, this embodiment provides a service right control method for authenticating a first terminal in advance, specifically, this embodiment still exemplifies that the service right control method is applied to a service right control device, and on the basis of any implementation manner, before 101, the method further includes:
301. establishing a binding relationship between the home gateway and the first terminal according to the binding request of the first terminal;
correspondingly, 101 may specifically include:
1011. and performing service configuration on the second terminal according to the service configuration request of the first terminal bound with the home gateway.
Correspondingly, the feature data may further include a binding relationship between the home gateway and the first terminal. Specifically, the authority of the first terminal may be authenticated first. In practical application, the first terminal performs registration binding at the home gateway, and the home gateway can record the bound terminal information so as to primarily authenticate the requested terminal according to the recorded binding relationship when subsequently receiving a service configuration request or a service access request. If the terminal initiating the request is a bound terminal, corresponding processing is performed according to the service configuration request or the service access request, and conversely, if the terminal initiating the request is an unbound terminal, corresponding processing may not be performed.
In practical applications, the binding between the home gateway and the first terminal may be implemented by various methods. As an example, the home gateway may be bound to multiple user terminals (i.e., first terminals in this embodiment), and accordingly, the home gateway may create an account for each user terminal, where the account under the home gateway corresponds to the user terminal bound to the home gateway one to one.
The service authority control method provided by this embodiment can quickly identify the terminal that has no authority and initiates the request by preliminarily authenticating the identity of the first terminal, thereby further improving the efficiency and reliability of service authority control.
Optionally, there are multiple service configuration methods, as an example, fig. 4 is a schematic flow chart of a service right control method provided in a third embodiment of the present application, and as shown in fig. 4, this embodiment provides a service right control method for implementing service configuration on a home terminal, specifically, this embodiment still takes the service right control method as an example of being applied to a service right control device, and on the basis of any implementation manner, 101 may specifically include:
1012. returning the identifier of a second terminal accessed to the home gateway to the first terminal according to the service configuration request of the first terminal;
1013. and performing service configuration on the second terminal according to the service configuration operation of the first terminal on the second terminal.
For example, when the first terminal needs to perform service configuration on the home terminal accessing the home gateway, the first terminal may initiate a service configuration request to the home gateway, and correspondingly, the home gateway returns the identifier of each home terminal accessing the first terminal to the first terminal, and the first terminal selects a second terminal that needs to perform service configuration from the identifiers, and performs a service configuration operation, and the home gateway completes the corresponding service configuration.
By the service authority control method provided by the embodiment, the user can perform service configuration on the second terminal accessed to the home gateway through the first terminal according to needs, so as to determine the access service authority of the second terminal.
Subsequently, based on the established block chain network, the service access authority can be safely and reliably controlled. Optionally, fig. 5 is a schematic flow chart of a service right control method provided in a fourth embodiment of the present application, and referring to fig. 5, this embodiment provides a service right control method for implementing service right authentication, specifically, this embodiment is still exemplified by applying the service right control method to a service right control device, and on the basis of any implementation, the method further includes:
501. receiving a service access request of a second terminal, wherein the service access request comprises an identifier of the second terminal and an identifier of a first terminal for controlling the access of the second terminal or an account identifier of the first terminal bound to a home gateway;
502. performing authority authentication according to the corresponding block found from the block chain network to obtain an authentication result;
503. and controlling the service access of the second terminal according to the authentication result.
Still referring to the foregoing architecture, for example, when a first terminal needs to control a second terminal to access a service system, a service access request may be initiated to a home gateway, where the service access request includes, but is not limited to, an identifier of the second terminal, and an identifier of a first terminal or an account identifier of the first terminal bound to the home gateway (which may be implemented in combination with the embodiment shown in fig. 3). Correspondingly, the home gateway sends the service access request to the corresponding node server (in practical application, the home gateway may correspond to the node servers one to one), and the node server searches out the corresponding block from the blockchain network according to the information in the service access request, where the data in the block can represent the service access authority of the second terminal, and the service access authority is determined based on the previous service configuration. And based on the found block, performing authority authentication on the service which is requested to be accessed currently, if the service is within the service access authority range recorded in the block, allowing the second terminal to access the service system through the home gateway, and otherwise, refusing to access.
