CN109218318A - A kind of things-internet gateway login detecting method based on equipment knowledge - Google Patents
A kind of things-internet gateway login detecting method based on equipment knowledge Download PDFInfo
- Publication number
- CN109218318A CN109218318A CN201811112233.5A CN201811112233A CN109218318A CN 109218318 A CN109218318 A CN 109218318A CN 201811112233 A CN201811112233 A CN 201811112233A CN 109218318 A CN109218318 A CN 109218318A
- Authority
- CN
- China
- Prior art keywords
- equipment
- gateway
- user
- internet
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a kind of things-internet gateway login detecting methods based on equipment knowledge, it include: in internet of things equipment access gateway for the first time, based on the machine learning methods such as statistics and Frequent Pattern Mining, construction is directed to equipment knowledge base, and the equipment knowledge base is saved in gateway;When internet of things equipment access gateway again, using user's question formulation, the equipment knowledge base saved based on gateway puts question to user, after user answers questions or meets certain trust value, permits internet of things equipment connection gateway communication.Method of the invention does not need cloud server and participates in equipment access authentication and user identity authentication in access gateway, can prevent traditional attack method such as man-in-the-middle attack, weak passwurd explosion.
Description
Technical field
The present invention relates to network security certification fields more particularly to a kind of things-internet gateway based on equipment knowledge to log in inspection
Survey method.
Background technique
The appearance of technology of Internet of things also inevitably brings one while keeping our life more convenient, quick
A little safety problems.Many applications in Internet of Things are all closely bound up with our life, and such as camera, intelligent thermostat etc. is set
It is standby, by the acquisition of the information to them, it can directly or indirectly expose the privacy information of user.Since manufacturer lacks safety
Consciousness, many equipment lack encryption, certification, access control management safety measure so that the data in Internet of Things be easy to by
It steals or unauthorized access, causes leaking data.This novel information network of Internet of Things is often attacked by organized APT
It hits.It can be seen that Internet of Things safety problem needs to cause our great attention.
Certification is the common security protection means of current Internet of Things secret protection, but the part access in environment of internet of things
Password default, weak password are used without certification or certification, while as user, awareness of safety is not strong, does not ensure that periodic modification
Password.In terms of access control management, the security configuration of equipment does not update for a long time, does not verify or unauthorized access, can all make
At the leakage of user's private data.
The general connection procedure of internet of things equipment, e.g., domestic consumer logs in internet of things equipment, is realizing access stage, mesh
Preceding to include using common method, APP verifying or Wifi access authentication need user when internet of things equipment normally logs in online
Internet of things equipment networking Sign-On authentication is participated in, after being verified, user's private data of the accessible cloud server of equipment.
For above-mentioned internet of things equipment connection procedure, corresponding standard device authentication process itself should be as follows:
1) in equipment behind internet, an activation is needed;
2) equipment applies activating to remote application layer platform (cloud platform, user platform), including manufacturer, production batch, life
Produce the information such as password, chip unique encodings;
3) application layer platform judges equipment authenticity and legitimacy, and by activation, generates the overall situation only according to all multi informations
One device coding needs to be traced back to according to chip unique encodings and last distributes to setting for the equipment if it is reconditioning
Standby coding;
4) application layer platform informs that hardware device activates successfully, and issues device coding and device password, and equipment is permanent
Save device coding and device password;
5) equipment repeatedly activates, and password must change, and encodes constant;
6) after device activation, cloud platform is connected each time, it is necessary to be submitted device coding, and be encrypted using device password
One section of random number, not submit device password, steal to prevent intercepted.
But in family smart machine increase, the access control of equipment itself is not sufficient to resist increasingly complicated
Network attack, if equipment itself, there are loophole, attacker will likely bypass the certification link of equipment.Therefore, in traditional object
Realize that the protection of user's private data always seems power not only with the mode based on password during networked devices Sign-On authentication
In the case where the heart, need to verify equipment sensitive information by wider information.
Summary of the invention
In order to solve shortcoming present in above-mentioned technology, the present invention provides a kind of Internet of Things based on equipment knowledge
Gateway login detecting method.
In order to solve the above technical problems, the technical solution adopted by the present invention is that: a kind of Internet of Things based on equipment knowledge
Gateway login detecting method, comprising:
In internet of things equipment access gateway for the first time, based on the machine learning methods such as statistics and Frequent Pattern Mining, construction
Gateway is saved in for equipment knowledge base, and by the equipment knowledge base;
When internet of things equipment access gateway again, using user's question formulation, the equipment knowledge base saved based on gateway
User is putd question to, after user answers questions or meets certain trust value, permits internet of things equipment connection gateway communication.
Further, the equipment knowledge base includes mechanical floor knowledge and client layer knowledge;The mechanical floor knowledge is to set
The data information submitted when standby logging in gateway, the client layer knowledge are the access log-on message that user provides;
The mechanical floor knowledge includes the one or more of following information: logging in IP address, geographical location, MAC Address, sets
Standby identification code, device type code, equipment handle landing time;The user login information includes one kind or several of following information
Kind: user name, password, user access record, user mobile phone identifying code, auxiliary verification tool, user's first setup time.
Further, the equipment again access gateway when, to user carry out put question to include:
When user's private data to be obtained, gateway carries out verifying enquirement to access device: gateway issues equipment to user
Knowledge puts question to request, when user obtains privacy by permitting user after verifying;Cloud platform is to the IP address of equipment, MAC Address, CA
Certificate, private key and equipment self information are verified, and are permitted it and are accessed cloud platform network;
It is verified with equipment access gateway is carried out to user: login time, login of the platform in the case where user assists, to equipment
The information such as mode, IP address, certificate, EIC equipment identification code do access, allow the equipment access gateway.
Further, the equipment is for the first time after access gateway, and when gateway and Cloud Server are networked, the equipment that gateway saves is known
Know library and is synchronized to Cloud Server.
Further, the equipment again access gateway when implementation method include:
Step 1, internet of things equipment initiate access authentication to gateway;
Step 2, gateway, which are confirmed using user's question formulation to user, to be connected;
Step 3, user, which pass through, answers questions or meets the connection that certain trust value confirms internet of things equipment;
Step 4, internet of things equipment are authenticated in Internet of Things cloud;
Step 5, Internet of Things cloud confirmation equipment connection;
Step 6, gateway complete the certification to internet of things equipment.
The present invention provides a kind of verification method based on equipment knowledge, the unification of local area network where internet of things equipment goes out
Completely new technical solution is proposed on mouth gateway, not only realizing prevents unauthorized user from logging in IoT equipment, it is often more important that anti-
The cloud server private data of model unauthorized users to access equipment.Under the premise of technical solution proposed by the present invention, for example, when with
Family needs to access the geography information record of bracelet, and previous user, which directly contacts physical equipment, can obtain relevant information, now
We access before remote application platform obtains relevant information in user has added one layer of verifying, which, which realizes, accesses letter based on user
The knowledge compositions such as breath, equipment self information confirm user's authenticity, to realize to a by carrying out question formulation to user
The protection of people's private data.Method of the invention in access gateway, do not need cloud server participate in equipment access authentication with
User identity authentication can prevent traditional attack method such as man-in-the-middle attack, weak passwurd explosion.
Detailed description of the invention
Fig. 1 is the flow diagram of method of the invention.
Fig. 2 be the present invention in internet of things equipment for the first time access gateway when equipment work flow diagram.
Fig. 3 is the schematic diagram of equipment knowledge base in the present invention.
Fig. 4 is the flow chart that internet of things equipment accesses network.
Fig. 5 is the flow diagram of equipment login process.
Specific embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
1. equipment knowledge and enquirement mechanism
As shown in Figure 1, using the login validation method based on equipment knowledge model, comprising:
As shown in Fig. 2, in internet of things equipment access gateway for the first time, based on the machine learning such as statistics and Frequent Pattern Mining
Method, construction is directed to equipment knowledge base, and the equipment knowledge base is saved in gateway;After equipment and Cloud Server networking, gateway
The equipment knowledge base of preservation knowledge synchronous with Cloud Server knowledge base.
When internet of things equipment access gateway again, using user's question formulation, the equipment knowledge base saved based on gateway
User is putd question to, after user answers questions or meets certain trust value, permits internet of things equipment connection gateway communication.
Equipment knowledge base as shown in Figure 3, is divided into mechanical floor and client layer, and mechanical floor mentions when being mainly equipment logging in gateway
The data information of friendship;Client layer is mainly the access log-on message that user provides, including normal Website login, normal login mode, is stepped on
Record the contents such as password.
2. scheme realizes scene
In the present invention, the acquisition of equipment knowledge will be acquired in equipment access gateway for the first time, equipment in technical solution
Knowledge puts question to mechanism mainly for the situation of equipment access gateway again, and concrete scene is as shown in table 1.
Table 1
3. scheme implementation process
In the present invention, the process that internet of things equipment accesses network is as shown in Figure 4, comprising:
Step 1, internet of things equipment initiate access authentication to gateway;
Step 2, gateway, which are confirmed using user's question formulation to user, to be connected;
Step 3, user, which pass through, answers questions or meets the connection that certain trust value confirms internet of things equipment;
Step 4, internet of things equipment are authenticated in Internet of Things cloud;
Step 5, Internet of Things cloud confirmation equipment connection;
Step 6, gateway complete the certification to internet of things equipment.
In entire scheme, as shown in figure 5, internet of things equipment logs in after initiating, gateway is set the schematic diagram of equipment login process
It is standby to put question to mechanism using equipment based on equipment knowledge base, equipment login authentication is completed, and confirm in internet of things equipment and log in.
Above embodiment is not limitation of the present invention, and the present invention is also not limited to the example above, this technology neck
The variations, modifications, additions or substitutions that the technical staff in domain is made within the scope of technical solution of the present invention, also belong to this hair
Bright protection scope.
Claims (5)
1. a kind of things-internet gateway login detecting method based on equipment knowledge, it is characterised in that: include:
In internet of things equipment access gateway for the first time, it is directed to based on machine learning methods, the construction such as statistics and Frequent Pattern Mining
Equipment knowledge base, and the equipment knowledge base is saved in gateway;When internet of things equipment access gateway again, putd question to using user
Mode, the equipment knowledge base saved based on gateway puts question to user, after user answers questions or meets certain trust value, permits
The internet of things equipment connects gateway communication.
2. the things-internet gateway login detecting method according to claim 1 based on equipment knowledge, it is characterised in that: described
Equipment knowledge base includes mechanical floor knowledge and client layer knowledge;The data that the mechanical floor knowledge is submitted when being equipment logging in gateway
Information, the client layer knowledge are the access log-on message that user provides;
The mechanical floor knowledge includes the one or more of following information: logging in IP address, geographical location, MAC Address, equipment knowledge
Other code, device type code, equipment handle landing time;
The user login information includes the one or more of following information: user name, password, user access record, user hand
Machine identifying code, auxiliary verification tool, user's first setup time.
3. the things-internet gateway login detecting method according to claim 2 based on equipment knowledge, it is characterised in that: described
Equipment again access gateway when, to user carry out put question to include:
When user's private data to be obtained, gateway carries out verifying enquirement to access device: gateway issues equipment knowledge to user
Request is putd question to, when user obtains privacy by permitting user after verifying;Cloud platform demonstrate,proves the IP address of equipment, MAC Address, CA
Book, private key and equipment self information are verified, and are permitted it and are accessed cloud platform network;
Verify with equipment access gateway is carried out to user: platform is in the case where user assists, to the login time of equipment, login side
The information such as formula, IP address, certificate, EIC equipment identification code do access, allow the equipment access gateway.
4. the things-internet gateway login detecting method according to claim 3 based on equipment knowledge, it is characterised in that: described
Equipment is for the first time after access gateway, and when gateway and Cloud Server are networked, the equipment knowledge base that gateway saves is synchronized to Cloud Server.
5. the things-internet gateway login detecting method according to claim 4 based on equipment knowledge, it is characterised in that: described
Equipment again access gateway when implementation method include:
Step 1, internet of things equipment initiate access authentication to gateway;
Step 2, gateway, which are confirmed using user's question formulation to user, to be connected;
Step 3, user, which pass through, answers questions or meets the connection that certain trust value confirms internet of things equipment;
Step 4, internet of things equipment are authenticated in Internet of Things cloud;
Step 5, Internet of Things cloud confirmation equipment connection;
Step 6, gateway complete the certification to internet of things equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811112233.5A CN109218318A (en) | 2018-09-25 | 2018-09-25 | A kind of things-internet gateway login detecting method based on equipment knowledge |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811112233.5A CN109218318A (en) | 2018-09-25 | 2018-09-25 | A kind of things-internet gateway login detecting method based on equipment knowledge |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109218318A true CN109218318A (en) | 2019-01-15 |
Family
ID=64984546
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811112233.5A Pending CN109218318A (en) | 2018-09-25 | 2018-09-25 | A kind of things-internet gateway login detecting method based on equipment knowledge |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109218318A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110233836A (en) * | 2019-05-31 | 2019-09-13 | 顾宏超 | A kind of communication verification method, equipment, system and computer readable storage medium |
| CN110233858A (en) * | 2019-07-01 | 2019-09-13 | 四川长虹电器股份有限公司 | The methods of risk assessment and system of smart machine based on cloud prestige library |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102136938A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method and device for providing user information for carried grade network address translation (CGN) equipment |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
| CN104933654A (en) * | 2015-05-29 | 2015-09-23 | 安徽师范大学 | Community medical internet of things privacy protection method |
| CN105162798A (en) * | 2015-09-24 | 2015-12-16 | 西安未来国际信息股份有限公司 | Security authentication method for proprietary network access of intelligent terminal |
| CN105357224A (en) * | 2015-12-08 | 2016-02-24 | 深圳众乐智府科技有限公司 | Intelligent household gateway register, remove method and system |
| CN105915422A (en) * | 2016-06-28 | 2016-08-31 | 合肥润东通信科技股份有限公司 | IoT (Internet of Things) gateway system |
| CN108471413A (en) * | 2018-03-22 | 2018-08-31 | 杭州万为科技有限责任公司 | Edge network safety permission system of defense and its method |
-
2018
- 2018-09-25 CN CN201811112233.5A patent/CN109218318A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102136938A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method and device for providing user information for carried grade network address translation (CGN) equipment |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
| CN104933654A (en) * | 2015-05-29 | 2015-09-23 | 安徽师范大学 | Community medical internet of things privacy protection method |
| CN105162798A (en) * | 2015-09-24 | 2015-12-16 | 西安未来国际信息股份有限公司 | Security authentication method for proprietary network access of intelligent terminal |
| CN105357224A (en) * | 2015-12-08 | 2016-02-24 | 深圳众乐智府科技有限公司 | Intelligent household gateway register, remove method and system |
| CN105915422A (en) * | 2016-06-28 | 2016-08-31 | 合肥润东通信科技股份有限公司 | IoT (Internet of Things) gateway system |
| CN108471413A (en) * | 2018-03-22 | 2018-08-31 | 杭州万为科技有限责任公司 | Edge network safety permission system of defense and its method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110233836A (en) * | 2019-05-31 | 2019-09-13 | 顾宏超 | A kind of communication verification method, equipment, system and computer readable storage medium |
| CN110233858A (en) * | 2019-07-01 | 2019-09-13 | 四川长虹电器股份有限公司 | The methods of risk assessment and system of smart machine based on cloud prestige library |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9992176B2 (en) | Systems and methods for encrypted communication in a secure network | |
| Erdem et al. | OTPaaS—One time password as a service | |
| CN106302502B (en) | A kind of secure access authentication method, user terminal and server-side | |
| CN105554098B (en) | A kind of equipment configuration method, server and system | |
| CN108880822B (en) | Identity authentication method, device and system and intelligent wireless equipment | |
| CN102664903A (en) | Network user identifying method and system | |
| CN105074713A (en) | Systems and methods for identifying a secure application when connecting to a network | |
| Esfahani et al. | An efficient web authentication mechanism preventing man-in-the-middle attacks in industry 4.0 supply chain | |
| CN104063650B (en) | A kind of key storage device and using method thereof | |
| CN106230594B (en) | A method of user authentication is carried out based on dynamic password | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN110247758A (en) | The method, apparatus and code management device of Password Management | |
| CN110336870A (en) | Method for building up, device, system and the storage medium in telecommuting O&M channel | |
| CN101547096A (en) | Net-meeting system and management method thereof based on digital certificate | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN108111518B (en) | Single sign-on method and system based on secure password proxy server | |
| CN113111386A (en) | Privacy protection method for block chain transaction data | |
| CN109218318A (en) | A kind of things-internet gateway login detecting method based on equipment knowledge | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
| CN109639695A (en) | Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| CN106921632B (en) | Wireless hotspot access control method and device | |
| CN109842600A (en) | A kind of method that realizing mobile office, terminal device and MDM equipment | |
| CN103905376B (en) | A kind of method and system that two-way authentication is carried out based on OAUTH agreements |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190115 |