CN111107078A - Application access method, robot control unit, server and storage medium - Google Patents

Application access method, robot control unit, server and storage medium Download PDF

Info

Publication number
CN111107078A
CN111107078A CN201911291594.5A CN201911291594A CN111107078A CN 111107078 A CN111107078 A CN 111107078A CN 201911291594 A CN201911291594 A CN 201911291594A CN 111107078 A CN111107078 A CN 111107078A
Authority
CN
China
Prior art keywords
robot control
application
control unit
information
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911291594.5A
Other languages
Chinese (zh)
Other versions
CN111107078B (en
Inventor
朱明辉
代明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloudminds Robotics Co Ltd
Original Assignee
Cloudminds Shenzhen Robotics Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloudminds Shenzhen Robotics Systems Co Ltd filed Critical Cloudminds Shenzhen Robotics Systems Co Ltd
Priority to CN201911291594.5A priority Critical patent/CN111107078B/en
Publication of CN111107078A publication Critical patent/CN111107078A/en
Application granted granted Critical
Publication of CN111107078B publication Critical patent/CN111107078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Manipulator (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses an application access method, a robot control unit, a server and a storage medium. The application access method is applied to a robot control unit and comprises the following steps: if the first identification information of the application to be accessed exists in a pre-stored appointed application list, acquiring signature information of the application to be accessed; matching the signature information with stored signature verification information corresponding to the first identification information, and determining a matching result of the application to be accessed; and if the matching result is determined to be successful, accessing the application to be accessed to the robot control system so as to transmit data between the application to be accessed and the robot control system. According to the embodiment, the control system can be safely accessed, and malicious applications are prevented from accessing the robot control system.

Description

Application access method, robot control unit, server and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to an application access method, a robot control unit, a server and a storage medium.
Background
The cloud intelligent Robot is characterized in that a Robot Control system of the intelligent Robot is deployed at the cloud, a Robot body is connected with the Robot Control system through a Robot Control Unit (RCU for short), a communication network serves as a bridge, data generated by the Robot body is uploaded to the Robot Control system through the RCU, and the Robot Control system can send a Control command to the RCU through the communication network.
The inventors found that at least the following problems exist in the related art: although data transmission between the RCU and the robot control system is based on end-to-end encryption, some malicious applications are installed on the RCU and can access the robot control system, so that the applications invade the robot control system, and the robot control system is unsafe.
Disclosure of Invention
An object of embodiments of the present invention is to provide an application access method, a robot control unit, a server, and a storage medium, which enable secure access to a control system and prevent malicious applications from accessing the robot control system.
In order to solve the above technical problem, an embodiment of the present invention provides an application access method, which is applied to a robot control unit, and includes: if the first identification information of the application to be accessed exists in a pre-stored appointed application list, acquiring signature information of the application to be accessed; matching the signature information with stored signature verification information corresponding to the first identification information, and determining a matching result of the application to be accessed; and if the matching result is determined to be successful, accessing the application to be accessed to the robot control system so as to transmit data between the application to be accessed and the robot control system.
The embodiment of the invention also provides an application access method, which is applied to a robot control system, wherein the robot control system is in communication connection with a robot control unit, the robot control unit executes the application access method, and the application access method comprises the following steps: receiving identity information to be verified sent by a robot control unit; verifying the identity information to be verified according to the stored legal identity verification information, wherein the legal identity verification information comprises second identification information of a legal robot control unit; and sending the verification result to the robot control unit, and accessing the robot control unit to the robot control system according to the verification result.
An embodiment of the present invention also provides a robot control unit including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the method for application access.
An embodiment of the present invention further provides a server, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described method of application access for a robot control system.
Embodiments of the present invention also provide a computer-readable storage medium storing a computer program, which when executed by a processor, implements a method for application access in a robot control unit or a method for application access in a robot control system.
Compared with the prior art, the embodiment of the invention continues to further verify the application to be accessed and judges whether the application to be accessed can be accessed to the robot control system or not after detecting that the first identification information of the application to be accessed exists in the pre-stored appointed application list; if the first identification information of the application to be accessed is not detected in the pre-stored appointed application list, the application to be accessed is indicated to be not the appointed application, the application to be accessed can be directly forbidden to be accessed to the robot control system, subsequent further verification is not needed, non-appointed applications are screened out firstly, verification on the non-appointed applications is reduced, the verification step of the robot control unit on the application to be accessed is saved, and resources are saved; in addition, in order to further improve the verification of the application to be accessed and avoid the problem that malicious applications pretend to be the designated applications to access the robot control system, the embodiment acquires the signature information of the application to be accessed after detecting that the first identification information of the application to be accessed exists in a pre-stored designated application list, matches the signature information with the signature verification information corresponding to the first identification information, and accesses the application to be accessed into the robot control system if the matching is successful; because each application to be accessed has signature verification information corresponding to the application to be accessed, the robot control unit stores the signature verification information corresponding to the first identification information in advance, even if the application to be accessed which is pretended to be the designated application appears, the correct signature verification information cannot be obtained, the signature verification information is matched with the signature information, whether the application to be accessed is malicious application can be accurately verified, the application to be accessed is accessed into the control system only when the matching is successful, the malicious application is prevented from being accessed into the robot control system, and the safety of the robot control system is ensured.
In addition, before detecting that the first identification information of the application to be accessed exists in the pre-stored specified application list, the method for accessing the application further comprises the following steps: sending identity information to be verified to the robot control system, verifying the identity information to be verified by the robot control system based on the stored legal identity verification information, and returning a verification result, wherein the legal identity verification information comprises second identification information of a legal robot control unit; and receiving a verification result of successful verification returned by the robot control system. Before the first identification information of the application to be accessed is detected in the pre-stored appointed application list, the identity information to be verified can be sent to the robot control system, the robot control system can verify the identity information to be verified based on the stored legal identity verification information, the robot control unit is verified by the robot control system, the problem that an illegal robot control unit is installed on the robot body and is accessed into the robot control system is solved, and the safety protection of the robot control system is further improved.
In addition, before sending the identity information to be verified to the robot control system, the method for application access further comprises the following steps: acquiring login information of a robot control unit; and generating the identity information to be verified of the robot control unit according to the second identification information and the login information of the robot control unit and a preset rule. The robot control unit generates identity information to be verified based on second identification information of the robot control unit and login information, so that the identity information to be verified carries the second identification information of the robot control unit; the legal identity authentication information comprises the second identification information of the legal robot control unit, so that the robot control system can authenticate the identity information to be authenticated based on the stored legal identity authentication information, the authentication speed is improved, and the illegal robot control unit which counterfeits the identity information to be authenticated is prevented from accessing the robot control system.
In addition, the robot control system includes: the robot system comprises a robot manager and a safety private network controller, wherein the safety private network controller is connected with the robot manager and a robot control unit; acquiring login information of a robot control unit, specifically comprising: sending an activation request to the robot manager, wherein the activation request comprises second identification information of the robot control unit, so that the robot manager searches login information of the robot control unit and sends the login information to the robot control unit; and receiving login information issued by the robot control unit. The login information of the robot control unit is distributed by the robot manager, and the security of the login information of the robot control unit is further ensured.
In addition, the safety private network controller is connected with an authentication server, the authentication server is connected with a safety private network, the safety private network is connected with the robot control unit, and the safety private network transmits data based on a virtual private network tunnel; sending identity information to be verified to a robot control system, specifically comprising: the identity information to be verified is sent to the secure private network through a transmission channel for identity verification, the secure private network transmits the identity information to be verified to the secure private network controller through the authentication server, and the authentication server is used for converting a data transmission protocol between the robot control unit and the secure private network controller. The data transmission protocol conversion between the robot control unit and the safety private network controller is realized through the authentication server, and the data transmission safety is further improved based on the safety private network transmission data.
In addition, the robot control unit is connected with a safety private network, and the safety private network is connected with a robot control system; the method for accessing an application to be accessed to a control system specifically comprises the following steps: searching a first process corresponding to the application to be accessed according to the first identification information; marking a first label for the first process, wherein the first label is used for indicating that the first process belongs to the application to be accessed, which is successfully matched; determining routing information of a first process according to the stored routing strategy and the first label; and transmitting the data generated by the first process to the robot control system through the secure private network according to the routing information.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
Fig. 1 is a schematic structural diagram of a conventional robot for transmitting data according to a first embodiment of the present invention;
fig. 2 is a detailed flowchart of a method for application access according to a first embodiment of the present invention;
fig. 3 is a specific flowchart of a method for application access according to a second embodiment of the present invention;
FIG. 4 is a schematic diagram of a robot for transmitting data according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of another robot for transmitting data according to a second embodiment of the invention;
fig. 6 is a specific flowchart of a method for application access according to a third embodiment of the present invention;
fig. 7 is a detailed structural schematic diagram of a robot control unit according to a fourth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to a fourth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
The inventor finds that, in the related art, in order to ensure the security of data transmission between the RCU and the robot control system, a secure private network is generally arranged between the RCU and the robot control system, the robot control system is generally deployed in an intranet and is not open to the internet, that is, the robot control unit first accesses the secure private network and then accesses the robot control system through the secure private network, and the data transmission structure of the cloud-end robot is shown in fig. 1, where data is encrypted on an end-to-end basis in a transmission process. However, some malicious applications are installed on the RCU and access the robot control system through a secure private network, thereby intruding the robot control system, resulting in the robot control system being insecure.
A first embodiment of the invention relates to a method for application access. The method for accessing the application is applied to a Robot Control Unit (RCU), wherein the RCU is installed on a robot body, one or more RCUs can be installed on the robot body generally, and the robot body can support hot plug of the RCU. The specific flow of the method for application access is shown in fig. 2.
Step 101: and if the first identification information of the application to be accessed exists in the pre-stored appointed application list, acquiring the signature information of the application to be accessed.
Specifically, each application has unique first identification information, for example, the first identification information may be package name information of an installation package of the application. In order to avoid that malicious applications access the robot control system and shorten the detection of the malicious applications, a specified application list may be prestored on the robot control unit RCU, and first identification information of the specified applications is stored in the specified application list. If the RCU detects that the application to be accessed initiates a request for accessing the robot control system, whether first identification information of the application to be accessed exists in a pre-stored appointed application list is detected, and if the first identification information of the application to be accessed exists in the pre-stored appointed application list, signature information of the application to be accessed is extracted according to the first identification information; if the first identification information of the application to be accessed is not detected in the pre-stored appointed application list, the application to be accessed is indicated to be a malicious application, the application to be accessed can be prohibited from accessing the robot control system, the application to be accessed can also be accessed to a mobile network, such as a 4G network and a 5G network, or a Wireless network, such as Wireless Fidelity (wifi for short).
It should be noted that each application may have one or more designated fingerprint signature information, and since the fingerprint signature information is not easy to be forged, the signature information in this embodiment may be the fingerprint signature information, for example, the application a and the application B developed by the same development team may have the same fingerprint signature information, or may also adopt different fingerprint signature information. And the fingerprint signature information corresponding to the application to be accessed can be searched through the packet name information of the application to be accessed.
Step 102: and matching the signature information with the stored signature verification information corresponding to the first identification information, and determining a matching result of the application to be accessed.
Specifically, signature verification information of each designated application in the designated application list, which may be fingerprint signature information of the designated application, is stored in the RCU in advance. After detecting that first identification information of the application to be accessed exists in a pre-stored appointed application list, acquiring signature information of the application to be accessed, and searching signature verification information corresponding to the first identification information. Matching the signature information of the application to be accessed with the signature verification information corresponding to the first identification information, wherein the matching process comprises the following steps: and judging whether the signature information of the application to be accessed is the same as the signature verification information, if so, determining that the matching result is successful, and if not, determining that the matching result is failed.
Step 103: and if the matching result is determined to be successful, accessing the application to be accessed to the robot control system so as to transmit data between the application to be accessed and the robot control system.
Specifically, if the matching result is determined to be successful, the application to be accessed is indicated to be a safe application, and the application to be accessed is controlled to be accessed to the robot control system, so that the application to be accessed and the robot control system perform data transmission. If the matching result is determined to be a matching failure, the application to be accessed is indicated to be the application which disguises the first identification information, and the application to be accessed is unsafe, so that the application to be accessed can be forbidden to access the robot control system, and meanwhile, the matching failure result can be output to prompt a user to delete the malicious application, and the safety of the robot control unit is ensured.
The following describes a process of accessing the application to be accessed to the robot control system if the matching result is determined to be successful:
in one example, according to the first identification information, a first process corresponding to the application to be accessed is searched; marking a first label for the first process, wherein the first label is used for indicating that the first process belongs to the application to be accessed, which is successfully matched; determining routing information of a first process according to the stored routing strategy and the first label; and transmitting the data generated by the first process to the robot control system through the secure private network according to the routing information.
Specifically, the robot control unit is connected to a secure private network, and the secure private network is connected to the robot control system, wherein data transmission between the robot control unit and the secure private network may be based on virtual private network VPN tunnel communication. An SSLVPN client application may be created on the RCU, the SSLVPN client application establishes an SSLVPN tunnel to connect with the secure private network, and after the SSLVPN tunnel is established, the SSLVPN client application generates a virtual network card, and the virtual network card may generate a routing table. The application to be accessed has a plurality of first processes in the running process, the running first processes can be found according to the first identification information, the first labels are marked on the first processes, so that the routing information of the first processes can be determined based on the first labels, and the data generated by the first processes are forwarded to the secure private network according to the routing information.
For example, the Id of the application a corresponding to the first process is found through the package name information of the installation package, and the iptable can be used to mark the first label a on the first process, so that the data generated by the first process all have the first label a, the other processes which are not found do not have the first label, and the routing policy stores the corresponding relationship between the first label and the routing information, so that the routing information of the first process can be determined through the first label, and the data generated by the first process can be transmitted to the robot control system through the secure private network according to the reason information.
Compared with the prior art, the embodiment of the invention continues to further verify the application to be accessed and judges whether the application to be accessed can be accessed to the robot control system or not after detecting that the first identification information of the application to be accessed exists in the pre-stored appointed application list; if the first identification information of the application to be accessed is not detected in the pre-stored appointed application list, the application to be accessed is indicated to be not the appointed application, the application to be accessed can be directly forbidden to be accessed to the robot control system, subsequent further verification is not needed, non-appointed applications are screened out firstly, verification on the non-appointed applications is reduced, the verification step of the robot control unit on the application to be accessed is saved, and resources are saved; in addition, in order to further improve the verification of the application to be accessed and avoid the problem that malicious applications pretend to be the designated applications to access the robot control system, the embodiment acquires the signature information of the application to be accessed after detecting that the first identification information of the application to be accessed exists in a pre-stored designated application list, matches the signature information with the signature verification information corresponding to the first identification information, and accesses the application to be accessed into the robot control system if the matching is successful; because each application to be accessed has signature verification information corresponding to the application to be accessed, the robot control unit stores the signature verification information corresponding to the first identification information in advance, even if the application to be accessed which is pretended to be the designated application appears, the correct signature verification information cannot be obtained, the signature verification information is matched with the signature information, whether the application to be accessed is malicious application can be accurately verified, the application to be accessed is accessed into the control system only when the matching is successful, the malicious application is prevented from being accessed into the robot control system, and the safety of the robot control system is ensured.
A second embodiment of the invention relates to a method for application access. The second embodiment is a further improvement of the first embodiment, and the main improvements are as follows: in the second embodiment of the invention, before detecting that the first identification information of the application to be accessed exists in the pre-stored specified application list, a verification result of successful verification returned by the robot control system is received. The specific flow of the method for accessing the application is shown in fig. 3.
Step 201: and sending the identity information to be verified to the robot control system, verifying the identity information to be verified by the robot control system based on the stored legal identity verification information, and returning a verification result, wherein the legal identity verification information comprises second identification information of a legal robot control unit.
In this embodiment, the robot control system includes: a robot manager and a safety-dedicated controller, the safety-dedicated controller connecting the robot manager with a robot control unit (not shown in fig. 4). Specifically, the robot manager may be configured to allocate login information to the robot control unit, receive a request sent by the robot control unit, and feed back a control instruction based on the request. The safety private network controller can be used for verifying the identity information of the robot control unit, further improving the communication safety between the robot control unit and the robot manager and ensuring the safety of the robot manager. The safety private network controller can also be connected with an authentication server, the authentication server is connected with a safety private network, the safety private network is connected with the robot control unit, and the safety private network transmits data through a virtual private tunnel of a safety socket layer protocol; the structure of the Cloud robot may be as shown in fig. 4, the authentication server may be a Radius server, and the secure private network controller may be a Mobile Intranet (MCS) controller.
In an example, the process of acquiring the identity information to be verified may specifically be: acquiring login information of a robot control unit; and generating the identity information to be verified of the robot control unit according to the second identification information and the login information of the robot control unit and a preset rule.
Specifically, the robot manager stores second identification information and corresponding login information of each robot control unit in advance, so that the login information of the robot control unit can be issued by the robot manager when the robot control unit is used for the first time, the robot control unit stores the login information after obtaining the login information, and if the robot control unit is not logged in for the first time, the stored login information can be directly read; of course, the robot manager may issue the login information each time. The login information may be a user name and a corresponding password of the robot control unit.
In an example, the process of acquiring the login information may specifically be: sending an activation request to the robot manager, wherein the activation request comprises second identification information of the robot control unit, so that the robot manager searches login information of the robot control unit and sends the login information to the robot control unit; and receiving login information issued by the robot control unit.
Specifically, the robot manager stores the second identification information of each legal robot control unit and the corresponding login information, and the second identification information of the illegal robot control unit is not stored in the robot manager. And sending an activation request to a robot manager, wherein the activation request comprises second identification information of the robot control unit, and after receiving the activation request, the robot manager searches login information of the second identification information of the robot control unit according to the second identification information of the robot control unit and sends the login information to the RCU, wherein the login information can also be sent to a security private network controller at the same time, and the security private network controller generates legal identity verification information of the robot control unit based on the login information and the second identification information.
The robot control unit receives the login information, and generates the to-be-verified identity information of the robot control unit according to a preset rule based on the second identification information and the login information of the robot control unit, for example, the second identification information and the login information of the robot control unit may be combined into a user name and a password of the MCS according to a constraint relationship. Similarly, the secure private network controller synthesizes the login information and the second identification information of the RCU based on the same preset rule to obtain the legal authentication information of the RCU.
In a specific example, the identity information to be verified is sent to the robot control system, and the specific process may be as follows: the identity information to be verified is sent to the secure private network through a transmission channel for identity verification, the secure private network transmits the identity information to be verified to the secure private network controller through the authentication server, and the authentication server is used for converting a data transmission protocol between the robot control unit and the secure private network controller.
Specifically, the robot control unit is connected with the secure private network, the robot control unit can send to-be-verified identity information to the secure private network, the secure private network passes through authentication of the authentication server and then transmits the to-be-verified identity information to the secure private network controller, the secure private network controller compares the received to-be-verified identity information with a plurality of stored legal identity verification information respectively, if the same legal identity verification information exists, the verification result is successful, and if the same legal identity verification information does not exist, the verification result is failed.
It should be noted that, as shown in fig. 5, if there is an illegal robot control unit, the illegal robot control unit forges login information of the robot control unit, and since it needs to access the robot control system and needs to be verified, the illegal robot control unit generates information to be verified according to a preset rule with its own second identification information and login information, sends the information to be verified to the security private network, and sends the information to be verified to the authentication server through the security private network, and the authentication server passes through the information to be verified of the illegal robot control unit to the security private network controller, and since the security private network controller does not store the second identification information of the illegal robot control unit, the verification result of the security private network controller is a verification failure.
Step 202: and receiving a verification result of successful verification returned by the robot control system.
Step 203: and if the first identification information of the application to be accessed exists in the pre-stored appointed application list, acquiring the signature information of the application to be accessed.
Step 204: and matching the signature information with the stored signature verification information corresponding to the first identification information, and determining a matching result of the application to be accessed.
Step 205: and if the matching result is determined to be successful, accessing the application to be accessed to the robot control system so as to transmit data between the application to be accessed and the robot control system.
Steps 203 to 205 in this embodiment are substantially the same as steps 101 to 103 in the first embodiment, and will not be described again here.
In the method for accessing an application provided in this embodiment, before detecting that the first identification information of the application to be accessed exists in the pre-stored specified application list, the identity information to be verified may be sent to the robot control system, so that the robot control system verifies the identity information to be verified based on the stored legal identity verification information, and the robot control system verifies the robot control unit, thereby preventing an illegal robot control unit from being installed on the robot body and accessing the robot control system, and further improving the security protection of the robot control system.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
The third embodiment of the present invention relates to an application access method, which is applied to a robot control system, the robot control system is in communication connection with a robot control unit, the robot control unit executes the application access method of the first embodiment or the second embodiment, and the robot control system can be deployed in a cloud. The specific flow of the method for accessing the application is shown in fig. 6.
Step 301: and receiving the identity information to be verified sent by the robot control unit.
Specifically, the robot control system includes: the robot control system comprises a robot manager and a safety private network controller, wherein the safety private network controller is connected with the robot manager and a robot control unit. Specifically, the robot manager may be configured to allocate login information to the robot control unit RCU, receive a service request sent by the RCU, and feed back a control instruction based on the service request. The safety private network controller can be used for verifying the identity information of the RCU, further improving the communication safety between the RCU and the robot manager and ensuring the safety of the robot manager. The safety private network controller can also be connected with an authentication server, the authentication server is connected with a safety private network, the safety private network is connected with the robot control unit, and the safety private network transmits data through a virtual private tunnel of a safety socket layer protocol.
Step 302: and verifying the identity information to be verified according to the stored legal identity verification information, wherein the legal identity verification information comprises second identification information of a legal robot control unit.
Specifically, the robot manager sends the second identification information and login information of each legal RCU to the secure private network controller, and the secure private network controller synthesizes the second identification information and login information of each legal RCU according to a preset rule to obtain legal identity authentication information of each legal RCU. The security private network controller compares the received identity information to be verified with the stored legal identity verification information respectively, and if the same legal identity verification information is determined, the verification result is successful; and if the legal identity authentication information which is the same as the identity information to be authenticated does not exist, the authentication result is authentication failure.
Step 303: and sending the verification result to the robot control unit, and accessing the robot control unit to the robot control system according to the verification result.
And sending the verification result of successful verification to the robot control unit RCU. If the verification result is failure, the verification result can be returned to the RCU, or the verification result is not returned to the RCU; and the verification result can be sent to an engineer to remind the engineer of an illegal RCU on the robot body.
It should be understood that this embodiment is an example of a method for application access of a robot control system corresponding to the second embodiment, and may be implemented in cooperation with the second embodiment. The related technical details mentioned in the second embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the second embodiment.
A fourth embodiment of the present invention relates to a robot control unit, and a specific configuration of the robot control unit 40 is as shown in fig. 7, and specifically includes: at least one processor 401; and a memory 402 communicatively coupled to the at least one processor 401; the memory 402 stores instructions executable by the at least one processor 401, and the instructions are executed by the at least one processor 401, so that the at least one processor 401 can execute the method of application access in the first embodiment or the second embodiment.
A fifth embodiment of the present invention relates to a server, and a specific configuration of the server 50 is as shown in fig. 8, and specifically includes: at least one processor 501; and a memory 502 communicatively coupled to the at least one processor 501; the memory 502 stores instructions executable by the at least one processor 501, and the instructions are executed by the at least one processor 501, so that the at least one processor 501 can execute the method of application access in the third embodiment.
The memory and the processor in the fourth and fifth embodiments are each connected by a bus, which may comprise any number of interconnected buses and bridges, linking together various circuits of the memory and the processor or processors. The bus may also link various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor.
The processor is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And the memory may be used to store data used by the processor in performing operations.
A sixth embodiment of the present invention relates to a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method for application access of the first or second embodiment or the method for application access of the third embodiment.
Those skilled in the art can understand that all or part of the steps in the method of the foregoing embodiments may be implemented by a program to instruct related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.

Claims (10)

1. A method for application access, which is applied to a robot control unit and comprises the following steps:
if the first identification information of the application to be accessed exists in a pre-stored appointed application list, acquiring signature information of the application to be accessed;
matching the signature information with stored signature verification information corresponding to the first identification information, and determining a matching result of the application to be accessed;
and if the matching result is determined to be successful, accessing the application to be accessed to the robot control system so as to enable the application to be accessed to perform data transmission with the robot control system.
2. The method for accessing an application according to claim 1, wherein before detecting that the first identification information of the application to be accessed exists in the pre-stored specified application list, the method for accessing an application further comprises:
sending identity information to be verified to the robot control system, allowing the robot control system to verify the identity information to be verified based on stored legal identity verification information, and returning a verification result, wherein the legal identity verification information comprises second identification information of a legal robot control unit;
and receiving a verification result of successful verification returned by the robot control system.
3. The method for application access according to claim 2, wherein before sending the identity information to be verified to the robot control system, the method for application access further comprises:
acquiring login information of the robot control unit;
and generating the second identification information of the robot control unit and the login information according to a preset rule to-be-verified identity information of the robot control unit.
4. The method of application access of claim 3, wherein the robotic control system comprises: the robot system comprises a robot manager and a safety private network controller, wherein the safety private network controller is connected with the robot manager and a robot control unit;
the acquiring of the login information of the robot control unit specifically includes:
sending an activation request to the robot manager, wherein the activation request comprises second identification information of the robot control unit, so that the robot manager searches login information of the robot control unit and sends the login information to the robot control unit;
and receiving the login information issued by the robot control unit.
5. The method for application access according to claim 4, wherein the secure private network controller is connected to an authentication server, the authentication server is connected to a secure private network, the secure private network is connected to the robot control unit, and the secure private network tunnels data based on a virtual private network;
the sending the identity information to be verified to the robot control system specifically includes:
and sending the identity information to be verified to the secure private network through a transmission channel for identity verification, and transmitting the identity information to be verified to the secure private network controller through the authentication server by the secure private network, wherein the authentication server is used for converting a data transmission protocol between the robot control unit and the secure private network controller.
6. The method for application access according to any one of claims 1 to 5, wherein the robot control unit is connected with a secure private network, and the secure private network is connected with the robot control system;
the accessing the application to be accessed to the control system specifically includes:
searching a first process corresponding to the application to be accessed according to the first identification information;
marking a first label for the first process, wherein the first label is used for indicating that the first process belongs to the application to be accessed, and the matching is successful;
determining routing information of the first process according to the stored routing policy and the first label;
and transmitting the data generated by the first process to the robot control system through the secure private network according to the routing information.
7. A method for application access, characterized by being applied to a robot control system, wherein the robot control system is connected with a robot control unit in communication, and the robot control unit executes the method for application access according to claims 2 to 6, and the method for application access comprises:
receiving identity information to be verified sent by the robot control unit;
verifying the identity information to be verified according to the stored legal identity verification information, wherein the legal identity verification information comprises second identification information of a legal robot control unit;
and sending the verification result to a robot control unit, and accessing the robot control system by the robot control unit according to the verification result.
8. A robot control unit, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method of application access as claimed in any one of claims 1 to 6.
9. A server, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of application access of claim 7.
10. A computer-readable storage medium, storing a computer program, wherein the computer program, when executed by a processor, implements the method for application access of any of claims 1 to 6, or implements the method for application access of claim 7.
CN201911291594.5A 2019-12-16 2019-12-16 Application access method, robot control unit, server and storage medium Active CN111107078B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911291594.5A CN111107078B (en) 2019-12-16 2019-12-16 Application access method, robot control unit, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911291594.5A CN111107078B (en) 2019-12-16 2019-12-16 Application access method, robot control unit, server and storage medium

Publications (2)

Publication Number Publication Date
CN111107078A true CN111107078A (en) 2020-05-05
CN111107078B CN111107078B (en) 2023-04-07

Family

ID=70422649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911291594.5A Active CN111107078B (en) 2019-12-16 2019-12-16 Application access method, robot control unit, server and storage medium

Country Status (1)

Country Link
CN (1) CN111107078B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565257A (en) * 2020-12-03 2021-03-26 国网安徽省电力有限公司检修分公司 Security process management system based on power grid special and edge Internet of things agent

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257251A1 (en) * 2004-04-30 2005-11-17 Microsoft Corporation Systems and methods for disabling software components to protect digital media
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103544035A (en) * 2013-10-21 2014-01-29 北京奇虎科技有限公司 Application clearing method and device for mobile terminal
CN104021340A (en) * 2014-06-20 2014-09-03 中科创达软件股份有限公司 Method and device for detecting installation of malicious applications
CN105049431A (en) * 2015-06-30 2015-11-11 深圳市深信服电子科技有限公司 Data access control method and device
CN105100095A (en) * 2015-07-17 2015-11-25 北京奇虎科技有限公司 Secure interaction method and apparatus for mobile terminal application program
CN106127473A (en) * 2016-06-30 2016-11-16 乐视控股(北京)有限公司 A kind of safe payment method and electronic equipment
CN106325928A (en) * 2016-08-22 2017-01-11 北京光年无限科技有限公司 Application accessing method applied to intelligent robot and intelligent robot
CN107820702A (en) * 2017-07-03 2018-03-20 深圳前海达闼云端智能科技有限公司 A kind of management-control method, device and electronic equipment
CN109033344A (en) * 2018-07-24 2018-12-18 上海常仁信息科技有限公司 A kind of remote interaction robot system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050257251A1 (en) * 2004-04-30 2005-11-17 Microsoft Corporation Systems and methods for disabling software components to protect digital media
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103544035A (en) * 2013-10-21 2014-01-29 北京奇虎科技有限公司 Application clearing method and device for mobile terminal
CN104021340A (en) * 2014-06-20 2014-09-03 中科创达软件股份有限公司 Method and device for detecting installation of malicious applications
CN105049431A (en) * 2015-06-30 2015-11-11 深圳市深信服电子科技有限公司 Data access control method and device
CN105100095A (en) * 2015-07-17 2015-11-25 北京奇虎科技有限公司 Secure interaction method and apparatus for mobile terminal application program
CN106127473A (en) * 2016-06-30 2016-11-16 乐视控股(北京)有限公司 A kind of safe payment method and electronic equipment
CN106325928A (en) * 2016-08-22 2017-01-11 北京光年无限科技有限公司 Application accessing method applied to intelligent robot and intelligent robot
CN107820702A (en) * 2017-07-03 2018-03-20 深圳前海达闼云端智能科技有限公司 A kind of management-control method, device and electronic equipment
CN109033344A (en) * 2018-07-24 2018-12-18 上海常仁信息科技有限公司 A kind of remote interaction robot system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565257A (en) * 2020-12-03 2021-03-26 国网安徽省电力有限公司检修分公司 Security process management system based on power grid special and edge Internet of things agent

Also Published As

Publication number Publication date
CN111107078B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
EP2973188B1 (en) Secondary device as key for authorizing access to resources
KR101361161B1 (en) System and method for reinforcing authentication using context information for mobile cloud
CN111783068B (en) Device authentication method, system, electronic device and storage medium
US9015481B2 (en) Methods and systems for access security for dataloading
CN111538966B (en) Access method, access device, server and storage medium
US20190089681A1 (en) Secure communication method and apparatus for vehicle, vehicle multimedia system, and vehicle
CN111064708B (en) Authorization authentication method and device and electronic equipment
KR102463051B1 (en) Driving negotiation method and apparatus
CN109583154A (en) A kind of system and method based on Web middleware access intelligent code key
CN113591059A (en) User login authentication method
CN111107078B (en) Application access method, robot control unit, server and storage medium
KR101436404B1 (en) User authenticating method and apparatus
CN112637167A (en) System login method and device, computer equipment and storage medium
KR101676846B1 (en) Mutual verification system and method performing thereof
WO2017076257A1 (en) System and method for app certification
US20080060063A1 (en) Methods and systems for preventing information theft
WO2021143028A1 (en) Internet of things equipment authentication method, electronic device and storage medium
US20160294558A1 (en) Information collection system and a connection control method in the information collection system
CN110708311A (en) Download permission authorization method and device and server
CN114389890B (en) User request proxy method, server and storage medium
US11621952B2 (en) Remote login processing method, apparatus, device and storage medium for unmanned vehicle
CN115225681A (en) Multi-robot cooperation method, electronic device, cloud server and storage medium
US20190297496A1 (en) Operation method of communication node for access control in multi-hop based communication network
CN114257471B (en) Authentication method, network device and storage medium
KR102613703B1 (en) Method for guaranteeing reliability of packet and apparatus using the same in synchronous wireless distributed communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210207

Address after: 200245 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant after: Dalu Robot Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: CLOUDMINDS (SHENZHEN) ROBOTICS SYSTEMS Co.,Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 200245 Building 8, No. 207, Zhongqing Road, Minhang District, Shanghai

Applicant after: Dayu robot Co.,Ltd.

Address before: 200245 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant before: Dalu Robot Co.,Ltd.

GR01 Patent grant
GR01 Patent grant