The service authority control method provided in this embodiment can perform service authority authentication quickly and safely based on the established block chain network when a user initiates a service access request, thereby timely and accurately responding to the service access request and simultaneously ensuring that the service authority is not tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
In order to better understand the present solution, a flow of the present solution is exemplarily described with reference to an actual architecture, a fifth embodiment of the present application provides a service right control method, which is exemplarily described with reference to the following architecture: the architecture comprises a second terminal, a home gateway, a first terminal and a node server.
Specifically, the home gateway establishes and records a binding relationship between the first terminal and the home gateway, and the second terminal accesses the home gateway. The method comprises the steps that a first terminal sends a request for obtaining a home terminal connected with the first terminal to a home gateway, obtains a device identifier, returned by the home gateway, of a second terminal accessed to the home gateway, and conducts service configuration on the second terminal so as to set a service allowing the second terminal to access, and sends a service identifier (namely a configuration result) of the service configuration to the home gateway. The home gateway performs service control on the second terminal according to the configuration result, specifically, the home gateway extracts feature data including a binding relationship between the first terminal and the home gateway, a service attribute configured for the second terminal, and the like, and sends the feature data to the node server. Correspondingly, the node server calculates the characteristic data to obtain a hash value, generates a block related to the service configuration of the second terminal according to the hash value, and distributes the block to the block chain network.
In the service authority control method provided by this embodiment, the service authority allocated by the terminal accessing the home gateway is extracted through the features and then generated into the block and stored in the block chain network, so that when a user initiates a service access request, service authority authentication can be quickly and safely performed based on the established block chain network, thereby timely and accurately responding to the service access request and simultaneously ensuring that the service authority is not tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
Fig. 6 is a schematic structural diagram of a service right control device according to a sixth embodiment of the present application, and as shown in fig. 6, a service right control device according to this embodiment is provided for safely and reliably implementing service access control, specifically, the device includes:
the processing module 71 is configured to perform service configuration on the second terminal according to the service configuration request of the first terminal;
an extracting module 72, configured to extract feature data of the current service configuration, where the feature data includes a service attribute of service configuration performed by the first terminal on the second terminal;
and the block chain module 73 is configured to generate a block corresponding to the current service configuration according to the feature data and issue the block to the block chain network.
In practical applications, the service right control device may be a driver, program software, or a medium storing a related computer program, such as a usb disk; alternatively, the service authority control device may also be a physical device, such as a chip, a processor, etc., integrated with or installed with the relevant computer program.
Combining the actual scene for example: the home gateway and the node server may be integrally implemented as a service authority control device, and the processing module 71 and the extraction module 72 may be implemented by the home gateway. As an example, the home gateway may extract the feature data and send the feature data to the node server, and the node server generates the tile according to the feature data and issues the tile to the tile chain network. In an embodiment, when the first terminal performs service configuration on the second terminal through the home gateway, or after performing service configuration, the home gateway extracts feature data about the service configuration, where the feature data is used to represent a service right of the current service configuration, optionally, the feature data may include a service attribute of the current service configuration performed by the first terminal on the second terminal, and subsequently, based on the feature data, the right allowing the first terminal to control the second terminal to access the service system may be accurately determined. In practical application, the first terminal sends a service access request for accessing the second terminal to the service system to the home gateway, and the second terminal is accessed to the service system after authentication.
Optionally, the blockchain module 73 may be implemented by a node server, in this scheme, the feature data extracted by the home gateway may be sent to the node server, and the node server is located in the blockchain network, and is capable of receiving the feature data sent by the home gateway, encrypting the feature data to generate a block, and writing the block into the blockchain network; meanwhile, the method can also receive a service access request sent by the home gateway and search a corresponding block to verify whether the corresponding service system is allowed to be accessed. Optionally, the node server generates corresponding blocks for different home terminals respectively, and issues the generated blocks to the block chain network. The blockchain network is composed of a plurality of blockchain nodes (namely node servers), and the generated blocks can be stored in the network. Optionally, different home gateways may correspond to different node servers.
Further, there are various methods for recording feature data based on the blockchain technique, and optionally, the feature data may be specifically used for performing hash value calculation, so as to generate a block according to the calculated hash value and issue the block to a blockchain network.
The service authority control device generates blocks after extracting the characteristics of service authority distributed by a terminal accessed to a home gateway and stores the blocks in the block chain network, so that when a user initiates a service access request, service authority authentication can be quickly and safely carried out based on the established block chain network, the service access request can be timely and accurately responded, and meanwhile, the service authority can be prevented from being tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
Optionally, to further ensure security of service access, fig. 7 is a schematic structural diagram of a service right control apparatus provided in a seventh embodiment of the present application, and referring to fig. 7, this embodiment provides a service right control apparatus for authenticating a first terminal in advance, and specifically, on the basis of any implementation, the apparatus further includes:
a binding module 81, configured to establish a binding relationship between the home gateway and the first terminal according to the binding request of the first terminal;
the processing module 71 is specifically configured to perform service configuration on the second terminal according to the service configuration request of the first terminal bound to the home gateway.
Correspondingly, the feature data may further include a binding relationship between the home gateway and the first terminal. Specifically, the processing module 71 may authenticate the authority of the first terminal first.
The service authority control device provided by this embodiment can quickly identify the terminal that does not have the authority to initiate the request by preliminarily authenticating the identity of the first terminal, thereby further improving the efficiency and reliability of service authority control.
Optionally, there are multiple methods for performing service configuration, as an example, fig. 8 is a schematic structural diagram of a service right control device provided in an eighth embodiment of the present application, and referring to fig. 8, this embodiment provides a service right control device for implementing service configuration on a home terminal, and specifically, on the basis of any implementation manner, the processing module 71 includes:
an inquiring unit 711, configured to return, to the first terminal, an identifier of a second terminal accessing the home gateway according to the service configuration request of the first terminal;
a configuring unit 712, configured to perform service configuration on the second terminal according to the service configuration operation performed by the first terminal on the second terminal.
Through the service authority control device provided by the embodiment, the user can perform service configuration on the second terminal accessed to the home gateway through the first terminal according to needs so as to determine the access service authority of the second terminal.
Fig. 9 is a schematic structural diagram of a service right control apparatus provided in a ninth embodiment of the present application, and referring to fig. 9, the present embodiment provides a service right control apparatus for implementing service right authentication, specifically, on the basis of any implementation manner, the apparatus further includes:
a receiving module 91, configured to receive a service access request of a second terminal, where the service access request includes an identifier of the second terminal, and an identifier of a first terminal that controls access of the second terminal or an account identifier of the first terminal bound to a home gateway;
the blockchain module 73 is further configured to perform authority authentication according to the corresponding block found in the blockchain network, so as to obtain an authentication result;
and a control module 92, configured to control service access of the second terminal according to the authentication result.
Alternatively, the receiving module 91 and the control module 92 may be implemented by a home gateway, the blockchain module 73 may be implemented by a node server, and the home gateway and the node server may communicate with each other in a wired or wireless manner.
The service authority control device provided in this embodiment can perform service authority authentication quickly and safely based on the established block chain network when a user initiates a service access request, thereby timely and accurately responding to the service access request and simultaneously ensuring that the service authority is not tampered. In the scheme, the block chain network has traceability and non-falsification characteristics, so that authenticity of data can be guaranteed.
The above embodiments may be implemented individually or in combination without conflict. Alternatively, the modules may be separately or integrally arranged, for example, modules performing the same or similar functions may be implemented by the same module, and the division of the modules in the foregoing embodiments is only one example. The modules can be in communication connection in a wired or wireless mode.
Fig. 10 is a schematic structural diagram of a service right control apparatus according to a tenth embodiment of the present application, where the service right control apparatus includes: a memory and at least one processor.
A memory for storing a computer program. The memory may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory. The at least one processor executes the computer program stored by the memory to implement the method in the above-described embodiments.
The processor may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Optionally, in a specific implementation, if the communication interface, the memory, and the processor are implemented independently, the communication interface, the memory, and the processor may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Optionally, in a specific implementation, if the communication interface, the memory and the processor are integrated on a chip, the communication interface, the memory and the processor may complete the same communication through an internal interface.
An eleventh embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium may include: various media capable of storing computer programs, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer programs are stored in the computer readable storage medium and used in the method in the foregoing embodiments.
It is clear to those skilled in the art that for the convenience and brevity of description, the specific working process of the above described apparatus may refer to the corresponding process in the foregoing method embodiments.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. A service authority control method is characterized by comprising the following steps:
performing service configuration on a second terminal according to a service configuration request of a first terminal, wherein the second terminal refers to various home terminals connected to a network by accessing a home gateway;
the home gateway extracts feature data of the current service configuration, wherein the feature data comprise service attributes of service configuration of the first terminal on the second terminal, and the authority for allowing the first terminal to control the second terminal to access a service system is determined based on the feature data;
and the node server generates a block corresponding to the service configuration according to the characteristic data and issues the block to a block chain network.
2. The method according to claim 1, wherein the feature data further comprises a binding relationship between the home gateway and the first terminal; before the service configuration is performed on the second terminal according to the service configuration request of the first terminal, the method further includes:
establishing a binding relationship between the home gateway and the first terminal according to the binding request of the first terminal;
the service configuration of the second terminal according to the service configuration request of the first terminal includes:
and performing service configuration on the second terminal according to the service configuration request of the first terminal bound with the home gateway.
3. The method of claim 1, wherein the performing service configuration on the second terminal according to the service configuration request of the first terminal comprises:
returning the identifier of a second terminal accessed to the home gateway to the first terminal according to the service configuration request of the first terminal;
and performing service configuration on the second terminal according to the service configuration operation of the first terminal on the second terminal.
4. The method of claim 1, further comprising:
receiving a service access request of a second terminal, wherein the service access request comprises an identifier of the second terminal and an identifier of a first terminal for controlling the access of the second terminal or an account identifier of the first terminal bound to a home gateway;
performing authority authentication according to the corresponding block found from the block chain network to obtain an authentication result;
and controlling the service access of the second terminal according to the authentication result.
5. The method according to any of claims 1-4, wherein the characteristic data is specifically used for hash value calculation, for generating a chunk from the calculated hash value and for distribution to a blockchain network.
6. A service right control apparatus, comprising:
the processing module is used for carrying out service configuration on a second terminal according to a service configuration request of the first terminal, wherein the second terminal refers to various home terminals connected to a network by accessing a home gateway;
the extraction module is used for extracting feature data of the current service configuration, wherein the feature data comprise service attributes of the service configuration of the first terminal to the second terminal, and the permission of allowing the first terminal to control the second terminal to access the service system is determined based on the feature data;
and the block chain module is used for generating a block corresponding to the service configuration according to the characteristic data and issuing the block to a block chain network.
7. The apparatus of claim 6, wherein the feature data further comprises a binding relationship between the home gateway and the first terminal; the device further comprises:
the binding module is used for establishing the binding relationship between the home gateway and the first terminal according to the binding request of the first terminal;
the processing module is specifically configured to perform service configuration on the second terminal according to the service configuration request of the first terminal bound to the home gateway.
8. The apparatus of claim 6, wherein the processing module comprises:
the query unit is used for returning the identifier of the second terminal accessed to the home gateway to the first terminal according to the service configuration request of the first terminal;
and the configuration unit is used for performing service configuration on the second terminal according to the service configuration operation of the first terminal on the second terminal.
9. The apparatus of claim 6, further comprising:
the home gateway comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a service access request of a second terminal, and the service access request comprises an identifier of the second terminal and an identifier of a first terminal for controlling the access of the second terminal or an account identifier of the first terminal bound to the home gateway;
the block chain module is also used for carrying out authority authentication according to the corresponding block searched from the block chain network to obtain an authentication result;
and the control module is used for controlling the service access of the second terminal according to the authentication result.
10. The apparatus according to any of claims 6-9, wherein the characteristic data is specifically configured to perform a hash value calculation, to generate a chunk from the calculated hash value and to distribute the chunk to a blockchain network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810520536.4A CN108769186B (en) | 2018-05-28 | 2018-05-28 | Service authority control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810520536.4A CN108769186B (en) | 2018-05-28 | 2018-05-28 | Service authority control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108769186A CN108769186A (en) | 2018-11-06 |
| CN108769186B true CN108769186B (en) | 2021-11-23 |
Family
ID=64006026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810520536.4A Active CN108769186B (en) | 2018-05-28 | 2018-05-28 | Service authority control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108769186B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10989977B2 (en) | 2011-03-16 | 2021-04-27 | View, Inc. | Onboard controller for multistate windows |
| CN109492377A (en) * | 2018-11-09 | 2019-03-19 | 四川虹微技术有限公司 | Device authentication method, apparatus and electronic equipment |
| CN110008690B (en) * | 2019-04-04 | 2023-12-12 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and medium for terminal application |
| EP3981128A1 (en) * | 2019-06-07 | 2022-04-13 | View, Inc. | Secure building services network |
| CN111327457B (en) * | 2020-01-21 | 2022-07-05 | 山东公链信息科技有限公司 | Block link interface configuration method based on communication security authentication |
| TW202206925A (en) | 2020-03-26 | 2022-02-16 | 美商視野公司 | Access and messaging in a multi client network |
| US11631493B2 (en) | 2020-05-27 | 2023-04-18 | View Operating Corporation | Systems and methods for managing building wellness |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106796685A (en) * | 2016-12-30 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Block chain authority control method and device and node equipment |
| CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
| CN107079036A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, apparatus and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6533771B2 (en) * | 2016-11-15 | 2019-06-19 | 富士通株式会社 | Communication method, apparatus and program |
-
2018
- 2018-05-28 CN CN201810520536.4A patent/CN108769186B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107079036A (en) * | 2016-12-23 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, apparatus and system |
| CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
| CN106796685A (en) * | 2016-12-30 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Block chain authority control method and device and node equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108769186A (en) | 2018-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108769186B (en) | Service authority control method and device | |
| US11115418B2 (en) | Registration and authorization method device and system | |
| CN106714075B (en) | Method and device for processing authorization | |
| CN110958111B (en) | Block chain-based identity authentication mechanism of electric power mobile terminal | |
| JP6574168B2 (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
| CN108777699B (en) | Application cross-domain access method based on Internet of things multi-domain collaborative architecture | |
| US20190306148A1 (en) | Method for oauth service through blockchain network, and terminal and server using the same | |
| CN102710640A (en) | Authorization requesting method, device and system | |
| CN109033857B (en) | Method, device and equipment for accessing data and readable storage medium | |
| CN106844111B (en) | Access method of cloud storage network file system | |
| CN110599342B (en) | Block chain-based identity information authorization method and device | |
| CN105516110A (en) | Mobile equipment secure data transmission method | |
| CN103841560A (en) | Method and equipment to enhance SIM card reliability | |
| CN106686051B (en) | Cloud computing network topology system and method based on BIM design | |
| CN114531945A (en) | Template-based loading of web-enabled devices | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN112948842A (en) | Authentication method and related equipment | |
| CN113726522A (en) | Internet of things equipment processing method and device based on block chain | |
| CN107846676A (en) | Safety communicating method and system based on network section security architecture | |
| CN111651408A (en) | Method, device, terminal and storage medium for acquiring data | |
| CN115175170A (en) | USIM data autonomous uplink realization method, terminal, USIM and system | |
| CN110910110A (en) | Data processing method and device and computer storage medium | |
| US20140007197A1 (en) | Delegation within a computing environment | |
| CN115694847A (en) | Equipment management method, system and device | |
| CN103489023A (en) | Barcode-based data exchange method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |