CN111932751B

CN111932751B - Intelligent park Internet of things comprehensive management platform and management method

Info

Publication number: CN111932751B
Application number: CN202010821685.1A
Authority: CN
Inventors: 莫怡极
Original assignee: Guangzhou Weifu Technology Co ltd
Current assignee: Guangzhou Weifu Technology Co.,Ltd.
Priority date: 2020-08-15
Filing date: 2020-08-15
Publication date: 2021-09-17
Anticipated expiration: 2040-08-15
Also published as: CN111932751A

Abstract

The invention discloses a comprehensive management platform and a management method for an Internet of things of a smart park, and relates to the technical field of the smart park and the Internet of things, wherein the comprehensive management platform for the Internet of things of the smart park comprises a verification server, and the verification server is connected with terminal equipment; the authentication server includes: the terminal equipment comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring a verification trigger sent by the terminal equipment at a first moment; acquiring a target reference node in a reference knowledge graph; a determination unit configured to determine whether the first authentication information passes the security authentication, based on the first authentication object and a history authentication object in the history authentication information; when a rechecking trigger mark sent by the terminal equipment at a second moment is obtained, second verification information carried by the rechecking trigger mark is obtained; and the verification unit is used for carrying out identity security verification on the verification node according to the reference node and the second verification information. Through the arrangement, the intelligent park management scheme with high safety can be realized.

Description

Intelligent park Internet of things comprehensive management platform and management method

Technical Field

The invention relates to the technical field of intelligent parks and Internet of things, in particular to an intelligent park Internet of things comprehensive management platform and a management method.

Background

At present, the high and new enterprises are mostly concentrated in the smart park so as to form a more efficient high and new ecological chain, and the high and new enterprises in the smart park realize convenient communication, attract foreign resources and form a benign competitive atmosphere, and meanwhile, the confidential work of each high and new enterprise also needs to be concerned. Just because a plurality of high and new enterprises all are in same garden, need stricter to personnel's management, no matter the exotic personnel who comes in through garden entrance guard, still with the staff of different enterprises in the garden, all need carry out safety verification to it. The existing security verification system generally adopts a method of access control cards to realize means of entering a campus or entering areas where related enterprises are located in the campus, however, the security of the means cannot meet the management requirements of smart parks where a plurality of high and new industries are located.

In view of this, it is necessary for those skilled in the art to provide a more secure intelligent campus management scheme.

Disclosure of Invention

The invention aims to provide an intelligent park Internet of things comprehensive management platform and a management method.

In a first aspect, the embodiment of the invention provides an intelligent park internet of things comprehensive management platform, which comprises a verification server, wherein the verification server is connected with terminal equipment;

the authentication server includes:

an obtaining unit, configured to obtain a verification trigger sent by a terminal device at a first time, where the verification trigger includes first verification information of a verification node at the first time, the verification node is a verified node in a verification knowledge graph to which the terminal device belongs, and the first verification information includes a first verification character string and a first verification object corresponding to the first verification character string; acquiring a target reference node in a reference knowledge graph based on the first verification character string, wherein a data segment of the target reference node comprises historical verification information, and the historical verification information is verification information corresponding to a successive verification node of the verification nodes;

a determination unit configured to determine whether the first authentication information passes security authentication according to the first authentication object and a history authentication object in the history authentication information; if the first verification information passes the safety verification, generating a reference node according to the first verification information, and adding the reference node to a reference knowledge graph to which the verification server belongs; when a rechecking trigger mark sent by the terminal equipment at a second moment is obtained, second verification information carried by the rechecking trigger mark is obtained, wherein the second verification information refers to the verification information of the verification node at the second moment;

and the verification unit is used for carrying out identity security verification on the verification node according to the reference node and the second verification information.

Optionally, the first verification information includes a first verification character string and a first verification object feature value corresponding to the first verification character string, and the second verification information includes a second verification character string and a second verification object feature value corresponding to the second verification character string;

the authentication unit includes:

a verification subunit, configured to obtain the reference node in the reference knowledge graph according to the second verification character string; acquiring first verification information in a data segment of the reference node; the first authentication string in the first authentication information is the same as the second authentication string; and performing identity security verification on the verification node according to the first verification object characteristic value and the second verification object characteristic value.

Optionally, the verification subunit is specifically configured to:

if the first verification object characteristic value is equal to the second verification object characteristic value, determining that the verification node is a standard node;

and if the first verification object characteristic value is not equal to the second verification object characteristic value, determining that the verification node is an abnormal node.

Optionally, the verification subunit is further specifically configured to:

when the verification node is a standard node, returning verification passing information to the terminal equipment so that the terminal equipment continues to execute normal verification operation;

and when the verification node is an abnormal node, returning verification failure information to the terminal equipment so that the terminal equipment stops normal verification operation and executes alarm information sending operation.

Optionally, the comprehensive management platform for the internet of things of the smart park further comprises a first preset number of visitor authorization servers and visitor database servers;

the verification unit is further configured to:

receiving a temporary access trigger signal from a terminal device, wherein the temporary access trigger signal is used for accessing the visitor database server;

initiating a temporary access authorization operation to a second preset number of visitor authorization servers in the first preset number of visitor authorization servers, wherein the temporary access authorization operation is used for acquiring visitor identity certification files corresponding to the visitor authorization servers, the visitor authorization servers generate visitor identity certification logical relations corresponding to the temporary access trigger signals, the visitor identity certification logical relations comprise the second preset number of visitor identity certification files recorded according to preset authentication rules, and each visitor identity certification file is generated by one visitor authorization server;

for a target visitor identity certificate file in the visitor identity certificate logical relationship, responding to matching of prestored visitor identity information included in the target visitor identity certificate with visitor identity registration information, and acquiring a second key corresponding to a server identifier of the target visitor authorization server from a preset corresponding relationship to obtain the second key of the target visitor authorization server, wherein the preset corresponding relationship comprises a corresponding relationship between the server identifier of the visitor authorization server and the second key;

verifying an encryption result of the target visitor authorization server included in the target visitor identity document by using a second key of the target visitor authorization server;

responding to the verification of the encryption result of the target visitor authorization server, and determining that the target visitor identity document passes the verification, wherein the passing of the visitor identity logic relationship verification means that the second preset number of visitor identity documents pass the verification;

in response to the visitor identity proof logical relationship verification passing, combining visitor registration contents of the visitor authorization servers of the second preset number, and determining the authority possessed by the terminal equipment;

responding the temporary access trigger signal based on the authority possessed by the terminal device, wherein the visitor authorization server generates a visitor identity proof logical relationship corresponding to the temporary access trigger signal, and the method comprises the following steps: for a target visitor authorization server in the second preset number of visitor authorization servers, verifying a visitor identity proof logical relationship included in a temporary access authorization operation received by the target visitor authorization server;

responding to the verification of the logic relationship of the visitor identity identification included in the temporary access authorization operation, and verifying the triggering content of the temporary access triggering signal;

responding to the trigger content verification of the temporary access trigger signal, executing the step of generating the target visitor identity document, wherein the temporary access authorization operation received by the target visitor authorization server comprises: the visitor identity proof logical relationship generated by the visitor authorization server and the triggering content of the temporary access triggering signal;

responding to the verification of the temporary access authorization operation received by the target visitor authorization server, and creating the target visitor identity document;

writing a server identification of the target visitor authorization server in the target visitor identity document;

writing the visitor registration content of the target visitor authorization server in the target visitor identity document;

calculating visitor identity registration information by adopting a preset algorithm, and writing the visitor identity registration information into the target visitor identity document;

the method comprises the steps of encrypting a target visitor identity document by adopting a first key of the target visitor authorization server, writing an encryption result of the target visitor authorization server into the target visitor identity document, wherein the target visitor identity document comprises a server identifier of the target visitor authorization server, visitor registration content of the target visitor authorization server, visitor identity registration information of the target visitor identity document and encryption information of the target visitor authorization server.

Optionally, the determining unit is specifically configured to:

acquiring a superior node characteristic value in the first verification object, and acquiring a verification object characteristic value corresponding to the historical verification object;

if the characteristic value of the superior node is the same as the characteristic value of the verification object corresponding to the historical verification object, determining that the first verification information passes the safety verification;

if the characteristic value of the superior node is different from the characteristic value of the verification object corresponding to the historical verification object, determining that the first verification information does not pass the security verification;

and if the first verification information does not pass the security verification, the verification server returns uplink failure information to the terminal equipment so as to enable the terminal equipment to stop normal verification operation and execute legal detection operation.

Optionally, the authentication server further comprises a recovery unit;

the recovery unit is configured to:

receiving modification information from terminal equipment, wherein the modification information comprises a target user, modification operation corresponding to the target user and recovery information used for indicating that prestored backup recovery data needs to be acquired;

determining a data set to be recovered, which needs to perform data recovery, from the target user according to the received modification information and the local modification information;

storing historical data of the data set to be restored;

extracting the stored historical data of the data set to be restored according to the restoration information, and acquiring the tracing operation of the modification operation executed on the data set to be restored;

constructing the pre-stored backup recovery data according to the historical data of the data set to be recovered and the tracing operation of the modification operation executed on the data set to be recovered; (ii) a

Executing data recovery according to the corresponding modification operation of the data set to be recovered in the received modification information, and constructing pre-stored backup recovery data according to the recovery information and the data recovery, wherein the pre-stored backup recovery data comprises the trace back operation of the modification operation executed on the data set to be recovered in the data recovery process and the historical data of the data set to be recovered;

sending the pre-stored backup recovery data to the terminal equipment;

receiving a recovery operation trigger mark from the terminal equipment, wherein the recovery operation trigger mark comprises historical data of the data set to be recovered and a tracing operation of a modification operation executed on the data set to be recovered;

and executing data recovery according to the trace back operation of the data set to be recovered in the recovery operation trigger mark.

In a second aspect, an embodiment of the present invention provides a comprehensive management method for an internet of things of a smart park, where the method is applied to a verification server in a comprehensive management platform package for an internet of things of a smart park, and the verification server is connected with a terminal device;

the method comprises the following steps:

acquiring a verification trigger sent by a terminal device at a first moment, wherein the verification trigger comprises first verification information of a verification node at the first moment, the verification node is a verified node in a verification knowledge graph to which the terminal device belongs, and the first verification information comprises a first verification character string and a first verification object corresponding to the first verification character string;

acquiring a target reference node in a reference knowledge graph based on the first verification character string, wherein a data segment of the target reference node comprises historical verification information, and the historical verification information is verification information corresponding to a successive verification node of the verification nodes;

determining whether the first verification information passes security verification according to the first verification object and a history verification object in the history verification information;

if the first verification information passes the safety verification, generating a reference node according to the first verification information, and adding the reference node to a reference knowledge graph to which the verification server belongs;

when a rechecking trigger mark sent by the terminal equipment at a second moment is obtained, second verification information carried by the rechecking trigger mark is obtained, wherein the second verification information refers to the verification information of the verification node at the second moment;

and performing identity security verification on the verification node according to the reference node and the second verification information.

the step of performing identity security verification on the verification node according to the reference node and the second verification information includes:

acquiring the reference node in the reference knowledge graph according to the second verification character string;

acquiring first verification information in a data segment of the reference node, wherein the first verification character string in the first verification information is the same as the second verification character string;

and performing identity security verification on the verification node according to the first verification object characteristic value and the second verification object characteristic value.

Optionally, the step of performing identity security verification on the verification node according to the first verification object feature value and the second verification object feature value includes:

Compared with the prior art, the beneficial effects provided by the invention comprise: the embodiment of the invention provides an intelligent park Internet of things comprehensive management platform and a management method, wherein the intelligent park Internet of things comprehensive management platform comprises a verification server, and the verification server is connected with terminal equipment; the authentication server includes: an obtaining unit, configured to obtain a verification trigger sent by a terminal device at a first time, where the verification trigger includes first verification information of a verification node at the first time, the verification node is a verified node in a verification knowledge graph to which the terminal device belongs, and the first verification information includes a first verification character string and a first verification object corresponding to the first verification character string; acquiring a target reference node in a reference knowledge graph based on the first verification character string, wherein a data segment of the target reference node comprises historical verification information, and the historical verification information is verification information corresponding to a successive verification node of the verification nodes; a determination unit configured to determine whether the first authentication information passes security authentication according to the first authentication object and a history authentication object in the history authentication information; if the first verification information passes the safety verification, generating a reference node according to the first verification information, and adding the reference node to a reference knowledge graph to which the verification server belongs; when a rechecking trigger mark sent by the terminal equipment at a second moment is obtained, second verification information carried by the rechecking trigger mark is obtained, wherein the second verification information refers to the verification information of the verification node at the second moment; and the verification unit is used for carrying out identity security verification on the verification node according to the reference node and the second verification information, and can acquire an intelligent park management scheme with high security.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments will be briefly described below. It is appreciated that the following drawings depict only certain embodiments of the invention and are therefore not to be considered limiting of its scope. For a person skilled in the art, it is possible to derive other relevant figures from these figures without inventive effort.

Fig. 1 is an interaction diagram of an intelligent park internet of things integrated management platform according to an embodiment of the present invention;

fig. 2 is a schematic block diagram of a structure of an authentication server according to an embodiment of the present invention;

fig. 3 is a schematic flowchart illustrating steps of a comprehensive management method for an internet of things of an intelligent park according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

Furthermore, the terms "first," "second," and the like are used merely to distinguish one description from another, and are not to be construed as indicating or implying relative importance.

In the description of the present invention, it is also to be noted that, unless otherwise explicitly stated or limited, the terms "disposed" and "connected" are to be interpreted broadly, and for example, "connected" may be a fixed connection, a detachable connection, or an integral connection; can be mechanically or electrically connected; the connection may be direct or indirect via an intermediate medium, and may be a communication between the two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.

The following detailed description of embodiments of the invention refers to the accompanying drawings.

Fig. 1 is an interaction diagram of an intelligent park internet of things integrated management platform according to an embodiment of the present disclosure. The intelligent park internet of things integrated management platform can comprise an authentication server 110 and a terminal device 200 which is in communication connection with the authentication server 110. The intelligent park internet of things integrated management platform shown in fig. 1 is only one possible example, and in other possible embodiments, the intelligent park internet of things integrated management platform may include only one of the components shown in fig. 1 or may also include other components.

In this embodiment, the terminal device 200 may include a mobile device, a tablet computer, a laptop computer, etc., or any combination thereof. In some embodiments, the mobile device may include a smart home device, a wearable device, a smart mobile device, a virtual reality device, an augmented reality device, or the like, or any combination thereof. In some embodiments, the smart home devices may include control devices of smart electrical devices, smart monitoring devices, smart televisions, smart cameras, and the like, or any combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart lace, smart glass, a smart helmet, a smart watch, a smart garment, a smart backpack, a smart accessory, or the like, or any combination thereof. In some embodiments, the smart mobile device may include a smartphone, a personal digital assistant, a gaming device, and the like, or any combination thereof. In some embodiments, the virtual reality device and/or the augmented reality device may include a virtual reality helmet, virtual reality glass, a virtual reality patch, an augmented reality helmet, augmented reality glass, an augmented reality patch, or the like, or any combination thereof. For example, the virtual reality device and/or augmented reality device may include various virtual reality products and the like.

In this embodiment, the verification server 110 and the terminal device 200 in the integrated management platform of the internet of things of the smart campus may perform the scheme of performing security management on the smart campus described in the following method embodiment in a matching manner, and the detailed description of the method embodiment may be referred to in the specific steps of the verification server 110 and the terminal device 200.

In order to solve the technical problem in the foregoing background, fig. 2 is a schematic block diagram of a structure of an authentication server 110 according to an embodiment of the present disclosure, and how the authentication server 110 in the integrated management platform of the internet of things of the smart campus implements management of the smart campus is described in detail below.

The authentication server 110 includes:

an obtaining unit 1101, configured to obtain a verification trigger sent by the terminal device 200 at a first time, where the verification trigger includes first verification information of a verification node at the first time, the verification node is a verified node in a verification knowledge graph to which the terminal device 200 belongs, and the first verification information includes a first verification character string and a first verification object corresponding to the first verification character string; and acquiring a target reference node in the reference knowledge graph based on the first verification character string, wherein the data segment of the target reference node comprises historical verification information, and the historical verification information is verification information corresponding to a previous verification node of the verification node.

A determining unit 1102 configured to determine whether the first authentication information passes the security authentication, based on the first authentication object and a history authentication object in the history authentication information; if the first verification information passes the security verification, generating a reference node according to the first verification information, and adding the reference node to a reference knowledge graph to which the verification server 110 belongs; and when the rechecking trigger identifier sent by the terminal device 200 at the second moment is obtained, obtaining second verification information carried by the rechecking trigger identifier, wherein the second verification information refers to verification information of the verification node at the second moment.

An authentication unit 1103, configured to perform identity security authentication on the authentication node according to the reference node and the second authentication information.

In the embodiment of the present invention, the terminal device 200 carried by the user is selected as a device for performing security verification, and when the user enters the smart campus or enters a relevant area of a high-tech enterprise, the user may send a verification trigger at the first time, where the verification trigger may be a data request or a trigger signal, and is not limited herein. In the embodiment of the invention, a high-tech enterprise can correspondingly set a verification knowledge graph of the high-tech enterprise, and can also be uniformly set by the intelligent park. And the verification point corresponding to the verification trigger identifier is added to the first verification information of the verification knowledge graph. The first authentication string may refer to a data header of the data related to the first authentication information, or a data identifier. A target reference node in a reference knowledge-graph may be determined by the first validation string, the reference knowledge-graph being pre-set. Whether the first verification information passes the security verification can be judged by comparing the first verification object with the historical verification objects in the historical verification information. Specifically, when the first verification information passes the security verification, a corresponding reference node may be generated according to the first verification information, and the reference node is added to the reference knowledge graph corresponding to the current verification server 110, so as to continuously improve the accuracy of the verification. When the rechecking trigger identifier sent by the terminal device 200 at the second time is obtained, the second verification information in the rechecking trigger identifier is extracted, and it should be noted that the first time and the second time may refer to two adjacent times or two times at a preset time interval. After the reference node and the second verification information generated based on the first verification information are determined, the security verification can be performed on the verification node, i.e., the terminal device 200 corresponding to the verification trigger identifier, according to the reference node and the second verification information.

On the basis, the first verification information comprises a first verification character string and a first verification object characteristic value corresponding to the first verification character string, and the second verification information comprises a second verification character string and a second verification object characteristic value corresponding to the second verification character string.

The authentication unit 1103 includes:

the verification subunit is used for acquiring a reference node in the reference knowledge graph according to the second verification character string; acquiring first verification information in a data segment of a reference node; the first verification character string in the first verification information is the same as the second verification character string; and performing identity security verification on the verification node according to the first verification object characteristic value and the second verification object characteristic value.

Specifically, the first verification information includes a first verification character string and a first verification object feature value corresponding to the first verification character string, and the second verification information includes a second verification character string and a second verification object feature value corresponding to the second verification character string, and the specific verification manner may be that the verification server 110 performs verification according to the first verification object feature value and the second verification object feature value, and may perform judgment according to specific numerical values of the first verification object feature value and the second verification object feature value.

On the basis of the above, as an alternative embodiment, the verification subunit is specifically configured to:

and if the first verification object characteristic value is equal to the second verification object characteristic value, determining that the verification node is a standard node.

In the embodiment of the present invention, whether the verification node passes the verification may be determined according to whether the first verification object feature value and the second verification object feature value are equal.

In addition to the foregoing solutions, in the embodiment of the present invention, the verification subunit is further specifically configured to:

when the verification node is a standard node, the verification passing information is returned to the terminal device 200, so that the terminal device 200 continues to perform normal verification operation.

When the verification node is an abnormal node, the verification failure information is returned to the terminal device 200, so that the terminal device 200 stops the normal verification operation and performs the alarm information transmission operation.

Specifically, when the verification node is a standard node, verification passing information may be returned to the terminal device 200, so that the terminal device 200 continues to perform a normal verification operation, that is, the verification passes, otherwise, verification failure information is returned to the terminal device 200, so that the terminal device 200 stops the normal verification operation and performs an alarm information sending operation, where the alarm information sending operation may refer to sending an "illegal intrusion" prompt to a facility related to security personnel, such as a security room, so as to perform an abnormal investigation quickly.

On the basis, the comprehensive management platform for the internet of things of the smart park further comprises a visitor authorization server with a first preset number and a visitor database server, and as a specific implementation mode, the verification unit 1103 is further used for:

a temporary access trigger signal is received from the terminal device 200, wherein the temporary access trigger signal is used to access the guest database server.

And initiating a temporary access authorization operation to a second preset number of visitor authorization servers in the first preset number of visitor authorization servers, wherein the temporary access authorization operation is used for acquiring visitor identity certification files corresponding to the visitor authorization servers, the visitor authorization servers generate visitor identity certification logical relations corresponding to the temporary access trigger signals, the visitor identity certification logical relations comprise the second preset number of visitor identity certification files recorded by preset authentication rules, and each visitor identity certification file is generated by one visitor authorization server.

And for a target visitor identity certificate file in the visitor identity certificate logical relationship, responding to the matching of prestored visitor identity information included in the target visitor identity certificate file and visitor identity registration information, and acquiring a second key corresponding to the server identifier of the target visitor authorization server from a preset corresponding relationship to obtain the second key of the target visitor authorization server, wherein the preset corresponding relationship comprises the corresponding relationship between the server identifier of the visitor authorization server and the second key.

And verifying the encryption result of the target visitor authorization server included in the target visitor identity document by adopting a second key of the target visitor authorization server.

And responding to the verification of the encryption result of the target visitor authorization server, and determining that the target visitor identity document passes the verification, wherein the passing of the visitor identity logic relationship verification means that the second preset number of visitor identity documents pass the verification.

And in response to the passing of the verification of the visitor identity proof logical relationship, combining the visitor registration contents of a second preset number of visitor authorization servers, and determining the authority possessed by the terminal device 200.

Responding to the temporary access trigger signal based on the authority possessed by the terminal device 200, wherein the guest authorization server generates a guest identity proof logical relationship corresponding to the temporary access trigger signal, including: and for a target visitor authorization server in a second preset number of visitor authorization servers, verifying the visitor identity certification logical relationship in the temporary access authorization operation received by the target visitor authorization server.

And responding to the passing of the verification of the logic relationship of the visitor identity certification included in the temporary access authorization operation, and verifying the triggering content of the temporary access triggering signal.

Responding to the verification of the triggering content of the temporary access triggering signal, and executing the step of generating the target visitor identity document, wherein the temporary access authorization operation received by the target visitor authorization server comprises the following steps: the guest identity proof logical relationship that the guest authorization server has previously generated, and the triggering content of the temporary access trigger signal.

And creating the target visitor identity document in response to the verification of the temporary access authorization operation received by the target visitor authorization server.

And writing the server identification of the target visitor authorization server in the target visitor identity document.

And writing the visitor registration content of the target visitor authorization server in the target visitor identity document.

And calculating visitor identity registration information by adopting a preset algorithm, and writing the visitor identity registration information into the target visitor identity document.

And encrypting the target visitor identity document by adopting a first key of the target visitor authorization server, and writing an encryption result of the target visitor authorization server into the target visitor identity document, wherein the target visitor identity document comprises a server identifier of the target visitor authorization server, visitor registration content of the target visitor authorization server, visitor identity registration information of the target visitor identity document and encryption information of the target visitor authorization server.

It should be understood that besides the personnel resident in the smart park, one of the characteristics of the smart park is to attract external funds, so that a large number of clients visit and investigate the smart park, and the recruitment of the personnel of the high and new enterprises is very positive.

On this basis, in order to describe the determining unit 1102 in more detail, the determining unit 1102 is specifically configured to:

and acquiring a superior node characteristic value in the first verification object, and acquiring a verification object characteristic value corresponding to the historical verification object.

And if the characteristic value of the superior node is the same as the characteristic value of the verification object corresponding to the historical verification object, determining that the first verification information passes the security verification.

And if the characteristic value of the superior node is different from the characteristic value of the verification object corresponding to the historical verification object, determining that the first verification information does not pass the security verification.

If the first authentication information does not pass the security authentication, the authentication server 110 returns uplink failure information to the terminal apparatus 200, so that the terminal apparatus 200 stops normal authentication operation and performs a valid detection operation.

As an alternative embodiment, in addition to the foregoing scheme of determining whether the verification passes, the present invention may also adopt a method of comparing a value magnitude relationship between a superior node feature value in the first verification object and a verification object feature value corresponding to the historical verification object.

In addition to the various units described above, the authentication server 110 further comprises a recovery unit 1104, as an alternative implementation, the recovery unit 1104 is configured to:

receiving modification information from the terminal device 200, where the modification information includes a target user, a modification operation corresponding to the target user, and recovery information indicating that it is necessary to acquire pre-stored backup recovery data.

And determining a data set to be recovered, which needs to be subjected to data recovery, from the target user according to the received modification information and the local modification information.

And saving historical data of the data set to be restored.

And extracting the stored historical data of the data set to be restored according to the restoration information, and acquiring the tracing operation of the modification operation executed on the data set to be restored.

Constructing pre-stored backup recovery data according to historical data of the data set to be recovered and the tracing operation of the modification operation executed on the data set to be recovered;

and performing data recovery according to the corresponding modification operation of the data set to be recovered in the received modification information, and constructing pre-stored backup recovery data according to the recovery information and the data recovery, wherein the pre-stored backup recovery data comprises the tracing operation of the modification operation performed on the data set to be recovered in the data recovery process and the historical data of the data set to be recovered.

The pre-stored backup restoration data is transmitted to the terminal device 200.

Receiving a recovery operation trigger from the terminal device 200, where the recovery operation trigger includes historical data of a data set to be recovered and a trace operation of a modification operation performed on the data set to be recovered;

and executing data recovery according to the corresponding trace back operation of the data set to be recovered in the recovery operation trigger identifier.

It should be noted that, in order to perform management of the smart campus more safely, backtracking of various data is very important, for example, monitoring related data, records related to personnel entering and exiting, or records related to personnel operating on specific devices are important references when problems occur (for example, device damage, information disclosure, etc.). Specifically, the modification information of the terminal device 200 may be received, where the modification information may include a target user and a modification operation corresponding to the target user, and the modification operation may be a recorded operation corresponding to the target user when the target user enters a campus or enters a certain area of a high-tech enterprise, or when the target user modifies a key device. When these operations set restore information for pre-stored backup restore data (which may be pre-set), they may be used to construct a restore data set, which may be used to save historical data in the restore data set. Historical data in the recovery information can be extracted according to the recovery information, the tracing operation of the modification operation is executed, and pre-stored backup recovery data can be constructed through the steps. And performing data recovery according to the corresponding modification operation of the data set to be recovered in the received modification information, constructing pre-stored backup recovery data according to the recovery information and the data recovery, and sending the pre-stored backup recovery data to the terminal device 200, wherein the terminal device 200 can be stored locally or in the cloud for recovery. When data recovery is required, the recovery operation trigger identifier from the terminal device 200 may be received, and based on the recovery operation trigger identifier, data recovery may be performed according to the trace-back operation of the data set to be recovered, where the trace-back operation corresponds to the recovery operation trigger identifier. Through above-mentioned step, can realize the recovery to important data in wisdom garden.

It should be understood that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the verification unit 1103 may be a processing element separately installed, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the verification unit 1103. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more specific integrated circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when the above certain module is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a central processing unit (ce first predetermined number, trilprocessi first predetermined number g u first predetermined number, it) or other processor capable of calling program code. As another example, the modules may be integrated together and implemented in the form of a system on a chip (system second predetermined number-o first predetermined number-a-chip, SOC).

The invention provides a comprehensive management method of an intelligent park Internet of things, which is applied to a verification server 110 in an intelligent park Internet of things comprehensive management platform package, wherein the verification server 110 is connected with a terminal device 200.

In order to solve the above-mentioned technical problem, please refer to fig. 3, which is a detailed description of the comprehensive management method of the internet of things of the smart campus.

Step 201, acquiring a verification trigger sent by the terminal device 200 at a first time.

The verification trigger includes first verification information of a verification node at a first time, where the verification node is a verified node in a verification knowledge graph to which the terminal device 200 belongs, and the first verification information includes a first verification character string and a first verification object corresponding to the first verification character string.

Step 202, obtaining a target reference node in the reference knowledge-graph based on the first verification character string.

The data segment of the target reference node contains historical verification information, and the historical verification information is verification information corresponding to a successive verification node of the verification nodes.

Step 203, determining whether the first verification information passes the security verification according to the first verification object and a history verification object in the history verification information.

And step 204, if the first verification information passes the security verification, generating a reference node according to the first verification information, and adding the reference node to the reference knowledge graph to which the verification server 110 belongs.

In step 205, when the rechecking trigger sent by the terminal device 200 at the second time is obtained, the second verification information carried by the rechecking trigger is obtained.

The second verification information refers to verification information of the verification node at a second moment;

and step 206, performing identity security verification on the verification node according to the reference node and the second verification information.

On the basis, the first verification information comprises a first verification character string and a first verification object characteristic value corresponding to the first verification character string, and the second verification information comprises a second verification character string and a second verification object characteristic value corresponding to the second verification character string. As an alternative embodiment, the foregoing step 206 may be implemented in the following specific manner.

And a substep 206-1 of obtaining a reference node in the reference knowledge-graph based on the second validation string.

Sub-step 206-2, obtaining first verification information in the data segment of the reference node.

And the first verification character string in the first verification information is the same as the second verification character string.

And a substep 206-3 of performing identity security verification on the verification node according to the first verification object characteristic value and the second verification object characteristic value.

In order to make the foregoing sub-step 206-3 clearer, the following is a detailed explanation of the sub-step 206-3.

(1) And if the first verification object characteristic value is equal to the second verification object characteristic value, determining that the verification node is a standard node.

(2) And if the first verification object characteristic value is not equal to the second verification object characteristic value, determining that the verification node is an abnormal node.

On the basis of the substep 206-3, the comprehensive management method for the intelligent park internet of things can further comprise the following steps:

step 207, when the verification node is the standard node, returning verification passing information to the terminal device 200, so that the terminal device 200 continues to perform normal verification operation.

In step 208, when the verification node is an abnormal node, a verification failure message is returned to the terminal device 200, so that the terminal device 200 stops the normal verification operation and executes the alarm message sending operation.

In addition to the above-mentioned safety verification process, visitors often exist in the smart park, including clients, application personnel and the like, and these floating population can also cause great threat to the safety problem of the smart park, and based on this, the integrated management platform of the internet of things of the smart park further comprises a first preset number of visitor authorization servers and visitor database servers. The embodiment of the invention also provides the following specific scheme.

In step 209, a temporary access trigger signal is received from the terminal device 200.

Wherein the temporary access trigger is used to access the guest database server.

Step 210, initiating a temporary access authorization operation to a second preset number of visitor authorization servers in the first preset number of visitor authorization servers.

The temporary access authorization operation is used for obtaining a visitor identity document corresponding to the visitor authorization server, the visitor authorization server generates a visitor identity logic relationship corresponding to the temporary access trigger signal, the visitor identity logic relationship comprises a second preset number of visitor identity documents recorded according to preset authentication rules, and each visitor identity document is generated by one visitor authorization server.

And step 211, for a target visitor identity certificate in the visitor identity certificate logical relationship, in response to that prestored visitor identity information included in the target visitor identity certificate is matched with visitor identity registration information, acquiring a second key corresponding to the server identifier of the target visitor authorization server from a preset corresponding relationship, and acquiring the second key of the target visitor authorization server.

The preset corresponding relation comprises a corresponding relation between a server identifier of the visitor authorization server and the second key.

And step 212, verifying the encryption result of the target visitor authorization server included in the target visitor identity document by using the second key of the target visitor authorization server.

And step 213, in response to the verification of the encryption result of the target visitor authorization server, determining that the target visitor identification document is verified.

The visitor identity proof logical relationship check is that the visitor identity proof files of the second preset number are all checked to pass.

And step 214, in response to the verification of the visitor identity proof logical relationship, merging the visitor registration contents of the visitor authorization servers of the second preset number, and determining the authority possessed by the terminal device 200.

Step 215, responding to the temporary access trigger signal based on the authority possessed by the terminal device 200.

Wherein, visitor's authorization server generates visitor's identification logic relation that interim access trigger signal corresponds, includes: and for a target visitor authorization server in a second preset number of visitor authorization servers, verifying the visitor identity certification logical relationship in the temporary access authorization operation received by the target visitor authorization server.

And step 216, responding to the verification of the guest identification logic relationship included in the temporary access authorization operation, and verifying the triggering content of the temporary access triggering signal.

And step 217, responding to the trigger content check of the temporary access trigger signal, and executing the step of generating the target visitor identity document.

The temporary access authorization operation received by the target visitor authorization server comprises the following steps: the guest identity proof logical relationship that the guest authorization server has previously generated, and the triggering content of the temporary access trigger signal.

In step 218, a target guest identification document is created in response to the temporary access authorization operation received by the target guest authorization server checking.

In step 219, the server id of the target guest authorization server is written in the target guest identification file.

And step 220, writing the visitor registration content of the target visitor authorization server in the target visitor identity document.

And step 221, calculating visitor identity registration information by adopting a preset algorithm, and writing the visitor identity registration information into the target visitor identity document.

Step 222, encrypting the target visitor identity document by using the first key of the target visitor authorization server, and writing the encryption result of the target visitor authorization server into the target visitor identity document.

The target visitor identity document comprises a server identification of the target visitor authorization server, visitor registration content of the target visitor authorization server, visitor identity registration information of the target visitor identity document and encryption information of the target visitor authorization server.

On this basis, as an alternative specific embodiment, the following provides an example of the foregoing step 203, which can be implemented by the following steps.

The substep 203-1 is to obtain the characteristic value of the upper node in the first verification object and obtain the characteristic value of the verification object corresponding to the historical verification object.

And a substep 203-2 of determining that the first verification information passes the security verification if the superior node feature value is the same as the verification object feature value corresponding to the historical verification object.

And a substep 203-3, if the characteristic value of the upper node is different from the characteristic value of the verification object corresponding to the historical verification object, determining that the first verification information does not pass the security verification.

In sub-step 203-4, if the first authentication information does not pass the security authentication, the authentication server 110 returns the uplink failure information to the terminal apparatus 200, so that the terminal apparatus 200 stops the normal authentication operation and performs the lawful detection operation.

The existence of the above-mentioned personnel-related security verification in the intelligent campus is to protect the core technologies of high and new enterprises in the campus as much as possible, and once the core technologies of one high and new enterprise are compromised, the loss caused is immeasurable. Because whether the work or other operations are performed, the staff operate on the computer, and the leakage person cannot be confirmed after the core file is leaked only by the monitoring equipment, based on this, the embodiment of the present invention further provides a scheme for recovering the relevant operation data such as the work data, the staff change data, and the like, which can be specifically realized by the following steps.

On the basis of the foregoing step 212, the embodiment of the present invention further provides a specific implementation paradigm, which can be implemented by the following steps.

Obtaining a verification serial number of a target visitor authorization server from a server identifier of the target visitor authorization server; acquiring a second key of the target visitor authorization server based on the verification serial number of the target visitor authorization server; wherein the verification serial number of the target visitor authorization server is recorded in the server identification of the target visitor authorization server in the form of a data chain

In step 301, modification information is received from the terminal device 200.

The modification information comprises a target user, modification operation corresponding to the target user, and recovery information used for indicating that prestored backup recovery data needs to be acquired.

Step 302, determining a data set to be restored, which needs to perform data restoration, from the target user according to the received modification information and the local modification information.

Step 3030, storing the historical data of the data set to be restored.

And step 304, extracting the stored historical data of the data set to be restored according to the restoration information, and obtaining the tracing operation of the modification operation executed on the data set to be restored.

Step 305, pre-stored backup recovery data is constructed according to the historical data of the data set to be recovered and the retroactive operation of the modification operation executed on the data set to be recovered.

And step 306, executing data recovery according to the corresponding modification operation of the data set to be recovered in the received modification information, and constructing pre-stored backup recovery data according to the recovery information and the data recovery.

The pre-stored backup recovery data comprises a tracing operation of a modification operation executed on a data set to be recovered in a data recovery process and historical data of the data set to be recovered.

Step 307, the pre-stored backup restoration data is sent to the terminal device 200.

Step 308, receiving a recovery operation trigger from the terminal device 200, where the recovery operation trigger includes historical data of the data set to be recovered and a trace operation of a modification operation performed on the data set to be recovered;

and 309, executing data recovery according to the trace back operation of the data set to be recovered in the recovery operation trigger identifier.

On the basis, the pre-stored backup recovery data adopts a tree structure, wherein the historical data of all the data sets to be recovered and the tracing operation of the modification operation executed on all the data sets to be recovered are presented in the tree structure. In another implementation manner of the embodiment of the present invention, the pre-stored backup recovery data is recorded by using tables, where one table includes historical data of a data set to be recovered, and a trace back operation for a modification operation performed on one data set to be recovered or one table includes a trace back operation for a modification operation performed on one data set to be recovered.

It should be noted that, the implementation principle of the comprehensive management method for the internet of things of the smart park may refer to the implementation principle of the comprehensive management platform for the internet of things of the smart park, and is not described herein again.

The embodiment of the invention provides a computer device 100, wherein the computer device 100 comprises a processor and a nonvolatile memory storing computer instructions, and when the computer instructions are executed by the processor, the computer device 100 executes the comprehensive management method for the internet of things of the intelligent park. As shown in fig. 4, fig. 4 is a block diagram of a computer device 100 according to an embodiment of the present invention. The computer device 100 is comprised of an authentication server 110, a memory 111, a processor 112 and a communication unit 113.

To facilitate the transfer or interaction of data, the elements of the memory 111, the processor 112 and the communication unit 113 are electrically connected to each other, directly or indirectly. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The authentication server 110 includes at least one software function module which may be stored in the memory 111 in the form of software or firmware (fir second preset number ware) or solidified in the Operating System (OS) of the computer device 100. The processor 112 is configured to execute the verification unit 1103 stored in the memory 111, for example, software functional modules and computer programs included in the verification unit 1103.

The embodiment of the invention provides a readable storage medium, which comprises a computer program, and the computer program controls computer equipment where the readable storage medium is located to execute the comprehensive management method for the intelligent park internet of things when running.

In summary, according to the intelligent park internet of things comprehensive management platform and the management method, the intelligent park internet of things comprehensive management platform comprises a verification server, and the verification server is connected with terminal equipment; the authentication server includes: an obtaining unit, configured to obtain a verification trigger sent by a terminal device at a first time, where the verification trigger includes first verification information of a verification node at the first time, the verification node is a verified node in a verification knowledge graph to which the terminal device belongs, and the first verification information includes a first verification character string and a first verification object corresponding to the first verification character string; acquiring a target reference node in a reference knowledge graph based on the first verification character string, wherein a data segment of the target reference node comprises historical verification information, and the historical verification information is verification information corresponding to a successive verification node of the verification nodes; a determination unit configured to determine whether the first authentication information passes security authentication according to the first authentication object and a history authentication object in the history authentication information; if the first verification information passes the safety verification, generating a reference node according to the first verification information, and adding the reference node to a reference knowledge graph to which the verification server belongs; when a rechecking trigger mark sent by the terminal equipment at a second moment is obtained, second verification information carried by the rechecking trigger mark is obtained, wherein the second verification information refers to the verification information of the verification node at the second moment; and the verification unit is used for carrying out identity security verification on the verification node according to the reference node and the second verification information, and can acquire an intelligent park management scheme with high security.

The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated. The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.

Claims

1. The intelligent park Internet of things comprehensive management platform is characterized by comprising a verification server, wherein the verification server is connected with terminal equipment;

the authentication server includes:

the verification unit is used for carrying out identity security verification on the verification node according to the reference node and the second verification information;

the first verification information comprises a first verification character string and a first verification object characteristic value corresponding to the first verification character string, and the second verification information comprises a second verification character string and a second verification object characteristic value corresponding to the second verification character string;

the authentication unit includes:

2. The intelligent campus internet of things integrated management platform of claim 1, wherein the verification subunit is specifically configured to:

3. The intelligent campus internet of things integrated management platform of claim 2, wherein the verification subunit is further configured to:

4. The intelligent park internet of things integrated management platform according to claim 1, further comprising a first preset number of visitor authorization servers, and a visitor database server;

the verification unit is further configured to:

5. The intelligent campus internet of things integrated management platform of claim 1, wherein the determining unit is specifically configured to:

6. The intelligent campus internet of things integrated management platform of claim 1, wherein the authentication server further comprises a recovery unit;

the recovery unit is configured to:

storing historical data of the data set to be restored;

constructing the pre-stored backup recovery data according to the historical data of the data set to be recovered and the tracing operation of the modification operation executed on the data set to be recovered;

sending the pre-stored backup recovery data to the terminal equipment;

7. The comprehensive management method of the Internet of things of the smart park is characterized by being applied to a verification server in a comprehensive management platform package of the Internet of things of the smart park, wherein the verification server is connected with terminal equipment;

the method comprises the following steps:

performing identity security verification on the verification node according to the reference node and the second verification information;

8. The integrated management method of the internet of things of the intelligent park according to claim 7, wherein the step of performing identity security verification on the verification node according to the first verification object characteristic value and the second verification object characteristic value comprises the following steps: