CN111563249B - IOT authorization-based terminal verification method and system - Google Patents
IOT authorization-based terminal verification method and system Download PDFInfo
- Publication number
- CN111563249B CN111563249B CN202010371914.4A CN202010371914A CN111563249B CN 111563249 B CN111563249 B CN 111563249B CN 202010371914 A CN202010371914 A CN 202010371914A CN 111563249 B CN111563249 B CN 111563249B
- Authority
- CN
- China
- Prior art keywords
- authorization
- equipment
- terminal equipment
- address
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the field of internet communication, in particular to a terminal verification method and a terminal verification system based on IOT authorization. The method and the system comprise the following steps: a database server receives a connection request sent by a terminal device; the database server judges whether the terminal equipment meets the connection condition; if the connection condition is met, the database server sends an authorized address to the terminal equipment; the terminal equipment sends an authorization address to the data server; the data server judges whether the authorization address meets an authorization condition based on an IOT (Internet of things) authorization protocol; if the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; if the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment.
Description
Technical Field
The invention relates to the field of internet communication, in particular to a terminal verification method and system based on IOT authorization.
Background
The authorization of the current mobile terminal equipment is mainly authenticated by short messages and then accessed to a service platform, and equipment manufacturers directly operate the equipment, so that various risks such as information safety runaway, equipment management runaway, customer loss and the like can be caused.
In addition, short message operation is too complex, when a batch of equipment is produced, one service server is completely defaulted, when goods are delivered, if other service servers need to be appointed, short messages need to be sent independently, when a large number of equipment is delivered, a large number of short messages need to be sent to finish the appointed work of the service servers, and meanwhile, a large amount of cost is generated.
In addition, no authority setting exists in the short message sending process, and any person can change the corresponding service server of the equipment through the short message, so that potential safety problems exist. When the service life of the equipment expires or the equipment is stopped, the equipment is started and needs to resend the short message, which is very complicated.
Disclosure of Invention
The embodiment of the invention provides a terminal verification method and a system based on IOT authorization, which at least solve the technical problems of high operation complexity and low safety performance of an authorization verification system of the existing mobile terminal equipment.
According to an embodiment of the present invention, a terminal authentication method based on IOT authorization is provided, which includes the following steps:
a database server receives a connection request sent by a terminal device;
the database server judges whether the terminal equipment meets the connection condition;
if the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment;
if the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment;
the terminal equipment sends an authorization address to the data server;
the data server judges whether the authorization address meets an authorization condition based on an IOT (Internet of things) authorization protocol;
if the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment;
and if the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment.
Further, the method further comprises:
the method comprises the steps that an equipment management platform receives an equipment warehousing request sent by a manager, wherein the equipment warehousing request at least carries an equipment identifier corresponding to terminal equipment;
the equipment management platform stores the equipment identification to a system database;
the method comprises the steps that an equipment management platform receives an equipment ex-warehouse request sent by a manager, wherein the equipment ex-warehouse request at least carries an authorization address corresponding to terminal equipment;
the device management platform establishes a corresponding relation between the authorization address and the device identifier, and correspondingly stores the authorization address and the device identifier to a system database.
Further, the step of judging whether the terminal device meets the connection condition by the database server includes:
and the database server reads the system database and judges whether an authorized address corresponding to the equipment identifier exists in the system database.
Further, the method further comprises:
the data server receives an authorized access request sent by the terminal equipment;
the data server judges whether the terminal equipment meets the access condition;
if the terminal equipment meets the access condition, the data server sends an access success signal to the terminal equipment;
and if the terminal equipment does not meet the access condition, the data server sends an access refusing signal to the terminal equipment.
Further, the step of the data server judging whether the terminal device satisfies the access condition includes:
and the data server judges whether the service time exceeds the authorization time limit of the service server corresponding to the terminal equipment.
Further, the method further comprises:
the method comprises the steps that an equipment management platform receives an input request of an authorization contract sent by a manager, wherein the input request at least carries authorization information corresponding to terminal equipment;
the device management platform establishes a corresponding relation between the authorization information and the device identification, and correspondingly stores the authorization information and the device identification into a database.
Further, the method further comprises:
the data server receives a service access request sent by the terminal equipment, wherein the service access request at least carries an equipment identifier corresponding to the terminal equipment;
the database server reads the system database and judges whether authorization information corresponding to the equipment identification exists in the system database;
if the authorization information exists, the data server establishes communication connection between the service server corresponding to the authorization information and the terminal equipment, and sends an access success signal to the terminal equipment;
and if the access failure signal does not exist, the data server sends an access failure signal to the terminal equipment.
According to another embodiment of the present invention, there is provided a terminal authentication system based on IOT authorization, including:
the connection request receiving module is used for receiving a connection request sent by the terminal equipment by the database server;
the connection condition judging module is used for judging whether the terminal equipment meets the connection condition or not by the database server;
the connection failure module is used for sending a connection failure signal to the terminal equipment by the database server if the terminal equipment does not meet the connection condition;
the first address sending module is used for sending an authorized address to the terminal equipment by the database server if the terminal equipment meets the connection condition;
the second address sending module is used for sending the authorization address to the data server by the terminal equipment;
the authorization judging module is used for judging whether the authorization address meets the authorization condition or not by the data server based on the IOT authorization protocol;
the communication establishing module is used for establishing communication connection between the service server corresponding to the authorization address and the terminal equipment by the data server and sending an authorization success signal to the terminal equipment if the authorization address meets the authorization condition;
and the authorization failure module is used for sending an authorization failure signal to the terminal equipment by the data server if the authorization address does not meet the authorization condition.
Further, the system further comprises:
the equipment warehousing module is used for receiving an equipment warehousing request sent by a manager by the equipment management platform, wherein the equipment warehousing request at least carries an equipment identifier corresponding to the terminal equipment;
the identification storage module is used for storing the equipment identification to the system database by the equipment management platform;
the equipment ex-warehouse module is used for receiving an equipment ex-warehouse request sent by a manager by the equipment management platform, wherein the equipment ex-warehouse request at least carries an authorized address corresponding to the terminal equipment;
and the authorization storage module is used for the equipment management platform to establish the corresponding relation between the authorization address and the equipment identifier and correspondingly store the authorization address and the equipment identifier to the system database.
Further, the system further comprises:
the access receiving module is used for receiving an authorized access request sent by the terminal equipment by the data server;
the access judging module is used for judging whether the terminal equipment meets the access condition or not by the data server;
the access success module is used for sending an access success signal to the terminal equipment by the data server if the terminal equipment meets the access condition;
and the access rejection module is used for sending an access rejection signal to the terminal equipment by the data server if the terminal equipment does not meet the access condition.
According to the terminal verification method and system based on IOT authorization, a database server receives a connection request sent by terminal equipment; then, according to the connection request, the database server judges whether the terminal equipment meets the connection condition; when the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment; when the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment; the process of judging the connection condition of the terminal equipment can ensure that the terminal equipment can accurately acquire the authorized address and the security of the authorized address, and reduce the time cost and resource consumption of repeated and repeated verification; further, the terminal device sends an authorization address to the data server; the data server judges whether the authorization address meets the authorization condition based on the IOT authorization protocol; when the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; when the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment, and the process of judging the authorization condition of the authorization address can realize automatic authorization verification, improve authorization processing efficiency and maintain the stability of communication connection.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flowchart of a terminal authentication method based on IOT authorization according to the present invention;
FIG. 2 is a management flowchart of the device management platform in the IOT authorization-based terminal authentication method of the present invention;
FIG. 3 is a flowchart illustrating the determination of access conditions of a data server in the IOT authorization-based terminal authentication method according to the present invention;
FIG. 4 is a flowchart of authorization information storage in the IOT authorization-based terminal authentication method according to the present invention;
FIG. 5 is a flowchart illustrating a data server performing a service access determination in the IOT authorization-based terminal authentication method according to the present invention;
FIG. 6 is a block diagram of a terminal authentication system based on IOT authorization according to the present invention;
FIG. 7 is a block diagram of a device management platform in the IOT authorization-based terminal authentication system according to the present invention;
FIG. 8 is a block diagram of a data server in the IOT authorization-based terminal authentication system of the present invention;
FIG. 9 is another block diagram of the device management platform in the IOT authorization-based terminal authentication system according to the present invention;
fig. 10 is another block diagram of the data server in the IOT authorization-based terminal authentication system according to the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
According to an embodiment of the present invention, a terminal authentication method based on IOT authorization is provided, referring to fig. 1, including the following steps:
s1: a database server receives a connection request sent by a terminal device;
s2: the database server judges whether the terminal equipment meets the connection condition;
s3: if the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment;
s4: if the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment;
s5: the terminal equipment sends an authorization address to the data server;
s6: the data server judges whether the authorization address meets an authorization condition based on an IOT (Internet of things) authorization protocol;
s7: if the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment;
s8: and if the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment.
In the IOT authorization-based terminal verification method in the embodiment of the invention, a database server receives a connection request sent by terminal equipment; then, according to the connection request, the database server judges whether the terminal equipment meets the connection condition; when the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment; when the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment; the process of judging the connection condition of the terminal equipment can ensure that the terminal equipment can accurately acquire the authorized address and the security of the authorized address, and reduce the time cost and resource consumption of repeated and repeated verification; further, the terminal device sends an authorization address to the data server; the data server judges whether the authorization address meets the authorization condition based on the IOT authorization protocol; when the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; when the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment, and the process of judging the authorization condition of the authorization address can realize automatic authorization verification, improve authorization processing efficiency and maintain the stability of communication connection.
In a preferred embodiment, referring to fig. 2, the method further comprises:
s9: the method comprises the steps that an equipment management platform receives an equipment warehousing request sent by a manager, wherein the equipment warehousing request at least carries an equipment identifier corresponding to terminal equipment;
s10: the equipment management platform stores the equipment identification to a system database;
s11: the method comprises the steps that an equipment management platform receives an equipment ex-warehouse request sent by a manager, wherein the equipment ex-warehouse request at least carries an authorization address corresponding to terminal equipment;
s12: the device management platform establishes a corresponding relation between the authorization address and the device identifier, and correspondingly stores the authorization address and the device identifier to a system database.
In this embodiment, the terminal device may specifically include, but is not limited to, a personnel GPS positioning device, a vehicle-mounted GPS positioning device, and various vehicle-mounted mobile terminal monitoring devices, such as an intelligent water meter, an odor sensor, a soil detector, and an RTU intelligent terminal.
The device management platform can be an application program running independently, a functional module in the application program or a webpage, and the like, and can realize direct interaction with management personnel.
The device identifier may specifically include, but is not limited to, a number, an alphabet number, a text identifier, an IP address, or a combination of several identifiers, such as AAA, 110, a first terminal, and the like; the terminal device and the device identifier are in one-to-one correspondence.
The authorization address refers to a terminal device which has an authorization contract with a service server, defines a corresponding server address, and can be understood as an IP address, such as an address a, an address B, or an address C; the terminal device and the authorization address may be in a one-to-one correspondence or a many-to-one relationship.
Specifically, in practical application, when the device management platform receives a device warehousing request sent by a manager, the device management platform obtains a device identifier corresponding to the terminal device a, such as a number a101, carried in the device warehousing request; furthermore, the device management platform can store the A101 number in a system database, so that the uniqueness and the safety of each device identifier can be ensured, and the device identifiers can be conveniently searched and managed; then, when the device management platform receives a device ex-warehouse request sent by a manager, the device management platform may directly obtain an authorized address, such as address 101.25.12, corresponding to the terminal device a carried in the ex-warehouse request; furthermore, the corresponding relation between the address 101.25.12 and the A101 number can be established through the device management platform, and then the 101.25.12 and the A101 number are correspondingly stored in the system database, so that the other one can be conveniently and quickly indexed according to one of the authorized address and the device identifier, the device authorization efficiency can be improved to a certain extent, and the accuracy and the safety of acquisition can be ensured.
In a preferred technical solution, the step of the database server determining whether the terminal device satisfies the connection condition includes: and the database server reads the system database and judges whether an authorized address corresponding to the equipment identifier exists in the system database.
In this embodiment, the database server may be a Web server. The data storage and processing system can be one server, can also be a server group consisting of a plurality of servers, or can be a cloud computing service center, and can be used for storing and processing data.
Specifically, in practical applications, after the database server receives a connection request sent by the terminal device, the database server may determine, according to the connection request, whether the terminal device B satisfies a connection condition by using a device identifier, such as B11, corresponding to the terminal device B carried in the connection request, specifically, the database server may traverse through a system database to find whether an authorized address having a corresponding relationship with the device identifier B11 exists; when traversing to the authorized address corresponding to the device identifier B11, for example, 152.01.3, it may be understood that the device terminal satisfies the connection condition, the database server may connect with the terminal device, and the authorized address 152.01.3 is sent to the terminal device, which may be understood that the terminal device B has the authority of preliminary authorization; when the authorization address corresponding to the device identifier B11 is not traversed, it may be understood that the device terminal does not satisfy the connection condition, that is, the terminal device B fails to connect, and subsequent other authorization verifications are not required, which may reduce resource consumption, reduce time complexity, and ensure security and accuracy of the preliminary authorization verification to a certain extent.
In a preferred embodiment, referring to fig. 3, the method further includes:
s13: the data server receives an authorized access request sent by the terminal equipment;
s14: the data server judges whether the terminal equipment meets the access condition;
s15: if the terminal equipment meets the access condition, the data server sends an access success signal to the terminal equipment;
s16: and if the terminal equipment does not meet the access condition, the data server sends an access refusing signal to the terminal equipment.
In this embodiment, the data server may be a remote Web server. The server may be a single server or a server group consisting of a plurality of service servers, and may store and process data or establish communication connection.
The data server of the terminal equipment judges whether the authorization address meets the authorization condition based on the IOT authorization protocol, specifically, whether the authorization address is legal based on the IOT authorization protocol, if so, namely, the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; if the authorization address is illegal, namely the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment.
The success signal, the failure signal or the rejection signal in the present invention may include, but is not limited to, a timely message, a mail, etc.
Specifically, in practical application, after the data server obtains, based on the IOT authorization protocol, that the authorization address corresponding to the terminal device satisfies the authorization condition, and the data server establishes the communication connection between the service server corresponding to the authorization address and the terminal device, it can be understood that the terminal device completes authorization and registration is successful, and this process of determining the authorization condition for the authorization address can implement automatic authorization verification and ensure the accuracy and security of authorization.
Further, in order to ensure stable connection between the terminal device and the service server and validity of authorization, the embodiment receives an authorized access request sent by the terminal device in real time through the data server; then, the data server judges whether the terminal equipment meets the access condition; if the terminal equipment meets the access condition, the data server sends an access success signal to the terminal equipment, namely the terminal equipment still has authorization validity; if the terminal device does not meet the access condition, the data server sends an access refusing signal to the terminal device, namely the terminal device does not have authorization validity, and the prompting content of authorization permission renewal can be contained in the access refusing signal and sent to the terminal device together, so that the authorization time limit is prolonged, and the communication between the terminal device and the service server is stable and the access is valid.
In a preferred technical solution, the step of the data server determining whether the terminal device satisfies the access condition includes: and the data server judges whether the service time exceeds the authorization time limit of the service server corresponding to the terminal equipment.
In this embodiment, the use time refers to a starting time point at which the terminal device completes authorization and registration is successful, and a difference between an authorized access request received by the data server and sent by the terminal device is an ending time point, which is the use time of the terminal device.
The authorization time limit refers to effective authorization time in an authorization contract between the terminal device and the service server signed by the manager, and is usually a one-year effective time limit.
Specifically, in practical applications, when a data server receives an authorized access request sent by a terminal device, the data server may directly obtain a service time, such as one month in a year, corresponding to the terminal device carried in the authorized access request, and obtain an authorization deadline, such as one year, of a service server corresponding to the terminal device; then, by comparing the usage time with the authorized period, it is known that the usage time exceeds the authorized period, i.e., more than one year per month of a year.
In a preferred embodiment, referring to fig. 4, the method further includes:
s17: the method comprises the steps that an equipment management platform receives an input request of an authorization contract sent by a manager, wherein the input request at least carries authorization information corresponding to terminal equipment;
s18: the device management platform establishes a corresponding relation between the authorization information and the device identification, and correspondingly stores the authorization information and the device identification into a database.
In this embodiment, the authorization information may include, but is not limited to, specific content of the authorization contract, an authorization contract identifier, and an authorization address corresponding to the authorization contract.
Specifically, in practical application, after the data server obtains that the terminal device does not satisfy the access condition and sends an access denial signal to the terminal device, it can be understood that the terminal device does not have authorization validity, and in order to guarantee validity of an authorization time limit and guarantee communication stability and access validity between the terminal device and the service server, in this embodiment, an administrator continues to sign an authorization contract to prolong the authorization time limit of the service server, then, an equipment management platform obtains authorization information in time, and establishes a corresponding relationship between the authorization information and an equipment identifier, and the authorization information and the equipment identifier are correspondingly stored in a database to maintain communication stability and security between the terminal device and the service server.
In a preferred embodiment, referring to fig. 5, the method further includes:
s19: the data server receives a service access request sent by the terminal equipment, wherein the service access request at least carries an equipment identifier corresponding to the terminal equipment;
s20: the database server reads the system database and judges whether authorization information corresponding to the equipment identification exists in the system database;
s21: if the authorization information exists, the data server establishes communication connection between the service server corresponding to the authorization information and the terminal equipment, and sends an access success signal to the terminal equipment;
s22: and if the access failure signal does not exist, the data server sends an access failure signal to the terminal equipment.
Specifically, in practical application, after the data server obtains that the terminal device does not satisfy the access condition and sends an access denial signal to the terminal device, it can be understood that the terminal device does not have authorization validity, and in order to ensure normal use of the terminal device and ensure communication stability and validity of an authorization time limit between the terminal device and a service server, the embodiment receives a service access request sent by the terminal device through the data server, and then, the database server utilizes a device identifier corresponding to the terminal device carried in the service access request; traversing in a system database, if the authorization information corresponding to the equipment identifier exists, the data server establishes communication connection between the service server corresponding to the authorization information and the terminal equipment, so that the communication stability between the terminal equipment and the service server, the validity of an authorization time limit and the normal use of the terminal equipment can be ensured; if the authorization information corresponding to the equipment identifier cannot be traversed, namely the authorization information does not exist, the data server can include the prompt that the authorization contract is not signed again in the access failure signal to the terminal equipment so as to remind management personnel to sign again the authorization contract in time and ensure the validity and the safety of the authorization period between the terminal equipment and the service server.
Example 2
According to another embodiment of the present invention, there is provided a terminal authentication system based on IOT authorization, referring to fig. 6, including:
a connection request receiving module 601, configured to receive, by a database server, a connection request sent by a terminal device;
a connection condition determining module 602, configured to determine, by the database server, whether the terminal device satisfies a connection condition;
a connection failure module 603, configured to send a connection failure signal to the terminal device by the database server if the terminal device does not meet the connection condition;
a first address sending module 604, configured to send an authorized address to the terminal device by the database server if the terminal device meets the connection condition;
a second address sending module 605, configured to send an authorized address to the data server by the terminal device;
an authorization judging module 606, configured to judge, by the data server, whether the authorization address meets an authorization condition based on the IOT authorization protocol;
a communication establishing module 607, configured to, if the authorized address meets the authorization condition, establish, by the data server, a communication connection between the service server corresponding to the authorized address and the terminal device, and send an authorization success signal to the terminal device;
and an authorization failure module 608, configured to send an authorization failure signal to the terminal device by the data server if the authorization address does not meet the authorization condition.
The IOT authorization-based terminal verification system in the embodiment of the invention receives a connection request sent by terminal equipment through a database server; then, according to the connection request, the database server judges whether the terminal equipment meets the connection condition; when the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment; when the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment; the process of judging the connection condition of the terminal equipment can ensure that the terminal equipment can accurately acquire the authorized address and the security of the authorized address, and reduce the time cost and resource consumption of repeated and repeated verification; further, the terminal device sends an authorization address to the data server; the data server judges whether the authorization address meets the authorization condition based on the IOT authorization protocol; when the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; when the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment, and the process of judging the authorization condition of the authorization address can realize automatic authorization verification, improve authorization processing efficiency and maintain the stability of communication connection.
As a preferred technical solution, as shown in fig. 7, the system further includes:
the equipment warehousing module 609 is used for the equipment management platform to receive an equipment warehousing request sent by a manager, wherein the equipment warehousing request at least carries an equipment identifier corresponding to the terminal equipment;
the identifier storage module 610 is used for the device management platform to store the device identifier in the system database;
the device ex-warehouse module 611 is configured to receive a device ex-warehouse request sent by a manager by a device management platform, where the device ex-warehouse request at least carries an authorization address corresponding to the terminal device;
and the authorization storage module 612 is configured to establish a corresponding relationship between an authorization address and an equipment identifier by the equipment management platform, and correspondingly store the authorization address and the equipment identifier in the system database.
In this embodiment, the terminal device may specifically include, but is not limited to, a personnel GPS positioning device, a vehicle-mounted GPS positioning device, and various vehicle-mounted mobile terminal monitoring devices, such as an intelligent water meter, an odor sensor, a soil detector, and an RTU intelligent terminal.
The device management platform can be an application program running independently, a functional module in the application program or a webpage, and the like, and can realize direct interaction with management personnel.
The device identifier may specifically include, but is not limited to, a number, an alphabet number, a text identifier, an IP address, or a combination of several identifiers, such as AAA, 110, a first terminal, and the like; the terminal device and the device identifier are in one-to-one correspondence.
The authorization address refers to a terminal device which has an authorization contract with a service server, defines a corresponding server address, and can be understood as an IP address, such as an address a, an address B, or an address C; the terminal device and the authorization address may be in a one-to-one correspondence or a many-to-one relationship.
Specifically, in practical application, when the device management platform receives a device warehousing request sent by a manager, the device management platform obtains a device identifier corresponding to the terminal device a, such as a number a101, carried in the device warehousing request; furthermore, the device management platform can store the A101 number in a system database, so that the uniqueness and the safety of each device identifier can be ensured, and the device identifiers can be conveniently searched and managed; then, when the device management platform receives a device ex-warehouse request sent by a manager, the device management platform may directly obtain an authorized address, such as address 101.25.12, corresponding to the terminal device a carried in the ex-warehouse request; furthermore, the corresponding relation between the address 101.25.12 and the A101 number can be established through the device management platform, and then the 101.25.12 and the A101 number are correspondingly stored in the system database, so that the other one can be conveniently and quickly indexed according to one of the authorized address and the device identifier, the device authorization efficiency can be improved to a certain extent, and the accuracy and the safety of acquisition can be ensured.
In a preferred embodiment, the connection condition determining module 602 includes: the step that the database server judges whether the terminal equipment meets the connection condition comprises the following steps: and the database server reads the system database and judges whether an authorized address corresponding to the equipment identifier exists in the system database.
In this embodiment, the database server may be a Web server. The data storage and processing system can be one server, can also be a server group consisting of a plurality of servers, or can be a cloud computing service center, and can be used for storing and processing data.
Specifically, in practical applications, after the database server receives a connection request sent by the terminal device, the database server may determine, according to the connection request, whether the terminal device B satisfies a connection condition by using a device identifier, such as B11, corresponding to the terminal device B carried in the connection request, specifically, the database server may traverse through a system database to find whether an authorized address having a corresponding relationship with the device identifier B11 exists; when traversing to the authorized address corresponding to the device identifier B11, for example, 152.01.3, it may be understood that the device terminal satisfies the connection condition, the database server may connect with the terminal device, and the authorized address 152.01.3 is sent to the terminal device, which may be understood that the terminal device B has the authority of preliminary authorization; when the authorization address corresponding to the device identifier B11 is not traversed, it may be understood that the device terminal does not satisfy the connection condition, that is, the terminal device B fails to connect, and subsequent other authorization verifications are not required, which may reduce resource consumption, reduce time complexity, and ensure security and accuracy of the preliminary authorization verification to a certain extent.
As a preferred technical solution, as shown in fig. 8, the system further includes:
an access receiving module 613, configured to receive, by the data server, an authorized access request sent by the terminal device;
an access judging module 614, configured to judge, by the data server, whether the terminal device meets an access condition;
an access success module 615, configured to send an access success signal to the terminal device by the data server if the terminal device meets the access condition;
an access denial module 616, configured to send an access denial signal to the terminal device by the data server if the terminal device does not satisfy the access condition.
In this embodiment, the data server may be a remote Web server. The server may be a single server or a server group consisting of a plurality of service servers, and may store and process data or establish communication connection.
The data server of the terminal equipment judges whether the authorization address meets the authorization condition based on the IOT authorization protocol, specifically, whether the authorization address is legal based on the IOT authorization protocol, if so, namely, the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment; if the authorization address is illegal, namely the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment.
The success signal, the failure signal or the rejection signal in the present invention may include, but is not limited to, a timely message, a mail, etc.
Specifically, in practical application, after the data server obtains, based on the IOT authorization protocol, that the authorization address corresponding to the terminal device satisfies the authorization condition, and the data server establishes the communication connection between the service server corresponding to the authorization address and the terminal device, it can be understood that the terminal device completes authorization and registration is successful, and this process of determining the authorization condition for the authorization address can implement automatic authorization verification and ensure the accuracy and security of authorization.
Further, in order to ensure stable connection between the terminal device and the service server and validity of authorization, the embodiment receives an authorized access request sent by the terminal device in real time through the data server; then, the data server judges whether the terminal equipment meets the access condition; if the terminal equipment meets the access condition, the data server sends an access success signal to the terminal equipment, namely the terminal equipment still has authorization validity; if the terminal device does not meet the access condition, the data server sends an access refusing signal to the terminal device, namely the terminal device does not have authorization validity, and the prompting content of authorization permission renewal can be contained in the access refusing signal and sent to the terminal device together, so that the authorization time limit is prolonged, and the communication between the terminal device and the service server is stable and the access is valid.
In a preferred embodiment, the access determining module 614 includes: and the data server judges whether the service time exceeds the authorization time limit of the service server corresponding to the terminal equipment.
In this embodiment, the use time refers to a starting time point at which the terminal device completes authorization and registration is successful, and a difference between an authorized access request received by the data server and sent by the terminal device is an ending time point, which is the use time of the terminal device.
The authorization time limit refers to effective authorization time in an authorization contract between the terminal device and the service server signed by the manager, and is usually a one-year effective time limit.
Specifically, in practical applications, when a data server receives an authorized access request sent by a terminal device, the data server may directly obtain a service time, such as one month in a year, corresponding to the terminal device carried in the authorized access request, and obtain an authorization deadline, such as one year, of a service server corresponding to the terminal device; then, by comparing the usage time with the authorized period, it is known that the usage time exceeds the authorized period, i.e., more than one year per month of a year.
As a preferred technical solution, as shown in fig. 9, the system further includes:
an authorization entry module 617, configured to receive, by the equipment management platform, an entry request of an authorization contract sent by a manager, where the entry request carries at least authorization information corresponding to the terminal equipment;
the corresponding relationship establishing module 618 is configured to establish a corresponding relationship between the authorization information and the device identifier by the device management platform, and store the authorization information and the device identifier in a database in a corresponding manner.
In this embodiment, the authorization information may include, but is not limited to, specific content of the authorization contract, an authorization contract identifier, and an authorization address corresponding to the authorization contract.
Specifically, in practical application, after the data server obtains that the terminal device does not satisfy the access condition and sends an access denial signal to the terminal device, it can be understood that the terminal device does not have authorization validity, and in order to guarantee validity of an authorization time limit and guarantee communication stability and access validity between the terminal device and the service server, in this embodiment, an administrator continues to sign an authorization contract to prolong the authorization time limit of the service server, then, an equipment management platform obtains authorization information in time, and establishes a corresponding relationship between the authorization information and an equipment identifier, and the authorization information and the equipment identifier are correspondingly stored in a database to maintain communication stability and security between the terminal device and the service server.
As a preferred technical solution, as shown in fig. 10, the system further includes:
a service access module 619, configured to receive, by the data server, a service access request sent by the terminal device, where the service access request at least carries a device identifier corresponding to the terminal device;
a data reading module 620, configured to read a system database by a database server, and determine whether authorization information corresponding to the device identifier exists in the system database;
the signal sending module 621 is configured to, if the service server exists, establish a communication connection between the service server corresponding to the authorization information and the terminal device by the data server, and send an access success signal to the terminal device;
and an access failure module 622, configured to send an access failure signal to the terminal device by the data server if the access failure signal does not exist.
Specifically, in practical application, after the data server obtains that the terminal device does not satisfy the access condition and sends an access denial signal to the terminal device, it can be understood that the terminal device does not have authorization validity, and in order to ensure normal use of the terminal device and ensure communication stability and validity of an authorization time limit between the terminal device and a service server, the embodiment receives a service access request sent by the terminal device through the data server, and then, the database server utilizes a device identifier corresponding to the terminal device carried in the service access request; traversing in a system database, if the authorization information corresponding to the equipment identifier exists, the data server establishes communication connection between the service server corresponding to the authorization information and the terminal equipment, so that the communication stability between the terminal equipment and the service server, the validity of an authorization time limit and the normal use of the terminal equipment can be ensured; if the authorization information corresponding to the equipment identifier cannot be traversed, namely the authorization information does not exist, the data server can include the prompt that the authorization contract is not signed again in the access failure signal to the terminal equipment so as to remind management personnel to sign again the authorization contract in time and ensure the validity and the safety of the authorization period between the terminal equipment and the service server.
Compared with the authorization verification system of the prior mobile terminal equipment, the terminal verification method and the system based on IOT authorization have the advantages that:
1. the process of judging the connection condition of the terminal equipment by using the database can ensure that the terminal equipment can accurately acquire the authorized address and the security of the authorized address, and reduce the time cost and resource consumption of repeated and repeated verification;
2. the process that the data server judges the authorization condition of the authorization address can realize automatic authorization verification, improve the authorization processing efficiency and maintain the stability of communication connection;
3. the invention carries out double verification on the terminal equipment based on IOT authorization, can realize automatic authorization verification of the equipment, and has the advantages of convenience, rapidness, low operation complexity, high safety performance and low cost.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described system embodiments are merely illustrative, and for example, a division of a unit may be a logical division, and an actual implementation may have another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (5)
1. A terminal verification method based on IOT authorization is characterized in that,
the method comprises the steps that an equipment management platform receives an equipment warehousing request sent by a manager, wherein the equipment warehousing request at least carries an equipment identifier corresponding to terminal equipment;
the equipment management platform stores the equipment identification to a system database;
the equipment management platform receives an equipment ex-warehouse request sent by the manager, wherein the equipment ex-warehouse request at least carries an authorization address corresponding to the terminal equipment;
the equipment management platform establishes a corresponding relation between the authorization address and the equipment identification, and correspondingly stores the authorization address and the equipment identification to the system database;
the method comprises the following steps:
a database server receives a connection request sent by a terminal device;
the database server judges whether the terminal equipment meets the connection condition;
the step of judging whether the terminal equipment meets the connection condition by the database server comprises the following steps: the database server reads the system database and judges whether an authorized address corresponding to the equipment identifier exists in the system database, and if so, connection conditions are met;
if the terminal equipment does not meet the connection condition, the database server sends a connection failure signal to the terminal equipment;
if the terminal equipment meets the connection condition, the database server sends an authorized address to the terminal equipment;
the terminal equipment sends the authorization address to a data server; the data server judges whether the authorization address meets an authorization condition based on an IOT (Internet of things) authorization protocol;
judging whether the authorization address is legal or not based on the IOT authorization protocol, and if so, determining that the authorization address meets an authorization condition;
if the authorization address meets the authorization condition, the data server establishes communication connection between the service server corresponding to the authorization address and the terminal equipment, and sends an authorization success signal to the terminal equipment;
if the authorization address does not meet the authorization condition, the data server sends an authorization failure signal to the terminal equipment; after the step of establishing, by the data server, a communication connection between the service server corresponding to the authorization address and the terminal device and sending an authorization success signal to the terminal device if the authorization address meets the authorization condition, the method for authenticating a terminal based on IOT authorization further includes:
the data server receives an authorized access request sent by the terminal equipment;
the data server judges whether the terminal equipment meets the access condition;
the step that the data server judges whether the terminal equipment meets the access condition comprises the following steps: the data server judges whether the service time exceeds the authorization time limit of the service server corresponding to the terminal equipment;
if the terminal equipment meets the access condition, the data server sends an access success signal to the terminal equipment;
and if the terminal equipment does not meet the access condition, the data server sends an access refusing signal to the terminal equipment.
2. The IOT authorization-based terminal verification method according to claim 1, wherein the authorization access request carries at least the service time of a service server corresponding to the terminal device.
3. The IOT authorization based terminal authentication method according to claim 1, wherein after the step of the data server sending a signal denying access to the terminal device if the terminal device does not satisfy the access condition, the IOT authorization based terminal authentication method further comprises:
the equipment management platform receives an input request of an authorization contract sent by a manager, wherein the input request at least carries authorization information corresponding to the terminal equipment;
and the equipment management platform establishes a corresponding relation between the authorization information and the equipment identification, and correspondingly stores the authorization information and the equipment identification into a database.
4. The method of claim 3, wherein after the step of the data server sending a signal denying access to the terminal device if the terminal device does not satisfy the access condition, the method comprises:
the data server receives a service access request sent by the terminal equipment, wherein the service access request at least carries an equipment identifier corresponding to the terminal equipment;
the database server reads the system database and judges whether authorization information corresponding to the equipment identification exists in the system database or not;
if the authorization information exists, the data server establishes communication connection between the service server corresponding to the authorization information and the terminal equipment, and sends an access success signal to the terminal equipment;
and if the access failure signal does not exist, the data server sends an access failure signal to the terminal equipment.
5. A terminal verification system based on IOT authorization, comprising:
the connection request receiving module is used for receiving a connection request sent by the terminal equipment by the database server;
the connection condition judging module is used for judging whether the terminal equipment meets the connection condition or not by the database server;
the step of judging whether the terminal equipment meets the connection condition by the database server comprises the following steps: the database server reads a system database, judges whether an authorized address corresponding to the equipment identifier exists in the system database, and if so, meets the connection condition;
the connection failure module is used for sending a connection failure signal to the terminal equipment by the database server if the terminal equipment does not meet the connection condition; the first address sending module is used for sending an authorized address to the terminal equipment by the database server if the terminal equipment meets the connection condition;
a second address sending module, configured to send the authorization address to a data server by the terminal device;
the authorization judging module is used for judging whether the authorization address meets an authorization condition or not by the data server based on an IOT (Internet of things) authorization protocol;
judging whether the authorization address is legal or not based on the IOT authorization protocol, and if so, determining that the authorization address meets an authorization condition; the communication establishing module is used for establishing communication connection between the service server corresponding to the authorization address and the terminal equipment by the data server and sending an authorization success signal to the terminal equipment if the authorization address meets the authorization condition;
the authorization failure module is used for sending an authorization failure signal to the terminal equipment by the data server if the authorization address does not meet the authorization condition;
the system further comprises:
the equipment warehousing module is used for receiving an equipment warehousing request sent by a manager by an equipment management platform, wherein the equipment warehousing request at least carries an equipment identifier corresponding to the terminal equipment;
the identification storage module is used for storing the equipment identification to a system database by the equipment management platform;
the equipment ex-warehouse module is used for the equipment management platform to receive an equipment ex-warehouse request sent by the manager, wherein the equipment ex-warehouse request at least carries the authorization address corresponding to the terminal equipment;
the authorization storage module is used for the equipment management platform to establish the corresponding relation between the authorization address and the equipment identifier and correspondingly store the authorization address and the equipment identifier to the system database;
the system further comprises:
the access receiving module is used for receiving an authorized access request sent by the terminal equipment by the data server;
the access judging module is used for judging whether the terminal equipment meets the access condition or not by the data server;
the step that the data server judges whether the terminal equipment meets the access condition comprises the following steps: the data server judges whether the service time exceeds the authorization time limit of the service server corresponding to the terminal equipment;
the access success module is used for sending an access success signal to the terminal equipment by the data server if the terminal equipment meets the access condition;
and the access rejection module is used for sending an access rejection signal to the terminal equipment by the data server if the terminal equipment does not meet the access condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010371914.4A CN111563249B (en) | 2020-05-06 | 2020-05-06 | IOT authorization-based terminal verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010371914.4A CN111563249B (en) | 2020-05-06 | 2020-05-06 | IOT authorization-based terminal verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111563249A CN111563249A (en) | 2020-08-21 |
| CN111563249B true CN111563249B (en) | 2021-03-19 |
Family
ID=72071932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010371914.4A Active CN111563249B (en) | 2020-05-06 | 2020-05-06 | IOT authorization-based terminal verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111563249B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843584A (en) * | 2011-06-20 | 2012-12-26 | 海尔集团公司 | Method and system for authenticating network terminals |
| CN102355657B (en) * | 2011-06-28 | 2014-10-08 | 华为数字技术(成都)有限公司 | service access control method, device and system |
| CN108259163B (en) * | 2016-12-29 | 2020-10-02 | 北京博瑞彤芸文化传播股份有限公司 | Authorization method of terminal equipment |
| CN109361695B (en) * | 2018-11-28 | 2021-11-19 | 深圳市万网博通科技有限公司 | Method and device for authorizing network access, computer equipment and storage medium |
-
2020
- 2020-05-06 CN CN202010371914.4A patent/CN111563249B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111563249A (en) | 2020-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110941844B (en) | Authentication method, system, electronic equipment and readable storage medium | |
| CN105246073B (en) | The access authentication method and server of wireless network | |
| US20060020816A1 (en) | Method and system for managing authentication attempts | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| CN109688186B (en) | Data interaction method, device, equipment and readable storage medium | |
| CN111343168B (en) | Identity authentication method and device, computer equipment and readable storage medium | |
| CN101959183A (en) | A kind of mobile subscriber identification code IMSI guard method based on assumed name | |
| CN107404488B (en) | Method and device for mutual exclusion of multiple terminal devices in same application | |
| CN103746969A (en) | Vehicle terminal authentication method and authentication server | |
| CN101867929A (en) | Authentication method, system, authentication server and terminal equipment | |
| CN113542399B (en) | Remote control method and device for vehicle, vehicle and storage medium | |
| WO2018023936A1 (en) | Method and device for implementing sharing of wireless access point | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| CN101594232A (en) | The authentication method of dynamic password, system and corresponding authenticating device | |
| CN102413466A (en) | Logging-in authentication method for cell phone | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN102833247A (en) | Method for anti-sweeping ciphers in user login system and device thereof | |
| CN111797418A (en) | Control method and device of online service, service terminal, server and storage medium | |
| CN107528712A (en) | The determination of access rights, the access method of the page and device | |
| CN103747051A (en) | Service platform of vehicle-mounted terminal | |
| CN103020505B (en) | Based on information management system and the approaches to IM of finger print identifying | |
| CN114021103A (en) | Single sign-on method, device, terminal and storage medium based on identity authentication | |
| CN106656942B (en) | Role token issuing method, access control method and related equipment | |
| CN102882686A (en) | Authentication method and authentication device | |
| CN111563249B (en) | IOT authorization-based terminal verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A terminal verification method and system based on IOT authorization Effective date of registration: 20210811 Granted publication date: 20210319 Pledgee: Shenzhen hi tech investment small loan Co.,Ltd. Pledgor: SHENZHEN TOPEVERY TECHNOLOGY Co.,Ltd. Registration number: Y2021980007561 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |