CN112153068A - Internet of things equipment access authority security management method - Google Patents
Internet of things equipment access authority security management method Download PDFInfo
- Publication number
- CN112153068A CN112153068A CN202011042989.4A CN202011042989A CN112153068A CN 112153068 A CN112153068 A CN 112153068A CN 202011042989 A CN202011042989 A CN 202011042989A CN 112153068 A CN112153068 A CN 112153068A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- modules
- security
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a method for safely managing access authority of equipment of the Internet of things, which relates to the technical field of access authority of the equipment of the Internet of things and comprises the following steps: at least two groups of safety modules are set up in advance, and information synchronization is carried out on the safety modules; one group of the security modules is connected with a router in the Internet of things and used for distributing keys to intelligent equipment in the Internet of things, and the other group of the security modules is connected with a mobile terminal and used for receiving and sending instructions remotely; the intelligent device requests communication and a key from one group of the security modules, and the security modules generate a time slice key and issue and record an application log. The invention realizes the safety of the use environment and data interaction, can determine whether the intelligent equipment can be accessed or not according to the authorization of the safety module and the access time limit or the access frequency limit of the intelligent equipment, can effectively prevent illegal access and information leakage, and protects the safety of the equipment and data of the Internet of things of the user.
Description
Technical Field
The invention relates to the technical field of access permissions of equipment of the Internet of things, in particular to a safety management method for the access permissions of the equipment of the Internet of things.
Background
With the development of information technology and internet, more and more traditional products have network access functions, such as cameras, automobiles, door controls and the like, and users can communicate with the objects through a network, and the objects can also communicate with the objects through the network, so that the objects become a part of the network, which is called internet of things.
Currently, with the development of the technology of the internet of things, the internet of things has applications in many fields (such as home, traffic, monitoring, medical treatment and the like). The user can control and use the internet of things equipment through software or a method provided by the internet of things equipment manufacturer. From the market of the internet of things, the internet of things has the following characteristics at present: the manufacturers engaged in the research and development of the equipment of the Internet of things are numerous, the products are various, and a certain market scale is formed at present; however, the internet of things equipment access, authorization and authentication methods provided by various internet of things equipment manufacturers are insufficient (for example, a user directly uses a default account and a password, the user uses a password which is commonly used by the user, information transmission is not encrypted, and the like), and the internet of things equipment access, authorization and authentication methods are easily utilized by lawbreakers; and because there are numerous manufacturers of the internet of things, and access, authorization and authentication methods of the internet of things devices of different manufacturers are different, when a user uses the internet of things devices of different manufacturers, the user needs to use a plurality of application programs of the internet of things devices and well record credentials such as user names and passwords of the devices, so that the user experience is poor.
The above problems easily cause that the internet of things equipment of the user is easily illegally accessed by others, so that serious problems of information leakage of the user, illegal operation and control of the internet of things equipment, reduction of user experience and the like are caused, and even important data of some internet of things equipment is modified, equipment failure and serious safety accidents are possibly caused.
The invention patent CN108650212A of retrieval China discloses an Internet of things authentication and access control method and an Internet of things security gateway system. Specifically, the method comprises the following steps: an initialization step, namely connecting and binding the Internet of things equipment and a security gateway platform; a terminal device authentication and authorization step, in which the terminal device is directly connected to a security gateway platform or a network where the security gateway platform is located to perform terminal device authentication and authorization; a user registration and authorization step, wherein the user performs registration and Internet of things equipment access authorization through authenticated equipment; a login authentication step, wherein a user logs in a security gateway platform on authenticated terminal equipment; and a step of equipment access authentication, in which the security gateway system verifies that the user initiates an equipment access request and connects the client and the Internet of things equipment. The security of the Internet of things system can be effectively improved, and attack and invasion are prevented. However, the serious problems that the internet of things equipment is easily illegally accessed by others, so that information of a user is leaked, the internet of things equipment is illegally controlled, and user experience is reduced still exist.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a method for safely managing the access authority of the equipment of the Internet of things, which can determine whether the intelligent equipment can be accessed or not and the access time limit or the access frequency limit of the intelligent equipment according to the authorization of a safety module, can effectively prevent illegal access and information leakage, and protect the safety of the equipment of the Internet of things and data of a user so as to overcome the technical problems in the prior related art.
The technical scheme of the invention is realized as follows:
an Internet of things equipment access right security management method comprises the following steps:
step S1, at least two groups of safety modules are set up in advance, and information synchronization is carried out on the safety modules;
step S2, one group of the security modules is connected with a router in the Internet of things and used for distributing keys to intelligent equipment in the Internet of things, and the other group of the security modules is connected with a mobile terminal and used for receiving and sending commands remotely;
step S3, the intelligent device requests communication and requests a key from one group of the security modules, the security modules generate a time slice key and issue and record an application log, wherein the time slice key comprises an APPRootKey and a time stamp.
Further, the method also comprises the following steps:
the intelligent equipment transmits the acquired information, wherein one group of the safety modules encrypts the acquired information and completes transmission and recording of a transmission log.
Furthermore, one group of the security modules accesses, records and applies for logs and records transmission logs, and acquires log information.
Further, the method also comprises the following steps:
and one group of the security modules decrypts the encrypted acquisition information and acquires the acquisition information.
Further, the method also comprises the following steps:
one set of the security modules performs key authority distribution management, including refusing to distribute keys and distributing wrong keys.
The invention has the beneficial effects that:
according to the method for safely managing the access authority of the equipment of the Internet of things, at least two groups of safety modules are built, information synchronization is carried out on the safety modules, one group of safety modules is connected with a router in the Internet of things and used for distributing the secret key to the intelligent equipment in the Internet of things, the other group of safety modules is connected with the mobile terminal and used for receiving and sending the command remotely, the intelligent equipment requests communication and requests the secret key from one group of safety modules, the safety modules generate the time slice secret key and send and record application logs, the safety of use environment and data interaction is achieved, whether the intelligent equipment can be accessed or not can be determined according to the authorization of the safety modules, the access time limit or the access time limit of the intelligent equipment can be determined according to the authorization of the safety modules, illegal access and information leakage can be effectively prevented, and the safety of.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for securely managing access rights of an internet of things device according to an embodiment of the present invention;
fig. 2 is a schematic view of a scene application of a method for security management of access rights of an internet of things device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
According to the embodiment of the invention, a method for safely managing the access authority of the equipment of the Internet of things is provided.
As shown in fig. 1-2, the method for securely managing access rights of an internet of things device according to an embodiment of the present invention includes the following steps:
step S1, at least two groups of safety modules are set up in advance, and information synchronization is carried out on the safety modules;
step S2, one group of the security modules is connected with a router in the Internet of things and used for distributing keys to intelligent equipment in the Internet of things, and the other group of the security modules is connected with a mobile terminal and used for receiving and sending commands remotely;
step S3, the intelligent device requests communication and requests a key from one group of the security modules, the security modules generate a time slice key and issue and record an application log, wherein the time slice key comprises an APPRootKey and a time stamp.
By means of the scheme, at least two groups of security modules are built, information synchronization is carried out on the security modules, one group of security modules is connected with a router in the Internet of things and used for distributing keys to intelligent equipment in the Internet of things, the other group of security modules is connected with a mobile terminal and used for receiving and sending instructions remotely, the intelligent equipment requests communication and requests the keys to one group of security modules, the security modules generate time slice keys and send and record application logs, the security of use environment and data interaction is achieved, whether the intelligent equipment can be accessed or not can be determined according to the authorization of the security modules, the access time limit or the access time limit of the intelligent equipment can be determined, illegal access and information leakage can be effectively prevented, and the security of the Internet of things equipment and data of a user can be protected.
Wherein, still include the following step:
the intelligent equipment transmits the acquired information, wherein one group of the safety modules encrypts the acquired information and completes transmission and recording of a transmission log.
And one group of the security modules accesses, records and applies for logs and records transmission logs, and acquires log information.
Wherein, still include the following step:
and one group of the security modules decrypts the encrypted acquisition information and acquires the acquisition information.
Wherein, still include the following step:
one set of the security modules performs key authority distribution management, including refusing to distribute keys and distributing wrong keys.
Specifically, two or more security modules (security shields) are used for accessing a home local area network, an application is newly built, and each application generates a tracking key which is recorded as an APPRootKey. And accessing the camera which selects to support a security module (security shield) access protocol into a home local area network, and connecting a security shield. Then, each time the camera communicates with the outside, the camera requests a key from the security shield, and the key has available time, if it is set to be 5 minutes. The key is requested again every 5 minutes. After receiving the key application, the security shield in the home generates a session key in a time period by using a corresponding APPRootKey plus time element through an irreversible algorithm, and records the application history. Holding another security shield and can going out, when the camera in the family is connected to needs, opening the APP of camera producer, bluetooth security shield can be connected to producer APP, the current key of request. Because there may be a deviation in time, the key has a window period, such as 15 minutes. Then the vendor APP may request 3 keys in 15 minutes. The two security shields have the same APPRootKey and adopt the same algorithm, a secret key in each time period can be calculated, and the manufacturer APP decrypts data by using the secret key to obtain video stream data. In addition, after the security shield is used, the camera video data can be sent only by encrypting the key of the security shield, and the real data can be obtained only by decrypting the key of the security shield, so that the user can completely ensure the privacy security of the user only by holding the security shield, and in addition, if the security shield is lost, only the APPRootKey needs to be reset.
In summary, according to the technical scheme of the invention, by building at least two groups of security modules, synchronizing information of the security modules, connecting one group of security modules with a router in the internet of things for distributing keys to intelligent devices in the internet of things, connecting the other group of security modules with a mobile terminal for receiving and sending instructions remotely, requesting communication by the intelligent devices and requesting the keys from one group of security modules, generating time slice keys by the security modules and issuing and recording application logs, the security of use environment and data interaction is realized, whether the intelligent devices can be accessed or not can be determined according to the authorization of the security modules, the access time limit or the access time limit of the intelligent devices can be determined according to the authorization of the security modules, illegal access and information leakage can be effectively prevented, and the security of the devices and data of the internet of things can be protected.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (5)
1. An Internet of things equipment access right security management method is characterized by comprising the following steps:
at least two groups of safety modules are set up in advance, and information synchronization is carried out on the safety modules;
one group of the security modules is connected with a router in the Internet of things and used for distributing keys to intelligent equipment in the Internet of things, and the other group of the security modules is connected with a mobile terminal and used for receiving and sending instructions remotely;
the intelligent equipment requests communication and requests a key from one group of the security modules, the security modules generate a time slice key and issue and record an application log, wherein the time slice key comprises an APPRootKey and a time stamp.
2. The Internet of things device access right security management method according to claim 1, further comprising the following steps:
the intelligent equipment transmits the acquired information, wherein one group of the safety modules encrypts the acquired information and completes transmission and recording of a transmission log.
3. The Internet of things equipment access right security management method according to claim 2, wherein one group of the security modules performs access recording application logs and recording transmission logs, and acquires log information.
4. The Internet of things device access right security management method according to claim 2, further comprising the following steps:
and one group of the security modules decrypts the encrypted acquisition information and acquires the acquisition information.
5. The Internet of things device access right security management method according to claim 1, further comprising the following steps:
one set of the security modules performs key authority distribution management, including refusing to distribute keys and distributing wrong keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011042989.4A CN112153068A (en) | 2020-09-28 | 2020-09-28 | Internet of things equipment access authority security management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011042989.4A CN112153068A (en) | 2020-09-28 | 2020-09-28 | Internet of things equipment access authority security management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112153068A true CN112153068A (en) | 2020-12-29 |
Family
ID=73896087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011042989.4A Pending CN112153068A (en) | 2020-09-28 | 2020-09-28 | Internet of things equipment access authority security management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112153068A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117421307A (en) * | 2023-12-18 | 2024-01-19 | 山东中翰软件有限公司 | Enterprise management data management system and method based on big data analysis |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475624A (en) * | 2012-06-06 | 2013-12-25 | 中兴通讯股份有限公司 | Internet of Things key management center system, key distribution system and method |
| CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
| CN110784491A (en) * | 2019-11-13 | 2020-02-11 | 深圳前海智安信息科技有限公司 | Internet of things safety management system |
-
2020
- 2020-09-28 CN CN202011042989.4A patent/CN112153068A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475624A (en) * | 2012-06-06 | 2013-12-25 | 中兴通讯股份有限公司 | Internet of Things key management center system, key distribution system and method |
| CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
| CN110784491A (en) * | 2019-11-13 | 2020-02-11 | 深圳前海智安信息科技有限公司 | Internet of things safety management system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117421307A (en) * | 2023-12-18 | 2024-01-19 | 山东中翰软件有限公司 | Enterprise management data management system and method based on big data analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100980831B1 (en) | Method and apparatus for deterrence of secure communication using One Time Password | |
| US7581099B2 (en) | Secure object for convenient identification | |
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| KR100820671B1 (en) | Apparatus and method of managing access permission to devices in a network and authuentication between such devices | |
| US8724811B2 (en) | Broadcast encryption based security system | |
| US20130019281A1 (en) | Server Based Remote Authentication for BIOS | |
| US20150121498A1 (en) | Remote keychain for mobile devices | |
| CA2672775A1 (en) | Simplified management of authentication credentials for unattended applications | |
| US9961078B2 (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| WO2004053700A1 (en) | A system and method for consolidation of user directories | |
| KR101837188B1 (en) | Video protection system | |
| CN107948235B (en) | JAR-based cloud data security management and audit device | |
| US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
| EP2896177A1 (en) | Method and devices for registering a client to a server | |
| KR100651717B1 (en) | Method and home network system for authentication between remote terminal and home network using smart card | |
| US8051470B2 (en) | Consolidation of user directories | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| KR101810904B1 (en) | Video protection system | |
| CN112153068A (en) | Internet of things equipment access authority security management method | |
| US20220182229A1 (en) | Protected protocol for industrial control systems that fits large organizations | |
| CN113839922B (en) | Information safety protection system and method for video monitoring system | |
| CN114666079A (en) | Industrial control system access control method based on attribute certificate | |
| KR20180133034A (en) | Protection system and method of electric power systems | |
| KR20090068899A (en) | Method and apparatus for providing service opening information of 3rd party, service authentication information generation method using the method, and service authentication system using the apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201229 |