CN111082940B

CN111082940B - Internet of things equipment control method and device, computing equipment and storage medium

Info

Publication number: CN111082940B
Application number: CN201911133261.XA
Authority: CN
Inventors: 程时虎; 谢冰
Original assignee: Taikang Insurance Group Co Ltd
Current assignee: Taikang Insurance Group Co Ltd
Priority date: 2019-11-19
Filing date: 2019-11-19
Publication date: 2022-11-04
Anticipated expiration: 2039-11-19
Also published as: CN111082940A

Abstract

The application provides a method and a device for controlling Internet of things equipment, computing equipment and a storage medium, relates to the technical field of Internet of things, and comprises the following steps: receiving an access request sent by the Internet of things equipment, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying the unique identity of the Internet of things equipment in the Internet of things platform; verifying the global unique identifier to be verified based on the pre-stored global unique identifier of the Internet of things equipment, and verifying the signature of the Internet of things equipment; if the global unique identifier to be verified passes verification and the signature of the Internet of things equipment passes verification, sending an access permission message to the Internet of things equipment; monitoring the Internet of things equipment to obtain a monitoring analysis result; and if the abnormality of the Internet of things equipment is determined according to the monitoring analysis result, performing corresponding abnormality processing operation on the Internet of things equipment. The mode controls the Internet of things equipment to be safer and more reliable.

Description

Internet of things equipment control method and device, computing equipment and storage medium

Technical Field

The application relates to the technical field of internet of things, in particular to a method and a device for controlling internet of things equipment, computing equipment and a storage medium.

Background

With the continuous development of the internet of things technology, the internet of things is applied to aspects of production and life, such as: wisdom city, wisdom trip and wisdom foster old waiting have brought very big convenience through the production and the life of using of thing networking for people.

In the related technology, the equipment to be accessed to the Internet of things platform is limited, only the equipment of which the Internet of things platform authenticates the digital certificate can be accessed, the access authentication mode is single, and once lawless persons tamper some equipment access requests, the equipment is added to the Internet of things platform, so that data leakage is caused. Therefore, how to improve the safety of the internet of things needs to be solved.

Disclosure of Invention

The embodiment of the application provides a method and a device for controlling Internet of things equipment, computing equipment and a storage medium, and aims to solve the problem that in the related art, the security of the Internet of things equipment accessing an Internet of things platform is poor.

In a first aspect, an embodiment of the present application provides an internet of things device control method, where the method includes:

receiving an access request sent by the Internet of things equipment, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

verifying the global unique identifier to be verified based on a pre-stored global unique identifier of the Internet of things equipment, and verifying a signature of the Internet of things equipment;

if the global unique identifier to be verified passes the verification and the signature of the Internet of things equipment passes the verification, sending an access permission message to the Internet of things equipment; and the number of the first and second electrodes,

monitoring the Internet of things equipment to obtain a monitoring analysis result;

and if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result, performing corresponding abnormal handling operation on the Internet of things equipment.

In one embodiment, the globally unique identifier is generated according to the following method:

acquiring a physical identifier of the Internet of things equipment;

and generating a global unique identifier of the Internet of things equipment according to the physical identifier, wherein the physical identifier corresponds to the global unique identifier one to one.

In one embodiment, the obtaining the physical identifier of the internet of things device includes:

acquiring a first device identifier of the Internet of things device as the physical identifier through an identifier acquisition interface provided by the Internet of things device;

if the first equipment identifier fails to be obtained, obtaining a second equipment identifier of the Internet of things equipment from a storage space corresponding to the storage location identifier of the Internet of things equipment as the physical identifier according to the storage location identifier in the equipment description of the Internet of things equipment;

and if the second equipment identification fails to be obtained, generating a virtual physical identification of the Internet of things equipment as the physical identification.

In one embodiment, the method further comprises:

recording an acquisition mode of the physical identification, wherein the acquisition mode comprises the following steps: a source identification acquisition interface, a source device description, and a source virtual physical identification;

the right the thing networking device monitors, include:

inquiring the acquisition mode of the physical identifier of the Internet of things equipment from a database of the Internet of things platform;

if the obtaining mode is from an identification obtaining interface, monitoring the Internet of things equipment by adopting a first monitoring rule;

if the obtaining mode is from the equipment description, monitoring the Internet of things equipment by adopting a second monitoring rule;

if the obtaining mode is from the virtual physical identification, monitoring the Internet of things equipment by adopting a third monitoring rule;

the monitoring strength of the third monitoring rule, the second monitoring rule and the first monitoring rule is reduced in sequence;

wherein, along with the increase of monitoring dynamics, the probability that thing networking device is judged to be unusual is bigger.

In one embodiment, the first monitoring rule, the second monitoring rule, and the third monitoring rule include at least one of the following rules:

rule 1: the length of the information statistical period and the minimum information quantity sent when the information statistical period is judged to be abnormal in the same statistical period;

rule 2: the format and/or content of normal information sent by the Internet of things equipment;

rule 3: allowed operational behavior.

In one embodiment, the method further comprises:

according to the globally unique identifier of the Internet of things equipment, creating and storing login information for the Internet of things equipment, wherein the login information comprises a user name and a login password corresponding to the user name; the user name is the global unique identifier;

the access request sent by the Internet of things equipment also comprises login information to be authenticated of the Internet of things equipment; the method further comprises the following steps:

performing identity verification on the login information to be authenticated according to the stored login information of the Internet of things equipment;

before the allowing the internet of things device to access the internet of things platform, the method further includes:

and determining that the identity authentication result is authentication pass.

In one embodiment, the Certificate and private key for signature of the internet of things device are issued after the identity of the internet of things device is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is the globally unique identifier of the Internet of things equipment; the verifying the signature of the internet of things device includes:

acquiring a public key of a digital certificate of the Internet of things equipment according to the globally unique identifier of the Internet of things equipment;

verifying the signature of the Internet of things equipment according to the acquired public key of the digital certificate; the signature is obtained by encrypting the global unique identifier of the Internet of things equipment and the login information to be authenticated by the Internet of things equipment by using a private key of the digital certificate;

and after the signature verification is confirmed to pass, executing the step of carrying out identity verification on the login information to be authenticated according to the stored login information of the Internet of things equipment.

In one embodiment, the verifying the global unique identifier to be verified based on a pre-stored global unique identifier of the internet of things device includes:

determining whether a global unique identifier set of an accessed Internet of things device of an Internet of things platform comprises the global unique identifier of the Internet of things device;

if the global unique identification set comprises the global unique identification of the Internet of things equipment, determining that the verification fails, and otherwise, determining that the verification passes.

In one embodiment, before monitoring the internet of things device, the method further includes:

allocating operation behavior authority to the Internet of things equipment, wherein the operation behavior comprises issuing information and/or reading information;

the right the thing networking device is monitored, include:

and monitoring the Internet of things equipment according to the distributed operation behavior authority.

In one embodiment, if it is determined that the internet of things device is abnormal according to the monitoring analysis result, performing corresponding abnormal handling operation on the internet of things device includes:

if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result, outputting alarm information;

reconfiguring the operation behavior authority into forbidden operation based on the alarm information; and/or the presence of a gas in the gas,

and disconnecting the connection with the Internet of things equipment based on the alarm information.

In a second aspect, an embodiment of the present application provides a method for controlling an internet of things device, where the method includes:

sending an access request to an Internet of things platform, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

and when receiving an access-allowed message sent by the Internet of things platform, accessing the Internet of things platform, wherein the message is sent after the Internet of things platform determines that the global unique identifier to be verified passes the verification and the signature of the Internet of things equipment passes the verification, and the Internet of things platform is used for monitoring the accessed Internet of things equipment.

In one embodiment, the access request further includes login information to be authenticated of the internet of things device, and the login information to be authenticated is created by the internet of things platform for the internet of things device according to the global unique identifier of the internet of things device;

a certificate and a private key for signature of the equipment of the Internet of things are issued after the identity of the equipment of the Internet of things is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is the globally unique identifier of the Internet of things equipment;

generating the signature includes:

and encrypting the global unique identifier of the equipment of the Internet of things and the login information to be authenticated by using the private key of the digital certificate to obtain the signature.

In a third aspect, an embodiment of the present application provides an internet of things device control apparatus, where the apparatus includes:

the receiving module is used for receiving an access request sent by the Internet of things equipment, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

the verification module is used for verifying the global unique identifier to be verified based on the pre-stored global unique identifier of the Internet of things equipment and verifying the signature of the Internet of things equipment;

the access module is used for sending an access permission message to the Internet of things equipment if the global unique identifier to be verified passes the verification and the signature of the Internet of things equipment passes the verification;

the monitoring module is used for monitoring the Internet of things equipment to obtain a monitoring analysis result;

and the determining module is used for performing corresponding exception handling operation on the Internet of things equipment if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result.

In one embodiment, further comprising: the global unique identifier generating module is used for acquiring a first device identifier of the Internet of things device as the physical identifier through an identifier acquiring interface provided by the Internet of things device;

if the second equipment identifier fails to be obtained, generating a virtual physical identifier of the Internet of things equipment as the physical identifier;

In one embodiment, further comprising: the recording module is used for recording the acquisition mode of the physical identifier, wherein the acquisition mode comprises the following steps: a source identification acquisition interface, a source device description, and a source virtual physical identification;

the monitoring module is specifically configured to: inquiring an acquisition mode of the physical identification of the Internet of things equipment from a database of the Internet of things platform;

In one embodiment, the apparatus further comprises: the creating module is used for creating and storing login information for the Internet of things equipment according to the global unique identifier of the Internet of things equipment, wherein the login information comprises a user name and a login password corresponding to the user name; the user name is the global unique identifier;

the access request sent by the Internet of things equipment also comprises login information to be authenticated of the Internet of things equipment; the device further comprises: the storage module is used for carrying out identity verification on the login information to be authenticated according to the stored login information of the Internet of things equipment;

and determining that the identity verification result is verification passing.

In one embodiment, the certificate and the public key for signature of the internet of things device are issued after the identity of the internet of things device is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is a globally unique identifier of the internet of things equipment; the monitoring module is specifically configured to:

and after the signature verification is determined to pass, executing the step of carrying out identity verification on the login information to be authenticated according to the stored login information of the Internet of things equipment.

In one embodiment, the apparatus further comprises: the distribution module is used for distributing operation behavior authority to the Internet of things equipment, and the operation behavior comprises issued information and/or read information;

the right the thing networking device is monitored, include:

In a fourth aspect, an embodiment of the present application provides an internet of things device control apparatus, where the apparatus includes:

the system comprises a sending module and an access module, wherein the sending module is used for sending an access request to an Internet of things platform, and the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

the access module is used for accessing the Internet of things platform after receiving an access-allowed message sent by the Internet of things platform, wherein the message is sent after the Internet of things platform determines that the global unique identification to be verified passes the verification and the signature of the Internet of things equipment passes the verification, and the Internet of things platform is used for monitoring the accessed Internet of things equipment.

In a fifth aspect, an embodiment of the present application further provides a computing device, including:

a memory and a processor;

a memory for storing program instructions;

and the processor is used for calling the program instructions stored in the memory and according to the obtained program, the Internet of things equipment control method is provided with the first aspect or the second aspect.

In a sixth aspect, an embodiment of the present application further provides a computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are configured to enable a computer to execute any method for controlling an internet of things device in the embodiment of the present application.

The method and device for controlling the internet of things equipment, the computing equipment and the storage medium provided by the embodiment of the application comprise the following steps: the method comprises the steps of firstly receiving an access request sent by the Internet of things equipment, wherein the access request comprises a global unique identifier to be checked of the Internet of things equipment and a signature of the Internet of things equipment, the global unique identifier to be checked is used for identifying a unique identity of the Internet of things equipment in an Internet of things platform, then checking the global unique identifier to be checked based on the global unique identifier of the Internet of things equipment stored in advance, checking the signature of the Internet of things equipment, then sending an access permission message to the Internet of things equipment if the global unique identifier to be checked passes the check and the signature of the Internet of things equipment passes the check, monitoring the Internet of things equipment to obtain a monitoring analysis result, and finally carrying out corresponding exception handling operation on the Internet of things equipment if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result. The mode controls the Internet of things equipment to be safer and more reliable, the Internet of things equipment is connected to the Internet of things platform to perform identity authentication, the running condition of the Internet of things equipment is monitored after the Internet of things equipment is connected to the Internet of things platform, and the Internet of things platform is more strictly controlled on the basis of the monitoring of the Internet of things equipment connected to the Internet of things platform, so that the Internet of things platform is safer.

Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic view of an application scenario of a method for controlling an internet of things device according to an embodiment of the present application;

fig. 2 is a flowchart illustrating a method for generating a digital security credential according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a method for controlling an internet of things device according to an embodiment of the present application;

fig. 4 is a flowchart illustrating a permission configuration method according to an embodiment of the present application;

fig. 5 is a schematic flowchart of a monitoring method according to an embodiment of the present application;

fig. 6 is a flowchart of a method for controlling an internet of things device according to an embodiment of the present application;

fig. 7 is a schematic diagram illustrating parameter adjustment of an internet of things device accessing an internet of things platform according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of an internet of things device control apparatus provided in an embodiment of the present application:

fig. 9 is a schematic structural diagram of an internet of things device control apparatus provided in an embodiment of the present application:

fig. 10 is a schematic structural diagram of a computing device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.

As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

The application based on the Internet of things brings great convenience to the life of people, such as: the user can operate and turn on the air conditioner at home on business, the street lamp can be automatically turned on and off according to the change of the environment, and the like. However, the inventor finds out how to ensure that the equipment accessing the platform of the internet of things is safe or ensure that the platform of the internet of things does not cause network work abnormity due to secret data leakage and malicious attack caused by some behaviors of hackers or lawless persons aiming at the huge heterogeneous network with all things interconnected. Therefore, the control of the internet of things equipment is very necessary, and the safety access control and the monitoring behavior authority control after the access of the user to the internet of things equipment must be performed as much as possible, so that the equipment with legal identity can be accessed and can be effectively monitored. Even if identity information of the Internet of things equipment is stolen to lead to illegal access to the Internet of things platform, the abnormal Internet of things equipment can be found through monitoring, and the abnormal equipment connection is removed through the method so as to ensure normal operation of the Internet of things platform. The scheme realizes the authentication of multiple safety certificates before access, improves the accuracy of access authentication, improves the access cost of illegal equipment, realizes the subsequent monitoring treatment, realizes the timely discovery of abnormal Internet of things equipment and performs related control on the abnormal Internet of things equipment.

Fig. 1 is a schematic view of an application scenario of an internet of things device control method provided in an embodiment of the present application, where the application scenario includes: an internet of things device 10 and an internet of things platform 11. Wherein accessible communication network connects between thing networking device 10 and thing networking platform 11, communication network includes: wireless communication networks, and wired communication networks. The internet of things equipment 10 comprises a plurality of intelligent equipment, namely intelligent equipment 1, intelligent equipment 2, intelligent equipment 3, intelligent equipment 4 and intelligent equipment X, wherein the intelligent equipment all belongs to the internet of things equipment, and an access subsystem, a monitoring subsystem, a rejection management and control system and a safety control center are arranged in an internet of things platform.

The access subsystem is used for verifying the equipment identity of the internet of things equipment 10; the monitoring subsystem is used for monitoring the operation behavior of the Internet of things equipment 10 accessed to the Internet of things platform 11, the Internet of things equipment mainly performs data publishing operation or data subscribing operation on the Internet of things platform, very few Topic of the Internet of things equipment can be used for publishing or subscribing, and the Internet of things platform gives alarm reminding aiming at the fact that the Internet of things equipment has abnormal messages or abnormal frequent operation on the corresponding Topic; the removing management and control system is used for limiting the operation behavior of the Internet of things equipment with abnormal operation behavior or refusing to access the Internet of things equipment with abnormal operation behavior; the safety control center can acquire the condition that the Internet of things equipment is accessed to the Internet of things platform, reject the management condition of the management and control system on the Internet of things equipment, and perform overall management on the Internet of things platform. This thing networking device 10 is when inserting thing networking platform 11, need carry out authentication, pass through the back when its authentication, can insert the thing networking platform, the thing networking platform can monitor the thing networking device who inserts, when discovering that thing networking device exists unusually, if thing networking device does not insert thing networking platform then forbid thing networking device access thing networking platform, perhaps if thing networking device has inserted thing networking platform then restricts the action of thing networking device and rejects this thing networking device even from thing networking platform to the safety of whole thing networking platform is protected.

It should be noted that, referring to fig. 2, a security credential is created for the internet of things device, after the internet of things device to be accessed to the internet of things platform first sends an access request to the internet of things platform, the internet of things platform acquires a physical identifier of the internet of things device, where the physical identifier is used to identify an identity of the physical device, for example: the method comprises the steps of generating a global unique identifier based on an acquired physical identifier of the internet of things device to construct a first group of digital security credential information, wherein the physical Address (MAC) Address, the device number and the like are obtained. The global unique identifier can be used for realizing the uniform naming mode of the internet of things equipment of the heterogeneous network, and the global unique identifier is generated by the internet of things platform, so that illegal equipment cannot know the global unique identifier, namely, even if the internet of things equipment can imitate physical identifiers such as MAC addresses of other internet of things equipment, the global unique identifier is difficult to obtain, and therefore when the internet of things equipment is authenticated by the global unique identifier subsequently, some illegally accessed internet of things equipment can be effectively identified through the global unique identifier.

In addition, a certificate for signature authentication is also included as a security credential. The IOT platform can issue a certificate for the IOT equipment by adopting a trusted third-party organization and obtain a certificate public key from the organization so as to carry out signature verification. In addition, the internet of things platform can also support certificate construction. For example, the internet of things platform may support multiple certificate construction modes, and at this time, the internet of things platform may determine the encryption algorithm type supported by the internet of things platform, for example: whether the RSA algorithm is supported (an asymmetric encryption algorithm, RSA is proposed by lenard-liewster (Ron Rivest), addi samhr (Adi Shamir) and lenard-Adleman in 1977. RSA is composed of three surnames of the first letters of the three people put together) or whether the Elliptic Curve Cryptography (ECC) algorithm is supported, which is illustrated in fig. 2 as an example of whether the RSA encryption algorithm is supported, if so, the device certificate is constructed using RSA based on the x.509 specification (the format standard of a public key certificate in cryptography), and if not, the device certificate is constructed using ECC based on the x.509 specification, and the device certificate is issued by CA. The global unique identifier is used as a common name of the certificate, and the mode can ensure that each device has the unique certificate and the certificate is not misused; and the Security Socket Layer (SSL) authentication on the access subsystem is configured as bidirectional authentication, the device certificate is ensured to be verified, and a second group of digital security credential information is constructed based on the device certificate. In creating the digital security credential information, the following steps may be performed:

step 201: and starting the safety control center.

Step 202: creating a global unique identifier for the Internet of things equipment to be accessed into the Internet of things platform;

step 203: determining whether the platform of the Internet of things supports an RSA algorithm for encryption; if yes, go to step 204; if not, go to step 205.

Step 204: the device certificate is constructed using RSA based on the x.509 specification. After step 204 is performed, step 206 is performed.

Step 205: the device certificate is constructed with ECC based on the x.509 specification. After step 205 is performed, step 206 is performed.

Step 206: the globally unique identification is taken as the common name of the device certificate.

Step 207: and configuring a user name and a password for the equipment of the Internet of things.

Step 208: and sending the security credential information to the Internet of things equipment to be accessed into the Internet of things platform.

And taking the global unique identifier as a username, creating a password based on an SHA256 algorithm and in combination with a physical identifier and an encryption algorithm, and constructing a third group of digital security credential information based on the password, namely the username and the password required by the equipment of the internet of things to access the internet of things.

To sum up, the internet of things device accessing the internet of things platform needs three sets of digital security credential information, including:

1. a global unique identifier generated by the Internet of things platform;

2. the certificate of the Internet of things equipment is used for signature verification;

3. and the Internet of things equipment is accessed to a user name and a password required by the Internet of things platform.

Further, the internet of things equipment and the internet of things platform can transmit the communication content of both sides by using the ciphertext for communication safety. During implementation, the three groups of digital security credential information are encrypted by a private key at the platform side of the internet of things based on an agreed asymmetric encryption algorithm between the access subsystem of the internet of things platform and the equipment of the internet of things, and are decrypted by the equipment side of the internet of things based on a public key before using the security credential information, so that the digital security credential is prevented from being stolen. As described above, the digital security credential information allocated to the internet of things device by the internet of things platform includes: a CA root certificate (issued by the CA), a device certificate and corresponding private key, a device username, and a password based on the x.509 specification.

It should be noted that the globally unique identifier of the internet of things device is generated based on a physical identifier of the internet of things device, where the physical identifier is used to represent an identifier of the internet of things device itself, such as a MAC address. The physical identification sources of the internet of things equipment can be different, and the physical identification of the internet of things equipment can be acquired through the following three ways:

the first method is as follows: and an identification acquisition interface provided by the Internet of things equipment acquires a first equipment identification of the Internet of things equipment as the physical identification.

The second method comprises the following steps: and if the Internet of things equipment does not provide the identification acquisition interface, acquiring a second equipment identification of the Internet of things equipment from a storage space corresponding to the storage location identification of the Internet of things equipment as the physical identification according to the storage location identification in the equipment description of the Internet of things equipment.

The third method comprises the following steps: if the second device identifier fails to be obtained, generating a virtual physical identifier of the internet of things device as the physical identifier, for example: the virtual physical identifier 123 is used as a physical identifier of the internet of things device 1.

The internet of things equipment related to the physical identification acquired through the three modes is wider, so that more equipment has an opportunity to be added into the internet of things platform.

Further, based on the physical identifiers obtained in the three manners, a global unique identifier of the internet of things device can be generated, wherein the physical identifier and the global unique identifier correspond to each other one to one. The global unique identifier is an identifier which is set for logging in the Internet of things platform and has the same information format, and is used for logging in the Internet of things platform for identity authentication. The source of the physical identifier, the physical identifier and the globally unique identifier can be stored in a database so as to facilitate the calling processing of the platform of the internet of things.

The internet of things platform and the internet of things equipment can agree with a secret key of the communication tunnel in advance, can be set to be the same secret key, and can also have respective public and private keys to exchange public keys for data transmission of the internet of things platform and the internet of things equipment; when the Internet of things equipment subscribes a message to the Internet of things platform, the Internet of things platform decrypts the communication tunnel through a public key of the Internet of things equipment, and the platform issues the message to the Internet of things equipment.

In addition, random verification codes can be set, and the Internet of things equipment can change when logging in the Internet of things platform every time.

Based on the internet of things device with created security credential information, the process schematic diagram of the control method of the internet of things device shown in fig. 3 can be applied to an internet of things platform, and the method can be executed as follows:

step 301: receiving an access request sent by the Internet of things equipment, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying the unique identity of the Internet of things equipment in the Internet of things platform.

Step 302: verifying the global unique identifier to be verified based on a pre-stored global unique identifier of the Internet of things equipment, and verifying the signature of the Internet of things equipment; if the verification is passed, go to step 303; if the global unique identifier to be verified passes verification and the signature of the internet of things equipment passes verification, executing step 304; if at least one of the global unique identifier to be verified and the signature of the internet of things device is not verified, step 305 is executed.

In one embodiment, the Internet of things platform creates and stores login information for the Internet of things equipment according to the globally unique identifier of the Internet of things equipment, wherein the login information comprises a user name and a login password corresponding to the user name; the user name is the global unique identifier; the access request sent by the Internet of things equipment also comprises login information to be authenticated of the Internet of things equipment; identity verification can be carried out on the login information to be authenticated according to the stored login information of the Internet of things equipment; and when the identity authentication is confirmed to pass, confirming that the result of the identity authentication is verification pass.

Namely, the user name and the password of the equipment in the internet of things are verified, the identity authentication of the equipment in the internet of things is confirmed to be passed, and then the platform in the internet of things can be accessed. Such as: the user name of the Internet of things equipment recorded by the Internet of things platform is 1@ 3% 678, the password is 1234556, and if the Internet of things equipment logs in the Internet of things platform by using the user name 1@ 3% 678 and the password is 1134556, the identity authentication is not passed. In actual operation, if the user name is accurately input, the password error allowable times can be set to be preset times, such as 3 times, when the user name sent by the Internet of things equipment is correct, the password is correct when the password is input for 3 times, and when the user name sent to the Internet of things platform by the Internet of things equipment is not correct, the identity authentication is determined not to pass no matter whether the password is correct or not.

In one embodiment, a certificate and a private key for signature of the internet of things device are issued after the identity of the internet of things device is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is a globally unique identifier of the internet of things equipment; the signature of the internet of things device can be verified through the following steps of:

step A1: and acquiring a public key of the digital certificate of the equipment of the Internet of things according to the global unique identifier of the equipment of the Internet of things.

Step A2: verifying the signature of the Internet of things equipment according to the acquired public key of the digital certificate; the signature is obtained by encrypting the global unique identifier of the Internet of things equipment and the login information to be authenticated by the Internet of things equipment by using the private key of the digital certificate.

Based on the information to be authenticated being the user name and the password, it can be known that the signature of the internet of things device includes the following information: a globally unique identifier, a username, and a password. The signature of the Internet of things equipment is decrypted through the public key of the data certificate, and information in the signature can be acquired.

Step A3: and after the signature verification is determined to pass, executing the step of carrying out identity verification on the login information to be authenticated according to the stored login information of the Internet of things equipment.

The identity of the equipment in the Internet of things is verified after the signature of the equipment in the Internet of things is verified in the mode, namely the equipment accessed to the platform in the Internet of things needs to be authenticated layer by layer, so that the equipment accessed to the platform in the Internet of things is safer.

In one embodiment, it may be determined whether a global unique identifier set of an accessed internet-of-things device of an internet-of-things platform includes the global unique identifier of the internet-of-things device; if the global unique identification set comprises the global unique identification of the Internet of things equipment, determining that the verification fails, and otherwise, determining that the verification passes.

It should be noted that if the identity of the internet of things device is authenticated, a lawbreaker pretends that the globally unique identifier of the internet of things device cannot log in the internet of things platform, and because the internet of things device is already in the platform and works normally, the internet of things device cannot be accessed into the internet of things platform again.

By the method, partial illegal identity Internet of things equipment can be effectively prevented from logging in the Internet of things platform.

Step 303: sending a message of allowing access to the internet of things device, and continuing to execute the step 305.

Step 304: and not sending the message of allowing access to the Internet of things equipment.

Step 305: and monitoring the Internet of things equipment to obtain a monitoring analysis result.

Before step 305, operation behavior permissions are allocated to the internet of things devices, the operation behavior includes issuing information and/or reading information, and the internet of things devices are monitored according to the allocated operation behavior permissions. Referring to the method shown in fig. 4, the operation behavior of the internet of things device needs to be implemented by configuring Access Control List (ACL) rights information. The method is completed in a security control center shown in fig. 1, ACL rights and device identities are associated, that is, ACL control logic locks ACL rights through a user name or an ip address or a globally unique identifier triple, triple information must have at least one item but not Null, triple data plays a role in identity filtering and locking, and the more comprehensive the locking of the device range is, the more accurate the device range is, the smaller the range is. And executing configuration operation of the operation behaviors of the equipment of the Internet of things based on the locked ACL. Configuring ACL permission information for the equipment to be accessed into the Internet of things, wherein the corresponding Topic on the platform needs to be configured for the equipment to be accessed into the Internet of things platform, and the equipment has corresponding subscription/release permission on the corresponding Topic; the authority control is divided into permission and rejection; under the allowed authority, subdividing and controlling the subscription, publishing and publishing subscription authority of each Topic, and executing the following steps:

step 401: and connecting the Internet of things equipment to an access subsystem of the Internet of things platform.

Step 402: and carrying out information configuration based on the global unique identification, the user name or the IP address locking ACL of the equipment of the Internet of things.

Step 403: determining whether the ACL is locked; if yes, go to step 404; if not, go to step 405.

Step 404: determining whether a configuration operation behavior is allowed; if yes, go to step 406; if not, go to step 405.

Step 405: the action is denied.

Step 406: an operation of determining whether to permit publication; if yes, go to step 407; if not, go to step 408.

Step 407: the configuration of the issuing operation behavior is performed.

Step 408: an operation of determining whether to allow subscription; if yes, go to step 409; if not, go to step 410.

Step 409: and executing the configuration of the subscription operation behavior.

Step 410: determining whether publication and subscription are allowed; if yes, go to step 411; if not, go to step 405.

Step 411: the configuration of publish and subscribe operational behavior is performed.

It should be noted that the operation behavior permission of the internet of things device may be allocated according to the device attribute of the internet of things device read by the internet of things platform, or the operation permission may be directly allocated to the internet of things device, for example: the Internet of things equipment is an intelligent temperature sensor, and because the thermometer is used for recording the temperature, only information can be issued in the Internet of things platform; the Internet of things equipment can issue information and read information for the smart watch, and the Internet of things platform can limit the smart watch to only issue the information; the Internet of things equipment can issue messages and read messages for the sweeping robot, and the Internet of things platform can set that the sweeping robot can issue messages and read messages.

In an embodiment, the method for acquiring the physical identifier of the internet of things device is used for inquiring the database of the internet of things platform, the internet of things device can be controlled by the method shown in fig. 5, when the internet of things device accessed to the internet of things platform is abnormal, the internet of things device is alarmed based on the globally unique identifier of the abnormal internet of things device, corresponding abnormal processing operation is performed on the internet of things device, the internet of things device can be found according to the globally unique identifier of the internet of things device, and the internet of things platform can remind the internet of things platform that the corresponding internet of things device is abnormal if the globally unique identifier of the internet of things device is 123.

The following steps can be performed:

step 501: and monitoring the operation behavior of the Internet of things equipment accessed to the Internet of things platform through the access subsystem.

Step 502: determining whether the global unique identifier is from the first mode, if so, executing step 503; if not, go to step 504.

Step 503: and monitoring the operation behavior of the equipment of the Internet of things by adopting a first monitoring rule.

Step 504: determining whether the global unique identifier comes from the second mode, if so, executing step 505; if yes, go to step 506.

Step 505: and monitoring the operation behavior of the equipment of the Internet of things by adopting a second monitoring rule.

Step 506: determining whether the global unique identifier is from the third mode, if so, executing a step 507; if not, go to step 508.

Step 507: and monitoring the operation behavior of the equipment of the Internet of things by adopting a third monitoring rule.

Step 508: and forbidding the Internet of things equipment to access the Internet of things platform.

Step 509: and determining whether the operation behavior of the equipment of the Internet of things is abnormal, if so, executing step 510, and if not, executing step 508.

Step 510: and issuing warning information carrying the globally unique identifier of the equipment of the Internet of things with abnormal behaviors.

Step 511: the rights information of the ACL is reconfigured.

It should be noted that after step 511 is executed, step 508 may be further executed to ensure the security of the internet of things platform.

And if the acquisition mode is an identification acquisition interface from the mode one, monitoring the Internet of things equipment by adopting a first monitoring rule. And if the second acquisition mode is from the equipment description, monitoring the equipment of the Internet of things by adopting a second monitoring rule. And if the third acquisition mode is from the virtual physical identifier, monitoring the Internet of things equipment by adopting a third monitoring rule.

The monitoring strength of the third monitoring rule, the second monitoring rule and the first monitoring rule is reduced in sequence; along with the increase of monitoring strength, the probability that the equipment of the Internet of things is judged to be abnormal is larger. It should be noted that, the reliability of the physical identifier obtained based on the identifier obtaining interface, the physical identifier obtained based on the device description, and the physical identifier obtained based on the virtual physical identifier is sequentially reduced, so that the monitoring strength is sequentially enhanced, that is, the more trusted the device is, the smaller the monitoring strength is, so as to add the monitoring strength to the untrusted device. Such as: setting the monitoring force to be 1 monitoring per minute when the physical identifier obtained in the third mode adopts a third monitoring rule; setting the monitoring strength to be 1 time per 15 minutes when the second monitoring rule is adopted for the physical identifier obtained in the second mode; and setting the monitoring strength to be 1 time of monitoring every 30 minutes when the first monitoring rule is adopted for the physical identifier obtained in the first mode. Monitoring rules of other modes are all applicable to the application, and only the requirements are met.

rule 1: the length of the information statistical period and the minimum amount of information transmitted when the information statistical period is judged to be abnormal in the same statistical period. It should be noted that if the information statistics period is one week, if it is determined that the information is abnormal within one week, if the first monitoring rule is used for monitoring, the number of pieces of error information allowed to occur in sending 100 messages is less than or equal to 10, if there are 2 pieces of information abnormal, the networking device is considered to be normal, if the third monitoring rule is used for monitoring and sending 100 messages, the number of pieces of error information allowed to occur is less than or equal to 1, and if there are 2 pieces of information abnormal, it is determined that the internet of things device is abnormal.

Rule 2: and the format and/or content of the normal information sent by the equipment of the Internet of things. Such as: the format of information sent by the intelligent temperature sensor is specified to be number + centigrade, if the format of the information sent by the intelligent temperature sensor is English letters + centimeter, the information format is determined to be wrong, or the content which can only be displayed by the intelligent display screen is specified by the Internet of things platform to be as follows: welcome, but the actual display content of the intelligent display screen is as follows: and if the internet of things equipment is happy, determining that the information content sent by the internet of things equipment is abnormal. Or the Internet of things platform specifies that the format of the display information of the intelligent display screen is character content: i LOVE YOU, but the smart display screen shows when actually displayed: i love you, neither the information format nor the content conform to the regulations.

Rule 3: allowed operational behavior. Such as: the internet of things equipment can publish messages and also can subscribe messages, but the internet of things equipment which is specified to be accessed to the internet of things platform on the internet of things platform can only publish messages, but the internet of things equipment subscribes messages, and then the fact that the internet of things equipment is abnormal is determined.

Step 306: and judging whether the Internet of things equipment is abnormal or not based on the monitoring analysis result, if so, executing step 307, and if not, executing step 308.

Step 307: and carrying out corresponding exception handling operation on the equipment of the Internet of things.

Step 308: and not carrying out corresponding exception handling operation on the equipment of the Internet of things.

In one implementation, if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result, alarm information is output; reconfiguring the operation behavior authority to be forbidden operation based on the alarm information; and/or disconnecting the connection with the Internet of things equipment based on the alarm information.

It should be noted that, if the operation behavior of the internet of things device on the internet of things platform is abnormal, the access of the internet of things device to the internet of things platform can be limited, and the operation behavior permission of the internet of things device can also be limited, for example: the operation authority of the Internet of things equipment is to issue a message, and the Internet of things equipment can be limited from reading the message. Through this mode management and control thing networking platform, can be behind thing networking device access platform, the operation action of control thing networking device, when thing networking device operation action appears unusually, in time management and control thing networking device, this mode has further guaranteed the safety of thing networking platform.

An embodiment of the present application provides a control method for an internet of things device, as shown in fig. 6, where the method is applied to the internet of things device, and may first perform step 601: sending an access request to an Internet of things platform, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying the unique identity of the Internet of things equipment in the Internet of things platform.

Step 602: and when receiving an access-allowed message sent by the Internet of things platform, accessing the Internet of things platform, wherein the message is sent after the Internet of things platform determines that the global unique identifier to be verified passes the verification and the signature of the Internet of things equipment passes the verification, and the Internet of things platform is used for monitoring the accessed Internet of things equipment.

In one embodiment, the access request further includes login information to be authenticated of the internet of things device, and the login information to be authenticated is created for the internet of things device by the internet of things platform according to the global unique identifier of the internet of things device.

A certificate and a private key for signature of the equipment of the Internet of things are issued after the identity of the equipment of the Internet of things is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is the global unique identifier of the equipment of the Internet of things, and then the global unique identifier of the equipment of the Internet of things and the login information to be authenticated are encrypted by utilizing a private key of the digital certificate to obtain the signature.

By the method, the information of the Internet of things equipment logging in the Internet of things platform can be ensured to be safe and reliable.

Referring to fig. 7, assume that the physical identifier of the internet of things device is MAC address: the method comprises the following steps of 00. The device locks corresponding permission and right based on (macuiser, null, g0yeqg8 xbeo) triple information, wherein the permission is equivalent to a control switch and is used for controlling the access permission of the device of the internet of things, and 1 represents that the configuration operation is allowed, and 0 represents that the configuration operation is not allowed. Right is used for indicating an allowed operation behavior under the precondition that the configuration of the internet of things device is allowed, wherein pub represents a publishing operation, sub represents a subscribing operation, and pubsub represents that both publishing and subscribing can be performed. The internet of things device shown in fig. 7 may perform a publish operation with ownership restrictions reflected in the operation of topic.

And selecting a second monitoring rule for the equipment, if the equipment has abnormal data reporting on the topic that topic is iot/+/type X/action Y, for example, the frequency of the reported data does not accord with the original frequency of the physical equipment, or the size of the data message does not accord with the self-defined rules such as requirements, and the like, triggering alarm information by a monitoring module for a period of time, and after receiving the alarm, modifying an ACL (access control list) by an operation and maintenance manager to limit the behavior authority of the equipment, and taking a removal operation on the connection accessed to the equipment of the internet of things to prevent the platform of the internet of things from being damaged.

According to the method for controlling the Internet of things equipment, the whole process safety control before and after the equipment is connected to the network is realized based on monitoring and eliminating control means from the identification authentication of the access equipment to the access. The access device physical identification information has various acquisition means, supports various acquisition modes from strict to loose, acquires based on a chip solidified or similar Application Programming Interface (API) mode, and also supports the unique identification physical identification provided based on the device description information, or virtual physical identification information given by a platform. Corresponding to each physical identification information acquisition mode, monitoring strategies are configured based on rules, the stricter the physical information acquisition way is, the corresponding monitoring mode can be relatively loose, even if potential safety hazards occur, connection elimination operation can be adopted after abnormal monitoring, and the internet of things platform is protected from being damaged.

Referring to fig. 8, an internet of things device control apparatus provided in the embodiment of the present application includes: a receiving module 80, a verification module 81, an access module 82, a monitoring module 83 and a determination module 84.

A receiving module 80, configured to receive an access request sent by the internet of things device, where the access request includes a global unique identifier of the internet of things device to be verified and a signature of the internet of things device; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

the verification module 81 is configured to verify the global unique identifier to be verified based on a pre-stored global unique identifier of the internet of things device, and verify a signature of the internet of things device;

the access module 82 is configured to send a message allowing access to the internet of things device if the global unique identifier to be verified passes verification and the signature of the internet of things device passes verification;

the monitoring module 83 is configured to monitor the internet of things device to obtain a monitoring analysis result;

and the determining module 84 is configured to perform corresponding exception handling operation on the internet of things device if it is determined that the internet of things device is abnormal according to the monitoring analysis result.

if the first equipment identifier fails to be obtained, according to a storage location identifier in an equipment description of the Internet of things equipment, obtaining a second equipment identifier of the Internet of things equipment from a storage space corresponding to the storage location identifier of the Internet of things equipment as the physical identifier;

In one embodiment, further comprising: the recording module is used for recording an acquisition mode of the physical identifier, wherein the acquisition mode comprises the following steps: a source identification acquisition interface, a source device description, and a source virtual physical identification;

the monitoring module is specifically configured to: inquiring the acquisition mode of the physical identifier of the Internet of things equipment from a database of the Internet of things platform;

if the acquisition mode is from the virtual physical identifier, monitoring the Internet of things equipment by adopting a third monitoring rule;

In one embodiment, the apparatus further comprises: the creating module is used for creating and storing login information for the Internet of things equipment according to the globally unique identifier of the Internet of things equipment, wherein the login information comprises a user name and a login password corresponding to the user name; the user name is the global unique identifier;

and determining that the identity authentication result is authentication pass.

In one embodiment, the certificate and the private key for signature of the device in the internet of things are issued after the identity of the device in the internet of things is authenticated by a trusted Certificate Authority (CA); and the public name of the digital certificate is the globally unique identifier of the Internet of things equipment; the monitoring module is specifically configured to:

In one embodiment, the apparatus further comprises: the distribution module is used for distributing operation behavior authority to the Internet of things equipment, and the operation behavior comprises issuing information and/or reading information;

the right the thing networking device is monitored, include:

Referring to fig. 9, an internet of things device control apparatus provided in the embodiment of the present application includes: a sending module 90 and an access module 91.

A sending module 90, configured to send an access request to an internet of things platform, where the access request includes a global unique identifier to be verified of the internet of things device and a signature of the internet of things device; the global unique identifier to be verified is used for identifying a unique identity of the Internet of things equipment in the Internet of things platform;

the access module 91 is configured to access the internet of things platform after receiving an access-allowed message sent by the internet of things platform, where the message is sent after the internet of things platform determines that the check of the global unique identifier to be checked passes and the check of the signature of the internet of things device passes, and the internet of things platform is configured to monitor the accessed internet of things device.

In some possible implementations, a computing device according to the present application may include at least one processor, and at least one memory. The memory stores therein a computer program which, when executed by the processor, causes the processor to perform the steps of the method for controlling an internet of things device of a terminal according to various exemplary embodiments of the present application described above in this specification. For example, the processor may perform steps 301-308 as shown in FIG. 3 or steps 601-602 as shown in FIG. 6.

The computing device 130 according to this embodiment of the present application is described below with reference to fig. 10. The computing device 130 shown in fig. 10 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present application.

As shown in FIG. 10, computing device 130 is embodied in the form of a general purpose computing apparatus. Components of computing device 130 may include, but are not limited to: the at least one processor 131, the at least one memory 132, and a bus 133 that connects the various system components (including the memory 132 and the processor 131).

Bus 133 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.

The memory 132 may include readable media in the form of volatile memory, such as Random Access Memory (RAM) 1321 and/or cache memory 1322, and may further include Read Only Memory (ROM) 1323.

Memory 132 may also include a program/utility 1325 having a set (at least one) of program modules 1324, such program modules 1324 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

The computing device 130 may also communicate with one or more external devices 134 (e.g., keyboard, pointing device, etc.), and/or with any device (e.g., router, modem, etc.) that enables the computing device 130 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 135. Also, computing device 130 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via network adapter 136. As shown, network adapter 136 communicates with other modules for computing device 130 over bus 133. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computing device 130, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

In some possible embodiments, the aspects of the internet of things device control method for the terminal provided by the present application may also be implemented in the form of a program product including a computer program for causing a computer device to perform the steps in the internet of things device control method for the terminal according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform the steps 301 to 308 shown in fig. 3 or the steps 601 to 602 shown in fig. 6.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The program product for parameter processing of the embodiments of the present application may employ a portable compact disc read only memory (CD-ROM) and include a computer program, and may be run on a computing device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A readable signal medium may include a propagated data signal with a readable computer program embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer program embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer programs for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer program may execute entirely on the target object computing device, partly on the target object apparatus, as a stand-alone software package, partly on the target object computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the target object computing device over any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., over the internet using an internet service provider).

It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.

Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having a computer-usable computer program embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. An Internet of things equipment control method is applied to an Internet of things platform, and comprises the following steps:

if the fact that the Internet of things equipment is abnormal is determined according to the monitoring analysis result, corresponding abnormal processing operation is conducted on the Internet of things equipment;

the method further comprises generating the globally unique identifier according to the following method:

acquiring a first device identifier of the Internet of things device as a physical identifier through an identifier acquisition interface provided by the Internet of things device;

2. The method of claim 1, further comprising:

the right the thing networking device is monitored, include:

3. The method of claim 1, further comprising:

according to the global unique identification of the Internet of things equipment, login information is created and stored for the Internet of things equipment, and the login information comprises a user name and a login password corresponding to the user name; the user name is the global unique identifier;

and determining that the identity authentication result is authentication pass.

4. The method of claim 3, wherein the signed digital certificate and private key of the IOT device are issued by a trusted Certificate Authority (CA) after authentication of the identity of the IOT device; and the public name of the digital certificate is a globally unique identifier of the internet of things equipment; the verifying the signature of the internet of things device includes:

5. The method of claim 1, wherein prior to monitoring the internet of things device, further comprising:

the right the thing networking device is monitored, include:

6. An Internet of things equipment control method is applied to Internet of things equipment, and comprises the following steps:

sending an access request to an Internet of things platform, wherein the access request comprises a global unique identifier to be verified of the Internet of things equipment and a signature of the Internet of things equipment; the global unique identifier to be verified is used for identifying the unique identity of the Internet of things equipment in the Internet of things platform;

accessing the Internet of things platform after receiving an access-allowed message sent by the Internet of things platform, wherein the message is sent by the Internet of things platform after determining that the global unique identifier to be verified passes verification and the signature of the Internet of things equipment passes verification, and the Internet of things platform is used for monitoring the accessed Internet of things equipment;

the Internet of things platform stores the global unique identification of the Internet of things equipment, and the global unique identification of the Internet of things equipment is generated by the Internet of things platform according to the following method:

acquiring a first equipment identifier of the Internet of things equipment as a physical identifier through an identifier acquisition interface provided by the Internet of things equipment;

7. An internet of things equipment control device, the device comprising:

the determining module is used for performing corresponding exception handling operation on the Internet of things equipment if the Internet of things equipment is determined to be abnormal according to the monitoring analysis result;

the global unique identifier generating module is used for acquiring a first device identifier of the Internet of things device as a physical identifier through an identifier acquiring interface provided by the Internet of things device;

8. A computing device, comprising: a memory and a processor;

a memory for storing program instructions;

a processor for invoking program instructions stored in said memory to execute the method of any of claims 1-5 or 6 in accordance with an obtained program.

9. A computer storage medium storing computer-executable instructions for performing the method of any one of claims 1-5 or 6.