CN112738103B - Information verification method and device and electronic equipment - Google Patents
Information verification method and device and electronic equipment Download PDFInfo
- Publication number
- CN112738103B CN112738103B CN202011598336.4A CN202011598336A CN112738103B CN 112738103 B CN112738103 B CN 112738103B CN 202011598336 A CN202011598336 A CN 202011598336A CN 112738103 B CN112738103 B CN 112738103B
- Authority
- CN
- China
- Prior art keywords
- information
- cloud service
- target device
- client
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application discloses an information verification method and device and electronic equipment, which are used for improving the safety of an equipment interaction process. The method comprises the following steps: receiving first information sent by target equipment through cloud service; sending a request for acquiring the verification information of the target equipment to the cloud service; receiving feedback information of the cloud service based on the request for obtaining the target device verification information; performing identity verification on the cloud service and the target equipment according to the feedback information; and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information. By adopting the scheme provided by the application, when the first information sent by the target equipment is received, the first information is processed after the sender and the forwarding party are verified, so that the information sent by an illegal user is prevented from being processed by mistake, and the safety of the equipment interaction process is improved.
Description
Technical Field
The present disclosure relates to the field of internet, and in particular, to an information verification method and apparatus, and an electronic device.
Background
The interaction among various devices is an important expression form in the Internet industry and also is the basis of the development of the Internet of things industry, for example, the interaction among different users can enable the different users to communicate with each other, and the interaction among different devices of the same user can realize a plurality of intelligent home scenes, for example, the user remotely controls an intelligent door and window to ventilate; for another example, the door lock with the remote unlocking function is convenient for relatives and friends to enter the house in time under the condition that the master is inconvenient to open the door manually; and for example, the interaction between the air detector and the intelligent door window can realize the automatic window opening and ventilation function.
Therefore, the interaction among the devices provides great convenience for modern work and life, however, in the current inter-device technology, only the server side is used for carrying out identity authentication on both interaction parties, the device cannot carry out authentication on the opposite-end device or the server side during interaction, the security is not high, and the user privacy and property security are threatened. Therefore, how to improve the security of the device interaction process is a technical problem that needs to be solved urgently.
Disclosure of Invention
An object of the embodiments of the present application is to provide an information checking method, an information checking device, and an electronic device, so as to improve security of an interaction process of the device.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme: an information checking method is applied to a client and comprises the following steps:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information.
In one embodiment, further comprising:
generating second information according to a specific trigger event;
feeding back the encrypted second information and client authentication information to the cloud service so that the cloud service executes corresponding operation according to a sending object to which the second information is directed; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
In one embodiment, the feedback information includes cloud service authentication information and target device authentication information, and the performing authentication on the cloud service and the target device according to the feedback information includes:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
In one embodiment, the performing the corresponding operation according to the first information includes:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
In one embodiment, the response data carries data related to a target device, where the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
In one embodiment, the performing the corresponding operation according to the first information includes:
and sending out reminding information according to the first information.
In one embodiment, the verifying the identity of the target device according to the target device verification information includes:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
In one embodiment, the verifying the cloud service identity according to the cloud service verification information includes:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The application also provides an information verification method, which is applied to target equipment and comprises the following steps:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client;
decrypting the second information;
and executing corresponding operation according to the decrypted second information.
In one embodiment, the sending the first information to the client through the cloud service includes:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
In one embodiment, the second information includes client authentication information, and the executing corresponding operation according to the decrypted second information includes:
extracting the client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
The application also provides an information checking device, which is applied to a client and comprises:
the first receiving module is used for receiving first information sent by target equipment through cloud service;
a sending module, configured to send a request for obtaining the target device verification information to the cloud service;
a second receiving module, configured to receive feedback information of the cloud service based on the request for obtaining the target device verification information;
the verification module is used for verifying the identity of the cloud service and the target equipment according to the feedback information;
and the execution module is used for executing corresponding operation according to the first information after the identity authentication is passed.
In one embodiment, further comprising:
the generating module is used for generating second information according to a specific trigger event;
the feedback module is used for feeding back the encrypted second information and the client verification information to the cloud service so that the cloud service executes corresponding operation according to a sending object aimed at by the second information; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
In one embodiment, the verification module includes:
the verification sub-module is used for verifying the identity of the target equipment according to the target equipment verification information and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
In one embodiment, the execution module includes:
a generation submodule for generating response data to the first information;
the encryption submodule is used for encrypting the response data through the public key of the target equipment;
and the feedback submodule is used for feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
In one embodiment, the response data carries data related to a target device, where the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
In one embodiment, the execution module includes:
and the sending submodule is used for sending out reminding information according to the first information.
In one embodiment, the verification sub-module is specifically configured to:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
In one embodiment, the verification sub-module is specifically configured to:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The present application further provides an information checking apparatus, which is applied to a target device, and includes:
the sending module is used for sending first information to the client through the cloud service;
the receiving module is used for receiving the encrypted second information fed back by the client;
the decryption module is used for decrypting the second information;
and the execution module is used for executing corresponding operation according to the decrypted second information.
In one embodiment, the sending module includes:
the acquisition submodule is configured to acquire locally stored target device verification information, where the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number and a target device key;
the sending submodule is used for sending the first information carrying the target device verification information to the cloud service so that the cloud service forwards the first information to the client.
In one embodiment, the execution module includes:
the extraction submodule is used for extracting the client verification information in the second information;
and the verification submodule is used for performing identity verification on the client according to the client verification information.
The present application further provides an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information.
The processor is further configured to:
generating second information according to a specific trigger event;
feeding back the encrypted second information and client authentication information to the cloud service so that the cloud service executes corresponding operation according to a sending object to which the second information is directed; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
The processor is further configured to:
the feedback information includes cloud service verification information and target device verification information, and the identity verification of the cloud service and the target device according to the feedback information includes:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
The processor is further configured to:
the executing corresponding operation according to the first information includes:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
The processor is further configured to:
the response data carries data related to the target device, wherein the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
The processor is further configured to:
the executing corresponding operation according to the first information includes:
and sending out reminding information according to the first information.
The processor is further configured to:
the verifying the identity of the target device according to the target device verification information includes:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
The processor is further configured to:
the verifying the cloud service identity according to the cloud service verification information comprises the following steps:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The present application further provides an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client;
decrypting the second information;
and executing corresponding operation according to the decrypted second information.
The processor is further configured to:
the sending of the first information to the client through the cloud service includes:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
The processor is further configured to:
the second information includes client authentication information, and the corresponding operation is executed according to the decrypted second information, including:
extracting client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
The present application further provides a non-transitory computer-readable storage medium, wherein when instructions in the storage medium are executed by a processor corresponding to a client, the instructions enable the client to perform an information verification method, and the method includes:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information.
The instructions in the storage medium further comprise:
generating second information according to a specific trigger event;
feeding back the encrypted second information and client authentication information to the cloud service so that the cloud service executes corresponding operation according to a sending object to which the second information is directed; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
The instructions in the storage medium further comprise:
the feedback information includes cloud service verification information and target device verification information, and the identity verification of the cloud service and the target device according to the feedback information includes:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
The instructions in the storage medium further comprise:
the executing corresponding operation according to the first information includes:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
The instructions in the storage medium further comprise:
the response data carries data related to the target device, wherein the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
The instructions in the storage medium further comprise:
the executing corresponding operation according to the first information includes:
and sending out reminding information according to the first information.
The instructions in the storage medium further comprise:
the verifying the identity of the target device according to the target device verification information includes:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
The instructions in the storage medium further comprise:
the verifying the cloud service identity according to the cloud service verification information comprises the following steps:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The present application also provides a non-transitory computer readable storage medium having instructions that, when executed by a processor of a target device, enable the target device to perform an information verification method, the method comprising:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client;
decrypting the second information;
and executing corresponding operation according to the decrypted second information.
The instructions in the storage medium further comprise:
the sending of the first information to the client through the cloud service includes:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
The instructions in the storage medium further comprise:
the second information includes client authentication information, and the corresponding operation is executed according to the decrypted second information, including:
extracting client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
The beneficial effect of this application lies in: when first information sent by a target device through a cloud service is received, the first information is not immediately processed, but a request for obtaining verification information of the target device is sent to the cloud service, then, after the feedback information of the received cloud service is received, the cloud service and the target device are subjected to identity verification according to the feedback information, and corresponding operation is executed according to the first information after the cloud service and the target device pass the identity verification. Meanwhile, the target device can carry out identity authentication on the client, so that an attacker is difficult to forge the identity of any end, and the safety of the device interaction process is further improved.
Drawings
Fig. 1 is a flowchart of an information checking method according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for verifying information according to another embodiment of the present application;
FIG. 3 is a flow chart of a method for verifying information according to another embodiment of the present application;
fig. 4 is a schematic diagram illustrating interaction among a client, a cloud service, and a target device in an embodiment of the present application;
fig. 5 is a block diagram of an information checking apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an information checking apparatus according to another embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It is also to be understood that although the present application has been described with reference to some specific examples, those skilled in the art are able to ascertain many other equivalents to the practice of the present application.
The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
Fig. 1 is a flowchart of an information verification method according to an embodiment of the present application, applied to a client, as shown in fig. 1, the method includes the following steps S11-S15:
in step S11, receiving first information sent by the target device through the cloud service;
in step S12, a request for obtaining target device authentication information is sent to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device authentication information in step S13;
in step S14, performing identity verification on the cloud service and the target device according to the feedback information;
in step S15, after the cloud service and the target device identity verification pass, corresponding operations are performed according to the first information.
The method comprises the steps that interaction is carried out among a client, target equipment and cloud service, wherein the client can refer to terminals such as a mobile phone, a tablet computer and a computer, application programs installed in the terminals can also be referred to, the target equipment is managed through the terminals or the application programs corresponding to the terminals, and the target equipment can refer to various intelligent household equipment, such as an intelligent door lock, an intelligent air purifier, an intelligent air detector, a sweeping robot and the like. The cloud service is used for establishing a binding relationship between the client and the target device, storing a management password of the target device, forwarding interaction information between the client and the target terminal and the like. Of course, it can be understood that the functions of establishing a binding relationship between the client and the target device, storing a management password of the target device, forwarding the interaction information between the client and the target terminal, and the like can be realized through the cloud service, and the functions can be realized through any type of server, that is, the cloud service in the application can also be replaced by the server, and the implementation of the application is not affected.
The embodiment is applied to a client, and the client receives first information sent by target equipment through cloud service; for example, the target device is an intelligent air purifier, an air quality sensor is arranged in the intelligent air purifier, the intelligent air purifier can receive the air quality in the surrounding environment sensed by the air quality sensor, and reports air quality information to the client through cloud service according to a fixed time interval, so that a user can check the air quality change situation based on the client, and further know the air purification effect of the intelligent air purifier. For another example, a report button is arranged on the intelligent air purifier, and a user clicks the report button to enable the air purifier to report the air quality information to the client through the cloud service. The air quality information reported by the intelligent air purifier to the client through the cloud service is the first information.
For another example, the target device is an intelligent door lock of a user A, the user B is a visitor, the user B triggers an unlocking request on the intelligent door lock, the intelligent door lock generates a remote call request, the generated remote call request is submitted to a cloud service, and the remote call request is pushed to the client through the cloud service. In this scenario, the remote call request pushed to the client by the cloud service is the "first information".
The client sends a request for acquiring the verification information of the target equipment to the cloud service;
still take the smart home as an example, at this moment, the client may be a smart home management APP (Application) installed on the mobile phone, after the smart home management APP acquires the first information pushed by the cloud service, it needs to verify whether the identities of the smart home devices and the cloud service are legal, and therefore, it needs to send a request for acquiring target device verification information to the cloud service, when the cloud service receives the request, it sends the smart home device certificate, the smart home device serial number, the smart home device key, and the cloud service verification information to the client, the client verifies whether the identity of the smart home devices is legal through the smart home device certificate, the smart home device serial number, and the smart home device key, and verifies whether the identity of the cloud service is legal through the cloud service verification information.
And after the identity authentication is passed, corresponding operation is executed according to the first information.
It should be noted that, when the cloud service forwards the first information, the smart door lock certificate, the smart door lock serial number, the smart door lock key, and the cloud service verification information may also be sent as a part of the first information, in this case, the first information includes the smart home device certificate, the smart home device serial number, the smart home device key, and the cloud service verification information, and the steps S12 and S13 need not be executed. That is, the first information may include information for verifying the identity of the target device and the cloud service, and in this case, after the step S11 is performed, the cloud service and the target device are directly authenticated according to the first information, and after the step S15 is performed after the verification is passed. That is, in the case where the first information contains information for verifying the target device and the cloud service identity, the scheme may be implemented as: receiving first information sent by target equipment through cloud service; performing identity verification on the cloud service and the target equipment according to the first information; and after the identity authentication is passed, corresponding operation is executed according to the first information.
The beneficial effect of this application lies in: when first information sent by a target device through a cloud service is received, the first information is not immediately processed, but a request for obtaining verification information of the target device is sent to the cloud service, then, after the feedback information of the received cloud service is received, the cloud service and the target device are subjected to identity verification according to the feedback information, and corresponding operation is executed according to the first information after the cloud service and the target device pass the identity verification.
In one embodiment, the method may also be implemented as steps A1-A2:
in step a1, generating second information according to a specific trigger event;
in step a2, feeding back the encrypted second information and the client authentication information to the cloud service, so that the cloud service performs a corresponding operation according to a sending object to which the second information is directed; wherein the sending object for which the second information is directed includes a cloud service or a target device.
In this embodiment, the second information may be information that the client actively sends to the target device, and the first information may also be response information to the second information.
The second information may be a control instruction, request information, or interaction information with the target device that is automatically generated by the client based on some preconfigured mechanism, for example, the second information may be an instruction to turn on or off the target device, request information to view operation information of the target device, information detected by the target device, and the like.
Or the client sends the operation to the cloud service for unbinding, deleting, authorizing, managing and the like of the device. Specifically, the binding relationship between the client and the target device is deleted, the binding relationships between other clients and the target device are deleted, the management right of the other clients to the target device is disabled, and the management authorization is performed on other users.
Feeding the encrypted second information and the client verification information back to the cloud service so that the cloud service executes corresponding operation according to a sending object aimed at by the second information; wherein the sending object for which the second information is directed includes a cloud service or a target device.
If the target object is the target device, the cloud service directly forwards the second information to the target device, and the target device decrypts the second information and then executes the second information. For example, the second information is an instruction for turning on or off the target device, the operation information of the target device and the request information of the information detected by the target device are checked, an object to which the information is directed is the target device, and the cloud service is only responsible for forwarding to the target device.
It should be noted that the target device may be a plurality of target devices of different types, for example, the target device may be an intelligent air detector and an intelligent door and window, and the client receives information (i.e., first information) with poor air quality sent by the intelligent air detector, may generate an instruction (i.e., second information for the intelligent door and window) for controlling the intelligent door and window to perform windowing, and then forwards the instruction to the intelligent door and window through cloud service to control the intelligent door and window to perform windowing operation.
For another example, the second information is an operation sent to the cloud service for unbinding, deleting, authorizing, managing, and the like of the device, an object targeted by such information is the cloud service, and after receiving the second information, the cloud service decrypts the second information and then performs a corresponding operation.
In one embodiment, the feedback information includes cloud service authentication information and target device authentication information, and the step S14 may be implemented as the following steps:
verifying the identity of the target equipment according to the verification information of the target equipment, and verifying the identity of the cloud service according to the verification information of the cloud service; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
In this embodiment, for an intelligent home, a client may be an intelligent home management APP installed on a mobile phone, after the intelligent home management APP acquires first information pushed by a cloud service, it is necessary to verify whether identities of an intelligent home device and the cloud service are legal, and therefore, a request for acquiring target device verification information needs to be sent to the cloud service, when the cloud service receives the request, the cloud service sends an intelligent home device certificate, an intelligent home device serial number, an intelligent home device key, and cloud service verification information to the client, the client verifies whether the identity of the intelligent home device is legal through the intelligent home device certificate, the intelligent home device serial number, and the intelligent home device key, and verifies whether the identity of the cloud service is legal through the cloud service verification information.
In one embodiment, as shown in FIG. 2, the above step S15 can be implemented as the following steps S21-S23:
in step S21, response data to the first information is generated;
in step S22, the response data is encrypted by the public key of the target device;
in step S23, the response data encrypted by the public key of the target device is fed back to the target device through the cloud service.
For example, the target device is an intelligent door lock of a user A, the user B is a visitor, the intelligent door lock generates a remote call request by triggering an unlocking request on the intelligent door lock, the generated remote call request is submitted to a cloud service, and the remote call request is pushed to a client through the cloud service. In this scenario, the remote call request pushed to the client by the cloud service is the "first information". Generating response data to the first information after the target device and the cloud service identity authentication are legal; specifically, the public key of the intelligent door lock is used for encrypting response data, wherein the response data comprises a remote unlocking request (namely data for responding to the first information), an intelligent door lock serial number, an intelligent door lock management password and an intelligent door lock management application login account. And submitting the response data to the cloud service, and forwarding the response data to the intelligent door lock through the cloud service.
In one embodiment, the response data carries data related to the target device, where the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
It can be understood that the response data necessarily includes data responding to the first data, such as the remote unlocking request in the above example, in addition to the data related to the target device.
In addition, if the target device to which the response data is directed is not an intelligent door lock, the response data may only include data responding to the first information and a serial number of the target device.
In one embodiment, the step S15 can be further implemented as the following steps:
and sending out reminding information according to the first information.
When the target device fails, the device failure may be detected by the self-detection device, and at this time, the device failure information may be reported to the client, or the device may report its own operation log to the client, that is, the first information may be the operation log of the target device, and the failure information reported when the target device fails. When the information that the target equipment has faults is received or the fault of the target equipment is detected through the target equipment running log, reminding information is sent according to the first information, for example, a user is reminded through sound or vibration.
In addition, the specific content of the first information may be analyzed, and then corresponding advice information is generated, that is, the reminder information may also include the advice information, for example, when the target device is detected to have a fault according to the target device operation log, a corresponding maintenance advice may be given.
For example, the device is an intelligent air detector, an intelligent temperature detector, or the like, and can issue a prompt when detecting that the air quality is poor, the room temperature is too high, or the like. Suggestions such as window opening ventilation, air conditioner starting and the like can also be given.
In one embodiment, the verifying the identity of the target device according to the target device verification information may be implemented as the following steps B1-B2:
in step B1, the target device certificate is verified using the root certificate stored in advance;
in step B2, if the verification is passed, it is determined that the identity of the target device is legitimate.
In this embodiment, a root certificate corresponding to the target device bound to the client may be stored in advance, and after the target device certificate sent by the cloud service is received, the target device certificate sent by the cloud service is verified according to the prestored root certificate corresponding to the target device. The pre-stored root certificate may be pre-sent to the client by the certificate authority.
In one embodiment, the above-mentioned verification of the cloud service identity according to the cloud service verification information may be implemented as the following steps C1-C2:
in step C1, the cloud service verification information is verified and signed by using the pre-stored cloud service public key;
in step C2, if the check-out passes, it is determined that the cloud service identity is legitimate.
In this embodiment, the cloud service public key stored in advance is used for verifying and signing the cloud service verification information, the cloud service verification information may refer to cloud service signature data, and if the verification and signing pass, it is determined that the cloud service identity is legal.
Fig. 3 is a flowchart of an information verification method according to an embodiment of the present application, applied to a target device, as shown in fig. 3, the method includes the following steps S13-S34:
in step S31, sending the first information to the client through the cloud service;
in step S32, receiving the encrypted second information fed back by the client;
in step S33, the second information is decrypted;
in step S34, a corresponding operation is performed according to the decrypted second information.
The embodiment is applied to the target device, for example, the target device is an intelligent home device.
For example, when a specific time arrives, the target device sends its own execution log or its detected environmental parameter information (i.e., first information) to the client through the cloud service.
For another example, when the target device receives a click operation on a specific button on the device, the first information is sent to the client through the cloud service; the specific button can be a button for reporting a running log of the device, a button for sending a remote unlocking instruction and parameter information detected by the device.
For another example, when the self-checking device of the target device (e.g., the smart door lock) detects that the self-checking device is subjected to external violent destruction, the self-checking device sends information (first information) that the self-checking device is subjected to external attack to the client through the cloud service.
Receiving encrypted second information fed back by the client; the encrypted second information is encrypted by one or more of a target device certificate, a target device serial number, and a target device key. The client can feed back the second information to the target device through the cloud service.
Decrypting the second information; specifically, the decryption may be performed according to one or more of the target device certificate, the target device serial number, and the target device key.
And executing corresponding operation according to the decrypted second information.
The cloud service may feed back cloud service authentication information and/or client authentication information to the target device. Specifically, the cloud service may feed back the cloud service verification information and/or the client verification information to the target device when feeding back the second information to the target device, and of course, the cloud service verification information and/or the client verification information may also be carried in the second information as a part of the second information. This is not limited by the present application.
After receiving the cloud service verification information and/or the client verification information fed back by the cloud service, performing corresponding operation according to the decrypted second information may include verifying the identity of the cloud service and/or the client through the cloud service verification information and/or the client verification information, where a specific verification process is similar to the previous verification process of the client to the cloud service and/or the target device, and details are not repeated here.
In addition, the second information may further include a target device serial number, a target device management password, and a target device management application login account of the target device. After the identity of the cloud service and/or the client is verified to be legal, whether the target equipment serial number carried in the second information is matched with the self serial number or not and whether the target equipment management password is matched with the self-stored management password or not can also be determined. After all the verification succeeds, the subsequent operations are executed, such as the operation of reporting the self running log or the environment parameter information detected by the self running log, unlocking operation and the like.
In one embodiment, the above step S31 can be implemented as the following steps D1-D2:
in step D1, locally stored target device authentication information is obtained, wherein the target device authentication information includes at least one of the following information:
a target device certificate, a target device serial number and a target device key;
in step D2, the first information carrying the target device authentication information is sent to the cloud service, so that the cloud service forwards the first information to the client.
In one embodiment, the second information includes client authentication information, and the step S34 can be implemented as the following steps E1-E2:
in step E1, extracting the client authentication information in the second information;
in step E2, the client is authenticated according to the client authentication information.
The client authentication information may also be carried in the second information as a part of the second information, and after receiving the client authentication information fed back by the cloud service, performing corresponding operation according to the decrypted second information may include authenticating the identity of the client by the client authentication information, where the client authentication information may be information for indicating the identity of the client, and for example, the client authentication information may be a target device management application login account, a serial number of a device where the client is located, or the like. When the client identity is verified, the target device can verify the client identity by judging whether the target device management application login account is a login account pre-bound with the target device management application login account, judging whether the serial number of the device where the client is located is matched with a locally pre-stored client serial number, and the like.
Fig. 4 is a schematic diagram illustrating interaction among a client, a cloud service, and a target device in an embodiment of the present application. As can be seen from fig. 4, the client and the target device interact as an intermediate device through a cloud service, and the following describes a production process of the target device and a binding process of the target device and the client with reference to fig. 4:
the target device takes an intelligent door lock as an example, and a client side and a management APP corresponding to the intelligent door lock as an example:
factory production registers an intelligent door lock:
the intelligent door lock generates a key pair of the intelligent door lock and then generates a CSR (Certificate Signing Request file); the CSR file is submitted to a certificate issuing mechanism (which can be a certificate issuing mechanism built in a company or a certificate issuing mechanism trusted by a third party), and after the certificate issuing mechanism obtains the CSR file submitted by the intelligent door lock, the certificate issuing mechanism signs the CSR file submitted by the intelligent door lock by using a private key of the certificate issuing mechanism, namely, the intelligent door lock certificate is issued to the intelligent door lock and returned to the intelligent door lock; the intelligent door lock transmits an intelligent door lock SN (serial number), an intelligent door lock certificate and signature data (the intelligent door lock SN + the intelligent door lock public key of which the intelligent door lock is signed by the private key of the intelligent door lock) to the cloud service. The cloud service verifies an intelligent door lock certificate transmitted by the intelligent door lock by using a root certificate of a pre-stored certificate issuing organization, acquires a public key of the intelligent door lock from the intelligent door lock certificate after the verification is passed to verify signature data, and finally verifies that the identity of the intelligent door lock is legal, signs the intelligent door lock SN + the intelligent door lock public key by using a private key of the cloud service, and stores the intelligent door lock certificate and cloud service signature data into an intelligent door lock information table of a database; the data signed by the cloud service is returned to the intelligent door lock; the intelligent door lock uses the cloud service public key prestored in the program to check the signature of the returned signature data, if the signature passes the check, the registration is successful, and the cloud service identity is legal.
And if the intelligent door lock identity is illegal or the intelligent door lock signature is incorrect, the prompt and the reason of the intelligent door lock registration failure are fed back. If the cloud service identity is found to be illegal after the cloud service public key prestored in the intelligent door lock use program is used for checking the signature of the returned signature data, signature checking fails, registration of the intelligent door lock fails, and the intelligent door lock cannot be sold.
The user can purchase the intelligent door lock through an off-line or on-line channel. And then setting a door lock management password from the intelligent door lock operation interface.
The user management intelligent door lock needs to be provided with a management APP (client) corresponding to the intelligent door lock, a mobile phone account is registered to log in a system after the APP is successfully installed, a secret key pair is generated, a certificate is issued to a cloud service request, the cloud service issues the certificate to the account after receiving an issue certificate request sent by the intelligent door lock management APP and returns the certificate to the intelligent door lock management APP, and after the cloud service certificate is successfully issued, the intelligent door lock management APP selects a code to be scanned, adds a binding intelligent door lock, and binds and pairs with the intelligent door lock. After the pairing is successful, the intelligent door lock signs the relationship data of the management account by using a private key of the intelligent door lock, then the signature data and the original data are submitted to a cloud service, the cloud service acquires a public key of the intelligent door lock from a local database, then checks the signature data submitted by the intelligent door lock, and the signature data is updated to the local database after the signature is successfully checked. The APP managed at the moment can check the information of successful binding with the intelligent door lock. Therefore, binding of the APP and the intelligent door lock is completed through cloud service.
The target device still takes the intelligent door lock as an example, and the client side takes the intelligent door lock management APP as an example to describe a remote unlocking scene:
the target equipment is an intelligent door lock of a user A, the user B is a visitor, the user B can generate a remote call request by triggering an unlocking request on the intelligent door lock, the generated remote call request is submitted to a cloud service, the cloud service inquires an account number capable of unlocking in a database according to the remote call request submitted by the intelligent door lock and pushes the remote call request to an intelligent door lock management APP (the intelligent door lock management APP is installed on a mobile phone of the user A), after the intelligent door lock management APP obtains the remote call request pushed by the cloud service, a popup window for inputting an intelligent door lock management password is popped out in the intelligent door lock management APP, the user A inputs the intelligent door lock management password in the popup window for inputting the intelligent door lock management password to process the remote call request, and when the password is correctly input, a client side verifies whether the identity of the intelligent door lock is legal or not in a certificate and signature verification mode, whether the identity of the cloud service is legitimate. After verification is passed, a remote unlocking request is generated, a public key of the intelligent door lock is used for encrypting an intelligent door lock management password, the intelligent door lock SN and a login account, encrypted data and the remote unlocking request are submitted to a cloud service, the cloud service pushes the encrypted data and the encrypted data to the intelligent door lock sending the remote calling request after receiving the remote unlocking request and the encrypted data pushed by the cloud service, the data are decrypted, whether the decrypted data are matched or not is verified after decryption is successful, the remote unlocking request is responded if the decrypted data are matched, the intelligent door lock is unlocked, and otherwise, remote unlocking fails. The intelligent door lock submits the state of remote unlocking success/failure to the cloud service, the cloud service pushes the state of remote unlocking success/failure to the intelligent door lock management APP, and the intelligent door lock management APP receives the state of remote unlocking success/failure pushed by the cloud service and reminds a user A.
Through the three-party interaction process, it can be seen that, after the client and the intelligent door lock receive the information, not only the data needs to be decrypted, but also the identities of the two parties need to be verified, and secondly, the client side can also verify the cloud service identity, therefore, an attacker is difficult to forge the identity of the client and the cloud service identity and the identity of the intelligent door lock, as can be seen from this example, the same effect can be achieved by applying the solution to other target devices, for example, other smart home devices except for the door lock, and therefore, in this application, during the interaction process, the client and the target device can verify the identity of the opposite terminal and the cloud service, therefore, an attacker is difficult to forge the identity of any one of the client, the target terminal and the cloud service, and the safety of interaction among the devices is further improved.
Fig. 5 is a block diagram of an information checking apparatus according to an embodiment of the present application, which is applied to a client, and as shown in fig. 5, the apparatus includes the following modules:
a first receiving module 51, configured to receive first information sent by a target device through a cloud service;
a sending module 52, configured to send a request for obtaining target device authentication information to a cloud service;
a second receiving module 53, configured to receive feedback information of the cloud service based on the request for obtaining the target device authentication information;
the verification module 54 is configured to perform identity verification on the cloud service and the target device according to the feedback information;
and the executing module 55 is configured to execute a corresponding operation according to the first information after the identity authentication is passed.
In one embodiment, the apparatus further comprises:
the generating module is used for generating second information according to a specific trigger event;
the feedback module is used for feeding the encrypted second information and the client verification information back to the cloud service so that the cloud service executes corresponding operation according to a sending object aimed at by the second information; wherein the sending object for which the second information is directed includes a cloud service or a target device.
In one embodiment, a verification module, comprising:
the verification submodule is used for verifying the identity of the target equipment according to the verification information of the target equipment and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
In one embodiment, an execution module includes:
a generation submodule for generating response data to the first information;
the encryption submodule is used for encrypting the response data through a public key of the target equipment;
and the feedback submodule is used for feeding back the response data encrypted by the public key of the target equipment to the target equipment through cloud service.
In one embodiment, the response data carries data related to the target device, where the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
In one embodiment, an execution module includes:
and the sending submodule is used for sending out reminding information according to the first information.
In one embodiment, the verification sub-module is specifically configured to:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
In one embodiment, the verification sub-module is specifically configured to:
using a pre-stored cloud service public key to check the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
Fig. 6 is a block diagram of an information checking apparatus according to an embodiment of the present application, which is applied to a target device, and as shown in fig. 6, the apparatus includes the following modules:
a sending module 61, configured to send the first information to the client through the cloud service;
a receiving module 62, configured to receive the encrypted second information fed back by the client;
a decryption module 63, configured to decrypt the second information;
and the execution module 64 is configured to execute a corresponding operation according to the decrypted second information.
In one embodiment, the sending module includes:
the acquisition submodule is used for acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
the sending submodule is used for sending the first information carrying the target device verification information to the cloud service so that the cloud service can forward the first information to the client.
In one embodiment, the execution module includes:
the extraction submodule is used for extracting the client verification information in the second information;
and the verification submodule is used for performing identity verification on the client according to the client verification information.
The present application further provides an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information.
The processor is further configured to:
generating second information according to a specific trigger event;
feeding back the encrypted second information and client authentication information to the cloud service so that the cloud service executes corresponding operation according to a sending object to which the second information is directed; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
The processor is further configured to:
the feedback information includes cloud service verification information and target device verification information, and the identity verification of the cloud service and the target device according to the feedback information includes:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
The processor is further configured to:
the executing corresponding operation according to the first information includes:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
The processor is further configured to:
the response data carries data related to the target device, wherein the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
The processor is further configured to:
the executing corresponding operation according to the first information includes:
and sending out reminding information according to the first information.
The processor is further configured to:
the verifying the identity of the target device according to the target device verification information includes:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
The processor is further configured to:
the verifying the cloud service identity according to the cloud service verification information comprises the following steps:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The present application further provides an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client;
decrypting the second information;
and executing corresponding operation according to the decrypted second information.
The processor is further configured to:
the sending of the first information to the client through the cloud service includes:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
The processor is further configured to:
the second information includes client authentication information, and the corresponding operation is executed according to the decrypted second information, including:
extracting client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
The present application further provides a non-transitory computer-readable storage medium, wherein when instructions in the storage medium are executed by a processor corresponding to a client, the instructions enable the client to perform an information verification method, and the method includes:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
and after the cloud service and the target equipment pass the authentication, executing corresponding operation according to the first information.
The instructions in the storage medium further comprise:
generating second information according to a specific trigger event;
feeding back the encrypted second information and client authentication information to the cloud service so that the cloud service executes corresponding operation according to a sending object to which the second information is directed; wherein the transmission object for which the second information is directed includes a cloud service or a target device.
The instructions in the storage medium further comprise:
the feedback information includes cloud service verification information and target device verification information, and the identity verification of the cloud service and the target device according to the feedback information includes:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
The instructions in the storage medium further comprise:
the executing corresponding operation according to the first information includes:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
The instructions in the storage medium further comprise:
the response data carries data related to the target device, wherein the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
The instructions in the storage medium further comprise:
the executing corresponding operation according to the first information includes:
and sending out reminding information according to the first information.
The instructions in the storage medium further comprise:
the verifying the identity of the target device according to the target device verification information includes:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
The instructions in the storage medium further comprise:
the verifying the cloud service identity according to the cloud service verification information comprises the following steps:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
The present application also provides a non-transitory computer readable storage medium having instructions that, when executed by a processor of a target device, enable the target device to perform an information verification method, the method comprising:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client;
decrypting the second information;
and executing corresponding operation according to the decrypted second information.
The instructions in the storage medium further comprise:
the sending of the first information to the client through the cloud service includes:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
The instructions in the storage medium further comprise:
the second information includes client authentication information, and the corresponding operation is executed according to the decrypted second information, including:
extracting client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.
Claims (16)
1. An information checking method is applied to a client, and is characterized by comprising the following steps:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information; the feedback information comprises cloud service verification information and target equipment verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
after the identity authentication is passed, corresponding operation is executed according to the first information;
generating second information according to a specific trigger event, wherein the second information at least comprises client authentication information and a target device management password;
feeding back the encrypted second information to the cloud service so that the target device receives the encrypted second information through the cloud service, decrypts the encrypted second information, and executes corresponding operation after all verification passes according to the decrypted second information; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
2. The method of claim 1, wherein the authenticating the cloud service and the target device according to the feedback information comprises:
verifying the identity of the target equipment according to the target equipment verification information, and verifying the cloud service identity according to the cloud service verification information; wherein the target device verification information includes at least one of the following information:
a target device certificate, a target device serial number, and a target device key.
3. The method of claim 1, wherein performing the corresponding operation according to the first information comprises:
generating response data to the first information;
encrypting the response data by the public key of the target device;
and feeding back the response data encrypted by the public key of the target equipment to the target equipment through the cloud service.
4. The method of claim 3, wherein the response data carries data related to a target device, and wherein the data related to the target device includes at least one of the following information:
the target device serial number, the target device management password and the target device management application login account.
5. The method of claim 1, wherein performing the corresponding operation according to the first information comprises:
and sending out reminding information according to the first information.
6. The method of claim 2, wherein the verifying the identity of the target device based on the target device authentication information comprises:
verifying the target device certificate using a pre-stored root certificate;
and if the verification is passed, determining that the identity of the target equipment is legal.
7. The method of claim 2, wherein the verifying cloud service identity from the cloud service verification information comprises:
using a pre-stored cloud service public key to check and sign the cloud service verification information;
and if the signature verification is passed, determining that the cloud service identity is legal.
8. An information checking method is applied to target equipment, and is characterized by comprising the following steps:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client and forwarded by the cloud service, wherein the encrypted second information is information fed back to the cloud service together with client authentication information by the client, and the second information at least comprises client authentication information and a target device management password;
decrypting the second information;
according to the decrypted second information, corresponding operation is executed after all verification passes; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
9. The method of claim 8, wherein sending the first information to the client through the cloud service comprises:
acquiring locally stored target device verification information, wherein the target device verification information comprises at least one of the following information:
a target device certificate, a target device serial number and a target device key;
and sending the first information carrying the target equipment verification information to the cloud service so that the cloud service forwards the first information to the client.
10. The method according to claim 8 or 9, wherein the second information includes client authentication information, and the performing corresponding operations according to the decrypted second information includes:
extracting the client verification information in the second information;
and performing identity authentication on the client according to the client authentication information.
11. An information checking device is applied to a client side and is characterized by comprising:
the first receiving module is used for receiving first information sent by target equipment through cloud service;
a sending module, configured to send a request for obtaining the target device verification information to the cloud service;
a second receiving module, configured to receive feedback information of the cloud service based on the request for obtaining the target device verification information; the feedback information comprises cloud service verification information and target equipment verification information;
the verification module is used for verifying the identity of the cloud service and the target equipment according to the feedback information;
the execution module is used for executing corresponding operation according to the first information after the identity authentication is passed;
the execution module is further used for generating second information according to a specific trigger event, wherein the second information at least comprises client authentication information and a target device management password;
feeding back the encrypted second information to the cloud service so that the target device receives the encrypted second information through the cloud service, decrypts the encrypted second information, and executes corresponding operation after all verification passes according to the decrypted second information; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
12. An information verifying apparatus applied to a target device, comprising:
the sending module is used for sending first information to the client through the cloud service;
a receiving module, configured to receive encrypted second information fed back by the client and forwarded by the cloud service, where the encrypted second information is information fed back to the cloud service by the client together with client authentication information, and the second information at least includes client authentication information and a target device management password;
the decryption module is used for decrypting the second information;
the execution module is used for executing corresponding operation after all the verification passes according to the decrypted second information; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
13. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information; the feedback information comprises cloud service verification information and target equipment verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
after the cloud service and the target equipment identity authentication pass, corresponding operation is executed according to the first information;
generating second information according to a specific trigger event, wherein the second information at least comprises client authentication information and a target device management password;
feeding back the encrypted second information to the cloud service so that the target device receives the encrypted second information through the cloud service, decrypts the encrypted second information, and executes corresponding operation after all verification passes according to the decrypted second information; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
14. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client and forwarded by the cloud service, wherein the encrypted second information is information fed back to the cloud service together with client authentication information by the client, and the second information at least comprises client authentication information and a target device management password;
decrypting the second information;
according to the decrypted second information, corresponding operation is executed after all verification passes; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
15. A non-transitory computer-readable storage medium, wherein instructions of the storage medium, when executed by a processor corresponding to a client, enable the client to perform an information checking method, the method comprising:
receiving first information sent by target equipment through cloud service;
sending a request for acquiring the verification information of the target equipment to the cloud service;
receiving feedback information of the cloud service based on the request for obtaining the target device verification information; the feedback information comprises cloud service verification information and target equipment verification information;
performing identity verification on the cloud service and the target equipment according to the feedback information;
after the cloud service and the target equipment identity authentication pass, corresponding operation is executed according to the first information;
generating second information according to a specific trigger event, wherein the second information at least comprises client authentication information and a target device management password;
feeding back the encrypted second information to the cloud service so that the target device receives the encrypted second information through the cloud service, decrypts the encrypted second information, and executes corresponding operation after all verification passes according to the decrypted second information; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
16. A non-transitory computer readable storage medium having instructions therein, which when executed by a processor of a target device, enable the target device to perform an information verification method, the method comprising:
sending first information to a client through a cloud service;
receiving encrypted second information fed back by the client and forwarded by the cloud service, wherein the encrypted second information is information fed back to the cloud service together with client authentication information by the client, and the second information at least comprises client authentication information and a target device management password;
decrypting the second information;
according to the decrypted second information, corresponding operation is executed after all verification passes; wherein the total verification comprises at least: and performing identity authentication on the client by using the client authentication information to determine whether the target equipment management password is matched with a management password stored in the target equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011598336.4A CN112738103B (en) | 2020-12-29 | 2020-12-29 | Information verification method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011598336.4A CN112738103B (en) | 2020-12-29 | 2020-12-29 | Information verification method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112738103A CN112738103A (en) | 2021-04-30 |
| CN112738103B true CN112738103B (en) | 2022-03-22 |
Family
ID=75611447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011598336.4A Active CN112738103B (en) | 2020-12-29 | 2020-12-29 | Information verification method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112738103B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116052306A (en) * | 2022-12-27 | 2023-05-02 | 北京深盾科技股份有限公司 | Door lock message pushing method, user terminal, server, intelligent door lock and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038777A (en) * | 2017-03-29 | 2017-08-11 | 云丁网络技术(北京)有限公司 | A kind of safety communicating method and its intelligent door lock system based on intelligent door lock system |
| CN108696536A (en) * | 2018-07-03 | 2018-10-23 | 北京科东电力控制系统有限责任公司 | A kind of safety certifying method |
| CN110099105A (en) * | 2019-04-19 | 2019-08-06 | 华南理工大学 | It is a kind of for people and robot cooperated method for connecting network |
| CN110299996A (en) * | 2018-03-22 | 2019-10-01 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| CN110401648A (en) * | 2019-07-16 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | Obtain method, apparatus, electronic equipment and the medium of cloud service |
| CN111818100A (en) * | 2020-09-04 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Method for configuring channel across networks, related equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152178B (en) * | 2013-02-04 | 2015-11-11 | 浪潮(北京)电子信息产业有限公司 | cloud computing verification method and system |
| JP6673227B2 (en) * | 2017-01-10 | 2020-03-25 | 横河電機株式会社 | Cloud service control device, cloud service control system, cloud service control method, cloud service control program, and recording medium |
| CN111565179B (en) * | 2020-04-27 | 2022-12-06 | 北京奇艺世纪科技有限公司 | Identity verification method and device, electronic equipment and storage medium |
| CN111949954A (en) * | 2020-07-10 | 2020-11-17 | 深圳市信锐网科技术有限公司 | Login verification method, system and computer storage medium |
-
2020
- 2020-12-29 CN CN202011598336.4A patent/CN112738103B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038777A (en) * | 2017-03-29 | 2017-08-11 | 云丁网络技术(北京)有限公司 | A kind of safety communicating method and its intelligent door lock system based on intelligent door lock system |
| CN110299996A (en) * | 2018-03-22 | 2019-10-01 | 阿里巴巴集团控股有限公司 | Authentication method, equipment and system |
| CN108696536A (en) * | 2018-07-03 | 2018-10-23 | 北京科东电力控制系统有限责任公司 | A kind of safety certifying method |
| CN110099105A (en) * | 2019-04-19 | 2019-08-06 | 华南理工大学 | It is a kind of for people and robot cooperated method for connecting network |
| CN110401648A (en) * | 2019-07-16 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | Obtain method, apparatus, electronic equipment and the medium of cloud service |
| CN111818100A (en) * | 2020-09-04 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Method for configuring channel across networks, related equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112738103A (en) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111277577B (en) | Digital identity verification method, device, equipment and storage medium | |
| US9871791B2 (en) | Multi factor user authentication on multiple devices | |
| US9264423B2 (en) | Password-less authentication system and method | |
| EP3457344A1 (en) | Payment authentication method, apparatus and system for onboard terminal | |
| CN110719203B (en) | Operation control method, device and equipment of intelligent household equipment and storage medium | |
| US20050021975A1 (en) | Proxy based adaptive two factor authentication having automated enrollment | |
| US10063538B2 (en) | System for secure login, and method and apparatus for same | |
| US20140258727A1 (en) | System and Method of Using a Signed GUID | |
| WO2004090738A1 (en) | Password change system | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| KR20170121683A (en) | User centric authentication mehtod and system | |
| CN103888255A (en) | Identity authentication method, device and system | |
| CN101345626A (en) | Verification method between electronic lock and electronic key | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| US9332011B2 (en) | Secure authentication system with automatic cancellation of fraudulent operations | |
| CN105100102A (en) | Authority configuration method and device as well as information configuration method and device | |
| CN101924635B (en) | Method and device for user identity authentication | |
| CN112738103B (en) | Information verification method and device and electronic equipment | |
| CN112351043A (en) | Vehicle navigation factory setting password management method and system | |
| CN104852904B (en) | A kind of Server remote method for restarting applied based on cell phone application and Encrypted short message ceases | |
| CN116346423A (en) | Client data multiple encryption system and method in intelligent Internet of things energy system | |
| US11418960B1 (en) | Secure device pairing | |
| CN115526703A (en) | Enterprise user authentication and authorization method and system | |
| CN113593088A (en) | Intelligent unlocking method, intelligent lock, mobile terminal and server | |
| CN115618419A (en) | Information query method and device, readable medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |