CN111327416A - Internet of things equipment access method and device and Internet of things platform - Google Patents

Internet of things equipment access method and device and Internet of things platform Download PDF

Info

Publication number
CN111327416A
CN111327416A CN201911278406.5A CN201911278406A CN111327416A CN 111327416 A CN111327416 A CN 111327416A CN 201911278406 A CN201911278406 A CN 201911278406A CN 111327416 A CN111327416 A CN 111327416A
Authority
CN
China
Prior art keywords
internet
things
equipment
user
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911278406.5A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201911278406.5A priority Critical patent/CN111327416A/en
Publication of CN111327416A publication Critical patent/CN111327416A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an Internet of things equipment access method and device and an Internet of things platform. The method comprises the following steps: based on a user data system and the Internet of things equipment, performing authentication and key agreement based on a Subscriber Identity Module (SIM), and acquiring a subscriber identity corresponding to the Subscriber Identity Module (SIM); acquiring a product identifier transmitted by the Internet of things equipment; determining whether the user identity has been registered as a device for the delivered product identity; and if the authentication and key agreement is successful and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the equipment of the Internet of things. The method does not need to burn key information such as equipment certificates and the like into the Internet of things equipment in advance, and can improve the access efficiency of the Internet of things equipment; and because the internet of things equipment is identified by the user identity corresponding to the SIM, the data forwarding and the like can be carried out on the internet of things equipment according to the user identity.

Description

Internet of things equipment access method and device and Internet of things platform
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of Internet of things, in particular to an Internet of things equipment access method and device and an Internet of things platform.
[ background of the invention ]
The Internet of things platform provides connection communication capability for the Internet of things equipment, is downwards connected with the Internet of things equipment and supports the access and management of the Internet of things equipment; and providing an API (application programming interface) for the upward application service so as to meet the development requirements of application systems in various industries.
The Internet of things platform is connected with the Internet of things equipment, performs data communication with the Internet of things equipment, and performs equipment management, data storage, data forwarding and the like on the Internet of things equipment.
In an implementation mode that an existing internet of things platform (such as an ariyun internet of things platform, an Tencent cloud internet of things communication platform and the like) is accessed to internet of things equipment, equipment is generally required to be established on a console of the internet of things platform, key information such as an equipment digital certificate (including a private key) or an equipment key (symmetric key) is generated, and then unique key information is burned for each piece of internet of things equipment in a production process of the internet of things equipment; when the Internet of things platform is connected to the Internet of things equipment, the Internet of things equipment generates authentication information based on the key information, the Internet of things platform authenticates the authentication information carried by the Internet of things equipment, and the Internet of things platform is connected to the Internet of things equipment only when the authentication is passed.
It can be seen from the above existing embodiments that the existing access process of the internet of things device is very tedious, and the access efficiency of the internet of things device is seriously affected.
It is important to note that the above background information is only used to enhance an understanding of the background of the present invention and, thus, may include prior art information that does not constitute a part of the present disclosure as known to one of ordinary skill in the art.
[ summary of the invention ]
The invention mainly aims to provide an Internet of things equipment access method, an Internet of things equipment access device and an Internet of things platform, and further solves one or more problems caused by the limitations and defects of related technologies at least to a certain extent, and the Internet of things equipment access method comprises the following technical scheme:
in a first aspect, an internet of things device access method is provided, which is applied to an internet of things platform, and the method includes:
based on a user data system and the Internet of things equipment, performing authentication and key agreement based on a Subscriber Identity Module (SIM), and acquiring a subscriber identity corresponding to the Subscriber Identity Module (SIM);
acquiring a product identifier transmitted by the Internet of things equipment;
determining whether the user identity has been registered as a device for the delivered product identity;
and if the authentication and key agreement is successful and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the equipment of the Internet of things.
Preferably, the user identity includes a mobile subscriber identity of the subscriber identity module SIM or/and an MSISDN corresponding to the mobile subscriber identity.
Preferably, the obtaining of the product identifier transmitted by the internet of things device includes:
receiving and acquiring a product identifier sent by the Internet of things equipment, and determining that the sent product identifier is the transferred product identifier; alternatively, the first and second electrodes may be,
acquiring the transmitted product identification according to the request address requested by the Internet of things equipment; alternatively, the first and second electrodes may be,
and acquiring the transmitted product identification according to the product authentication information sent by the Internet of things equipment.
Preferably, the device for determining whether the user identity has been registered as the delivered product identity comprises:
acquiring a product identifier to which the user identity identifier belongs, and if the belonging product identifier is determined to be consistent with the transmitted product identifier, determining that the user identity identifier is registered as the equipment of the transmitted product identifier; alternatively, the first and second electrodes may be,
a device that determines, after validation by a platform user, that the user identity has been registered as the delivered product identity.
Preferably, the device for determining that the user id has been registered as the delivered product id after confirmation by the platform user comprises:
generating and outputting prompt information according to the transmitted product identification and the user identity identification, wherein the prompt information is used for indicating whether the platform user confirms registration;
and if receiving information which is fed back by the platform user and represents that registration is confirmed, recording a product to which the user identity belongs as the transferred product identity, and determining that the user identity is already registered as the equipment of the transferred product identity.
Preferably, the platform user is determined according to the delivered product identification.
Preferably, after the authentication and the key agreement are successful, and before the accessing the internet of things device, the method further includes:
generating a second root key and establishing an association relation between a user identifier and the second root key;
verifying a security authentication request sent by the Internet of things equipment according to the association relationship, wherein the security authentication request comprises the user identifier and a first encryption value, the first encryption value is generated by the Internet of things equipment according to a first root key, and the first root key is generated by the Internet of things equipment when the authentication and key agreement is successful;
determining the user identity according to the user identity;
and if the safety authentication request is verified to be successful, continuing to execute the subsequent steps.
Preferably, the verifying the security authentication request sent by the internet of things device according to the association relationship includes:
acquiring the second root key in the association relationship according to the user identifier;
verifying the first encrypted value according to the second root key;
and if the first encryption value is verified to be valid, the security authentication request is determined to be successfully verified.
Preferably, the verifying the first cryptographic value according to the second root key comprises:
generating a second authentication key based on the second root key, wherein the generation mode of the second authentication key is consistent with the generation mode of the first authentication key generated by the internet of things equipment, so that the value of the second authentication key is the same as that of the first authentication key;
generating second verification information, wherein the generation mode of the second verification information is consistent with the generation mode of the first verification information generated by the Internet of things equipment, so that the value of the second verification information is the same as that of the first verification information;
verifying the first encrypted value based on the second authentication key and the second verification information.
Preferably, after accessing the internet of things device, the method further includes:
and forwarding the data reported by the equipment of the Internet of things to a target service.
Preferably, the forwarding the data reported by the internet of things device to the target service includes:
receiving data reported by the Internet of things equipment;
determining the target service in a binding relationship according to the user identity, wherein the binding relationship comprises the binding relationship between the user identity and the target service;
forwarding the data to the target service.
In a second aspect, another internet of things device access method is provided, and is applied to an internet of things platform, and the method includes:
verifying a security authentication request sent by Internet of things equipment based on an incidence relation on an authentication server, and acquiring a user identity corresponding to a Subscriber Identity Module (SIM), wherein the incidence relation is generated when the authentication server authenticates and successfully negotiates with the Internet of things equipment based on a subscriber data system and the SIM, the security authentication request comprises a user identity and a first encryption value, the first encryption value is generated by the Internet of things equipment according to a first root key, the first root key is generated by the Internet of things equipment when the authentication and key negotiation is successful, and the incidence relation comprises the incidence relation between the user identity and a second root key;
acquiring a product identifier transmitted by the Internet of things equipment;
determining whether the user identity has been registered as a device for the delivered product identity;
and if the safety authentication request is verified successfully and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the Internet of things equipment.
Preferably, the verifying, based on the association relationship on the authentication server, the security authentication request sent by the internet of things device includes:
obtaining the second root key in the association relation according to the user identification, verifying the first encryption value according to the second root key, and determining that the security authentication request is successfully verified if the first encryption value is verified to be valid; alternatively, the first and second electrodes may be,
and forwarding the security authentication request to the authentication server so that the authentication server verifies the security authentication request according to the association relation, and if receiving information which is fed back by the authentication server and represents that the verification is successful, determining that the verification of the security authentication request is successful.
Preferably, the verifying the first cryptographic value according to the second root key comprises:
generating a second authentication key based on the second root key, wherein the generation mode of the second authentication key is consistent with the generation mode of the first authentication key generated by the internet of things equipment, so that the value of the second authentication key is the same as that of the first authentication key;
generating second verification information, wherein the generation mode of the second verification information is consistent with the generation mode of the first verification information generated by the Internet of things equipment, so that the value of the second verification information is the same as that of the first verification information;
verifying the first encrypted value based on the second authentication key and the second verification information.
Preferably, the user identity includes a mobile subscriber identity of the subscriber identity module SIM or/and an MSISDN corresponding to the mobile subscriber identity.
Preferably, the obtaining of the product identifier transmitted by the internet of things device includes:
receiving and acquiring a product identifier sent by the Internet of things equipment, and determining that the sent product identifier is the transferred product identifier; alternatively, the first and second electrodes may be,
acquiring the transmitted product identification according to the request address requested by the Internet of things equipment; alternatively, the first and second electrodes may be,
and acquiring the transmitted product identification according to the product authentication information sent by the Internet of things equipment.
Preferably, the device for determining whether the user identity has been registered as the delivered product identity comprises:
acquiring a product identifier to which the user identity identifier belongs, and if the belonging product identifier is determined to be consistent with the transmitted product identifier, determining that the user identity identifier is registered as the equipment of the transmitted product identifier; alternatively, the first and second electrodes may be,
a device that determines, after validation by a platform user, that the user identity has been registered as the delivered product identity.
Preferably, the device for determining that the user identity has been registered as the delivered product identity after user confirmation comprises:
generating and outputting prompt information according to the transmitted product identification and the user identity identification, wherein the prompt information is used for indicating whether the platform user confirms registration;
and if receiving information which is fed back by the platform user and represents that registration is confirmed, recording a product to which the user identity belongs as the transferred product identity, and determining that the user identity is already registered as the equipment of the transferred product identity.
Preferably, the platform user is determined according to the delivered product identification.
Preferably, after accessing the internet of things device, the method further includes:
and forwarding the data reported by the equipment of the Internet of things to a target service.
Preferably, the forwarding the data reported by the internet of things device to the target service includes:
receiving data reported by the Internet of things equipment;
determining a target service in a binding relationship according to the user identity, wherein the binding relationship comprises the binding relationship between the user identity and the target service;
forwarding the data to the target service.
In a third aspect, an internet of things device access apparatus is provided, the apparatus including:
the authentication and key agreement module is used for performing authentication and key agreement based on a user data system and the Internet of things equipment based on a user identification module SIM, and acquiring a user identity corresponding to the user identification module SIM;
the product identification acquisition module is used for acquiring the product identification transmitted by the Internet of things equipment;
a registration relationship determination module for determining whether the user identity has been registered as a device for the delivered product identity;
and the equipment access module is used for accessing the Internet of things equipment if the authentication and the key negotiation are successful and the user identity is determined to be registered as the equipment of the transmitted product identifier.
Preferably, the product identifier acquiring module includes:
the first product identification obtaining unit is used for receiving and obtaining the product identification sent by the Internet of things equipment and determining that the sent product identification is the transmitted product identification; alternatively, the first and second electrodes may be,
the second product identifier obtaining unit is used for obtaining the transmitted product identifier according to the request address requested by the internet of things equipment; alternatively, the first and second electrodes may be,
and the third product identification obtaining unit is used for obtaining the transmitted product identification according to the product authentication information sent by the Internet of things equipment.
Preferably, the registration relation determining module includes:
a first registration relation determining unit, configured to obtain a product identifier to which the user identity identifier belongs, and if it is determined that the product identifier to which the user identity identifier belongs is consistent with the delivered product identifier, determine that the user identity identifier is already registered as a device of the delivered product identifier; alternatively, the first and second electrodes may be,
a second registration relation determining unit for determining, after confirmation by the platform user, that the user identity has been registered as a device for the delivered product identity.
Preferably, the second registration relationship determination unit includes:
a prompt information output subunit, configured to generate and output a prompt information according to the transmitted product identifier and the user identity identifier, where the prompt information is used to indicate whether the platform user confirms registration;
and the registration determining subunit is used for recording a product to which the user identity identifier belongs as the delivered product identifier and determining that the user identity identifier is already registered as the equipment of the delivered product identifier if receiving the information which is fed back by the platform user and represents that registration is confirmed.
Preferably, the apparatus further comprises:
the security authentication module is used for generating a second root key, establishing an incidence relation between a user identifier and the second root key, verifying a security authentication request sent by the Internet of things equipment according to the incidence relation, and determining the user identity identifier according to the user identifier;
the device access module is further configured to: and if the security authentication request is verified to be successful, accessing the Internet of things equipment.
Preferably, the security authentication module includes:
the association relationship establishing unit is used for generating a second root key and establishing the association relationship;
an authentication request verifying unit, configured to verify, according to the association relationship, a security authentication request sent by the internet of things device, where the security authentication request includes the user identifier and a first encrypted value, the first encrypted value is generated by the internet of things device according to a first root key, and the first root key is generated by the internet of things device when the authentication and key agreement is successful;
and the identity identification determining unit is used for determining the user identity identification according to the user identification.
Preferably, the apparatus further comprises:
and the data forwarding module is used for forwarding the data reported by the Internet of things equipment to a target service.
Preferably, the data forwarding module includes:
the data receiving unit is used for receiving data reported by the Internet of things equipment;
a service determining unit, configured to determine the target service in a binding relationship according to the user identity, where the binding relationship includes a binding relationship between the user identity and the target service;
and the data forwarding unit is used for forwarding the data to the target service.
In a fourth aspect, an internet of things device access apparatus is provided, the apparatus including:
the security authentication module is used for verifying a security authentication request sent by the internet of things equipment based on an association relation on an authentication server and acquiring a user identity corresponding to a Subscriber Identity Module (SIM), wherein the association relation is generated when the authentication server authenticates and successfully negotiates with the internet of things equipment based on a subscriber data system and the SIM, the security authentication request comprises a subscriber identity and a first encryption value, the first encryption value is generated by the internet of things equipment according to a first root key, the first root key is generated by the internet of things equipment when the authentication and key negotiation is successful, and the association relation comprises the association relation between the subscriber identity and a second root key;
the product identification acquisition module is used for acquiring the product identification transmitted by the Internet of things equipment;
a registration relationship determination module for determining whether the user identity has been registered as a device for the delivered product identity;
and the equipment access module is used for accessing the Internet of things equipment if the security authentication request is verified successfully and the user identity identifier is determined to be registered as the equipment of the transmitted product identifier.
Preferably, the security authentication module includes:
the authentication request verification unit is used for verifying the security authentication request sent by the Internet of things equipment according to the incidence relation;
and the identity identification determining unit is used for determining the user identity identification according to the user identification.
Preferably, the authentication request verifying unit includes:
a first verifying subunit, configured to obtain the second root key in the association relationship according to the user identifier, verify the first encrypted value according to the second root key, and determine that the security authentication request is successfully verified if the first encrypted value is verified to be valid; alternatively, the first and second electrodes may be,
and the second verification subunit is used for forwarding the security authentication request to the authentication server so that the authentication server verifies the security authentication request according to the association relationship, and if receiving the information which is fed back by the authentication server and indicates that the verification is successful, the authentication server determines that the verification of the security authentication request is successful.
Preferably, the product identifier acquiring module includes:
the first product identification obtaining unit is used for receiving and obtaining the product identification sent by the Internet of things equipment and determining that the sent product identification is the transmitted product identification; alternatively, the first and second electrodes may be,
the second product identifier obtaining unit is used for obtaining the transmitted product identifier according to the request address requested by the internet of things equipment; alternatively, the first and second electrodes may be,
and the third product identification obtaining unit is used for obtaining the transmitted product identification according to the product authentication information sent by the Internet of things equipment.
Preferably, the registration relation determining module includes:
a first registration relation determining unit, configured to obtain a product identifier to which the user identity identifier belongs, and if it is determined that the product identifier to which the user identity identifier belongs is consistent with the delivered product identifier, determine that the user identity identifier is already registered as a device of the delivered product identifier; alternatively, the first and second electrodes may be,
a second registration relation determining unit for determining, after confirmation by the platform user, that the user identity has been registered as a device for the delivered product identity.
Preferably, the second registration relationship determination unit includes:
a prompt information output subunit, configured to generate and output a prompt information according to the transmitted product identifier and the user identity identifier, where the prompt information is used to indicate whether the platform user confirms registration;
and the registration determining subunit is used for recording a product to which the user identity identifier belongs as the delivered product identifier and determining that the user identity identifier is already registered as the equipment of the delivered product identifier if receiving the information which is fed back by the platform user and represents that registration is confirmed.
Preferably, the apparatus further comprises:
and the data forwarding module is used for forwarding the data reported by the Internet of things equipment to a target service.
Preferably, the data forwarding module includes:
the data receiving unit is used for receiving data reported by the Internet of things equipment;
a service determining unit, configured to determine the target service in a binding relationship according to the user identity, where the binding relationship includes a binding relationship between the user identity and the target service;
and the data forwarding unit is used for forwarding the data to the target service.
In a fifth aspect, there is provided a computer device comprising: a processor, a memory and a computer program stored on the memory and executable on the processor, characterized in that the computer program implements the method as described in the first aspect above or implements the method as described in the second aspect above when executed by the processor.
There is provided a storage medium characterized in that the storage medium has stored therein a program for implementing the method of the first aspect described above, or a program for implementing the method of the second aspect described above.
There is provided an internet of things platform comprising an apparatus as described in the third aspect above, or an apparatus as described in the fourth aspect above.
The sixth aspect provides an internet of things system, which is characterized by comprising an authentication server and an internet of things platform, wherein the authentication server is connected with the internet of things platform through a network; the authentication server is used for performing authentication and key agreement based on a subscriber data system and an Internet of things device based on a Subscriber Identity Module (SIM), if the authentication and key agreement is successful, generating a second root key and establishing an association relation between a subscriber identity and the second root key; the internet of things platform is used for implementing the method of the second aspect, or the internet of things platform comprises the apparatus of the fourth aspect.
In summary, the technical effects brought by the technical solution provided by the present invention at least include: on the first hand, the key information such as the equipment certificate and the like does not need to be generated for the Internet of things equipment in advance by the Internet of things platform, and the key information such as the equipment certificate and the like does not need to be burnt into the Internet of things equipment in advance, so that the production efficiency and the production cost of the Internet of things equipment can be improved, and the access efficiency of the Internet of things equipment can be improved; in the second aspect, because the internet of things equipment is identified by the user identity corresponding to the subscriber identity module SIM, and the internet of things equipment can be subjected to equipment management, data analysis, data forwarding and the like according to the user identity, as long as the same subscriber identity module SIM is used, even if the internet of things equipment is replaced, the internet of things platform can still access the internet of things equipment according to the same subscriber identity module SIM and can still identify the internet of things equipment according to the user identity corresponding to the same subscriber identity module SIM; in the third aspect, based on the facilities of the subscriber identity module SIM, the subscriber data system, and the like in the communication network, a basic service capability for the service of the internet of things is provided, and service fusion of the communication network and the internet of things is promoted.
[ description of the drawings ]
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic block diagram of an implementation environment in accordance with the present invention;
FIG. 2 is a schematic block diagram of another embodiment of the present invention;
fig. 3 is a schematic flow chart of an embodiment of an internet of things device access method;
fig. 4 is a schematic flow chart of another embodiment of an internet of things device access method;
fig. 5 is a schematic structural diagram of a first embodiment of an internet-of-things device access apparatus;
fig. 6 is a schematic structural diagram of a second embodiment of an internet of things device access apparatus;
fig. 7 is a schematic structural diagram of a third embodiment of an access device of an internet of things device;
fig. 8 is a schematic structural diagram of a fourth embodiment of an internet-of-things device access apparatus;
fig. 9 is a schematic structural diagram of another first embodiment of an internet of things device access apparatus;
fig. 10 is a schematic structural diagram of another second embodiment of an internet of things device access apparatus;
fig. 11 is a schematic structural diagram of an embodiment of an internet of things system.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
First, related noun terms
To facilitate understanding, some terms referred to herein are introduced and described.
The product is as follows: a set of internet of things devices having the same function or feature.
Product identification: information for uniquely identifying a product.
Mobile user identification: an Identifier for uniquely identifying the Subscriber Identity module SIM, the Mobile Subscriber Identity including an International Mobile Subscriber Identity (IMSI), or an IP Multimedia Private Identity (IMPI), or a Subscriber Permanent Identity (SUPI), or a Subscriber hidden Identity (SUCI), which is an encrypted result of the Subscriber Permanent Identity SUPI.
MSISDN: mobile Subscriber ISDN Number (Mobile Subscriber ISDN Number), the Number to be dialed to call a Mobile Subscriber, and the receiving Number to send a short message to a Mobile Subscriber, also known as a Mobile telephone Number.
Temporary user identification: an identifier for temporarily identifying the identity of the user.
And (3) user identity identification: the identification for long-term identification of the user identity includes a mobile subscriber identity, MSISDN or other identification that can be used for long-term identification of the user identity.
Authentication and key agreement mechanism: the Authentication and Key Agent (AKA) is abbreviated in english, and based on a challenge response mechanism, the Authentication between a user and a mobile communication network is completed, and meanwhile, a communication encryption Key is negotiated based on the Authentication.
Subscriber identity module SIM: the system is used for storing applications including a mobile Subscriber Identity, a mobile Subscriber key (K), a home network, an AKA related algorithm and the like for a user, and the user realizes Identity authentication to a mobile communication network based on a Subscriber Identity Module SIM (Subscriber Identity Module), and specifically comprises a Universal Subscriber Identity Module (USIM) and an IP Multimedia service Identity Module (ISIM).
Signature encryption algorithm: refers to an encryption algorithm for cryptographically verifying the authenticity of information, which is a section of digital string that cannot be forged by others and can be generated only by the sender of the information, and is also a valid proof of the authenticity of the information sent by the sender of the information, such as a message authentication code (e.g., hash-based message authentication code HMAC, cipher packet chaining message authentication code CBC-MAC, galois message authentication code GMAC, etc.), a hash function with key encryption, an RSA-based digital scheme (e.g., RSA-PSS), a Digital Signature Algorithm (DSA), and an elliptic curve digital signature algorithm, etc.
Symmetric encryption algorithm: refers to an Encryption algorithm using the same key for Encryption and decryption, such as Triple Data Encryption Standard (DES), Advanced Encryption Standard (AES), and the like.
Second, description of the implementation Environment
Referring to fig. 1, a schematic diagram of an implementation environment according to the present invention is shown. The implementation environment comprises an internet of things platform, internet of things equipment, a target service and a user data system.
The Internet of things platform: the system is connected with the Internet of things equipment through a network and used for receiving and executing an authentication and key agreement request of the Internet of things equipment and supporting the access and management of the Internet of things equipment; the system is connected with a user data system through a network and used for carrying out authentication and key agreement with the Internet of things equipment based on the user data system; and the target service is connected with the Internet of things equipment through a network so as to realize data communication between the Internet of things equipment and the target service.
The Internet of things equipment: the mobile data (including 3G mobile data, 4G mobile data, 5G mobile data, 6G mobile data or NB-IoT mobile data), WLAN, WiFi, LAN, fixed broadband, LoRaWAN and other wired or wireless access networks are connected with the platform of the Internet of things through the network for authentication and key agreement, and the platform of the Internet of things is accessed, wherein the network comprises the data network such as the Internet, the mobile Internet and the like. The Internet of things equipment is the Internet of things equipment which can be inserted, embedded or externally connected with a subscriber identity module SIM and supports reading of the subscriber identity module SIM, and comprises an intelligent electric meter, an intelligent home, an intelligent vehicle-mounted terminal, an intelligent street lamp, an intelligent elevator, an Internet of things gateway, agriculture and forestry intelligent monitoring equipment and other Internet of things equipment.
Target service: the internet of things platform realizes data communication between the internet of things equipment and target services after the internet of things platform is connected to the internet of things equipment, for example, data reported by the internet of things equipment is forwarded to the target services.
A user data system: a system for storing a mobile subscriber identity, a mobile subscriber key (K), an AKA related algorithm, and performing identity authentication on a mobile subscriber in a mobile communication network, also referred to as a subscriber subscription server, includes a Home Subscriber Server (HSS) or/and a Unified Data Management (UDM).
It should be noted that the implementation environment configuration shown in fig. 1 is not limited to the implementation environment, and may include more or less components than those shown, or some components may be combined, or a different arrangement of components may be used, as will be appreciated by those skilled in the art. The implementation environment configuration shown in fig. 1 is only for enhancing understanding of the present technology and thus may include prior art information that does not constitute a known art to those of ordinary skill in the art.
Third, an embodiment of an access method for Internet of things equipment
Referring to fig. 3, a flowchart of an embodiment of an internet of things device access method provided in the present invention is shown. The embodiment is exemplified by applying the method to an internet of things platform in the implementation environment shown in fig. 1, where the method may include:
step 301, based on a user data system and the internet of things equipment, performing authentication and key agreement based on a subscriber identity module SIM, and acquiring a subscriber identity corresponding to the subscriber identity module SIM; if the authentication and key agreement is successful, the following step 302 is continued.
The SIM connected with the Internet of things equipment stores a mobile subscriber identity, a mobile subscriber key (K) and an AKA related algorithm, and correspondingly, the mobile subscriber identity, the mobile subscriber key (K) corresponding to the mobile subscriber identity and the AKA related algorithm are stored in a subscriber data system.
Therefore, the internet of things platform authenticates and negotiates a key based on the user data system and the internet of things device based on the subscriber identity module SIM through an authentication and key negotiation mechanism, and acquires a subscriber identity corresponding to the subscriber identity module SIM; if the authentication and the key agreement are successful, continuing to execute the subsequent steps; otherwise, the subsequent steps are not continuously executed.
The user identity corresponding to the subscriber identity module SIM may include a mobile subscriber identity of the subscriber identity module SIM, for example, in the authentication and key agreement process, the internet of things device sends the mobile subscriber identity of the subscriber identity module SIM to the internet of things platform, and the internet of things platform receives and acquires the mobile subscriber identity; the MSISDN corresponding to the mobile subscriber identity may also be included, that is, the corresponding MSISDN is obtained according to the mobile subscriber identity, and the corresponding MSISDN is determined as the subscriber identity.
In an embodiment of acquiring a corresponding MSISDN according to the mobile subscriber identity, specifically, in a subscriber data system (for example, a home subscriber server HSS or a unified data management UDM), a mapping relationship between the mobile subscriber identity and the MSISDN is stored, and the corresponding MSISDN may be acquired in the mapping relationship according to the mobile subscriber identity. Therefore, the internet of things platform sends the MSISDN query request including the mobile subscriber identity to the subscriber data system, and the subscriber data system feeds back the MSISDN corresponding to the mobile subscriber identity to the internet of things platform, so that the internet of things platform receives and acquires the corresponding MSISDN.
The implementation process of the internet of things platform performing authentication and key agreement based on the user data system and the internet of things device based on the subscriber identity module SIM can also be referred to as the implementation mode of the authentication and key agreement process embodiment in the patent application document of the client registration method, device and system (application numbers: 2019107771277 and 2019107750798), and the internet of things platform is implemented as a registration server in the embodiment, and the internet of things device is implemented as a user terminal in the embodiment.
Further, if the authentication and the key agreement are successful, the internet of things device and the internet of things platform may negotiate to generate root keys with the same value, and for distinction, the root key generated on the internet of things device is referred to as a first root key, and the root key generated on the internet of things platform is referred to as a second root key.
Meanwhile, establishing an incidence relation between a user identifier and a second root key on the platform of the Internet of things, wherein the user identifier comprises a mobile user identifier of a Subscriber Identity Module (SIM) or a temporary user identifier; and if the user identification comprises the temporary user identification, the Internet of things platform transmits the temporary user identification to the Internet of things equipment.
After the association relationship between the user identifier and the second root key is established, the internet of things platform can realize the security authentication of the internet of things equipment according to the association relationship. For example:
the Internet of things equipment generates a first encryption value according to the first root secret key, and a security authentication request sent to the Internet of things platform comprises the user identification and the first encryption value. More specifically, the implementation process may include: the Internet of things equipment generates a first authentication key based on the first root key; the method comprises the steps that the Internet of things equipment generates first verification information; the Internet of things equipment encrypts the first verification information based on the first authentication key to generate a first encryption value; the Internet of things equipment generates a security authentication request, wherein the security authentication request comprises the user identification and the first encryption value; the Internet of things equipment sends the security authentication request to the Internet of things platform;
correspondingly, the Internet of things platform receives a security authentication request sent by the Internet of things equipment, and then the Internet of things platform verifies the security authentication request according to the incidence relation. More specifically, the verification process may include: the Internet of things platform acquires the user identification and the first encryption value in the security authentication request; the Internet of things platform acquires a second root key in an incidence relation between a user identifier and the second root key according to the user identifier; verifying the first encrypted value based on the second root key and second verification information, wherein the second verification information is the same as the value of the first verification information generated by the Internet of things equipment; if the first encryption value is verified to be valid, the security authentication request is verified to be successful, and a user identity is determined according to the user identification; and if the first encryption value is verified to be invalid, determining that the security authentication request fails to be verified.
The embodiment of the internet of things platform verifying the first encrypted value based on the second root key and the second verification information may include: generating a second authentication key based on the second root key, wherein the generation mode of the second authentication key is consistent with the generation mode of the first authentication key generated by the Internet of things equipment, so that the value of the second authentication key is the same as that of the first authentication key generated by the Internet of things equipment; generating second verification information, wherein the generation mode of the second verification information is consistent with the generation mode of the first verification information generated by the equipment of the internet of things, so that the value of the second verification information is the same as that of the first verification information generated by the equipment of the internet of things; verifying the first encrypted value based on the second authentication key and the second verification information, e.g., if the internet of things device generates a first encrypted value using a signature encryption algorithm, verifying the first encrypted value based on the second authentication key and the second verification information using the same signature encryption algorithm; or, if the internet of things device generates the first encrypted value using a symmetric encryption algorithm, verifying the first encrypted value based on the second authentication key and the second verification information using the same symmetric encryption algorithm.
For example, the embodiment may also refer to an embodiment of "client security authentication process example" in a patent application document of "client registration method, apparatus and system" (application number: 2019107771277), and an internet of things platform is implemented as a registration server in the embodiment, and an internet of things device is implemented as a user terminal in the embodiment. Moreover, the embodiment of determining the user identity according to the user identity includes: determining the mobile user identification as a user identity; or, acquiring a corresponding MSISDN according to the mobile subscriber identity, and determining the corresponding MSISDN as the subscriber identity.
For example, the embodiment may also refer to an embodiment of "client security authentication process example" in a patent application document of "client registration method, apparatus and system" (application number: 2019107750798), and an internet of things platform is implemented as a registration server in the embodiment, and an internet of things device is implemented as a user terminal in the embodiment. Moreover, the embodiment of determining the user identity according to the user identity includes: acquiring a mobile user identifier in the association relationship between the temporary user identifier and the mobile user identifier according to the temporary user identifier, determining the mobile user identifier as a user identity identifier, wherein the association relationship between the temporary user identifier and the mobile user identifier is established when the temporary user identifier is generated in the authentication and key agreement process; or, obtaining a mobile subscriber identity in the association relationship between the temporary subscriber identity and the mobile subscriber identity according to the temporary subscriber identity, obtaining a corresponding MSISDN according to the mobile subscriber identity, and determining the corresponding MSISDN as a subscriber identity; or acquiring an MSISDN in the association relationship between the temporary subscriber identity and the MSISDN according to the temporary subscriber identity, and determining the MSISDN as a subscriber identity, wherein the association relationship between the temporary subscriber identity and the MSISDN is established when the temporary subscriber identity is generated in the authentication and key agreement process, and the MSISDN is acquired according to the mobile subscriber identity.
And 302, acquiring the product identification transmitted by the Internet of things equipment.
The Internet of things equipment transmits the product identification to the Internet of things platform, and accordingly the Internet of things platform acquires the product identification transmitted by the Internet of things equipment. One effect of the method is that the Internet of things equipment declares the equipment under the product identification which belongs to the transmission to the Internet of things platform, and the Internet of things platform is prevented from mistakenly accessing the Internet of things equipment into the equipment under other product identifications.
The product identification transmitted by the internet of things equipment is acquired by the internet of things platform, and the method can comprise the following multiple implementation modes:
in a first implementation manner, a product identifier sent by the internet of things device is received and acquired, and the sent product identifier is determined to be the transferred product identifier.
The method comprises the steps that a product identifier is configured (including burning) in advance on the Internet of things equipment, the Internet of things equipment sends the product identifier to an Internet of things platform, and the Internet of things platform receives and acquires the sent product identifier and determines that the sent product identifier is a transmitted product identifier.
In a second embodiment, the delivered product identifier is obtained according to a request address requested by the internet of things device.
The internet of things platform provides a plurality of request addresses (such as a plurality of URLs), and each request address is associated with a product identifier.
A request address associated with a certain product identifier is pre-configured on the Internet of things equipment, and a request is sent to the pre-configured request address; when the request address on the Internet of things platform receives a request sent by the Internet of things equipment, the product identification associated with the request address is obtained, and the associated product identification is determined as the transmitted product identification.
In a third implementation manner, the transmitted product identifier is acquired according to the product authentication information sent by the internet of things device.
The product identification transmitted by the Internet of things equipment is acquired and can be acquired according to product authentication information sent by the Internet of things equipment, namely, the Internet of things equipment requests the Internet of things platform for product safety authentication based on the product authentication information, the Internet of things platform performs product safety authentication on the Internet of things equipment, and after the product safety authentication is passed, the Internet of things platform acquires the transmitted product identification according to the product authentication information.
For example, product authentication information is pre-configured (including burning) on the internet of things device, and the product authentication information includes a product identifier, a product key and the like; the Internet of things equipment generates a product authentication request according to the product authentication information; the Internet of things equipment sends the product authentication request to the Internet of things platform; the Internet of things platform authenticates the product authentication request according to the corresponding relation between the pre-stored product identification and the product key; and if the authentication is passed, acquiring the product identification, namely acquiring the transferred product identification.
This step may be performed before step 301, or may be performed during the step 301. For example, the internet of things device may further include the transferred product identifier in the security authentication request sent in step 301, and after receiving the security authentication request sent by the internet of things device, the internet of things platform acquires the transferred product identifier from the security authentication request; for another example, the internet of things platform provides a plurality of security authentication request addresses, each security authentication request address is associated with one product identifier, and after receiving a security authentication request sent by the internet of things device, the internet of things platform determines the product identifier associated with the security authentication request as the delivered product identifier.
Step 303, determining whether the user identity is already registered as a device for the delivered product identity; if yes, proceed to step 304, which is described below.
On the Internet of things platform, the Internet of things equipment is registered as equipment belonging to a certain product, so that the Internet of things equipment can inherit the functions and characteristics of the certain product, wherein the product is referred to as a product identifier, and the Internet of things equipment is referred to as a user identity identifier.
Determining whether the user identity has been registered as a device for the delivered product identity; if yes, continuing to execute the subsequent steps; if not, the subsequent steps are not continuously executed.
The means for determining whether the user identity has been registered as the delivered product identity may comprise various embodiments:
in a first embodiment, the product identifier to which the user identifier belongs is obtained, and if it is determined that the product identifier to which the user identifier belongs is consistent with the delivered product identifier, it is determined that the user identifier is already registered as a device of the delivered product identifier. The method specifically comprises the following steps:
when the internet of things equipment is registered in advance on the internet of things platform, the internet of things equipment is registered as equipment belonging to a certain product, namely, a product belonging to a user identity identifier is recorded as a certain product identifier;
searching a corresponding attribution product in the equipment registration information according to the user identity, namely searching a product identifier to which the user identity belongs;
comparing the attributive product identification with the delivered product identification, and if the attributive product identification is consistent with the delivered product identification, determining that the user identity identification is registered as the equipment of the delivered product identification; if not, it is determined that the user identity is not registered as a device for the delivered product identity.
In a second embodiment, the user identity is determined to have been registered as a device for the delivered product identity after validation by the platform user.
Generating and outputting prompt information according to the transmitted product identification and the user identity identification, wherein the prompt information is used for indicating whether the platform user confirms registration; and if the information which is fed back by the platform user and indicates that the registration is confirmed is received, recording a product to which the user identity belongs as the delivered product identity, and determining that the user identity is already registered as the equipment of the delivered product identity. The method specifically comprises the following steps:
and generating prompt information according to the transmitted product identification and the user identification. For example, a corresponding product name is obtained according to the transmitted product identifier, and the prompt message includes the corresponding product name and the user identity identifier;
and outputting the prompt information. For example, on a console interface of the internet of things platform, the prompt message is displayed, and buttons representing confirmation of registration and rejection of registration are displayed to ask the platform user whether to confirm registration;
and the platform user feeds back information indicating that the registration is confirmed or rejected according to the prompt information. For example, the platform user enters (including triggers) information on the console interface indicating confirmation of registration or rejection of registration, and if the platform user confirms registration, clicks a button indicating confirmation of registration; if the platform user refuses to register, clicking a button representing refusing to register;
and the Internet of things platform receives feedback information of the platform user, and determines whether the user identity mark is registered as the equipment of the transmitted product mark according to the feedback information. For example, if the feedback information is a device indicating confirmation of registration, recording the home product of the user identity as the delivered product identity, and determining that the user identity has been registered as the delivered product identity; if the feedback information is indicative of a registration rejection, determining that the user identity is not registered as a device for the delivered product identity.
It should be noted that the platform user refers to a user of the internet of things platform, and the platform user may perform service operations on the internet of things platform, such as registration, configuration, query, monitoring, activation, logout, and the like of the internet of things device. If there are multiple platform users on the platform of the internet of things, the corresponding platform user may be determined according to the transmitted product identifier, for example, on the platform of the internet of things, the platform user to which the product identifier belongs is recorded as an account of a certain platform user in advance (for example, when a product is created by the certain platform user, the platform user to which the product identifier of the product belongs is recorded as an account of the certain platform user), so that the platform of the internet of things obtains the account of the corresponding platform user to which the product identifier belongs according to the transmitted product identifier, that is, the corresponding platform user is determined according to the transmitted product identifier, and the console interface displaying the prompt information is a console interface on which the account of the corresponding platform user to which the product identifier belongs logs in as described above.
It should be noted that this step may also be implemented in the implementation process of step 301, for example, the internet of things device further includes the transmitted product identifier in the security authentication request sent in step 301, after receiving the security authentication request sent by the internet of things device, the internet of things platform acquires the user identifier and the transmitted product identifier from the security authentication request, determines the user identifier according to the user identifier, and then implements this step, that is, determines whether the user identifier is already registered as a device of the transmitted product identifier, if yes, continues to execute the process of verifying the security authentication request, and if the security authentication request is successfully verified, continues to execute step 304; if not, the subsequent steps are not continuously executed.
And step 304, accessing the Internet of things equipment.
The internet of things platform is accessed to the internet of things equipment, for example, a connection state or a session state of the internet of things equipment is established, and data communication is carried out between the internet of things platform and the internet of things equipment.
After the internet of things platform is accessed to the internet of things equipment, equipment management, data analysis, data forwarding and the like can be carried out on the internet of things equipment. The following description will be given by taking as an example that after accessing the internet of things device, the data reported by the internet of things device is forwarded to a target service:
receiving data reported by the internet of things equipment, such as state data reported by the internet of things equipment;
determining a target service in a binding relationship according to the user identity, where the binding relationship includes the binding relationship between the user identity and the target service, so that the target service can be determined according to the user identity, and for example, the binding relationship is generated by a platform user through configuration on a console; it should be noted that the specific binding parameter of the target service needs to be determined according to the actual service type, application scenario, and the like, and may include parameters such as a network address, a port, a database type, a data table name, a password, or a key of the target service, which is not limited herein;
the data is forwarded to the target service. It can be understood that, in practical applications, the internet of things platform may further filter or/and convert the data and then forward the data to the target service.
In summary, in the method provided in this embodiment, the internet of things platform performs authentication and key agreement with the internet of things device based on the subscriber identity module SIM based on the subscriber data system, and obtains the subscriber identity corresponding to the subscriber identity module SIM; acquiring a product identifier transmitted by the Internet of things equipment; and if the authentication and the key negotiation are successful and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the equipment of the Internet of things. The technical effects brought by the embodiment at least comprise: on the first hand, the key information such as the equipment certificate and the like does not need to be generated for the Internet of things equipment in advance by the Internet of things platform, and the key information such as the equipment certificate and the like does not need to be burnt into the Internet of things equipment in advance, so that the production efficiency and the production cost of the Internet of things equipment can be improved, and the access efficiency of the Internet of things equipment can be improved; in the second aspect, because the internet of things equipment is identified by the user identity corresponding to the subscriber identity module SIM, and the internet of things equipment can be subjected to equipment management, data analysis, data forwarding and the like according to the user identity, as long as the same subscriber identity module SIM is used, even if the internet of things equipment is replaced, the internet of things platform can still access the internet of things equipment according to the same subscriber identity module SIM and can still identify the internet of things equipment according to the user identity corresponding to the same subscriber identity module SIM; in the third aspect, based on the facilities of the subscriber identity module SIM, the subscriber data system, and the like in the communication network, a basic service capability for the service of the internet of things is provided, and service fusion of the communication network and the internet of things is promoted.
Fourth, another embodiment of an access method for internet of things equipment
Referring to fig. 2, a schematic diagram of another embodiment of the present invention is shown. The implementation environment comprises an Internet of things platform, Internet of things equipment, a target service, an authentication server and a user data system.
Fig. 2 is different from fig. 1 in that, in fig. 1, the platform of the internet of things and the user data system are connected through a network, and the platform of the internet of things performs authentication and key agreement based on the user data system and the device of the internet of things based on the subscriber identity module SIM; in fig. 2, the platform of the internet of things is connected to the authentication server through a network, the authentication server is connected to the user data system through a network, the authentication server is connected to the device of the internet of things through a network, the authentication server performs authentication and key agreement with the device of the internet of things based on the user data system and based on the subscriber identity module SIM, if the authentication and key agreement is successful, an association relationship between the subscriber identity and the second root key is established, and the platform of the internet of things realizes security authentication of the device of the internet of things based on the association relationship.
Specifically, please refer to fig. 4, which shows a flowchart of another embodiment of an internet of things device access method provided in the present invention. The embodiment is exemplified by applying the method to an internet of things platform in the implementation environment shown in fig. 2. The method can comprise the following steps:
step 401, verifying a security authentication request sent by the internet of things device based on an association relationship on the authentication server, and obtaining a user identity corresponding to the subscriber identity module SIM, where the association relationship is generated when the authentication server performs authentication and key agreement successfully with the internet of things device based on the subscriber data system and the subscriber identity module SIM, the security authentication request includes a subscriber identity and a first encrypted value, the first encrypted value is generated by the internet of things device according to a first root key, the first root key is generated by the internet of things device when the authentication and key agreement succeeds, and the association relationship includes an association relationship between the subscriber identity and a second root key; if the security authentication request is verified to be successful, the following step 402 is executed.
Before implementing each step of the embodiment, the authentication server performs authentication and key agreement through an authentication and key agreement mechanism based on a user data system and an internet of things device based on a subscriber identity module SIM; if the authentication and key agreement is successful, the internet of things device and the authentication server negotiate to generate a root key with the same value, and for the purpose of distinguishing, the root key generated on the internet of things device is referred to as a first root key, and the root key generated on the authentication server is referred to as a second root key. Meanwhile, establishing an incidence relation between a user identifier and a second root key on an authentication server, wherein the user identifier comprises a mobile user identifier of a Subscriber Identity Module (SIM) or a temporary user identifier; and if the user identification comprises the temporary user identification, the authentication server transmits the temporary user identification to the Internet of things equipment. For a specific implementation process, see the implementation of "authentication and key agreement process embodiment" in the patent application document of "client registration method, apparatus and system" (application numbers: 2019107771277 and 2019107750798), an authentication server is implemented as a registration server in this embodiment, and an internet of things device is implemented as a user terminal in this embodiment.
The Internet of things equipment generates a first encryption value according to the first root secret key, and a security authentication request sent to the Internet of things platform comprises the user identification and the first encryption value. More specifically, the implementation process may include: the Internet of things equipment generates a first authentication key based on the first root key; the method comprises the steps that the Internet of things equipment generates first verification information; the Internet of things equipment encrypts the first verification information based on the first authentication key to generate a first encryption value; the Internet of things equipment generates a security authentication request, wherein the security authentication request comprises the user identification and the first encryption value; and the Internet of things equipment sends the security authentication request to the Internet of things platform.
Correspondingly, the internet of things platform receives a security authentication request sent by the internet of things equipment, then verifies the security authentication request based on the incidence relation on the authentication server, and acquires a user identity corresponding to the subscriber identity module SIM. The internet of things platform verifying the security authentication request based on the association relationship on the authentication server may include various embodiments, which specifically include:
in a first embodiment, the second root key is obtained in the association relationship according to the user identifier, the first encrypted value is verified according to the second root key, and if the first encrypted value is verified to be valid, it is determined that the security authentication request is verified to be successful.
Specifically, the internet of things platform acquires a user identifier and a first encryption value in the security authentication request; the Internet of things platform acquires a second root key in association relation according to the user identification in the association relation between the user identification and the second root key; verifying the first encrypted value based on the second root key and second verification information, wherein the second verification information is the same as the value of the first verification information generated by the Internet of things equipment; if the first encryption value is verified to be valid, the security authentication request is verified to be successful, and a user identity corresponding to a Subscriber Identity Module (SIM) is obtained; and if the first encryption value is verified to be invalid, determining that the security authentication request fails to be verified.
The implementation manner that the internet of things platform obtains the second root key in the association relationship according to the user identifier may be that the internet of things platform sends a query request including the user identifier to an authentication server, the authentication server obtains the second root key in the association relationship according to the user identifier, the authentication server feeds back the second root key to the internet of things platform, and the internet of things platform obtains the second root key; the authentication server may also synchronize the association relationship to the internet of things platform, the internet of things platform locally stores the association relationship, and the internet of things platform obtains the second root key from the locally stored association relationship according to the user identifier.
The embodiment of the internet of things platform verifying the first encrypted value based on the second root key and the second verification information may include: generating a second authentication key based on the second root key, wherein the generation mode of the second authentication key is consistent with the generation mode of the first authentication key generated by the Internet of things equipment, so that the value of the second authentication key is the same as that of the first authentication key generated by the Internet of things equipment; generating second verification information, wherein the generation mode of the second verification information is consistent with the generation mode of the first verification information generated by the equipment of the internet of things, so that the value of the second verification information is the same as that of the first verification information generated by the equipment of the internet of things; verifying the first encrypted value based on the second authentication key and the second verification information, e.g., if the internet of things device generates a first encrypted value using a signature encryption algorithm, verifying the first encrypted value based on the second authentication key and the second verification information using the same signature encryption algorithm; or, if the internet of things device generates the first encrypted value using a symmetric encryption algorithm, verifying the first encrypted value based on the second authentication key and the second verification information using the same symmetric encryption algorithm.
For example, the embodiment may also refer to an embodiment of "client security authentication process example" in a patent application document of "client registration method, apparatus and system" (application number: 2019107771277), and an internet of things platform is implemented as a registration server in the embodiment, and an internet of things device is implemented as a user terminal in the embodiment. And, according to the user identification, obtain the user identification that the subscriber identity module SIM corresponds to, namely obtain the user identification according to the mobile subscriber identification, the implementation can include: determining the mobile user identification as a user identity; or the authentication server acquires the corresponding MSISDN according to the mobile subscriber identity, the authentication server feeds the corresponding MSISDN back to the Internet of things platform, and the Internet of things platform receives the corresponding MSISDN and determines the corresponding MSISDN as the subscriber identity.
For example, the embodiment may also refer to an embodiment of "client security authentication process example" in a patent application document of "client registration method, apparatus and system" (application number: 2019107750798), and an internet of things platform is implemented as a registration server in the embodiment, and an internet of things device is implemented as a user terminal in the embodiment. And, obtain the user identity that the subscriber identity module SIM corresponds according to the user identification, namely obtain the user identity according to the temporary user identification, the implementation can include:
the authentication server acquires a mobile user identifier in the incidence relation between the temporary user identifier and the mobile user identifier according to the temporary user identifier, the authentication server feeds the mobile user identifier back to the Internet of things platform, the Internet of things platform receives the mobile user identifier and determines the mobile user identifier as a user identity identifier, wherein the incidence relation between the temporary user identifier and the mobile user identifier is established when the temporary user identifier is generated in the authentication and key agreement process; alternatively, the first and second electrodes may be,
the authentication server acquires a mobile subscriber identity in the association relationship between the temporary subscriber identity and the mobile subscriber identity according to the temporary subscriber identity, acquires a corresponding MSISDN according to the mobile subscriber identity, and feeds the corresponding MSISDN back to the Internet of things platform, and the Internet of things platform receives the corresponding MSISDN and determines the corresponding MSISDN as a subscriber identity; alternatively, the first and second electrodes may be,
the authentication server acquires an MSISDN in the association relationship between the temporary user identifier and the MSISDN according to the temporary user identifier, the authentication server feeds the corresponding MSISDN back to the platform of the Internet of things, the platform of the Internet of things receives the corresponding MSISDN and determines the corresponding MSISDN as a user identity identifier, wherein the association relationship between the temporary user identifier and the MSISDN is established when the temporary user identifier is generated in the authentication and key negotiation process, and the MSISDN is acquired according to the mobile user identifier.
The embodiment of the authentication server obtaining the corresponding MSISDN according to the mobile subscriber identity may include: the authentication server sends an MSISDN query request including the mobile subscriber identity to the subscriber data system, and the subscriber data system feeds back the MSISDN corresponding to the mobile subscriber identity to the authentication server.
In a second embodiment, the security authentication request is forwarded to the authentication server, and if information indicating successful verification fed back by the authentication server is received, it is determined that the security authentication request is successfully verified.
Specifically, the platform of the internet of things forwards the security authentication request to an authentication server; the authentication server receives the security authentication request and acquires a user identifier and the first encryption value; the authentication server acquires the second root key in the association relationship according to the user identifier; verifying the first encrypted value based on the second root key and second verification information, wherein the second verification information is the same as the value of the first verification information generated by the Internet of things equipment; if the first encryption value is verified to be valid, feeding back information representing successful verification to the Internet of things platform; and if the first encryption value is verified to be invalid, feeding back information representing verification failure to the platform of the Internet of things. The authentication server verifies the specific implementation manner of the first encrypted value based on the second root key and the second verification information, which may also refer to the verification manner of the internet of things platform in the first implementation manner in this step.
Correspondingly, the Internet of things platform receives information fed back by the authentication server, if the information indicating successful verification is received, the safety authentication request is determined to be successful, and a user identity corresponding to the SIM is obtained; and if the information indicating the verification failure is received, determining that the security authentication request fails to be verified. For a specific embodiment of obtaining the user identity corresponding to the subscriber identity module SIM, reference may also be made to the embodiment of obtaining the user identity corresponding to the subscriber identity module SIM according to the user identity in the first embodiment of this step, which is not described herein again.
And 402, acquiring the product identification transmitted by the Internet of things equipment.
Step 403, determining whether the user identity is registered as a device of the delivered product identity; if yes, proceed to step 404, which is described below.
And step 404, accessing the Internet of things equipment.
The above steps 402 to 404 can refer to the above steps 302 to 304, which are not described herein again.
In practical application, the implementation environment may further include a plurality of internet of things platforms, each internet of things platform is connected to the authentication server through a network, each internet of things platform is connected to one or more internet of things devices through a network, and each internet of things platform and each connected internet of things device respectively execute the processes in the steps 401 to 404, so that each internet of things platform is respectively connected to each connected internet of things device. The detailed description is omitted.
In summary, the method provided in this embodiment not only has the effects of the foregoing method for accessing an internet of things device, but also has the following technical effects: on the first hand, the authentication server and the platform of the internet of things can be respectively constructed, for example, a communication operator is responsible for the construction of the authentication server, and a cloud service manufacturer is responsible for the construction of the platform of the internet of things; in a second aspect, in the prior art, the internet of things device burned with the key information generated by a certain internet of things platform can only access the certain internet of things platform, but according to the method provided by this embodiment, the internet of things device can respectively access a plurality of internet of things platforms as long as the plurality of internet of things platforms are connected with the authentication server through a network.
Fifth, an embodiment of an access device of internet of things device
Referring to fig. 5, a schematic structural diagram of a first embodiment of an access apparatus for internet of things provided by the present invention is shown, and for convenience of description, only parts related to the embodiment of the present invention are shown. The embodiment is exemplified by applying the apparatus to an internet of things platform in the implementation environment shown in fig. 1, and the apparatus includes:
the authentication and key agreement module 51 is configured to perform authentication and key agreement based on a subscriber identity module SIM on the basis of a subscriber data system and an internet of things device, and acquire a subscriber identity corresponding to the subscriber identity module SIM;
a product identifier obtaining module 52, configured to obtain a product identifier transmitted by the internet of things device;
a registration relation determination module 53, configured to determine whether the user identity is already registered as a device of the delivered product identity;
and the device access module 54 is configured to access the internet of things device if the authentication and key agreement is successful and if it is determined that the user identity identifier is registered as the device of the transferred product identifier.
Preferably, the product identification obtaining module 52 includes:
a first product identifier obtaining unit 521, configured to receive and obtain a product identifier sent by the internet of things device, and determine that the sent product identifier is the delivered product identifier; alternatively, the first and second electrodes may be,
a second product identifier obtaining unit 522, configured to obtain the transmitted product identifier according to the request address requested by the internet of things device; alternatively, the first and second electrodes may be,
a third product identifier obtaining unit 523, configured to obtain the transferred product identifier according to the product authentication information sent by the internet of things device.
Preferably, the registration relation determining module 53 includes:
a first registration relation determining unit 531, configured to obtain a product identifier to which the user identity identifier belongs, and if it is determined that the product identifier to which the user identity identifier belongs is consistent with the transferred product identifier, determine that the user identity identifier is already registered as a device of the transferred product identifier; alternatively, the first and second electrodes may be,
a second registration relation determining unit 532, configured to determine, after confirmation by the platform user, that the user identity has been registered as a device for the delivered product identity.
Preferably, the second registration relation determining unit 532 includes:
a prompt information output subunit 5321, configured to generate and output a prompt information according to the transmitted product identifier and the user identity identifier, where the prompt information is used to indicate whether the platform user confirms registration;
a registration determining subunit 5322, configured to, if receiving the information indicating that registration is confirmed and fed back by the platform user, record a product to which the user identity belongs as the delivered product identity, and determine that the user identity has been registered as a device of the delivered product identity.
Sixth, an embodiment of an access device for internet of things device
Please refer to fig. 6, which illustrates a schematic structural diagram of a second access apparatus for internet of things according to an embodiment of the present invention. The device is on the device that the thing networking device access device embodiment one provided above, still includes following module:
the security authentication module 61 is configured to generate a second root key, establish an association relationship between a user identifier and the second root key, verify a security authentication request sent by the internet of things device according to the association relationship, and determine the user identity identifier according to the user identifier;
the device access module 54 is further configured to: and if the security authentication request is verified to be successful, accessing the Internet of things equipment.
Preferably, the security authentication module 61 includes:
an association relationship establishing unit 611, configured to generate a second root key and establish the association relationship;
an authentication request verifying unit 612, configured to verify, according to the association relationship, a security authentication request sent by the internet of things device, where the security authentication request includes the user identifier and a first encrypted value, the first encrypted value is generated by the internet of things device according to a first root key, and the first root key is generated by the internet of things device when the authentication and key agreement is successful;
an identity identification determining unit 613, configured to determine the user identity according to the user identity.
Seventhly, third embodiment of access device of Internet of things equipment
Please refer to fig. 7, which illustrates a schematic structural diagram of a third embodiment of an access apparatus for an internet of things device provided by the present invention. The device is on the device that the thing networking device access device embodiment one provided above, still includes following module:
and the data forwarding module 71 is configured to forward the data reported by the internet of things device to a target service.
Preferably, the data forwarding module 71 includes:
a data receiving unit 712, configured to receive data reported by the internet of things device;
a service determining unit 713, configured to determine the target service in a binding relationship according to the user identity, where the binding relationship includes a binding relationship between the user identity and the target service;
a data forwarding unit 714, configured to forward the data to the target service.
Eighthly, fourth embodiment of the access device of the Internet of things equipment
Please refer to fig. 8, which illustrates a schematic structural diagram of a fourth embodiment of an access apparatus for an internet of things device according to the present invention. The device is an optional embodiment formed by the data forwarding module 71 in the third embodiment of the internet of things device access device and the device provided in the second embodiment of the internet of things device access device.
The apparatuses provided in the first to fourth embodiments of the access apparatus for internet of things and the implementation method in the embodiment of the access method for internet of things belong to the same concept, and specific implementation principles and effects thereof can be seen in the method embodiments, and are not described herein again.
Nine, another thing networking equipment access device embodiment one
Referring to fig. 9, a schematic structural diagram of another embodiment of an access apparatus for internet of things provided by the present invention is shown, and for convenience of description, only the portions related to the embodiment of the present invention are shown. The embodiment is exemplified by applying the apparatus to an internet of things platform in an implementation environment shown in fig. 2, and the apparatus includes:
the security authentication module 91 is configured to verify a security authentication request sent by an internet of things device based on an association relationship on an authentication server, and obtain a user identity corresponding to a subscriber identity module SIM, where the association relationship is generated when the authentication server authenticates and the internet of things device based on a subscriber data system and the subscriber identity module SIM is successful in key agreement, the security authentication request includes a subscriber identity and a first encrypted value, the first encrypted value is generated by the internet of things device according to a first root key, the first root key is generated by the internet of things device when the authentication and key agreement is successful, and the association relationship includes an association relationship between the subscriber identity and a second root key;
a product identifier obtaining module 92, configured to obtain a product identifier transmitted by the internet of things device;
a registration relation determining module 93, configured to determine whether the user identity identifier is already registered as a device of the delivered product identifier;
a device access module 94, configured to access the internet of things device if the security authentication request is successfully verified and if it is determined that the user identity identifier is registered as the device of the delivered product identifier.
Preferably, the security authentication module 91 includes:
an authentication request verification unit 911, configured to verify, according to the association relationship, a security authentication request sent by the internet of things device;
an identity determining unit 912, configured to determine the user identity according to the user identity.
Preferably, the authentication request verification unit 911 includes:
a first verifying subunit 9111, configured to obtain the second root key in the association relationship according to the user identifier, verify the first encrypted value according to the second root key, and determine that the security authentication request is successfully verified if the first encrypted value is verified to be valid; alternatively, the first and second electrodes may be,
a second verifying subunit 9112, configured to forward the security authentication request to the authentication server, so that the authentication server verifies the security authentication request according to the association relationship, and if receiving information indicating that verification is successful, which is fed back by the authentication server, then it is determined that verification of the security authentication request is successful.
Preferably, the product identification obtaining module 92 includes:
a first product identifier obtaining unit 921, configured to receive and obtain a product identifier sent by the internet of things device, and determine that the sent product identifier is the delivered product identifier; alternatively, the first and second electrodes may be,
a second product identifier obtaining unit 922, configured to obtain the transmitted product identifier according to the request address requested by the internet of things device; alternatively, the first and second electrodes may be,
a third product identifier obtaining unit 923, configured to obtain the transmitted product identifier according to the product authentication information sent by the internet of things device.
Preferably, the registration relation determining module 93 includes:
a first registration relation determining unit 931, configured to obtain a product identifier to which the user identifier belongs, and if it is determined that the product identifier to which the user identifier belongs is consistent with the delivered product identifier, determine that the user identifier is already registered as a device of the delivered product identifier; alternatively, the first and second electrodes may be,
a second registration relation determining unit 932 for determining, after confirmation by the platform user, that the user identity has been registered as a device for the delivered product identity.
Preferably, the second registration relation determining unit 932 includes:
a prompt information output subunit 9321, configured to generate and output a prompt information according to the transmitted product identifier and the user identifier, where the prompt information is used to indicate whether the platform user confirms registration;
a registration determining subunit 9322, configured to, if receiving the information indicating that registration is confirmed, which is fed back by the platform user, record a product to which the user identifier belongs as the delivered product identifier, and determine that the user identifier has been registered as a device of the delivered product identifier.
Tenth embodiment, second embodiment of another internet of things device access device
Please refer to fig. 10, which illustrates a schematic structural diagram of another access apparatus for internet of things according to a second embodiment of the present invention. The device is on the device that another thing networking device access device embodiment first provided above, still includes following module:
and the data forwarding module 101 is configured to forward the data reported by the internet of things device to a target service.
Preferably, the data forwarding module 101 includes:
a data receiving unit 1011, configured to receive data reported by the internet of things device;
a service determining unit 1012, configured to determine the target service in a binding relationship according to the user identity, where the binding relationship includes a binding relationship between the user identity and the target service;
a data forwarding unit 1013 configured to forward the data to the target service.
The apparatuses provided in the first to second embodiments of the another internet of things device access apparatus and the implementation method in the another internet of things device access method embodiment belong to the same concept, and specific implementation principles and effects thereof can be seen in the method embodiments, and are not described herein again.
Eleventh embodiment of an Internet of things system
Please refer to fig. 11, which illustrates a schematic structural diagram of an embodiment of an internet of things system provided by the present invention. The authentication server 111 and the internet of things platform 112 included in the system may also refer to the authentication server and the internet of things platform in the structural schematic diagram of another implementation environment (i.e., fig. 2).
The authentication server 111 is configured to perform authentication and key agreement based on a subscriber identity module SIM on the basis of a subscriber data system and an internet of things device, generate a second root key if the authentication and key agreement is successful, and establish an association relationship between a subscriber identity and the second root key;
the internet of things platform 112 is configured to implement the method in the another internet of things device access method embodiment, or the internet of things platform 112 includes the device in the another internet of things device access device embodiment one or the device in the embodiment two. For specific implementation principles and effects, reference may also be made to another embodiment of the internet of things device access method, which is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," "includes," "passing," "sending," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system.
The terms "first," "second," "third," and the like (if any) are used solely to distinguish one from another and are not used to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The method, apparatus and system of the present invention can be implemented in a number of ways. For example, the methods, apparatus and systems of the present invention may be implemented by software, hardware, firmware or any combination of software, hardware and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Furthermore, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. An Internet of things equipment access method is applied to an Internet of things platform, and comprises the following steps:
based on a user data system and the Internet of things equipment, performing authentication and key agreement based on a Subscriber Identity Module (SIM), and acquiring a subscriber identity corresponding to the Subscriber Identity Module (SIM);
acquiring a product identifier transmitted by the Internet of things equipment;
determining whether the user identity has been registered as a device for the delivered product identity;
and if the authentication and key agreement is successful and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the equipment of the Internet of things.
2. The method of claim 1, wherein accessing the internet of things device further comprises:
and forwarding the data reported by the equipment of the Internet of things to a target service.
3. An Internet of things equipment access method is applied to an Internet of things platform, and comprises the following steps:
verifying a security authentication request sent by Internet of things equipment based on an incidence relation on an authentication server, and acquiring a user identity corresponding to a Subscriber Identity Module (SIM), wherein the incidence relation is generated when the authentication server authenticates and successfully negotiates with the Internet of things equipment based on a subscriber data system and the SIM, the security authentication request comprises a user identity and a first encryption value, the first encryption value is generated by the Internet of things equipment according to a first root key, the first root key is generated by the Internet of things equipment when the authentication and key negotiation is successful, and the incidence relation comprises the incidence relation between the user identity and a second root key;
acquiring a product identifier transmitted by the Internet of things equipment;
determining whether the user identity has been registered as a device for the delivered product identity;
and if the safety authentication request is verified successfully and the user identity is determined to be registered as the equipment of the transmitted product identifier, accessing the Internet of things equipment.
4. The method of claim 12, wherein accessing the internet of things device further comprises:
and forwarding the data reported by the equipment of the Internet of things to a target service.
5. The utility model provides a thing networking equipment access device which characterized in that is applied to thing networking platform, the device includes:
the authentication and key agreement module is used for performing authentication and key agreement based on a user data system and the Internet of things equipment based on a user identification module SIM, and acquiring a user identity corresponding to the user identification module SIM;
the product identification acquisition module is used for acquiring the product identification transmitted by the Internet of things equipment;
a registration relationship determination module for determining whether the user identity has been registered as a device for the delivered product identity;
and the equipment access module is used for accessing the Internet of things equipment if the authentication and the key negotiation are successful and the user identity is determined to be registered as the equipment of the transmitted product identifier.
6. The utility model provides a thing networking equipment access device which characterized in that is applied to thing networking platform, the device includes:
the security authentication module is used for verifying a security authentication request sent by the internet of things equipment based on an association relation on an authentication server and acquiring a user identity corresponding to a Subscriber Identity Module (SIM), wherein the association relation is generated when the authentication server authenticates and successfully negotiates with the internet of things equipment based on a subscriber data system and the SIM, the security authentication request comprises a subscriber identity and a first encryption value, the first encryption value is generated by the internet of things equipment according to a first root key, the first root key is generated by the internet of things equipment when the authentication and key negotiation is successful, and the association relation comprises the association relation between the subscriber identity and a second root key;
the product identification acquisition module is used for acquiring the product identification transmitted by the Internet of things equipment;
a registration relationship determination module for determining whether the user identity has been registered as a device for the delivered product identity;
and the equipment access module is used for accessing the Internet of things equipment if the security authentication request is verified successfully and the user identity identifier is determined to be registered as the equipment of the transmitted product identifier.
7. A computer device, comprising: processor, memory and a computer program stored on the memory and executable on the processor, characterized in that the computer program implements the method of any of claims 1 to 2 or the method of any of claims 3 to 4 when executed by the processor.
8. A storage medium characterized in that the storage medium has stored therein a program for implementing a method comprising any one of claims 1 to 2, or a program for implementing a method comprising any one of claims 3 to 4.
9. An internet of things platform comprising the apparatus of claim 5 or comprising the apparatus of claim 6.
10. The system of the Internet of things is characterized by comprising an authentication server and an Internet of things platform, wherein the authentication server is connected with the Internet of things platform through a network;
the authentication server is used for performing authentication and key agreement based on a subscriber data system and an Internet of things device based on a Subscriber Identity Module (SIM), if the authentication and key agreement is successful, generating a second root key and establishing an association relation between a subscriber identity and the second root key;
the Internet of things platform is used for realizing the method as claimed in any one of claims 3 to 4.
CN201911278406.5A 2019-12-13 2019-12-13 Internet of things equipment access method and device and Internet of things platform Withdrawn CN111327416A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911278406.5A CN111327416A (en) 2019-12-13 2019-12-13 Internet of things equipment access method and device and Internet of things platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911278406.5A CN111327416A (en) 2019-12-13 2019-12-13 Internet of things equipment access method and device and Internet of things platform

Publications (1)

Publication Number Publication Date
CN111327416A true CN111327416A (en) 2020-06-23

Family

ID=71167007

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911278406.5A Withdrawn CN111327416A (en) 2019-12-13 2019-12-13 Internet of things equipment access method and device and Internet of things platform

Country Status (1)

Country Link
CN (1) CN111327416A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835755A (en) * 2020-07-09 2020-10-27 中国联合网络通信集团有限公司 Mutual authentication method and equipment for Internet of things equipment and Internet of things service system
CN112469042A (en) * 2021-01-28 2021-03-09 北京树米网络科技有限公司 System for locking bound equipment, module and subscriber identity module
CN113206886A (en) * 2021-05-08 2021-08-03 深圳市信锐网科技术有限公司 Method, device, equipment and medium for accessing equipment to Internet of things platform
CN114338062A (en) * 2020-09-29 2022-04-12 中移物联网有限公司 Ownership transfer method and device, Internet of things platform and readable storage medium
CN114442504A (en) * 2022-02-15 2022-05-06 深圳市华思特科技有限公司 Intelligent home management system based on Internet of things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244227A (en) * 2013-06-09 2014-12-24 中国移动通信集团公司 Terminal access authentication method and device in internet of things system
CN104573439A (en) * 2013-10-29 2015-04-29 深圳市共进电子股份有限公司 Permission assignment method and system based on product configuration
CN104767756A (en) * 2015-04-15 2015-07-08 北京京东尚科信息技术有限公司 Equipment information processing method, client side device and server side device
US20160285636A1 (en) * 2015-03-27 2016-09-29 Comcast Cable Communications, Llc Methods And Systems For Key Generation
CN106940553A (en) * 2017-02-09 2017-07-11 北京东土科技股份有限公司 Industrial flow control management method and device based on industry internet operating system
CN109041205A (en) * 2018-08-23 2018-12-18 刘高峰 Client registers method, apparatus and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244227A (en) * 2013-06-09 2014-12-24 中国移动通信集团公司 Terminal access authentication method and device in internet of things system
CN104573439A (en) * 2013-10-29 2015-04-29 深圳市共进电子股份有限公司 Permission assignment method and system based on product configuration
US20160285636A1 (en) * 2015-03-27 2016-09-29 Comcast Cable Communications, Llc Methods And Systems For Key Generation
CN104767756A (en) * 2015-04-15 2015-07-08 北京京东尚科信息技术有限公司 Equipment information processing method, client side device and server side device
CN106940553A (en) * 2017-02-09 2017-07-11 北京东土科技股份有限公司 Industrial flow control management method and device based on industry internet operating system
CN109041205A (en) * 2018-08-23 2018-12-18 刘高峰 Client registers method, apparatus and system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835755A (en) * 2020-07-09 2020-10-27 中国联合网络通信集团有限公司 Mutual authentication method and equipment for Internet of things equipment and Internet of things service system
CN111835755B (en) * 2020-07-09 2022-06-10 中国联合网络通信集团有限公司 Mutual authentication method and equipment for Internet of things equipment and Internet of things service system
CN114338062A (en) * 2020-09-29 2022-04-12 中移物联网有限公司 Ownership transfer method and device, Internet of things platform and readable storage medium
CN114338062B (en) * 2020-09-29 2024-03-19 中移物联网有限公司 Ownership transfer method and device, internet of things platform and readable storage medium
CN112469042A (en) * 2021-01-28 2021-03-09 北京树米网络科技有限公司 System for locking bound equipment, module and subscriber identity module
CN113206886A (en) * 2021-05-08 2021-08-03 深圳市信锐网科技术有限公司 Method, device, equipment and medium for accessing equipment to Internet of things platform
CN114442504A (en) * 2022-02-15 2022-05-06 深圳市华思特科技有限公司 Intelligent home management system based on Internet of things

Similar Documents

Publication Publication Date Title
CN111327582B (en) Authorization method, device and system based on OAuth protocol
CN111050314B (en) Client registration method, device and system
US10284555B2 (en) User equipment credential system
CN111327583B (en) Identity authentication method, intelligent equipment and authentication server
CN111327416A (en) Internet of things equipment access method and device and Internet of things platform
EP2852118B1 (en) Method for an enhanced authentication and/or an enhanced identification of a secure element located in a communication device, especially a user equipment
CN101160924B (en) Method for distributing certificates in a communication system
KR102134302B1 (en) Wireless network access method and apparatus, and storage medium
KR100927944B1 (en) Method and apparatus for optimal transmission of data in wireless communication system
US7707412B2 (en) Linked authentication protocols
CN111050322B (en) GBA-based client registration and key sharing method, device and system
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
US9693226B2 (en) Method and apparatus for securing a connection in a communications network
US10880291B2 (en) Mobile identity for single sign-on (SSO) in enterprise networks
US20060101270A1 (en) Determining a key derivation function
CN111147421B (en) Authentication method based on general guide architecture GBA and related equipment
JP2010503323A (en) Method and system for establishing a real-time authenticated and guaranteed communication channel in a public network
JP2007528650A (en) Method for verifying first ID and second ID of entity
CN104982053B (en) For obtaining the method and network node of the permanent identity of certification wireless device
JP7337912B2 (en) Non-3GPP device access to core network
WO2020043809A1 (en) Non-3gpp device access to core network
CN102694779B (en) Combination attestation system and authentication method
CN108353259B (en) Method and apparatus for charging record authentication for anonymized network service utilization
CN107801186B (en) Non-access stratum abstract authentication method in trunking communication system
CN107426724B (en) Method and system for accessing intelligent household electrical appliance to wireless network, terminal and authentication server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20200623

WW01 Invention patent application withdrawn after publication