CN112507301B - Internet of things equipment control method, device, equipment and storage medium - Google Patents

Internet of things equipment control method, device, equipment and storage medium Download PDF

Info

Publication number
CN112507301B
CN112507301B CN202011404797.3A CN202011404797A CN112507301B CN 112507301 B CN112507301 B CN 112507301B CN 202011404797 A CN202011404797 A CN 202011404797A CN 112507301 B CN112507301 B CN 112507301B
Authority
CN
China
Prior art keywords
verification
terminal
authority
information
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011404797.3A
Other languages
Chinese (zh)
Other versions
CN112507301A (en
Inventor
温文坤
陈名峰
林英喜
王鑫
陈杰文
马凤鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jixiang Technology Co Ltd
Original Assignee
Guangzhou Jixiang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jixiang Technology Co Ltd filed Critical Guangzhou Jixiang Technology Co Ltd
Priority to CN202011404797.3A priority Critical patent/CN112507301B/en
Publication of CN112507301A publication Critical patent/CN112507301A/en
Application granted granted Critical
Publication of CN112507301B publication Critical patent/CN112507301B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/30Control
    • G16Y40/35Management of things, i.e. controlling in accordance with a policy or in order to achieve specified objectives
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a method, a device, equipment and a storage medium for controlling equipment of the Internet of things. The technical scheme provided by the embodiment of the application carries out user authority verification on the control terminal through the plurality of verification terminals to obtain an authority verification result, and each authentication terminal doubly encrypts the authority authentication result based on the first public key and the second public key to obtain a second ciphertext, decrypting the second ciphertext to obtain a first ciphertext containing the authority verification result, sending the first ciphertext to the control terminal, decrypting the received first ciphertexts by the control terminal to obtain a plurality of authority verification results, and obtaining a consensus verification result based on a plurality of permission verification results, finally determining the control permission of each field device based on the consensus verification result, realizing confusion between a message source and a destination, ensuring privacy of both a control terminal and a verification terminal, effectively ensuring correct transmission of the permission verification result, and effectively improving the safety management effect of the field devices.

Description

Internet of things equipment control method, device, equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of Internet of things, in particular to a method, a device, equipment and a storage medium for controlling Internet of things equipment.
Background
With the development of the equipment control technology, the control of the equipment is more and more intelligent and centralized, each equipment is accessed to the control terminal through a wireless or wired communication protocol, such as public network communication protocols such as 4G/5G, WiFi, ZigBee, LoRa, ModBus, TCP/IP and the like or private network communication protocols such as UNB and the like, the equipment can be centrally controlled through the control terminal, and the equipment control efficiency is effectively improved.
For example, in the control of field devices such as production plants, the requirement for stable operation of each device is high, but different personnel can control the field devices through the control terminal, which is not favorable for the safety management of the field devices.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a storage medium for controlling equipment of the Internet of things, so as to improve the safety management effect on field equipment.
In a first aspect, an embodiment of the present application provides an internet of things device control method, including:
responding to a control authority request of a control terminal of the same Internet of things network, and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal;
sending the digital verification information and the biological verification information to a plurality of verification terminals so that the plurality of verification terminals respectively carry out user right verification based on the digital verification information and the biological verification information to obtain right verification results;
randomly generating a second public key, and sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext respectively, attaching the first ciphertext to a terminal address of a control terminal, and encrypting based on the second public key to obtain a second ciphertext;
and receiving second ciphertexts sent by each verification terminal, decrypting the second ciphertexts based on a second public key to obtain first ciphertexts and terminal addresses, sending the first ciphertexts to the control terminal according to the terminal addresses, so that the control terminal decrypts the first ciphertexts based on the first public key to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification results.
Further, the sending the digital authentication information and the biometric authentication information to a plurality of authentication terminals includes:
determining version information of a user permission mapping table of each verification terminal in the same Internet of things network, wherein the verification terminals carry out user permission verification based on the user permission mapping table;
and screening a plurality of verification terminals based on the version information, and sending the digital verification information and the biological verification information to the screened verification terminals.
Further, after the screening out a plurality of verification terminals based on the version information, the method further includes:
and determining a verification terminal with a lagged version based on the version information, and informing the verification terminal to update the user permission mapping table.
Further, after notifying the verification terminal to update the user right mapping table, the method further includes:
and responding to the verification terminal to finish updating the user permission mapping table, and informing all verification terminals with latest version information to synchronize the user permission mapping table.
Further, the step of synchronizing the user right mapping tables among all verification terminals of which the notification version information is the latest includes:
and informing that the version information is the latest and all verification terminals agree on the user permission mapping table based on a consistency algorithm.
Further, the consistency algorithm comprises one or more of Paxos algorithm, Raft algorithm, ZAB algorithm and Gossip algorithm.
Further, the obtaining a consensus verification result based on the plurality of permission verification results includes:
the control terminal determines control authority information of each field device in each authority verification result, performs consensus voting on the plurality of authority control information of each field device respectively to obtain consensus authority information corresponding to each field device, and obtains consensus verification results based on the consensus authority information corresponding to each field device.
In a second aspect, an embodiment of the present application provides an internet of things device control apparatus, including an information obtaining module, an information sending module, a key sending module, and an authority verification module, where:
the information acquisition module is used for responding to a control authority request of a control terminal of the same Internet of things network and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal;
the information sending module is used for sending the digital verification information and the biological verification information to a plurality of verification terminals so that the plurality of verification terminals carry out user authority verification respectively based on the digital verification information and the biological verification information to obtain authority verification results;
the key sending module is used for randomly generating a second public key, sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext, attaching the first ciphertext to a terminal address of a control terminal and encrypting the first ciphertext based on the second public key to obtain a second ciphertext;
and the authority verification module is used for receiving the second ciphertext transmitted by each verification terminal, decrypting the second ciphertext based on a second public key to obtain a first ciphertext and a terminal address, transmitting the first ciphertext to the control terminal according to the terminal address, so that the control terminal decrypts the first ciphertext based on the first public key to obtain a plurality of authority verification results, obtains a consensus verification result based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification result.
In a third aspect, an embodiment of the present application provides a computer device, including: a memory and one or more processors;
the memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the internet of things device control method according to the first aspect.
In a fourth aspect, embodiments of the present application provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the method for controlling an internet of things device according to the first aspect.
In the embodiment of the application, the control terminal is subjected to user authority verification through a plurality of verification terminals to obtain authority verification results, each verification terminal is subjected to double encryption on the authority verification results based on a first public key and a second public key to obtain a second ciphertext, the second ciphertext is decrypted to obtain a first ciphertext containing the authority verification results, the first ciphertext is transmitted to the control terminal, the control terminal is subjected to decryption on the received first ciphertexts to obtain a plurality of authority verification results, consensus verification results are obtained based on the authority verification results, the control authority of each field device is finally determined based on the consensus verification results, the control authority of the control terminal is determined through digital verification information and biological verification information of a user, and the double encryption on the authority verification results ensures that the conversation between the control terminal and the verification terminals is not linkable to realize confusion between message sources and destinations, the privacy of both the control terminal and the verification terminal is guaranteed, the right verification result is effectively guaranteed to be correctly transmitted, and the safety management effect on the field equipment is effectively improved.
Drawings
Fig. 1 is a flowchart of an internet of things device control method provided in an embodiment of the present application;
fig. 2 is a flowchart of another method for controlling an internet of things device according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an internet of things device control apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, specific embodiments of the present application will be described in detail with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some but not all of the relevant portions of the present application are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Fig. 1 is a flowchart of an internet of things device control method according to an embodiment of the present disclosure, where the internet of things device control method according to the embodiment of the present disclosure may be executed by an internet of things device control apparatus, and the internet of things device control apparatus may be implemented in a hardware and/or software manner and integrated in a computer device.
The following description will be given taking as an example a method for the internet-of-things device control apparatus to execute the internet-of-things device control. Referring to fig. 1, the internet of things device control method includes:
s101: and responding to a control authority request of a control terminal of the same Internet of things network, and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal.
The control terminal is connected with the Internet of things equipment control device in a wired and/or wireless mode, and the control terminal is in communication connection with the field equipment in a wired and/or wireless mode. Typically, an area corresponds to a control terminal to which field devices within the area are communicatively coupled. In the internet of things network provided by this embodiment, a plurality of internet of things device control apparatuses are provided, each internet of things device control apparatus is in communication connection with one or more control terminals, and communication is performed between different internet of things device control apparatuses based on an internet of things communication protocol.
Illustratively, when the control authority of the field device needs to be acquired (for example, when it is detected that an authority request button is triggered or a user logs in the control terminal), the control terminal uses account information used when the user logs in the control terminal as digital authentication information, and acquires biometric authentication information of the user through a biometric acquisition device in communication connection with the control terminal (the user may be prompted to perform biometric acquisition in an interactive interface), for example, a fingerprint, a voiceprint, a face feature, and the like of the user are acquired as biometric information through a fingerprint acquisition device, a voiceprint acquisition device, a face recognition device, and the like.
After the digital verification information and the biological verification information are determined, the control terminal randomly generates a first public key and sends a control authority request to the Internet of things equipment control device. The Internet of things equipment control device acquires digital verification information, biological verification information and a first public key from a corresponding control terminal after receiving the control authority request.
S102: and sending the digital verification information and the biological verification information to a plurality of verification terminals of the same Internet of things network so that the plurality of verification terminals carry out user right verification respectively based on the digital verification information and the biological verification information to obtain right verification results.
The verification terminals provided by this embodiment are connected to the same internet of things network where the internet of things device control apparatus is located, and record digital verification information, biometric information, and a control authority mapping relationship of each field device, and can perform user authority verification based on the mapping relationship to determine a control authority of the corresponding terminal to each field device.
Illustratively, after receiving the digital verification information, the biological verification information and the first public key returned by the control terminal, the digital verification information, the biological verification information and the terminal address of the control terminal corresponding to the control terminal are sent to a plurality of verification terminals of the same internet of things network. And each verification terminal receiving the digital verification information and the biological verification information respectively carries out user right verification based on the digital verification information, the biological characteristic information and the control right mapping relation of each field device, determines the control right of each field device and generates a right verification result based on the control right of each field device.
It can be understood that the field devices controllable by the control terminal are not limited to the field devices in the same area, for example, a user with a higher authority may control field devices in more areas through the control terminal in one area (the control terminal sends a control instruction to other control terminals in the same internet of things based on the internet of things protocol to control the field devices connected to the other control terminals), and thus, the device control efficiency is improved.
S103: and randomly generating a second public key, and sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext respectively, attaching the first ciphertext to a terminal address of a control terminal, and encrypting based on the second public key to obtain a second ciphertext.
Illustratively, the internet of things device control apparatus randomly generates a second public key, and sends the second public key and the first public key uploaded by the control terminal to the verification terminal.
Further, after receiving the first public key and the second public key, each authentication terminal encrypts the determined permission authentication result by using the first public key to obtain a first ciphertext, and the terminal address of the control terminal is attached to the first ciphertext. Further, the verification terminal encrypts the first ciphertext with the terminal address by using the second public key to obtain a second ciphertext. And after the second ciphertext is obtained, the verification terminal returns the corresponding second ciphertext to the Internet of things equipment control device.
S104: and receiving second ciphertexts sent by each verification terminal, and decrypting the second ciphertexts based on a second public key to obtain first ciphertexts and terminal addresses.
Illustratively, after receiving the second ciphertexts returned by the verification terminals, the internet of things device control apparatus decrypts the second ciphertexts based on the corresponding second public key to obtain a plurality of first ciphertexts and terminal addresses attached to the first ciphertexts.
S105: and sending the first ciphertext to the control terminal according to the terminal address so that the control terminal decrypts the first ciphertext based on the first public key to obtain a plurality of authority verification results, obtains a consensus verification result based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification result.
Illustratively, a corresponding first ciphertext is returned to the corresponding terminal according to a terminal address attached after the first ciphertext, and after the control terminal receives a plurality of first ciphertexts returned by the internet of things device control apparatus, the first ciphertext is decrypted by using the first public key, so as to obtain an authority verification result corresponding to each first ciphertext. Further, after obtaining a plurality of authority verification results, the control terminal performs consensus processing based on the authority verification results to obtain a final consensus verification result. For example, the right verification result with the highest coincidence degree is used as the consensus verification result, or the control right for each field device indicated in the right verification result is determined respectively, and the control right corresponding to each field device with the highest coincidence degree is recombined into the final consensus verification result.
And after the consensus verification result of the control terminal is determined, performing control interaction between the control terminal and each field device according to the control authority of each field device indicated by the consensus verification result and based on the consensus verification result.
The control terminal carries out user authority verification through a plurality of verification terminals to obtain authority verification results, each verification terminal carries out double encryption on the authority verification results based on a first public key and a second public key to obtain a second ciphertext, decrypts the second ciphertext to obtain a first ciphertext containing the authority verification results, then sends the first ciphertext to the control terminal, the control terminal carries out decryption on a plurality of received first ciphertexts to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, finally determines the control authority of each field device based on the consensus verification results, determines the control authority of the control terminal through digital verification information and biological verification information of a user, and ensures unlinkability of conversation between the control terminal and the verification terminals through double encryption of the authority verification results to realize confusion between message sources and destinations, the privacy of both the control terminal and the verification terminal is guaranteed, the right verification result is effectively guaranteed to be correctly transmitted, and the safety management effect on the field equipment is effectively improved.
On the basis of the foregoing embodiments, fig. 2 is a flowchart of another method for controlling an internet of things device according to an embodiment of the present application, where the number of the methods for controlling the internet of things device is specific to the method for controlling the internet of things device. As shown in fig. 2, the internet of things device control method includes:
s201: and responding to a control authority request of a control terminal of the same Internet of things network, and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal.
S202: and determining version information of a user permission mapping table of each verification terminal in the same Internet of things network, wherein the verification terminals carry out user permission verification based on the user permission mapping table.
Specifically, a mapping table version obtaining instruction is sent to all verification terminals in the same internet of things network, and after receiving the mapping table version obtaining instruction, the verification terminals obtain version information corresponding to a user permission mapping table stored by the verification terminals and send the version information to the internet of things equipment control device.
Each verification terminal stores a user authority mapping table, a background server connected to the internet of things network performs unified updating management, and updating operation on the user authority mapping table corresponds to one version information each time. And managing the user authority mapping table among a plurality of verification terminals based on a consensus mechanism.
S203: and screening a plurality of verification terminals based on the version information, and sending the digital verification information and the biological verification information to the screened verification terminals, so that the verification terminals respectively carry out user authority verification based on the digital verification information and the biological verification information to obtain authority verification results.
Specifically, after version information corresponding to the user right mapping table stored in each verification terminal is obtained, the verification terminals are sequenced according to the sequence of the version information, a plurality of (for example, 5 to 10) verification terminals with the latest version information are screened out, and then digital verification information, biological verification information and terminal addresses of control terminals are sent to the screened verification terminals to inform the verification terminals of user right verification.
The user authority mapping table records the mapping relation among digital verification information, biological verification information and control authority of each field device. When the verification terminal verifies the user authority based on the user authority mapping table, the control authority to each field device mapped by the combination of the digital verification information and the biological verification information uploaded by the control terminal is determined according to the mapping relation, and an authority verification result is generated based on the determined control authority to each field device.
S204: and randomly generating a second public key, and sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext respectively, attaching the first ciphertext to a terminal address of a control terminal, and encrypting based on the second public key to obtain a second ciphertext.
S205: and receiving second ciphertexts sent by each verification terminal, and decrypting the second ciphertexts based on a second public key to obtain first ciphertexts and terminal addresses.
S206: and sending the first ciphertext to the control terminal according to the terminal address so that the control terminal decrypts the first ciphertext based on the first public key to obtain a plurality of authority verification results, obtains a consensus verification result based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification result.
When the control terminal obtains the consensus verification result based on the multiple right verification results, the method specifically includes: the control terminal determines control authority information of each field device in each authority verification result, performs consensus voting or contact ratio judgment on a plurality of authority control information of each field device respectively to obtain consensus authority information corresponding to each field device, and obtains a consensus verification result based on the consensus authority information corresponding to each field device.
Specifically, the control terminal determines to control the authority information of each field device according to each authority verification information, performs consensus voting on all authority control information corresponding to each field device, determines the consensus authority information with the highest vote number (or highest coincidence degree) for each field device, and obtains the consensus verification result corresponding to the login user in the current control terminal based on the consensus authority information corresponding to each field device, and the control terminal performs control interaction between the control terminal and each field device based on the consensus verification result.
S207: and determining a verification terminal with a lagged version based on the version information, and informing the verification terminal to update the user permission mapping table.
Specifically, after the plurality of verification terminals are screened out based on the version information, the internet of things device control apparatus determines that the version information of the stored user permission mapping table lags behind the verification terminals of the latest version information, and sends a mapping table updating instruction to the verification terminals to notify the verification terminals of updating the user permission mapping table.
S208: and responding to the verification terminal to finish updating the user permission mapping table, and informing all verification terminals with latest version information to synchronize the user permission mapping table.
Specifically, after receiving the mapping table updating instruction, the verification terminal pulls the user right mapping table of the latest version information to the background server to update the user right mapping table. And after the verification terminal responds to the mapping table updating instruction to complete the updating of the user permission mapping table, the verification terminal returns the updating completion feedback information to the Internet of things equipment control device.
After receiving the update completion feedback information returned by the verification terminals, the internet of things equipment control device sends mapping table synchronization instructions to all the verification terminals with latest version information to inform the verification terminals of synchronizing the user permission mapping tables, and specifically, informs all the verification terminals with latest version information of agreeing the user permission mapping tables based on a consistency algorithm. The consistency algorithm provided by the present embodiment may be one or more of Paxos algorithm, Raft algorithm, ZAB algorithm, and Gossip algorithm.
The control terminal carries out user authority verification through a plurality of verification terminals to obtain authority verification results, each verification terminal carries out double encryption on the authority verification results based on a first public key and a second public key to obtain a second ciphertext, decrypts the second ciphertext to obtain a first ciphertext containing the authority verification results, then sends the first ciphertext to the control terminal, the control terminal carries out decryption on a plurality of received first ciphertexts to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, finally determines the control authority of each field device based on the consensus verification results, determines the control authority of the control terminal through digital verification information and biological verification information of a user, and ensures unlinkability of conversation between the control terminal and the verification terminals through double encryption of the authority verification results to realize confusion between message sources and destinations, the privacy of both the control terminal and the verification terminal is guaranteed, the right verification result is effectively guaranteed to be correctly transmitted, and the safety management effect on the field equipment is effectively improved. Meanwhile, the user authority mapping table is synchronously updated based on a consistency algorithm, so that the correctness of the user authority table is ensured, and the condition that the user authority verification is wrong due to the fact that the user authority mapping table is tampered with and the mistake is caused is reduced. And the received authority verification result is agreed based on a consensus mechanism, so that the correctness of the user authority verification is further ensured, and the safety of equipment control is effectively ensured.
Fig. 3 is a schematic structural diagram of an internet of things device control apparatus according to an embodiment of the present application. As shown in fig. 3, the internet of things device control apparatus includes an information obtaining module 31, an information sending module 32, a key sending module 33, and a right verification module 34.
The information acquisition module 31 is configured to respond to a control authority request of a control terminal of the same internet of things network, and acquire digital verification information, biological verification information and a first public key uploaded by the control terminal; the information sending module 32 is configured to send the digital verification information and the biometric verification information to multiple verification terminals in the same internet of things network, so that the multiple verification terminals perform user right verification based on the digital verification information and the biometric verification information respectively to obtain right verification results; a key sending module 33, configured to randomly generate a second public key, send the first public key and the second public key to each verification terminal, so that each verification terminal encrypts the permission verification result based on the first public key to obtain a first ciphertext, attaches a terminal address of the control terminal to the first ciphertext, and encrypts the first ciphertext based on the second public key to obtain a second ciphertext; the authority verification module 34 is configured to receive a second ciphertext sent by each verification terminal, decrypt the second ciphertext based on a second public key to obtain a first ciphertext and a terminal address, send the first ciphertext to the control terminal according to the terminal address, enable the control terminal to decrypt the first ciphertext based on the first public key to obtain multiple authority verification results, obtain a consensus verification result based on the multiple authority verification results, and determine a control authority of the control terminal based on the consensus verification result.
The control terminal carries out user authority verification through a plurality of verification terminals to obtain authority verification results, each verification terminal carries out double encryption on the authority verification results based on a first public key and a second public key to obtain a second ciphertext, decrypts the second ciphertext to obtain a first ciphertext containing the authority verification results, then sends the first ciphertext to the control terminal, the control terminal carries out decryption on a plurality of received first ciphertexts to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, finally determines the control authority of each field device based on the consensus verification results, determines the control authority of the control terminal through digital verification information and biological verification information of a user, and ensures unlinkability of conversation between the control terminal and the verification terminals through double encryption of the authority verification results to realize confusion between message sources and destinations, the privacy of both the control terminal and the verification terminal is guaranteed, the right verification result is effectively guaranteed to be correctly transmitted, and the safety management effect on the field equipment is effectively improved.
The embodiment of the application also provides computer equipment which can integrate the Internet of things equipment control device provided by the embodiment of the application. Fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application. Referring to fig. 4, the computer apparatus includes: an input device 43, an output device 44, a memory 42, and one or more processors 41; the memory 42 for storing one or more programs; when the one or more programs are executed by the one or more processors 41, the one or more processors 41 are enabled to implement the method for controlling the internet of things device as provided in the above embodiments. Wherein the input device 43, the output device 44, the memory 42 and the processor 41 may be connected by a bus or other means, for example, in fig. 4.
The memory 42 is a storage medium readable by a computing device, and can be used for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the internet of things device control method according to any embodiment of the present application (for example, the information obtaining module 31, the information sending module 32, the key sending module 33, and the authority verification module 34 in the internet of things device control apparatus). The memory 42 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the device, and the like. Further, the memory 42 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 42 may further include memory located remotely from processor 41, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 43 may be used to receive input numeric or character information and to generate key signal inputs relating to user settings and function controls of the apparatus. The output device 44 may include a display device such as a display screen.
The processor 41 executes various functional applications and data processing of the device by executing software programs, instructions and modules stored in the memory 42, so as to implement the internet of things device control method.
The internet of things equipment control device, the equipment and the computer provided by the above can be used for executing the internet of things equipment control method provided by any of the above embodiments, and have corresponding functions and beneficial effects.
Embodiments of the present application further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the method for controlling an internet of things device provided in the foregoing embodiments, where the method for controlling an internet of things device includes: responding to a control authority request of a control terminal of the same Internet of things network, and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal; sending the digital verification information and the biological verification information to a plurality of verification terminals of the same Internet of things network, so that the plurality of verification terminals carry out user right verification respectively based on the digital verification information and the biological verification information to obtain right verification results; randomly generating a second public key, and sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext respectively, attaching the first ciphertext to a terminal address of a control terminal, and encrypting based on the second public key to obtain a second ciphertext; and receiving second ciphertexts sent by each verification terminal, decrypting the second ciphertexts based on a second public key to obtain first ciphertexts and terminal addresses, sending the first ciphertexts to the control terminal according to the terminal addresses, so that the control terminal decrypts the first ciphertexts based on the first public key to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification results.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided in the embodiments of the present application is not limited to the method for controlling the internet of things device described above, and may also perform related operations in the method for controlling the internet of things device provided in any embodiment of the present application.
The internet of things device control apparatus, the device, and the storage medium provided in the above embodiments may execute the internet of things device control method provided in any embodiment of the present application, and reference may be made to the internet of things device control method provided in any embodiment of the present application without detailed technical details described in the above embodiments.
The foregoing is considered as illustrative of the preferred embodiments of the invention and the technical principles employed. The present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the claims.

Claims (9)

1. An Internet of things equipment control method is characterized by comprising the following steps:
responding to a control authority request of a control terminal of the same Internet of things network, and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal;
determining version information of a user permission mapping table of each verification terminal in the same Internet of things network, wherein the verification terminals carry out user permission verification based on the user permission mapping table; screening a plurality of verification terminals based on the version information, and sending the digital verification information and the biological verification information to the screened verification terminals so that the verification terminals respectively carry out user authority verification based on the digital verification information and the biological verification information to obtain authority verification results;
randomly generating a second public key, and sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext respectively, attaching the first ciphertext to a terminal address of a control terminal, and encrypting based on the second public key to obtain a second ciphertext;
and receiving second ciphertexts sent by each verification terminal, decrypting the second ciphertexts based on a second public key to obtain first ciphertexts and terminal addresses, sending the first ciphertexts to the control terminal according to the terminal addresses, so that the control terminal decrypts the first ciphertexts based on the first public key to obtain a plurality of authority verification results, obtains consensus verification results based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification results.
2. The internet of things equipment control method according to claim 1, wherein after the screening out a plurality of verification terminals based on the version information, the method further comprises:
and determining a verification terminal with a lagged version based on the version information, and informing the verification terminal to update the user permission mapping table.
3. The internet of things device control method of claim 2, wherein after notifying the verification terminal to update the user permission mapping table, the method further comprises:
and responding to the verification terminal to finish updating the user permission mapping table, and informing all verification terminals with latest version information to synchronize the user permission mapping table.
4. The internet of things equipment control method of claim 3, wherein the synchronizing of the user permission mapping table among all verification terminals with the latest notification version information comprises:
and informing that the version information is the latest and all verification terminals agree on the user permission mapping table based on a consistency algorithm.
5. The Internet of things equipment control method of claim 4, wherein the consistency algorithm comprises one or more of a Paxos algorithm, a Raft algorithm, a ZAB algorithm, and a Gossip algorithm.
6. The internet of things equipment control method according to any one of claims 1 to 5, wherein obtaining a consensus verification result based on the plurality of permission verification results comprises:
the control terminal determines control authority information of each field device in each authority verification result, performs consensus voting on the plurality of authority control information of each field device respectively to obtain consensus authority information corresponding to each field device, and obtains consensus verification results based on the consensus authority information corresponding to each field device.
7. The utility model provides a thing networking device controlling means, its characterized in that includes information acquisition module, information sending module, key sending module and authority verification module, wherein:
the information acquisition module is used for responding to a control authority request of a control terminal of the same Internet of things network and acquiring digital verification information, biological verification information and a first public key uploaded by the control terminal;
the system comprises an information sending module, a verification terminal and a verification module, wherein the information sending module is used for determining version information of a user permission mapping table of each verification terminal in the same Internet of things network, and the verification terminals carry out user permission verification based on the user permission mapping table; screening a plurality of verification terminals based on the version information, and sending the digital verification information and the biological verification information to the screened verification terminals so that the verification terminals respectively carry out user authority verification based on the digital verification information and the biological verification information to obtain authority verification results;
the key sending module is used for randomly generating a second public key, sending the first public key and the second public key to each verification terminal so that each verification terminal encrypts the authority verification result based on the first public key to obtain a first ciphertext, attaching the first ciphertext to a terminal address of a control terminal and encrypting the first ciphertext based on the second public key to obtain a second ciphertext;
and the authority verification module is used for receiving the second ciphertext transmitted by each verification terminal, decrypting the second ciphertext based on a second public key to obtain a first ciphertext and a terminal address, transmitting the first ciphertext to the control terminal according to the terminal address, so that the control terminal decrypts the first ciphertext based on the first public key to obtain a plurality of authority verification results, obtains a consensus verification result based on the authority verification results, and determines the control authority of the control terminal based on the consensus verification result.
8. A computer device, comprising: a memory and one or more processors;
the memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the internet of things device control method of any of claims 1-6.
9. A storage medium containing computer-executable instructions, which when executed by a computer processor, perform the internet of things device control method of any one of claims 1 to 6.
CN202011404797.3A 2020-12-05 2020-12-05 Internet of things equipment control method, device, equipment and storage medium Active CN112507301B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011404797.3A CN112507301B (en) 2020-12-05 2020-12-05 Internet of things equipment control method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011404797.3A CN112507301B (en) 2020-12-05 2020-12-05 Internet of things equipment control method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112507301A CN112507301A (en) 2021-03-16
CN112507301B true CN112507301B (en) 2021-10-08

Family

ID=74968436

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011404797.3A Active CN112507301B (en) 2020-12-05 2020-12-05 Internet of things equipment control method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112507301B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826722B (en) * 2022-04-20 2023-10-20 福建星云软件技术有限公司 User authority management method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105701372A (en) * 2015-12-18 2016-06-22 布比(北京)网络技术有限公司 Block chain identity construction and verification method
CN108197959A (en) * 2018-01-23 2018-06-22 华南理工大学 A kind of fast verification pond based on block chain, fast verification system and operating method
CN111371543A (en) * 2020-01-08 2020-07-03 中国科学院重庆绿色智能技术研究院 Internet of things equipment access control method based on double-block chain structure
CN111970302A (en) * 2020-08-27 2020-11-20 烟台大学 Construction equipment authority management method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7549060B2 (en) * 2002-06-28 2009-06-16 Microsoft Corporation Using a rights template to obtain a signed rights label (SRL) for digital content in a digital rights management system
US20040177258A1 (en) * 2003-03-03 2004-09-09 Ong Peng T. Secure object for convenient identification
CN105893794A (en) * 2014-11-18 2016-08-24 苏州慧盾信息安全科技有限公司 Authority management system and method of Internet of things information system
US10984081B2 (en) * 2016-09-30 2021-04-20 Cable Television Laboratories, Inc. Systems and methods for secure person to device association
CN107247899B (en) * 2017-05-22 2020-02-07 珠海格力电器股份有限公司 Role authority control method and device based on security engine and security chip
CN109951489B (en) * 2019-03-27 2020-11-03 深圳市网心科技有限公司 Digital identity authentication method, equipment, device, system and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105701372A (en) * 2015-12-18 2016-06-22 布比(北京)网络技术有限公司 Block chain identity construction and verification method
CN108197959A (en) * 2018-01-23 2018-06-22 华南理工大学 A kind of fast verification pond based on block chain, fast verification system and operating method
CN111371543A (en) * 2020-01-08 2020-07-03 中国科学院重庆绿色智能技术研究院 Internet of things equipment access control method based on double-block chain structure
CN111970302A (en) * 2020-08-27 2020-11-20 烟台大学 Construction equipment authority management method and system

Also Published As

Publication number Publication date
CN112507301A (en) 2021-03-16

Similar Documents

Publication Publication Date Title
US10951400B2 (en) Authentication method, authentication system, and controller
EP3742696B1 (en) Identity management method, equipment, communication network, and storage medium
CN112333213B (en) Privacy protection method and device for business data of power Internet of things
JP5975594B2 (en) Communication terminal and communication system
CN110601931B (en) Batch configuration method and system of intelligent home system
CN112333212B (en) Encryption management method and device for business data of power Internet of things
US11394696B2 (en) Resource request method, device and storage medium
CN110932850B (en) Communication encryption method and system
US20160323100A1 (en) Key generation device, terminal device, and data signature and encryption method
CN112769761B (en) Signal transmission mode selection method and device based on service classification, electronic equipment and storage medium
CN113434905B (en) Data transmission method and device, computer equipment and storage medium
CN106209373B (en) Key generation system, data stamped signature and encryption system and method
CN111881486B (en) Multi-party data backup method, device and system based on block chain
CN112507301B (en) Internet of things equipment control method, device, equipment and storage medium
CN112511295A (en) Authentication method and device for interface calling, micro-service application and key management center
CN116204914A (en) Trusted privacy computing method, device, equipment and storage medium
CN106713298B (en) A kind of communication means and equipment
CN112019552A (en) Internet of things secure communication method
CN112559250B (en) Configuration data backup method and device for electric power Internet of things
CN113839958A (en) Communication encryption method and device for smart home, control system and storage medium
US11606199B2 (en) Management of groups of connected objects using wireless communication protocols
US20070043729A1 (en) Secret identifier for renewed subscription
WO2020044667A1 (en) Communication device, communication system, communication method and computer program
CN115860017B (en) Data processing method and related device
CN108834145B (en) Equipment wireless module, running method thereof and household appliance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant