CN110300117B - IOT device and user binding authentication method, device and medium - Google Patents

IOT device and user binding authentication method, device and medium Download PDF

Info

Publication number
CN110300117B
CN110300117B CN201910607716.0A CN201910607716A CN110300117B CN 110300117 B CN110300117 B CN 110300117B CN 201910607716 A CN201910607716 A CN 201910607716A CN 110300117 B CN110300117 B CN 110300117B
Authority
CN
China
Prior art keywords
user
iot
equipment
authentication
binding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910607716.0A
Other languages
Chinese (zh)
Other versions
CN110300117A (en
Inventor
李志为
姚博
刘宗孺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Bolian Intelligent Technology Co ltd
Original Assignee
Hangzhou Bolian Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Bolian Intelligent Technology Co ltd filed Critical Hangzhou Bolian Intelligent Technology Co ltd
Priority to CN201910607716.0A priority Critical patent/CN110300117B/en
Priority to PCT/CN2019/103133 priority patent/WO2021003816A1/en
Publication of CN110300117A publication Critical patent/CN110300117A/en
Application granted granted Critical
Publication of CN110300117B publication Critical patent/CN110300117B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

The invention discloses an authentication method for binding IOT equipment and a user, which relates to the technical field of IOT equipment binding and comprises the following steps: directly receiving user information and IOT equipment information sent by a target user, or receiving user information sent by the target user through the IOT equipment, and acquiring a user account of the target user; if the user account is not bound with the IOT equipment, temporarily binding the user account and the IOT equipment; pushing a message to the user information, and after receiving a confirmation request sent by a target user according to the message, sending an IOT equipment list to the user account; and binding the user account and the IOT equipment according to the information of the IOT equipment list selected by the target user. The invention also discloses an electronic device and a computer storage medium. The invention can ensure the binding safety of the IOT equipment and the user.

Description

IOT device and user binding authentication method, device and medium
Technical Field
The present invention relates to the field of IOT device binding technologies, and in particular, to an authentication method, device, and medium for binding an IOT device and a user.
Background
With the continuous development of networks, the smart home is more and more widely applied. In some application scenarios, a user sends a control instruction to the IOT device through the terminal device via the cloud, so as to control the IOT device. Before control, the IOT equipment and the user need to be bound, the prior binding mode is mainly that the user inquires the IOT equipment connected with the same WiFi wireless local area network through the terminal equipment, then binding is clicked, and the cloud end receives a binding request and then sends authentication to the terminal equipment of the user to complete operation. In this way, the safety cannot be guaranteed.
Disclosure of Invention
In order to overcome the defects of the prior art, an object of the present invention is to provide an authentication method for binding an IOT device and a user, which can ensure the security of binding the IOT device and the user.
One of the purposes of the invention is realized by adopting the following technical scheme:
an authentication method for binding an IOT device and a user comprises the following steps:
directly receiving user information and IOT equipment information sent by a target user, or receiving user information sent by the target user through the IOT equipment, and acquiring a user account corresponding to the target user;
if the user account is not bound with the IOT equipment, temporarily binding the user account and the IOT equipment;
pushing a message to the user information, and after receiving a confirmation request sent by a target user according to the message, sending an IOT equipment list to the user account;
and binding the user account and the IOT equipment according to the information of the IOT equipment list selected by the user logging in the user account.
Further, the user information is input by the terminal equipment used by the target user; the sending of the IOT device list to the user account is sending the IOT device list to an authentication page, and the authentication interface is automatically generated after receiving the confirmation request.
Further, the unique identification code of the terminal equipment is also acquired while the user account corresponding to the target user is acquired; the binding of the user account and the IOT equipment also comprises the binding of the unique identification code and the IOT equipment.
Further, the authentication page implementation is any one of:
presenting the authentication page through a corresponding app installed in the terminal equipment;
acquiring the authentication page through a browser or an H5 page of the terminal equipment;
and acquiring the authentication page through an applet of the terminal equipment.
Further, before the authentication of the IOT device bound to the user, acquiring the authentication page through a browser or an H5 page of the terminal device, the method further includes: carrying out network distribution on the IOT equipment through a configuration interface; the network distribution method comprises the following steps:
the method comprises the steps that terminal equipment obtains a WLAN hotspot of IOT equipment to carry out wireless local area network connection, and obtains an IP address, a Gateway address and a DNS server address returned by the IOT equipment according to the wireless local area network connection;
the terminal equipment acquires an analytic IP through the Gateway address;
the terminal equipment sends an http request to the analysis IP to acquire the configuration interface;
and inputting the ssid and the password of the WiFi of the wide area network in the distribution network interface, and sending the ssid and the password to the IOT equipment so that the IOT equipment completes distribution network according to the ssid and the password.
Further, before the authentication of the IOT device bound to the user, acquiring the authentication page through an applet of the terminal device, the method further includes: carrying out network distribution on the IOT equipment through a configuration interface; the network distribution method comprises the following steps:
the method comprises the steps that terminal equipment obtains an applet H5 page, wherein the H5 page is a configuration interface, prompt information for connecting a hotspot is obtained through the applet H5 page, and the terminal equipment is connected with a WLAN hotspot of the IOT equipment according to the prompt information;
and inputting the ssid and the password of the WiFi of the wide area network in the distribution network interface, and sending the ssid and the password to the IOT equipment so that the IOT equipment completes distribution network according to the ssid and the password.
Further, sending authentication reminding information to the user information within a preset time range before, after or at the same time of sending the IOT equipment list to the user account.
Further, before sending the IOT device list to the user account, the method further includes:
calculating the time difference between the message pushing to the user information and the confirmation information receiving;
if the time difference is larger than a preset time threshold, deleting the temporary binding or/and sending binding failure information to the user information;
and if the time difference is smaller than or equal to a preset time threshold, sending an IOT equipment list to the user account.
It is a second object of the present invention to provide an electronic device for performing one of the above objects, which includes a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, and the computer program, when executed by the processor, implements the method for authenticating a binding between an IOT device and a user.
It is a further object of the present invention to provide a computer readable storage medium storing one of the objects of the invention, having a computer program stored thereon, which when executed by a processor, implements the above-described method for authenticating a binding of an IOT device to a user.
Compared with the prior art, the invention has the beneficial effects that:
the invention realizes the authentication of the binding of the IOT equipment and the user by pushing the information to the user information and further presenting the IOT equipment list, ensures the legality of the binding and abandons the illegal control of the IOT equipment.
Drawings
Fig. 1 is a flowchart of an authentication method for binding an IOT device and a user according to a first embodiment of the present invention;
fig. 2 is a block diagram of the electronic apparatus according to the fifth embodiment.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
Example one
The embodiment provides an authentication method for binding an IOT device and a user, aiming to ensure the security and the validity of the binding, please refer to fig. 1, which includes the following steps:
110. the method includes the steps of directly receiving user information and IOT equipment information sent by a target user, or receiving user information sent by the target user through the IOT equipment, and obtaining a user account corresponding to the target user.
The authentication device (i.e., the electronic device in the fifth embodiment) that binds the IOT device and the user may be a cloud, or may be an entity server in other forms, where the cloud is taken as an example. The target user is a user initiating an authentication request for binding the IOT device and the user, and is not necessarily the same user as the user subsequently performing the operation of binding the IOT device and the user controlling the IOT device after binding.
The binding of the IOT equipment and the user is realized, and a target user is required to send a binding authentication request. The method for sending the authentication request by the target user includes two ways, one is that the authentication request is directly sent to the cloud without passing through the IOT device, in this way, the authentication request needs to carry user information of the target user and IOT device information to be bound, and the IOT device information to be bound may be a unique identification code of the IOT device, such as an SN code, an MAC address, and the like. The other mode is sending through the IOT device, under the condition, the binding with the IOT device for forwarding the authentication request information is to be realized, at the moment, the authentication request only needs to carry user information, and the cloud end can obtain the IOT device information by self.
Meanwhile, the target user can send the authentication request only by logging in the user account, or the user information of the target user is associated with the user account in advance, the cloud terminal also needs to acquire the user account, and the cloud terminal can acquire the user account in a self-collection mode and can also be carried in the authentication request. In order to ensure the security of the binding, as an optimal implementation manner, the user information and the user account may be bound first, that is, if the user information acquired by the cloud is not in the user information bound to the user account, the authentication is ended, and the authentication fails. The binding of the user information and the user account can be realized by adopting a mode of manual input by a target user.
For the case that the target user sends the user information through the IOT device, the user information may be input in the terminal device used by the target user, and then the IOT device connected to the terminal device sends the user information to the cloud, and the user information may be input in the configuration interface when the IOT device is configured. The terminal device includes but is not limited to a notebook computer, a tablet computer, a mobile phone or other intelligent devices with WiFi connection function.
The user information may be a mobile phone number, a mailbox, or a combination thereof, and of course, may also be other user information that can receive the cloud push message, which is not limited herein.
120. And if the user account is not bound with the IOT equipment, temporarily binding the user account and the IOT equipment.
After receiving the authentication request, the cloud end firstly detects whether the user account and the IOT device are bound, and if so, the authentication is completed. If the user account is not bound with the IOT device, the cloud end temporarily binds the user account and the IOT device, namely temporarily associates the user account and the IOT device, the temporary binding can set a time period, and if the time period exceeds the set time period, subsequent authentication of binding is not performed, the temporary binding is deleted.
130. And pushing a message to the user information, and sending an IOT equipment list to the user account after receiving a confirmation request sent by a target user according to the message.
After the temporary binding is completed, the cloud end can push a message to the user information, certainly, the message can also be pushed to an authentication page, and when the message is pushed to the authentication page, the message can be presented in a floating window or popup window manner, or in a short message manner, which is not limited here. If the user information is a mobile phone number, the message pushing from the cloud to the user information can be realized in a short message or multimedia message mode, and certainly, the message pushing from the cloud to the user information can also be in other forms, and if the message pushing from the cloud to the authentication page is carried out, authentication reminding information is sent to the user information while the message is pushed to the authentication page or within a preset time range before the message is pushed or within a preset time range after the message is pushed, so that a target user can read the push message from the cloud through the authentication page.
The target user confirms according to the pushed message, the pushed message can be selection information, such as yes and no, confirmation or cancellation, and the target user clicks the corresponding selection information to realize message confirmation. The pushed message can also be a verification code, and if the pushed message is the verification code, the target user needs to input the verification code in a corresponding input window to complete confirmation. The cloud end can verify the confirmation information sent by the target user, and the verification process comprises one or more of the following steps:
1. information verification, namely if the confirmation information is not matched with the expected result of the cloud, the authentication fails, the temporary binding is deleted, and binding failure information is sent to the user information or/and the authentication page; for example, the verification code input by the target user is inconsistent with the verification code sent by the cloud to the user, and the user selects a negative confirmation result.
2. And (5) verifying the timeliness. The target user sends the confirmation information to give a certain time requirement. The cloud end calculates the time difference between the pushing of the message to the user information and the receiving of the confirmation information; and if the time difference is greater than a preset time threshold, the binding fails, the temporary binding is deleted, and binding failure information is sent to the user information or/and the authentication page.
If the verification is passed, sending an IOT equipment list to the user account, and similarly, sending authentication reminding information to the user information while sending the IOT equipment list to the user account, or within a preset time range before sending the IOT equipment list or within a preset time range after sending the IOT equipment list, so that the target user reads the IOT equipment list sent by the cloud through the user account. If the user information is a mobile phone number, the cloud terminal can send the IOT equipment list in a short message or multimedia message mode when sending the IOT equipment list to the user account, and the IOT equipment list can also be in other modes. Sending the IOT device list to the user account, which may be understood as sending the IOT device list to the authentication page, and when sending the IOT device list to the authentication page, the IOT device list may also be in a floating window or pop window form, or in a short message form. Of course, as another embodiment, the IOT device list may also be sent to the user information, for example, the content of the IOT device list is set to be in a link form, and the target user may directly select the link form to implement the binding.
The authentication page can be implemented as follows: firstly, presenting the authentication page through a corresponding app installed in terminal equipment; acquiring the authentication page through a browser or an H5 page of the terminal equipment, wherein the browser or the H5 page of the acquired authentication page is automatically popped up when the browser or the H5 page of the terminal equipment is connected to an AP hotspot of the IOT equipment through the terminal equipment; and thirdly, acquiring the authentication page through an applet of the terminal equipment. The configuration interface mentioned in the second to fourth embodiments is used to implement a network distribution process for the IOT device, that is, the IOT device performs a process of networking through WiFi, and the configuration interface may be an authentication page herein or may be obtained separately, and whether the two are the same page or interface, any one or more of the three parties may be used to obtain the authentication page or configuration interface, for example, the authentication page and configuration interface are set in the installed corresponding app, and the authentication page and configuration interface (both may be a browser page or an H5 page) automatically pop up when connecting to the AP hotspot of the IOT device; obtaining an authentication page and a configuration interface through the small program; of course, the two can be performed in different ways, for example, the authentication page is implemented by an app, the configuration interface is implemented by a applet, and so on.
The IOT device list is a list of all IOT devices that establish temporary binding with the user account, and the content displayed in the list may be SN codes of the IOT devices or codes of the IOT devices, etc., which are unique identification codes of the IOT devices in any form.
Generally, the IOT device list corresponds to only one IOT device, but in some special scenarios, for example, when the previous authentication fails and the temporary binding relationship still exists, the user account performs binding authentication on other IOT devices; for example, when multiple persons log in and perform binding authentication of different IOT devices in the same account in a certain time period.
When the IOT device list corresponds to multiple IOT devices, the target user may perform batch (multiple) authentication on the multiple IOT devices bound to the user, or perform authentication one by one, or of course, perform authentication only on the IOT devices bound this time.
140. And binding the user account and the IOT equipment according to the information of the IOT equipment list selected by the user logging in the user account.
The user who logs in the user account is not necessarily a target user, that is, as long as the user can log in the user account, the information of the corresponding IOT device list (the information is the presentation content of the IOT device list) can be selected according to the requirement and sent to the cloud, and the cloud receives the selected information to realize the binding between the user account and the IOT device (the IOT device corresponding to the selected information).
Generally, as long as a user capable of logging in a user account can control the IOT device bound to the user account, the control mode is to send a control instruction to the cloud, the cloud determines whether the IOT device corresponding to the control instruction is bound to the user account, and if so, the control instruction is sent to the IOT device to be controlled.
However, in some scenarios, such as public places like hotels, the user who logs in the user account may only be temporarily controlled, and the IOT device that needs to be controlled is also limited, which may be implemented as follows:
firstly, a user account is bound with user information, after temporary control is finished, a manager deletes the binding relationship between the user account and the user information, and meanwhile, when the cloud judges whether a control command needs to be sent to the IOT device, the binding judgment between the user information and the user account is carried out, and if the user information is not bound with the user account, the control command is not sent to the IOT device;
secondly, establishing binding information of the terminal equipment and the IOT equipment, namely, the cloud acquires a user account of the target user and simultaneously acquires a unique identification code (such as an SN (serial number) code, an IMEI (international mobile equipment identity) code, an MAC (media access control) address and the like) of the terminal equipment; when the authentication of binding the user account and the IOT device is realized, the unique identification code of the terminal device is also set to be bound with the IOT device, namely, under the condition, when a plurality of users log in the same user account, the IOT device bound with the unique identification code can only be controlled according to the used terminal device. And after the temporary control is finished, the manager deletes the binding relationship between the unique identification code of the terminal equipment and the IOT equipment.
Example two
The second embodiment is the operation of the network distribution of the IOT device before the first embodiment. In the second embodiment, the IOT device is configured through the configuration interface of the app installed in the terminal device. The process is as follows: the method comprises the steps that terminal equipment obtains a WLAN hotspot of IOT equipment to carry out wireless local area network connection, then, an ssid and a password of WiFi of a wide area network are input into a configuration interface, and the IOT equipment receives and completes distribution according to the ssid and the password of the WiFi of the wide area network.
EXAMPLE III
The third embodiment is the operation of the IOT device distribution network before the first embodiment. In the third embodiment, the terminal device is connected with the AP node to acquire the configuration interface to realize that the IOT device is connected with the network, and the network is distributed without downloading extra APP, namely, the network can be rapidly distributed to the IOT device through the webpage, so that the network communication of the IOT device is realized, and the use of a user is facilitated.
The process is as follows:
the method comprises the steps that terminal equipment obtains a WLAN hotspot of IOT equipment to carry out wireless local area network connection, and obtains an IP address, a Gateway address and a DNS server address returned by the IOT equipment according to the wireless local area network connection;
the terminal equipment acquires an analytic IP through the Gateway address;
the terminal equipment sends an http request to the analysis IP to acquire a configuration interface of the IOT equipment;
and the terminal equipment transmits the ssid and the password for connecting the WiFi of the wide area network to the IOT equipment through the configuration interface.
The configuration interface is an h5 page running in the browser, the IOT equipment is provided with an AP mode, under the AP mode, the IOT equipment can continuously detect surrounding wide area network WiFi signals, as long as the IOT equipment acquires the ssid and the password of the wide area network WiFi signals, the wide area network can be accessed, network communication is realized, the detection is different from the traditional IOT equipment which can only detect the WiFi signals under the STA mode, and therefore the distribution network process does not require that the IOT equipment has the STA mode and the AP mode at the same time, and the practicability is wider.
Preferably, the terminal device obtains an IP address, a Gateway address and a DNS server address returned by the IOT device through a DHCP protocol, where the Gateway address is the IP address of the IOT device, and the DNS server address is the IP address of the IOT device or a random IP address. The DHCP protocol is a dynamic host configuration protocol, when the terminal equipment completes the wireless local area network connection through the WLAN hotspot of the IOT equipment, the terminal equipment (which is equivalent to a host) is allocated with an IP address and a subnet mask in a local area network according to the DHCP protocol, and the terminal equipment also obtains a Gateway address and a DNS server address, thereby ensuring the communication of the terminal equipment in the wireless local area network.
Preferably, the terminal device sends a DNS resolution request to the DNS server address through the Gateway address to obtain a resolution IP, and the specific steps include: and the terminal equipment sends a DNS analysis request data packet request to perform DNS domain name analysis, and after receiving the DNS analysis request data packet, the Gateway address intercepts the DNS analysis request and forcibly returns the IP of the IOT equipment as an analysis IP.
Therefore, when the terminal device sends an http request to the parsing IP, the returned http page is a configuration interface of the IOT device, and in the configuration interface, the user is required to input an ssid and a password for connecting a wide area network (internet) WiFi.
In this embodiment, the IP of the DNS server address is not limited, and may be an IP address of the IOT device or an arbitrary IP address, and since the Gateway address is the IP address of the IOT device, in this embodiment, the IOT device has an AP mode, that is, the IOT device is a Gateway, when the terminal device is in a wireless local area network, the terminal device initiates a DNS resolution request, and the DNS resolution request is first obtained by the Gateway (the IOT device), so the IOT device obtains the DNS resolution request before the DNS server, and then the IOT device may return the specified IP address as a resolution IP. In other words, no matter which IP address the DNS server points to, the IOT device may return the same resolution address when it acquires the DNS resolution request as a gateway.
The process of obtaining the configuration interface is based on the automatic popup principle of a terminal equipment browser, adopts a mandatory Portal authentication technology-Captive Portal, when the terminal device connects to the local area network through the WLAN hotspot, it will automatically initiate a request to the internet, and different terminal devices have different request addresses, for example, the request of the iphone is www.applet.com, and the android handset requests client3.google.com, obtains h5 page through iptable jump, DNS intercept and HTTP redirect, in other embodiments of the present invention, web page reconfiguration may also be adopted, and finally, no matter what domain name, any URL, or any IP address is input by the user, any h5 page is forced to be assigned, in this embodiment, the h5 page that is forced to be assigned is a configuration interface returned by the IP address of the IOT device, in this configuration interface, the user is required to input the ssid and password for the IOT device to connect to the wide area network WiFi. Because the returned configuration interface is redirected, the terminal device considers that the WLAN hotspot needs forced authentication, and therefore a browser page can be automatically popped up to be used for the user to distribute the network without manually opening the browser by the user.
When the DNS server address is the IP address of the IOT equipment, a DNS resolution request is sent to the DNS server address through the Gateway address to perform DNS domain name resolution, the DNS server address returns the DNS server address as a resolution IP after receiving the DNS resolution request, and the Gateway address is normally forwarded to the DNS server after receiving the DNS resolution request at the moment without intercepting the DNS resolution request.
If the resolution IP obtained in the DNS resolution request process in the two modes is not the IP address of the IOT equipment, sending an http request to the Gateway address, and specifically comprising the following steps: and the terminal equipment initiates an http request, intercepts the http request without subsequent forwarding after the Gateway address is used as a Gateway to receive the http request, and forcibly returns to a configuration interface of the IOT equipment as a response of the http request.
And transmitting the ssid and the password acquired by the configuration interface to the IOT equipment through an http post protocol.
Preferably, the IOT device connects to a router using the ssid and the password for connecting to the WiFi of the wide area network, then establishes a connection with a server, authenticates the ID of the IOT device and confirms that the IOT device logs in, and the IOT device returns the server address and the connection script.
Preferably, the terminal device receives the server address and the connection script returned by the IOT device, disconnects the WLAN hotspot, connects to the server by using the server address, and accesses the service address to obtain an ID of the IOT device that is confirmed to log in; and acquiring user registration information through the connection script, binding the ID of the IOT equipment and the registration information to form authentication data, and uploading the authentication data to the server for storage.
The connection script runs in an H5 page provided by the terminal device, the user can register in an H5 page corresponding to the connection script, login is carried out by using registration information after the registration is successful, then the ID of the IOT device logged in by the server and the registration information of the user are obtained and bound to form authentication data, the authentication data are uploaded to the server to be stored, and after the user logs in by using the registration information, the IOT device corresponding to the ID can be subjected to subsequent operation.
The server can be a cloud server or an entity server, the entity server is a traditional server and is provided with an independent CPU, a memory bank, a hard disk and the like, and the cloud server is selected to realize data storage, network transmission and calculation functions
Example four
The fourth embodiment is the operation of the IOT device distribution network before the first embodiment. In the fourth embodiment, the network distribution of the IOT device is realized by acquiring the configuration interface through the applet of the terminal device, and the network distribution of the IOT device can be quickly completed through the H5 page of the applet without downloading an additional APP, so that the network communication of the IOT device is realized, the use by a user is facilitated, and the authentication and the control of the IOT device are realized by using the applet.
The method specifically comprises the following steps:
the method comprises the steps that terminal equipment obtains an applet H5 page, the terminal equipment obtains prompt information of connecting hotspots through the applet H5 page, and the terminal equipment is connected with the WLAN hotspot of the IOT equipment according to the prompt information;
the terminal equipment receives a response of the http H5 page of the IOT equipment, the response of the http pH5 page of the IOT equipment circularly initiates http request acquisition through the background script of the applet, and the terminal equipment receives the ssid and the password connected with the WiFi of the wide area network through the http H5 page of the IOT equipment;
and the terminal equipment returns the ssid and the password to the IOT equipment for distribution network.
The terminal device includes but is not limited to a notebook computer, a tablet computer, a mobile phone or other intelligent devices with a WiFi connection function and two-dimensional code scanning identification.
In this embodiment, the applet H5 page may be obtained by scanning code data with a two-dimensional code, or may directly enter a corresponding applet according to the applet name, so as to obtain the applet H5 page, where the applet may be a WeChat applet or an applet running in another application, which is not limited herein.
The terminal device can enter the public number by scanning the two-dimensional code, and the terminal device acquires an H5 page (namely a configuration interface) through the public number to complete the reminding of the WLAN hotspot setting and the acquisition and transmission process of the distribution network information.
The IOT equipment possesses the AP mode, and under the AP mode, this IOT equipment can continuously detect wide area network wiFi signal on every side, as long as it acquires the ssid and the password of wide area network wiFi signal, can access the wide area network, realize network communication, be different from traditional IOT equipment and can only carry out wiFi signal detection under the STA mode to join in marriage the net process and not require the IOT equipment to have STA mode and AP mode simultaneously, have more extensive practicality. In addition, the IOT device provides a WLAN hotspot in the AP mode for the terminal device to connect to form a local area network with the IOT device as a gateway.
In this embodiment, the network communication, the local area network discovery, and the network distribution process of the applet are implemented based on an AirKiss technology, which is common knowledge in the field of the present technology and is not described herein again, after a terminal device connects a WLAN hotspot of the IOT device, a background script of the applet cyclically initiates http request acquisition, the IOT device, as a gateway, receives the http request (if the WLAN hotspot of the IOT device is not connected, the IOT device does not receive the http request), then returns an IP address of the IOT device and an H5 page to which the IP address of the IOT device points, where the H5 page is used for network distribution, and in the H5 page, a user is required to input an ssid and a password for connecting a WiFi of a wide area network (internet).
After the terminal equipment is connected with the WLAN hotspot of the IOT equipment, the terminal equipment automatically acquires an IP address and a subnet mask, a Gateway address and a DNS server address which are allocated to the terminal equipment through a DHCP protocol, wherein the Gateway address is the IP address of the IOT equipment, and the DNS server address is the IP address or the random IP address of the IOT equipment. The DHCP protocol is a dynamic host configuration protocol, when the terminal equipment completes the wireless local area network connection through the WLAN hotspot of the IOT equipment, the terminal equipment (which is equivalent to a host) is allocated with an IP and a subnet mask in a local area network according to the DHCP protocol, and the terminal equipment also obtains a Gateway address and a DNS server address, thereby ensuring the communication of the terminal equipment in the wireless local area network.
And simultaneously, before the background script of the applet circularly initiates an http request, the following operations are carried out:
and sending a DNS analysis request to the DNS server address through the Gateway address, intercepting the DNS analysis request after the Gateway address receives the DNS analysis request, and then forcibly returning the IP address of the IOT equipment.
And then circularly initiating an http request by the terminal equipment, and acquiring an H5 page pointed by the IP address of the IOT equipment according to the returned IP address of the IOT equipment.
Therefore, when the terminal device sends an http request to the loop, the returned http page is the H5 page pointed to by the IP address of the IOT device, and in the H5 page, the user is required to input the ssid and the password for connecting to the WiFi of the wide area network (internet).
Preferably, the background script of the applet checks whether the response of the http H5 page of the IOT device is successfully received, i.e. checks whether the WLAN hotspot of the IOT device is successfully connected. If successful, the user is required to enter the widgets WiFi connection ssid and password in the http request to http H5 page.
In this embodiment, the terminal device transmits the obtained ssid and the obtained password to the IOT device through an http post protocol.
Preferably, the specific process of returning the ssid and the password to the IOT device for network distribution includes: the IOT equipment is connected with a router by using the ssid and the password connected with the wide area network WiFi, then connection is established with a server, the server authenticates the ID of the IOT equipment and confirms that the IOT equipment logs in, and the IOT equipment returns the server address and the applet script.
Preferably, the applet receives the server address and the applet script returned by the IOT device, disconnects the WLAN hotspot, circularly sends a server connection request by the background script of the applet, connects to the server by using the server address, and accesses the service address to obtain an ID of the IOT device for confirming login through the applet script; and acquiring user registration information through the applet script, binding the ID of the IOT equipment and the registration information to form authentication data, and uploading the authentication data to the server for storage.
The small program script runs in an H5 page of the terminal device, a user can register in an H5 page corresponding to the small program script, after the registration is successful, the user can log in by using registration information, then the ID of the IOT device logged in by the server is obtained through interaction with the server, the ID of the IOT device and the registration information of the user are bound to form authentication data, then the authentication data are uploaded to the server to be stored, and after the user logs in by using the registration information in a small program or a WeChat public number, the subsequent operation can be carried out on the IOT device corresponding to the ID.
The server can be a cloud server or an entity server, the entity server is a traditional server and is provided with an independent CPU, a memory bank, a hard disk and the like, and the cloud server is selected to achieve data storage, network transmission and calculation functions.
EXAMPLE five
Fig. 2 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention, as shown in fig. 2, the electronic device includes a processor 210, a memory 220, an input device 230, and an output device 240; the number of processors 210 in the computer device may be one or more, and one processor 210 is taken as an example in fig. 2; the processor 210, the memory 220, the input device 230, and the output device 240 in the electronic apparatus may be connected by a bus or other means, and the bus connection is taken as an example in fig. 2.
The memory 220 is used as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the authentication method for binding the IOT device and the user in the embodiment of the present invention. The processor 210 executes various functional applications and data processing of the electronic device by executing the software programs, instructions and modules stored in the memory 220, that is, implements the authentication method for binding the IOT device and the user according to the first embodiment.
The memory 220 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. Further, the memory 220 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 220 may further include memory located remotely from the processor 210, which may be connected to the electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 230 may be used to set age information and the like. The output device 240 is used to output push messages and the like.
EXAMPLE six
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to implement an authentication method for binding an IOT device with a user, and the method includes:
directly receiving user information and IOT equipment information sent by a target user, or receiving user information sent by the target user through the IOT equipment, and acquiring a user account of the target user;
if the user account is not bound with the IOT equipment, temporarily binding the user account and the IOT equipment;
pushing a message to the user information, and after receiving a confirmation request sent by a target user according to the message, sending an IOT equipment list to the user account;
and binding the user account and the IOT equipment according to the information of the IOT equipment list selected by the target user.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations in the authentication method for binding the IOT device and the user, provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling an electronic device (which may be a mobile phone, a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the authentication apparatus for binding the IOT device and the user, the included units and modules are only divided according to the functional logic, but are not limited to the above division, as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Various other modifications and changes may be made by those skilled in the art based on the above-described technical solutions and concepts, and all such modifications and changes should fall within the scope of the claims of the present invention.

Claims (8)

1. An authentication method for binding IOT equipment and a user is characterized by comprising the following steps:
directly receiving user information and IOT equipment information sent by a target user, or receiving user information sent by the target user through the IOT equipment, and acquiring a user account corresponding to the target user;
if the user account is not bound with the IOT equipment, temporarily binding the user account and the IOT equipment, wherein the temporary binding sets a time period, and if the time period exceeds the time period and subsequent authentication of binding is not performed, deleting the temporary binding;
pushing a message to the user information, and after receiving a confirmation request sent by a target user according to the message, sending an IOT (internet of things) equipment list to the user account, wherein the user information is input by the target user through a terminal device used by the target user; sending an IOT device list to the user account as sending the IOT device list to an authentication page, wherein the authentication page is automatically generated after receiving the confirmation request, the authentication page is obtained through a browser or an H5 page of terminal equipment, the H5 page is obtained through iptable skipping, DNS interception and HTTP redirection, and the IOT device list is all the IOT device lists which are temporarily bound with the user account;
and realizing the binding of the user account and the IOT equipment according to the information of the IOT equipment list selected by the user logging in the user account, wherein before the authentication of the IOT equipment and the user binding, the method further comprises the following steps of obtaining the authentication page through a browser or an H5 page of the terminal equipment: carrying out network distribution on the IOT equipment through a configuration interface; the network distribution method comprises the following steps:
the method comprises the steps that terminal equipment obtains a WLAN hotspot of IOT equipment to carry out wireless local area network connection, and obtains an IP address, a Gateway address and a DNS server address returned by the IOT equipment according to the wireless local area network connection;
the terminal equipment acquires an analytic IP through the Gateway address;
the terminal equipment sends an http request to the analysis IP to acquire the configuration interface;
and inputting the ssid and the password of the WiFi of the wide area network in the configuration interface, and sending the ssid and the password to the IOT equipment so that the IOT equipment completes network distribution according to the ssid and the password.
2. The IOT device and user binding authentication method of claim 1, wherein the unique identification code of the terminal device is also obtained while the user account corresponding to the target user is obtained; the binding of the user account and the IOT equipment also comprises the binding of the unique identification code and the IOT equipment.
3. The IOT device and user bound authentication method in accordance with claim 1, wherein the authentication page implementation further comprises any of:
presenting the authentication page through a corresponding app installed in the terminal equipment;
and acquiring the authentication page through an applet of the terminal equipment.
4. The method of claim 3, wherein before the obtaining of the authentication page by the applet of the terminal device, the authentication of the IOT device bound to the user, further comprises: carrying out network distribution on the IOT equipment through a configuration interface; the network distribution method comprises the following steps:
the method comprises the steps that terminal equipment obtains an applet H5 page, wherein the H5 page is a configuration interface, prompt information for connecting a hotspot is obtained through the applet H5 page, and the terminal equipment is connected with a WLAN hotspot of the IOT equipment according to the prompt information;
and inputting the ssid and the password of the WiFi of the wide area network in the configuration interface, and sending the ssid and the password to the IOT equipment so that the IOT equipment completes network distribution according to the ssid and the password.
5. The IOT device and user binding authentication method of any one of claims 1 to 4, wherein an authentication prompt message is sent to the user information at the same time as or within a pre-set time range or a post-set time range of the IOT device list is sent to the user account.
6. The method of any of claims 1-4, wherein prior to sending the list of IOT devices to the user account, further comprising:
calculating the time difference between the message pushing to the user information and the confirmation request receiving;
if the time difference is larger than a preset time threshold, deleting the temporary binding or/and sending binding failure information to the user information;
and if the time difference is smaller than or equal to a preset time threshold, sending an IOT equipment list to the user account.
7. An electronic device comprising a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, wherein the computer program, when executed by the processor, implements the method of authentication of an IOT device bound to a user of any of claims 1-6.
8. A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of authentication of an IOT device bound to a user of any of claims 1-6.
CN201910607716.0A 2019-07-05 2019-07-05 IOT device and user binding authentication method, device and medium Active CN110300117B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910607716.0A CN110300117B (en) 2019-07-05 2019-07-05 IOT device and user binding authentication method, device and medium
PCT/CN2019/103133 WO2021003816A1 (en) 2019-07-05 2019-08-28 Method for authenticating iot device is bound to user, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910607716.0A CN110300117B (en) 2019-07-05 2019-07-05 IOT device and user binding authentication method, device and medium

Publications (2)

Publication Number Publication Date
CN110300117A CN110300117A (en) 2019-10-01
CN110300117B true CN110300117B (en) 2021-03-02

Family

ID=68030639

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910607716.0A Active CN110300117B (en) 2019-07-05 2019-07-05 IOT device and user binding authentication method, device and medium

Country Status (2)

Country Link
CN (1) CN110300117B (en)
WO (1) WO2021003816A1 (en)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110856145B (en) * 2019-10-23 2023-04-18 杭州博联智能科技股份有限公司 IOT (Internet of things) equipment and user binding method, equipment and medium based on near field authentication
CN110826965B (en) * 2019-11-04 2022-09-09 上海庆科信息技术有限公司 Intelligent warehouse management method and device, handheld device and storage medium
CN111092856A (en) * 2019-11-18 2020-05-01 北京小米移动软件有限公司 Network distribution method, network distribution device and computer readable storage medium
CN113132185B (en) * 2019-12-30 2022-06-10 深圳Tcl新技术有限公司 Equipment distribution network binding method, system, mobile terminal and storage medium
CN111556500A (en) * 2020-05-11 2020-08-18 南昌傲亚信息有限公司 Technology for distributing network and authenticating WiFi (wireless fidelity) of equipment through WeChat applet
CN114205822B (en) * 2020-08-31 2023-11-03 华为技术有限公司 IoT device and authorization method thereof
CN112468538B (en) * 2020-11-04 2022-08-02 杭州萤石软件有限公司 Operation method and system of Internet of things equipment
CN113037736B (en) * 2021-03-02 2023-07-14 四川九州电子科技股份有限公司 Authentication method, device, system and computer storage medium
CN112954717B (en) * 2021-03-12 2023-04-21 四川虹美智能科技有限公司 Household appliance network distribution method and device based on H5 page
CN112667122B (en) * 2021-03-16 2021-06-18 北京翼辉信息技术有限公司 Icon display method and device, storage medium and computing equipment
WO2022217602A1 (en) * 2021-04-16 2022-10-20 Oppo广东移动通信有限公司 Method for establishing device binding relationship, and device
CN113489630A (en) * 2021-06-09 2021-10-08 深圳Tcl新技术有限公司 Network distribution method, device, storage medium and electronic terminal
CN113452588A (en) * 2021-06-29 2021-09-28 青岛海尔科技有限公司 Display method and device of equipment binding list, storage medium and electronic device
CN113691377B (en) * 2021-08-20 2023-04-11 珠海格力电器股份有限公司 Method and device for processing equipment list
CN113938283B (en) * 2021-10-14 2023-12-12 南京大全电气研究院有限公司 Code scanning login method, system, device, electronic equipment and storage medium
CN114124915A (en) * 2021-10-25 2022-03-01 青岛海尔科技有限公司 Method and device for establishing binding relationship, storage medium and electronic device
CN114040399A (en) * 2021-10-27 2022-02-11 青岛海尔科技有限公司 Equipment binding method and device, storage medium and electronic device
CN114070824B (en) * 2021-11-17 2023-12-05 远景智能国际私人投资有限公司 Registration method of Internet of things equipment, registration cloud server and medium
CN114547569A (en) * 2022-02-11 2022-05-27 支付宝(杭州)信息技术有限公司 Account login processing method and device
CN114489514A (en) * 2022-02-11 2022-05-13 京东科技信息技术有限公司 Data storage method and device
CN115086322A (en) * 2022-06-15 2022-09-20 南京林业大学 Intelligent visual home system based on cloud service
CN115150482A (en) * 2022-06-30 2022-10-04 先临三维科技股份有限公司 Equipment binding method and device and computer readable storage medium
CN115484115B (en) * 2022-08-30 2024-01-26 海尔优家智能科技(北京)有限公司 Binding method and device, storage medium and electronic device
CN117062038B (en) * 2023-10-13 2024-02-27 联通在线信息科技有限公司 Equipment automatic binding method and device based on near field communication technology

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100190A (en) * 2015-05-21 2015-11-25 小米科技有限责任公司 Methods, devices and system for managing control relation of account and device
CN105635143A (en) * 2015-12-30 2016-06-01 林海 Equipment binding method
CN106850392A (en) * 2015-12-04 2017-06-13 腾讯科技(深圳)有限公司 Message treatment method and device, message receival method and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9985829B2 (en) * 2013-12-12 2018-05-29 Exablox Corporation Management and provisioning of cloud connected devices
CN104717672B (en) * 2013-12-17 2018-10-26 施耐德电器工业公司 WiFi configuration methods, WiFi configuration devices and WiFi equipment
CN104780154B (en) * 2015-03-13 2018-06-19 小米科技有限责任公司 Apparatus bound method and apparatus
CN105372998A (en) * 2015-09-29 2016-03-02 小米科技有限责任公司 A method and a device for binding of intelligent apparatuses
US9923881B2 (en) * 2015-10-14 2018-03-20 Mcafee, Llc System, apparatus and method for migrating a device having a platform group
CN105450655B (en) * 2015-12-14 2019-05-28 小米科技有限责任公司 Apparatus bound method and apparatus
CN109327457A (en) * 2018-11-09 2019-02-12 广州大学 A kind of internet of things equipment identity identifying method and system based on block chain
CN113422811B (en) * 2018-11-22 2023-07-18 创新先进技术有限公司 Equipment payment method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100190A (en) * 2015-05-21 2015-11-25 小米科技有限责任公司 Methods, devices and system for managing control relation of account and device
CN106850392A (en) * 2015-12-04 2017-06-13 腾讯科技(深圳)有限公司 Message treatment method and device, message receival method and device
CN105635143A (en) * 2015-12-30 2016-06-01 林海 Equipment binding method

Also Published As

Publication number Publication date
WO2021003816A1 (en) 2021-01-14
CN110300117A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN110300117B (en) IOT device and user binding authentication method, device and medium
CN110248364B (en) IOT equipment network distribution method, device, equipment and medium
JP6726426B2 (en) Login-free method and device between terminals
CN104158808B (en) Portal authentication method and its device based on APP applications
US11201861B2 (en) Server for providing a token
WO2020258456A1 (en) Mini program-based network distribution method and apparatus for iot device, device and medium
CN106878135B (en) Connection method and device
CN101702717B (en) Method, system and equipment for authenticating Portal
KR101670344B1 (en) Access control method and system, and access point
CN102884819A (en) System and method for WLAN roaming traffic authentication
KR20150060709A (en) Reducing core network traffic caused by migrant
CN105981345B (en) The Lawful intercept of WI-FI/ packet-based core networks access
CN105873055B (en) Wireless network access authentication method and device
CN105049413A (en) Authentication method for free wireless Internet access
WO2017177691A1 (en) Portal authentication method and system
US20160234307A1 (en) Data transmission method, device, and system
CN103796278A (en) Mobile terminal wireless network access control method
US11019560B2 (en) Selective cloud-based SSID (service set identifier) steering for allowing different levels of access for wireless network friends when onboarding on Wi-Fi networks
CN110830516B (en) Network access method, device, network control equipment and storage medium
CN110505188B (en) Terminal authentication method, related equipment and authentication system
EP3043509A1 (en) Portal authentication method, broadband network gateway (bng), portal server and system
CN105991640A (en) Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request
CN105635148B (en) Portal authentication method and device
CN110856145B (en) IOT (Internet of things) equipment and user binding method, equipment and medium based on near field authentication
CN104837134A (en) Web authentication user registration method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant