CN112311792A

CN112311792A - Smart home access authorization method and smart home system

Info

Publication number: CN112311792A
Application number: CN202011183158.9A
Authority: CN
Inventors: 陈力
Original assignee: Individual
Current assignee: Individual
Priority date: 2020-03-16
Filing date: 2020-03-16
Publication date: 2021-02-02
Also published as: CN111262884B; CN112261058A; CN111262884A

Abstract

The embodiment of the application provides an intelligent home access authorization method and an intelligent home system, by adopting an automatic access authorization mechanism of the intelligent home system, after an access snapshot is generated when a first intelligent home device and a second intelligent home device execute data access operation after initiating an authority control request, a reverse access snapshot corresponding to the access snapshot is further combined, the access authorization mechanism can be completed in a two-way mode, an authorization matching relation aiming at each authority category item is established, and therefore access authorization is carried out on an authority control process between the first intelligent home device and the second intelligent home device according to the authorization matching relation. Therefore, automatic default configuration can be carried out in the initial access process of the two intelligent household devices without depending on manual configuration of a user, and the security of the private data of the intelligent household devices is effectively improved.

Description

Smart home access authorization method and smart home system

Technical Field

The application relates to the technical field of intelligent home, in particular to an intelligent home access authorization method and an intelligent home system.

Background

With the rapid development of the internet of things technology, in the process of home-to-home access of the smart home, data access among the smart home devices is more and more frequent. Therefore, it is very necessary to perform certain access authorization limitation on the mutual data access process of the smart home devices, rather than allowing all smart home devices to freely access. However, the conventional access authorization scheme usually requires a user to manually configure, for example, manually configure access authorization verification codes of various authority category items in the smart home device for association pairing. According to the scheme, on one hand, a user needs to invest more learning cost, an access authorization mechanism is too dependent on manual configuration of the user, and on the other hand, once the user does not have the manual configuration, the intelligent home system cannot perform automatic default configuration in the initial access process of the two subsequent intelligent home devices, and further the security of private data of the intelligent home devices is possibly influenced.

Disclosure of Invention

In view of this, an object of the present application is to provide an intelligent home access authorization method and an intelligent home system, which adopt an automatic access authorization mechanism of the intelligent home system, do not need to rely too much on manual configuration of a user, and can perform automatic default configuration in an initial access process of two pieces of intelligent home equipment, thereby effectively improving security of private data of the intelligent home equipment.

In a first aspect, the present application provides an intelligent home access authorization method, which is applied to a server, where the server is in communication connection with a plurality of intelligent home devices, and the plurality of intelligent home devices are in the same home scene, where the method includes:

acquiring a permission control request sent by first intelligent household equipment to second intelligent household equipment, and constructing a first authorized access channel corresponding to the first intelligent household equipment and a second authorized access channel corresponding to the second intelligent household equipment according to the permission control request, wherein the first authorized access channel and the second authorized access channel respectively comprise authorized access verification scripts of a plurality of different authorized access labels;

the method comprises the steps of extracting an authority verification node of each authorized access verification script of first intelligent home equipment in a first authorized access channel, determining an authorized access verification script of an associated authorized access label corresponding to an authority control request in a second authorized access channel as a target authorized access verification script, mapping the authority verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of second intelligent home equipment, obtaining a target access verification node in the target authorized access verification script, and generating an access snapshot between the first intelligent home equipment and the second intelligent home equipment according to the authority verification node and the target access verification node;

obtaining a first script verification instruction in the target authorized access verification script by taking the target access verification node as a target, mapping the first script verification instruction to the authorized access verification script where the authority verification node is located according to the reverse access snapshot corresponding to the access snapshot, obtaining a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script where the authority verification node is located, and summarizing the first script verification instruction and the second script verification instruction into a target script verification instruction;

obtaining a verification access directory mapped by the permission verification node into the target authorized access verification script, sequentially obtaining target verification areas corresponding to the target script verification instructions in the second authorized access channel according to verification matching degrees between the target script verification instructions and to-be-verified instruction files corresponding to a plurality of to-be-verified command lines on the verification access directory, stopping obtaining the target verification areas in the next authorized access verification script until the verification positions of the obtained target verification areas in the authorized access verification script are consistent with the verification positions of the target script verification instructions in the first authorized access channel, establishing an authorization matching relation between the target script verification instructions and the last obtained target verification areas for each permission type item, and performing authorization matching relation between the first intelligent home equipment and the second intelligent home equipment according to the authorization matching relation The restricted control process performs access authorization.

In a possible design of the first aspect, the step of constructing, according to the permission control request, a first authorized access channel corresponding to the first smart home device and a second authorized access channel corresponding to the second smart home device includes:

acquiring a first device identifier of a first intelligent household device and a second device identifier of a second intelligent household device from an authority control request sent from the first intelligent household device to the second intelligent household device;

constructing the first authorized access channel corresponding to the first smart home device according to a first authorized access configuration file corresponding to the first device identifier in advance;

and constructing a second authorized access channel corresponding to the second intelligent household equipment according to a second authorized access configuration file corresponding to the second equipment identifier in advance.

In a possible design of the first aspect, the step of mapping the permission verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second smart home device, obtaining a target access verification node in the target authorized access verification script, and generating an access snapshot between the first smart home device and the second smart home device according to the permission verification node and the target access verification node includes:

mapping the authority verification node to the target authorized access verification script according to the preset authorized access model and the access instruction sequence, and obtaining the target access verification node in the target authorized access verification script;

acquiring a correlation verification node in an authorized access verification script where the authority verification node is located, wherein the correlation verification node is a nearby verification node taking the authority verification node as a reference;

mapping the associated verification node to the target authorized access verification script according to the preset authorized access model and the access instruction sequence, and obtaining an associated mapping verification node in the target authorized access verification script;

and generating an access snapshot between the first intelligent household equipment and the second intelligent household equipment according to the authorization matching relationship between the authority verification node and the associated verification node, the target access verification node and the associated mapping verification node.

In a possible design of the first aspect, the step of sequentially obtaining the target verification area corresponding to the target script verification instruction in the second authorized access channel according to the verification matching degree between the target script verification instruction and the to-be-verified instruction file corresponding to the multiple to-be-verified instruction lines on the verification access directory until the verification position of the obtained authorized access verification script in which the target verification area is located is consistent with the verification position of the target script verification instruction in the first authorized access channel stops obtaining the target verification area in the next authorized access verification script, establishes an authorization matching relationship between the target script verification instruction and the last obtained target verification area for each authorization category item, and performs access authorization on the authorization control process between the first smart home device and the second smart home device according to the authorization matching relationship, the method comprises the following steps:

determining a to-be-traversed access verification target on the verification access directory, sequentially traversing the access verification targets on the to-be-traversed access verification target according to a verification frequency threshold, determining the traversed access verification target as a plurality of to-be-verified command lines corresponding to the target script verification instruction on the target authorized access verification script, and respectively generating to-be-verified command files with each to-be-verified command line as a target, wherein the directory source of the to-be-verified command files is the same as the directory source of the second script verification instruction;

according to the instruction sequence in each instruction file to be verified and the instruction sequence in the second script verification instruction, respectively obtaining verification matching degree between each instruction file to be verified and the second script verification instruction;

determining a first command line to be verified and a second command line to be verified in the multiple command lines to be verified according to the verification matching degree, if the first command line to be verified and the second command line to be verified meet a target condition, obtaining the verification matching degree between a command file to be verified corresponding to the first command line to be verified and the second script verification command as a first verification matching degree, and obtaining the verification matching degree between the command file to be verified corresponding to the second command line to be verified and the second script verification command as a second verification matching degree, wherein the first command line to be verified and the second command line to be verified are respectively a command line to be verified corresponding to the maximum verification matching degree and the second verification matching degree;

if the first verification matching degree is greater than a set matching degree and the difference between the first verification matching degree and the second verification matching degree is greater than a set difference, determining the first command line to be verified as a target verification command line of the target script verification instruction in the target authorized access verification script and taking the target verification command line as a target verification area;

if the number of command lines of the target authorized access verification script is larger than the number of command lines of the target script verification instruction in the first authorized access channel, mapping the target verification area and the verification access directory into the next authorized access verification script of the target authorized access verification script;

determining a to-be-traversed access verification target which takes the mapped target verification area as a target in the mapped verification access directory based on the target traversal range;

acquiring a target verification region on the to-be-traversed access verification target in the next authorized access verification script, determining the next authorized access verification script as the target authorized access verification script, and determining a target verification command line in the next authorized access verification script as the target verification region;

and if the verification position of the target authorized access verification script in the second authorized access channel is consistent with the verification position of the target script verification instruction in the first authorized access channel, establishing an authorized matching relation between the target script verification instruction and the target verification area determined at the last time.

In one possible design of the first aspect, the step of establishing an authorized matching relationship between the target script verification instruction and the last determined target verification area includes:

obtaining a local verification instruction in the second script verification instruction by taking the target script verification instruction as a search reference instruction, taking the target verification area determined at the last time as an adjustment node, and obtaining an adjustment verification instruction taking the adjustment node as a target in an authorized access verification script where the adjustment node is located, wherein a directory source of the adjustment verification instruction is the same as that of the local verification instruction;

determining a position adjusting parameter of the adjusting verification instruction according to an instruction sequence in the adjusting verification instruction and an instruction sequence in the local verification instruction, and adjusting the position of the adjusting verification instruction according to the position adjusting parameter;

and when the position adjusting parameter meets the condition of a preset parameter range, determining the target of the adjusted verification instruction after the position adjustment as an adjusted target verification command line, and establishing an authorized matching relation between the target script verification instruction and the adjusted target verification command line.

In a possible design of the first aspect, the step of performing access authorization on the authorization control process between the first smart home device and the second smart home device according to the authorization matching relationship includes:

virtualizing the authority control requests sent by the first intelligent home equipment and the second intelligent home equipment under a virtual control scene of the server;

running related application programs corresponding to the authority control request in the first intelligent household equipment and the second intelligent household equipment according to the application program control information corresponding to the requested control authority in the authority control request in the virtual control scene to obtain the authority control information of an authority calling channel of each related application program in the virtual control process, and respectively extracting the authority control result of the corresponding related application program under each authority category item from the authority control information corresponding to each related application program;

and according to the authorization matching relation between the target script verification instruction and the last obtained target verification area for each permission type item, performing access authorization on the permission control result of the corresponding related application program under the corresponding permission type item, so that the permission control result under the permission type item after the access authorization is completed can be verified in the subsequent permission control process between the first intelligent household equipment and the second intelligent household equipment.

In a possible design of the first aspect, the step of operating, in the virtual control scenario, a relevant application corresponding to the permission control request in the first smart home device and the second smart home device according to application control information corresponding to the requested control permission of the permission control request, so as to obtain permission control information of a permission call channel of each relevant application in a virtual control process includes:

establishing service associated authority information of the authority control request according to service content request information of the authority control service of the authority control request by the plurality of intelligent home devices, wherein the service associated authority information is used for reflecting authority expression information when authority control is carried out in the authority control request;

monitoring the authority of the service associated authority information of the authority control service of the authority control request according to an authority monitoring model corresponding to the requested control authority to obtain the application program control information of the authority control request corresponding to the requested control authority;

determining authority calling channel information of the authority control request according to application program control information of the authority control request;

and operating each related application program according to the authority calling channel information to acquire the authority control information of the authority calling channel of each related application program in the virtual control process.

In a second aspect, an embodiment of the present application further provides an intelligent home access authorization apparatus, which is applied to a server, where the server is in communication connection with a plurality of intelligent home devices, and the plurality of intelligent home devices are located in the same home scene, and the apparatus includes:

the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring an authority control request sent by first intelligent household equipment to second intelligent household equipment, constructing a first authorized access channel corresponding to the first intelligent household equipment and constructing a second authorized access channel corresponding to the second intelligent household equipment according to the authority control request, and the first authorized access channel and the second authorized access channel respectively comprise authorized access verification scripts of a plurality of different authorized access labels;

a snapshot generating module, configured to extract an authorization verification node of each authorization access verification script of the first smart home device in the first authorization access channel, determine an authorization access verification script of an associated authorization access tag corresponding to an authorization control request in the second authorization access channel as a target authorization access verification script, map the authorization access verification node to the target authorization access verification script according to a preset authorization access model and an access instruction sequence of the second smart home device, obtain a target access verification node in the target authorization access verification script, and generate an access snapshot between the first smart home device and the second smart home device according to the authorization access verification node and the target access verification node;

the mapping module is used for acquiring a first script verification instruction in the target authorized access verification script by taking the target access verification node as a target, mapping the first script verification instruction to the authorized access verification script where the authority verification node is located according to the reverse access snapshot corresponding to the access snapshot, obtaining a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script where the authority verification node is located, and summarizing the first script verification instruction and the second script verification instruction into the target script verification instruction;

an access authorization module, configured to obtain a verification access directory mapped by the permission verification node to the target authorized access verification script, and according to a verification matching degree between the target script verification instruction and a to-be-verified instruction file corresponding to multiple to-be-verified instruction lines on the verification access directory, sequentially obtain a target verification region corresponding to the target script verification instruction in the second authorized access channel, stop obtaining a target verification region in the next authorized access verification script until a verification position of the obtained target verification region in the authorized access verification script is consistent with a verification position of the target script verification instruction in the first authorized access channel, and establish an authorization matching relationship between the target script verification instruction and the last obtained target verification region for each permission item, and performing access authorization on the authority control process between the first intelligent household equipment and the second intelligent household equipment according to the authorization matching relationship.

In a third aspect, an embodiment of the present application further provides an intelligent home system, where the intelligent home system includes a server and multiple intelligent home devices in communication connection with the server, and the multiple intelligent home devices are in a same home scene;

when a first smart home device sends a permission control request to a second smart home device, the server is used for acquiring the permission control request sent by the first smart home device to the second smart home device, constructing a first authorized access channel corresponding to the first smart home device and constructing a second authorized access channel corresponding to the second smart home device according to the permission control request, wherein the first authorized access channel and the second authorized access channel respectively comprise authorized access verification scripts of a plurality of different authorized access tags;

the server is used for extracting an authority verification node of each authorized access verification script of the first intelligent home equipment in the first authorized access channel, determining an authorized access verification script of an associated authorized access label corresponding to an authority control request in the second authorized access channel as a target authorized access verification script, mapping the authority verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second intelligent home equipment, obtaining a target access verification node in the target authorized access verification script, and generating an access snapshot between the first intelligent home equipment and the second intelligent home equipment according to the authority verification node and the target access verification node;

the server is used for acquiring a first script verification instruction in the target authorized access verification script by taking the target access verification node as a target, mapping the first script verification instruction to the authorized access verification script where the authority verification node is located according to the reverse access snapshot corresponding to the access snapshot, obtaining a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script where the authority verification node is located, and summarizing the first script verification instruction and the second script verification instruction into a target script verification instruction;

the server is used for obtaining the verification access directory mapped by the authority verification node into the target authorized access verification script, sequentially obtaining a target verification area corresponding to the target script verification instruction in the second authorized access channel according to the verification matching degree between the target script verification instruction and a to-be-verified instruction file corresponding to a plurality of to-be-verified instruction lines on the verification access directory, stopping obtaining the target verification area in the next authorized access verification script until the verification position of the obtained target verification area in the authorized access verification script is consistent with the verification position of the target script verification instruction in the first authorized access channel, and establishing an authorization matching relation between the target script verification instruction and the target verification area obtained last time for each authority category item, and performing access authorization on the authority control process between the first intelligent household equipment and the second intelligent household equipment according to the authorization matching relationship.

In a fourth aspect, an embodiment of the present application further provides a server, where the server includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is configured to be in communication connection with at least one smart home device, the machine-readable storage medium is configured to store a program, an instruction, or a code, and the processor is configured to execute the program, the instruction, or the code in the machine-readable storage medium to perform the smart home access authorization method in the first aspect or any possible design of the first aspect.

In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed, the computer is caused to execute the smart home access authorization method in the first aspect or any one of the possible designs of the first aspect.

According to any one of the aspects, after the access snapshot during the execution of the data access operation after the first smart home device and the second smart home device initiate the permission control request is generated by adopting the automatic access authorization mechanism of the smart home system, the access authorization mechanism can be completed in a bidirectional manner by further combining the reverse access snapshot corresponding to the access snapshot, and thus the authorization matching relationship for each permission type item is established, so that the access authorization is performed on the permission control process between the first smart home device and the second smart home device according to the authorization matching relationship. Therefore, automatic default configuration can be carried out in the initial access process of the two intelligent household devices without depending on manual configuration of a user, and the security of the private data of the intelligent household devices is effectively improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.

Fig. 1 is a schematic view of an application scenario of an intelligent home system provided in an embodiment of the present application;

fig. 2 is a schematic flowchart of a smart home access authorization method provided in an embodiment of the present application;

fig. 3 is a schematic functional module diagram of an intelligent home access authorization apparatus provided in an embodiment of the present application;

fig. 4 is a block diagram schematically illustrating a structure of a server for implementing the smart home access authorization method according to the embodiment of the present application.

Detailed Description

The present application will now be described in detail with reference to the drawings, and the specific operations in the method embodiments may also be applied to the apparatus embodiments or the system embodiments.

Fig. 1 is an interaction diagram of an intelligent home system 10 according to an embodiment of the present application. The smart home system 10 may include a server 100 and smart home devices 200 connected to the server 100 through network communication, the smart home system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the smart home system 10 may also include only a part of the components shown in fig. 1 or may also include other components.

In this embodiment, the smart home device 200 may connect various devices (such as an audio/video device, a lighting system, a curtain control, an air conditioner control, a security system, a digital cinema system, an audio/video server, a film cabinet system, a network home appliance, etc.) in a home together through an internet of things technology, and provide multiple functions and means such as a home appliance control, a lighting control, a telephone remote control, an indoor and outdoor remote control, an anti-theft alarm, an environment monitoring, a heating and ventilation control, an infrared forwarding, a programmable timing control, etc. For example, the smart home device 200 may include a network refrigerator, a network air conditioner, a network washing machine, a network water heater, a network microwave oven, a network cooker, and the like, which are not particularly limited herein.

In order to solve the technical problem in the foregoing background art, fig. 2 is a schematic flowchart of a smart home access authorization method provided in an embodiment of the present application, where the smart home access authorization method provided in the present embodiment may be executed by the server 100 shown in fig. 1, and the following describes the smart home access authorization method in detail.

Step S110, an authority control request sent by the first intelligent household device to the second intelligent household device is obtained, and a first authorized access channel corresponding to the first intelligent household device and a second authorized access channel corresponding to the second intelligent household device are established according to the authority control request.

In this embodiment, the first authorized access channel and the second authorized access channel may respectively include multiple authorized access verification scripts of different authorized access tags. The authorized access tag may refer to an authorized data category of specific access, such as an authorized data category of microwave oven data, refrigerator data, lamp data, and the like.

Step S120, an authority verification node of each authorized access verification script of the first intelligent home equipment in the first authorized access channel is extracted, an authorized access verification script of an associated authorized access label corresponding to the authority control request in the second authorized access channel is determined to be a target authorized access verification script, the authority verification node is mapped to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second intelligent home equipment, a target access verification node is obtained in the target authorized access verification script, and an access snapshot between the first intelligent home equipment and the second intelligent home equipment is generated according to the authority verification node and the target access verification node.

In this embodiment, the permission verification node may refer to a certain node of the program instruction for performing the permission verification work, and the target access verification node may refer to a certain node of the program instruction for performing the access verification work.

Step S130, a first script verification instruction is obtained in the target authorized access verification script by taking the target access verification node as a target, the first script verification instruction is mapped to the authorized access verification script where the authority verification node is located according to the reverse access snapshot corresponding to the access snapshot, a second script verification instruction corresponding to the first script verification instruction is obtained in the authorized access verification script where the authority verification node is located, and the first script verification instruction and the second script verification instruction are gathered to be the target script verification instruction.

In this embodiment, the reverse access snapshot corresponding to the access snapshot may be obtained by performing reverse processing on the access snapshot, for example, the access snapshot may be re-processed in a manner of an authority control request sent by the second smart home device to the first smart home device, so as to obtain the reverse access snapshot corresponding to the access snapshot.

Step S140, the right verification node is obtained and mapped to the verification access directory in the target authorized access verification script, and according to the verification matching degree between the target script verification instruction and the to-be-verified instruction file corresponding to the plurality of to-be-verified command lines on the verification access directory, sequentially acquiring a target verification area corresponding to the target script verification instruction in the second authorized access channel until the verification position of the authorized access verification script where the acquired target verification area is located is consistent with the verification position of the target script verification instruction in the first authorized access channel, stopping acquiring the target verification area in the next authorized access verification script, and establishes an authorization matching relationship between the target script verification instruction and the last acquired target verification area for each permission type item, and performing access authorization on the authority control process between the first intelligent household equipment and the second intelligent household equipment according to the authorization matching relationship.

In the above steps, by using an automatic access authorization mechanism of the smart home system, after generating an access snapshot when the first smart home device and the second smart home device perform a data access operation after initiating the permission control request, the embodiment further combines with a reverse access snapshot corresponding to the access snapshot, so that the access authorization mechanism can be completed bidirectionally, and thereby an authorization matching relationship for each permission type item is established, so as to perform access authorization on the permission control process between the first smart home device and the second smart home device according to the authorization matching relationship. Therefore, automatic default configuration can be carried out in the initial access process of the two intelligent household devices without depending on manual configuration of a user, and the security of the private data of the intelligent household devices is effectively improved.

In a possible design, for step S110, the embodiment may specifically obtain a first device identifier of the first smart home device and a second device identifier of the second smart home device from an authority control request sent by the first smart home device to the second smart home device, and then construct a first authorized access channel corresponding to the first smart home device according to a first authorized access configuration file pre-corresponding to the first device identifier, so that a second authorized access channel corresponding to the second smart home device may be constructed according to a second authorized access configuration file pre-corresponding to the second device identifier.

In a possible design, for step S120, in order to accurately obtain an access snapshot between the first smart home device and the second smart home device, the present embodiment may map the authorization verification node to the target authorization access verification script according to a preset authorization access model and an access instruction sequence, obtain the target access verification node in the target authorization access verification script, and obtain the associated verification node in the authorization access verification script in which the authorization verification node is located.

The associated verification node may be a nearby verification node with reference to the authority verification node.

On the basis, the associated verification node can be mapped to the target authorized access verification script according to a preset authorized access model and an access instruction sequence, the associated mapping verification node is obtained in the target authorized access verification script, and then an access snapshot between the first intelligent home equipment and the second intelligent home equipment is generated according to an authorization matching relationship between the authority verification node and the associated verification node, the target access verification node and the associated mapping verification node.

That is, in this embodiment, the access snapshot may be used to characterize an authorization matching relationship between the aforementioned permission verification node and the associated verification node, and characterize the verification instruction information specifically executed by the target access verification node and the associated mapping verification node.

In a possible design, for step S140, the embodiment may determine the access verification targets to be traversed on the verification access directory, sequentially traverse the access verification targets on the access verification targets to be traversed according to the verification frequency threshold, determine the traversed access verification targets as a plurality of command lines to be verified corresponding to the target script verification instruction on the target authorized access verification script, and respectively generate a command file to be verified with each command line to be verified as a target. It should be noted that the directory source of the to-be-verified instruction file is the same as the directory source of the second script verification instruction.

As an example, on the basis of the above, the present embodiment may respectively obtain the verification matching degree between each instruction file to be verified and the second script verification instruction according to the instruction sequence in each instruction file to be verified and the instruction sequence in the second script verification instruction.

And then, determining a first command line to be verified and a second command line to be verified in the multiple command lines to be verified according to the verification matching degree, if the first command line to be verified and the second command line to be verified meet target conditions, acquiring the verification matching degree between a command file to be verified corresponding to the first command line to be verified and a second script verification command as a first verification matching degree, and acquiring the verification matching degree between the command file to be verified corresponding to the second command line to be verified and the second script verification command as a second verification matching degree.

It is worth to be noted that the first to-be-verified command line and the second to-be-verified command line are to-be-verified command lines corresponding to the maximum verification matching degree and the second maximum verification matching degree, respectively.

For example, if the first verification matching degree is greater than the set matching degree, and the difference between the first verification matching degree and the second verification matching degree is greater than the set difference, the first to-be-verified command line is determined as a target verification command line of the target script verification instruction in the target authorized access verification script, and is used as the target verification area.

For another example, if the number of command lines of the target authorized access verification script is greater than the number of command lines of the target script verification instruction in the first authorized access channel, the target verification area and the verification access directory are mapped to the next authorized access verification script of the target authorized access verification script.

Therefore, based on the target traversal range (for example, the traversal range of the directory 1 to the directory 10), in the mapped verification access directory, the to-be-traversed access verification target which takes the mapped target verification area as the target is determined, then the target verification area on the to-be-traversed access verification target in the next authorized access verification script is obtained, the next authorized access verification script is determined as the target authorized access verification script, and the target verification command line in the next authorized access verification script is determined as the target verification area.

For example, in a possible example, in order to improve the dynamic range of the authorization matching relationship, the present embodiment may obtain a local verification instruction in the second script verification instruction by using the target script verification instruction as the search reference instruction, take the last determined target verification area as the adjustment node, and obtain an adjustment verification instruction targeting the adjustment node in the authorization access verification script where the adjustment node is located. Wherein it is to be understood that the directory source of the justification validation instruction is the same as the directory source of the local validation instruction, corresponding to the foregoing.

And then, determining a position adjusting parameter of the adjusting verification instruction according to the instruction sequence in the adjusting verification instruction and the instruction sequence in the local verification instruction, and adjusting the position of the adjusting verification instruction according to the position adjusting parameter. When the position adjusting parameter meets the condition of the preset parameter range, determining the target of the adjusted verification instruction after the position adjustment as an adjusted target verification instruction line, and establishing an authorized matching relation between the target script verification instruction and the adjusted target verification instruction line.

On the basis, as a further example, for step S140, in this embodiment, the authority control requests sent by the first smart home device and the second smart home device may be virtualized in a virtual control scene of the server 100, and in the virtual control scene, according to application program control information corresponding to the requested control authority of the authority control request, the relevant application programs corresponding to the authority control request in the first smart home device and the second smart home device are run to obtain authority control information of each relevant application program in the authority call channel in the virtual control process, and the authority control results of the corresponding relevant application programs in each authority category item are respectively extracted from the authority control information corresponding to each relevant application program.

On the basis, access authorization can be performed on the authority control result of the corresponding related application program under the corresponding authority category item according to the authorization matching relation between the target script verification instruction and the target verification area obtained last time for each authority category item, so that the authority control result under the authority category item after access authorization is completed can be verified in the subsequent authority control process between the first intelligent household equipment and the second intelligent household equipment.

For example, assuming that the authorization matching relationship for the permission category item a is a1-a2 (a 1 and a2 represent access data corresponding to the first smart home device and the second smart home device, respectively), access authorization may be performed on the permission control result of a1-a2 of the corresponding related application under the permission category item a, so that authorization verification may be completed in the permission control process when data access of a1-a2 is performed between the first smart home device and the second smart home device.

In addition, before requesting authority control for the intelligent home devices, the authority control requests sent by the intelligent home devices are virtualized and subjected to virtual test in a relevant virtual control scene, so that the safety of private data can be further improved.

In a possible design, in a virtual control scenario, according to application program control information of a permission control request corresponding to a requested control permission, a relevant application program corresponding to the permission control request in the first smart home device and the second smart home device is operated to obtain permission control information of a permission call channel of each relevant application program in a virtual control process, in this embodiment, service-related permission information of the permission control request may be established according to service content request information of a permission control service of the permission control request by the first smart home device and the second smart home device.

It should be noted that the service-related permission information may be used to reflect permission expression information in the permission control request during permission control, for example, an on state or an off state during permission expression or an intelligent identification state (for example, the on or off state is determined through intelligent identification).

On the basis, the service associated authority information of the authority control service of the authority control request can be monitored according to the authority monitoring model corresponding to the requested control authority, the application program control information of the authority control request corresponding to the requested control authority is obtained, then the authority calling channel information of the authority control request is determined according to the application program control information of the authority control request, and each related application program is operated according to the authority calling channel information to obtain the authority control information of the authority calling channel of each related application program in the virtual control process.

For example, in the process of establishing service associated authority information of an authority control request according to service content request information of an authority control service of the authority control request by first smart home devices and second smart home devices, a first service content feature of each service content in the service content request information may be obtained, where the first service content feature is used to represent content identification authority information of the service content. Then, the first service content characteristic is subjected to characteristic identification, first service access characteristic information and access authorization characteristic information corresponding to the first service access characteristic information are obtained, first service request script information and service interaction information of the service content are obtained at the same time, service request control information of the first service request script information is extracted, and the service request control information of the first service request script information comprises a designated service control instruction. And then, acquiring the appointed service control instruction of the preset historical service content, and adjusting the appointed service control instruction of the first service request script information according to the appointed service control instruction so that a virtual control strategy between the appointed service control instructions in the first service request script information is matched with a virtual control strategy between the appointed service control instructions in the preset historical service content.

Next, the service request control information of the second service request script information may be obtained according to each adjusted specified service control instruction in the first service request script information, and the second service request script information may be generated according to the service request control information of the second service request script information.

Then, according to the service request control information of the service interaction information and the second service request script information, the access authorization characteristic information matched with the service interaction information and the first service access characteristic information corresponding to the access authorization characteristic information can be searched and obtained, according to the service request control information of the second service request script information, the first service access characteristic information corresponding to the access authorization characteristic information is adjusted, the second service access characteristic information is obtained, and therefore the second service access characteristic information and the second service request script information are subjected to mapping association processing to establish service association authority information of the authority control request.

In a possible design, in the process of determining the permission call channel information of the permission control request according to the application program control information of the permission control request, the server 100 may further pre-configure a permission rule tree of the requested control permission, and a virtual control service interval and a virtual control extension interval corresponding to a plurality of permission rule nodes in the permission rule tree, respectively.

In this embodiment, in a virtual control service interval corresponding to at least part of authority rule nodes designated in a plurality of authority rule nodes, a virtual control level and a virtual control duration corresponding to authority rule operation information at a current virtual control rule operation information position in the designated authority rule nodes may be calculated.

Then, according to the virtual control level and the virtual control duration corresponding to the authority rule operation information at the current virtual control rule operation information position, respectively determining a virtual control level model and a virtual control duration model corresponding to the specified authority rule node, then determining a virtual control level peak of the virtual control level model and a virtual control duration peak of the virtual control duration model, calculating a virtual control proportion at a sample point in the virtual control level model before the virtual control level peak, and calculating a time proportion at the sample point in the virtual control duration model before the virtual control duration peak. And the virtual control proportion or the time proportion respectively corresponds to the sampling points one by one.

Then, the permission calling channel of the sampling point corresponding to the ratio with the maximum slope in the multiple virtual control ratios and the multiple time ratios can be used as the permission calling channel of the specified permission rule node, and the virtual control type corresponding to the specified permission calling channel is determined based on the virtual control extension intervals respectively corresponding to the multiple permission rule nodes.

When the virtual control type corresponding to the appointed authority calling channel is in the range of the preset virtual control type, the appointed authority calling channel is added into the first authority calling channel set, and then the virtual control extension intervals respectively corresponding to the plurality of first authority calling channels in the first authority calling channel set are obtained from the virtual control extension intervals respectively corresponding to the plurality of authority rule nodes. The authority rule nodes, the authority calling channels, the virtual control extension intervals and the virtual control types correspond to one another.

For another example, when the absolute value of the difference between the parameter values of the virtual control types corresponding to the first authority invoking channels of the two associated authority invoking channels in the first authority invoking channel set is smaller than the preset speed threshold, the channel positions corresponding to the first authority invoking channels of the two associated authority invoking channels respectively are used as the same channel position, the set formed by the first authority invoking channels belonging to the same channel position is used as a first authority invoking channel subset, and a plurality of first authority invoking channel subsets in the first authority invoking channel set are obtained.

Then, fitting processing can be performed on the virtual control extension intervals and the virtual control types corresponding to the first permission calling channels of the plurality of first permission calling channel subsets respectively to obtain a plurality of virtual control fitting parameters, and common parameters between two associated virtual control fitting parameters in the plurality of virtual control fitting parameters are determined respectively.

For example, when the absolute value of the difference between the virtual control type corresponding to the common parameter and the parameter value of the virtual control type corresponding to the designated associated common parameter is smaller than the preset threshold, the permission calling channel corresponding to the common parameter is used as a new first permission calling channel to obtain a new first permission calling channel set, and a plurality of new virtual control fitting parameters corresponding to the new first permission calling channel set are generated. And the virtual control type corresponding to the specified associated common parameter represents the virtual control type corresponding to the first authority calling channel of the authority calling channel associated with the authority calling channel corresponding to the common parameter.

On the basis, target virtual control sections corresponding to the plurality of authority rule nodes are determined according to the plurality of new virtual control fitting parameters (for example, the target virtual control sections corresponding to the plurality of authority rule nodes are determined according to the overlapping sections of the sections in the plurality of new virtual control fitting parameters), and for the authority rule nodes appointed in the plurality of authority rule nodes, first appointed authority rule operation information in the target virtual control sections corresponding to the appointed authority rule nodes in the appointed authority rule nodes is obtained.

Then, feature vectors of the first virtual control rule operation information corresponding to the plurality of sampling points in the first specified authority rule operation information respectively can be further calculated, and an authority calling channel of the sampling point corresponding to the feature vector of the first virtual control rule operation information with the largest value in the feature vectors of the plurality of first virtual control rule operation information is used as a second authority calling channel of the specified authority rule node.

And then, determining a second authority calling channel set based on a second authority calling channel of the appointed authority rule node, when the absolute value of the overlapping range between the authority calling channels of the associated authority rule nodes in the second authority calling channel set is larger than or equal to a preset threshold, generating a new target virtual control interval and a new second authority calling channel set corresponding to the plurality of authority rule nodes until the absolute value of the overlapping range between the authority calling channels of the associated authority rule nodes in the new second authority calling channel set is smaller than the preset threshold or the iteration number is equal to the preset iteration number, and taking the new second authority calling channel set as the second authority calling channel set of the authority rule tree again.

Then, final virtual control intervals corresponding to the plurality of authority rule nodes respectively can be determined based on the second authority calling channel set, and a target authority calling channel set of the plurality of authority rule nodes is determined based on the final virtual control intervals, so that authority calling channel information of the authority control request is determined.

In a possible design, in the process of operating each related application program according to the authority calling channel information to obtain the authority control information of the authority calling channel of each related application program in the virtual control process, the authority calling channel can be called to access the corresponding virtual control process according to the determined authority calling channel information, each related application program is operated through the virtual control process, and then the authority control entity parameter corresponding to the authority control attribute tag of each related application program is determined according to the authority control attribute tags of different authority control types called for each related application program, wherein the authority control attribute tags of different authority control types respectively correspond to different authority control entity parameters.

On this basis, label node data of different authority control attribute labels of each related application program can be determined, and according to the label node data, a first entity set of at least two identical authority control entities in the corresponding plurality of authority control entities and at least one second entity set with calling times larger than preset times in the remaining authority control entities are obtained. Therefore, the authority control thread for determining the authority control information of the authority calling channel can be generated according to the entity set which is selected from the first entity set and has the calling times larger than the set times and serves as the target entity set and at least one second entity set. The authority control thread may include a target entity set and at least one second entity set.

And then, respectively determining the authority control information of the authority calling channel of each related application program in the virtual control process according to the authority control thread. For example, the authority control attribute tag corresponding to each target authority control entity in the target entity set and the at least one second entity set may be determined according to the authority control thread, and the authority control information of the authority calling channel of each related application program in the virtual control process may be determined according to the authority control attribute tag corresponding to each target authority control entity, that is, the authority control information of the authority calling channel of each related application program in the virtual control process may include the authority control attribute tag corresponding to each target authority control entity.

Fig. 3 is a schematic functional module diagram of the smart home access authorization apparatus 300 according to the embodiment of the present application, and the embodiment may divide the functional modules of the smart home access authorization apparatus 300 according to the foregoing method embodiment. For example, the functional blocks may be divided for the respective functions, or two or more functions may be integrated into one processing block. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the present application is schematic, and is only a logical function division, and there may be another division manner in actual implementation. For example, in the case of dividing each function module according to each function, the smart home access authorization apparatus 300 shown in fig. 3 is only a schematic apparatus. The smart home access authorization apparatus 300 may include an obtaining module 310, a snapshot generating module 320, a mapping module 330, and an access authorization module 340, and the functions of the functional modules of the smart home access authorization apparatus 300 are described in detail below.

The obtaining module 310 is configured to obtain an authority control request sent by a first smart home device to a second smart home device, construct a first authorized access channel corresponding to the first smart home device and construct a second authorized access channel corresponding to the second smart home device according to the authority control request, where the first authorized access channel and the second authorized access channel respectively include multiple authorized access verification scripts of different authorized access tags.

The snapshot generating module 320 is configured to extract an authorization verification node of each authorization access verification script of the first smart home device in the first authorization access channel, determine an authorization access verification script of the associated authorization access tag corresponding to the authorization control request in the second authorization access channel as a target authorization access verification script, map the authorization access verification node to the target authorization access verification script according to a preset authorization access model and an access instruction sequence of the second smart home device, obtain a target access verification node in the target authorization access verification script, and generate an access snapshot between the first smart home device and the second smart home device according to the authorization access verification node and the target access verification node.

The mapping module 330 is configured to obtain a first script verification instruction in the target authorized access verification script with the target access verification node as a target, map the first script verification instruction to the authorized access verification script in which the authority verification node is located according to the reverse access snapshot corresponding to the access snapshot, obtain a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script in which the authority verification node is located, and summarize the first script verification instruction and the second script verification instruction into the target script verification instruction.

An access authorization module 340 for obtaining the verified access directory mapped by the authority verification node to the target authorized access verification script, and according to the verification matching degree between the target script verification instruction and the to-be-verified instruction file corresponding to the plurality of to-be-verified command lines on the verification access directory, sequentially acquiring a target verification area corresponding to the target script verification instruction in the second authorized access channel until the verification position of the authorized access verification script where the acquired target verification area is located is consistent with the verification position of the target script verification instruction in the first authorized access channel, stopping acquiring the target verification area in the next authorized access verification script, and establishes an authorization matching relationship between the target script verification instruction and the last acquired target verification area for each permission type item, and performing access authorization on the authority control process between the first intelligent household equipment and the second intelligent household equipment according to the authorization matching relationship.

Further, fig. 4 is a schematic structural diagram of a server 100 for executing the foregoing smart home access authorization method according to an embodiment of the present application. As shown in FIG. 4, the server 100 may include a network interface 110, a machine-readable storage medium 120, a processor 130, and a bus 140. The processor 130 may be one or more, and one processor 130 is illustrated in fig. 4 as an example. The network interface 110, the machine-readable storage medium 120, and the processor 130 may be connected by a bus 140 or otherwise, as exemplified by the connection by the bus 140 in fig. 4.

The machine-readable storage medium 120 is a computer-readable storage medium, and can be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the smart home access authorization method in the embodiment of the present application (for example, the obtaining module 310, the snapshot generating module 320, the mapping module 330, and the access authorization module 340 of the smart home access authorization apparatus 300 shown in fig. 3). The processor 130 executes various functional applications and data processing of the terminal device by detecting the software programs, instructions and modules stored in the machine-readable storage medium 120, that is, the above-mentioned smart home access authorization method is implemented, and details are not described herein.

The machine-readable storage medium 120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like.

The processor 130 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 130.

The server 100 may perform information interaction with other devices (e.g., the smart home device 200) through the network interface 110. Network interface 110 may be a circuit, bus, transceiver, or any other device that may be used to exchange information. Processor 130 may send and receive information using network interface 110.

In the above embodiments, the implementation may be wholly or partially implemented by software, hardware, firmware, or any pair thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the spirit and scope of the application. Thus, to the extent that such expressions and modifications of the embodiments of the application fall within the scope of the claims and their equivalents, the application is intended to embrace such alterations and modifications.

Claims

1. The smart home access authorization method is applied to a server, the server is in communication connection with a plurality of smart home devices, and the smart home devices are in the same home scene, and the method comprises the following steps:

acquiring an authority control request sent by first intelligent home equipment to second intelligent home equipment, and constructing a first authorized access channel corresponding to the first intelligent home equipment and a second authorized access channel corresponding to the second intelligent home equipment according to the authority control request, wherein the first authorized access channel and the second authorized access channel respectively comprise authorized access verification scripts of a plurality of different authorized access labels, the authorized access labels refer to specific access authorized data types, and the authorized data types comprise authorized data types of microwave oven data, refrigerator data and lamp data;

extracting an authority verification node of each authorized access verification script of the first intelligent home equipment in the first authorized access channel, determining an authorized access verification script of an associated authorized access label corresponding to an authority control request in the second authorized access channel as a target authorized access verification script, mapping the authority verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second intelligent home equipment, obtaining a target access verification node in the target authorized access verification script, and generating an access snapshot between the first intelligent home equipment and the second intelligent home equipment according to the authority verification node and the target access verification node, wherein the authority verification node is a node for executing a program instruction of authority verification work, the target access verification node is a node for executing program instructions of access verification work;

a first script verification instruction is obtained in the target authorized access verification script by taking the target access verification node as a target, mapping the first script verification instruction to an authorized access verification script of the authority verification node according to the reverse access snapshot corresponding to the access snapshot, obtaining a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script where the authority verification node is located, and summarizing the first script verification instruction and the second script verification instruction into a target script verification instruction, wherein the reverse access snapshot corresponding to the access snapshot is obtained by performing reverse processing on the access snapshot, the access snapshot is processed reversely again in a mode of an authority control request sent to the first intelligent home equipment by the second intelligent home equipment, so that a reverse access snapshot corresponding to the access snapshot is obtained;

2. The smart home access authorization method according to claim 1, wherein the steps of constructing a first authorized access channel corresponding to the first smart home device and constructing a second authorized access channel corresponding to the second smart home device according to the permission control request include:

3. The smart home access authorization method according to claim 1, wherein the step of mapping the permission verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second smart home device, obtaining a target access verification node in the target authorized access verification script, and generating an access snapshot between the first smart home device and the second smart home device according to the permission verification node and the target access verification node includes:

4. The smart home access authorization method according to claim 1, wherein according to the verification matching degree between the target script verification instruction and the to-be-verified instruction files corresponding to the multiple to-be-verified instruction lines on the verification access directory, the target verification regions corresponding to the target script verification instruction are sequentially obtained in the second authorized access channel until the verification position of the obtained authorized access verification script in which the target verification region is located is consistent with the verification position of the target script verification instruction in the first authorized access channel, the target verification region in the next authorized access verification script is stopped being obtained, an authorization matching relationship for each permission type item between the target script verification instruction and the last obtained target verification region is established, and the permission between the first smart home device and the second smart home device is controlled according to the authorization matching relationship The method for authorizing the access comprises the following steps:

5. The smart home access authorization method according to claim 1, wherein the step of establishing an authorization matching relationship between the target script verification instruction and the last determined target verification area comprises:

6. The smart home access authorization method according to any one of claims 1 to 5, wherein the step of performing access authorization on the authorization control process between the first smart home device and the second smart home device according to the authorization matching relationship includes:

7. The smart home access authorization method according to claim 6, wherein the step of operating, in the virtual control scenario, the related application programs corresponding to the permission control request in the first smart home device and the second smart home device according to the application program control information corresponding to the requested control permission of the permission control request to obtain the permission control information of the permission call channel of each related application program in the virtual control process includes:

8. The intelligent home system is characterized by comprising a server and a plurality of intelligent home devices in communication connection with the server, wherein the intelligent home devices are in the same home scene;

when a first smart home device sends an authority control request to a second smart home device, the server is used for acquiring the authority control request sent by the first smart home device to the second smart home device, and constructing a first authorized access channel corresponding to the first smart home device and a second authorized access channel corresponding to the second smart home device according to the authority control request, wherein the first authorized access channel and the second authorized access channel respectively comprise authorized access verification scripts of a plurality of different authorized access tags, the authorized access tags refer to specific access authorized data types, and the authorized data types comprise authorized data types of microwave oven data, refrigerator data and lamp data;

the server is configured to extract an authority verification node of each authorized access verification script of the first smart home device in the first authorized access channel, determine an authorized access verification script of an associated authorized access tag corresponding to an authority control request in the second authorized access channel as a target authorized access verification script, map the authority verification node to the target authorized access verification script according to a preset authorized access model and an access instruction sequence of the second smart home device, obtain a target access verification node in the target authorized access verification script, and generate an access snapshot between the first smart home device and the second smart home device according to the authority verification node and the target access verification node, where the authority verification node is a node for executing a program instruction of authority verification work, the target access verification node is a node for executing program instructions of access verification work;

the server is used for acquiring a first script verification instruction in the target authorized access verification script by taking the target access verification node as a target, mapping the first script verification instruction to an authorized access verification script of the authority verification node according to the reverse access snapshot corresponding to the access snapshot, obtaining a second script verification instruction corresponding to the first script verification instruction in the authorized access verification script where the authority verification node is located, and summarizing the first script verification instruction and the second script verification instruction into a target script verification instruction, wherein the reverse access snapshot corresponding to the access snapshot is obtained by performing reverse processing on the access snapshot, the access snapshot is processed reversely again in a mode of an authority control request sent to the first intelligent home equipment by the second intelligent home equipment, so that a reverse access snapshot corresponding to the access snapshot is obtained;