CN112787979A - Internet of things equipment access control method and internet of things equipment access control device - Google Patents
Internet of things equipment access control method and internet of things equipment access control device Download PDFInfo
- Publication number
- CN112787979A CN112787979A CN201911082665.0A CN201911082665A CN112787979A CN 112787979 A CN112787979 A CN 112787979A CN 201911082665 A CN201911082665 A CN 201911082665A CN 112787979 A CN112787979 A CN 112787979A
- Authority
- CN
- China
- Prior art keywords
- internet
- access
- things
- identity authentication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the application provides an access control method and device for equipment of the Internet of things, an access method for the equipment of the Internet of things and the equipment of the Internet of things, and solves the problems that an existing access authentication mode is poor in safety, free of universality and poor in fine control granularity. The Internet of things equipment access control method comprises the following steps: receiving access information from Internet of things equipment, wherein the access information comprises an identity authentication identifier corresponding to the Internet of things equipment; verifying whether the identity authentication identification is legal or not; and when the identity authentication identification is verified to be legal, acquiring the access authority corresponding to the identity authentication identification.
Description
Technical Field
The application relates to the technical field of computer communication, in particular to an Internet of things equipment access control method, an Internet of things equipment access control device, an Internet of things equipment access method, Internet of things equipment, electronic equipment and a computer readable storage medium.
Background
At present, the global market scale of the Internet of things is increased sharply, and the Internet of things equipment is increased explosively. The access amount of global Internet of things equipment is estimated to reach 500 hundred million by 2020. The purpose of such a huge number of internet of things devices is to connect with other internet of things devices and applications and to transfer information using internet transport protocols. And an interconnection bridge needs to be established between the Internet of things equipment and the application program through an Internet of things platform. Therefore, a large number of commercial internet of things platforms and private internet of things platforms have been produced. The device needs to access the internet of things platform through a protocol, but due to the fact that the access process of the device is complex, fragmentation occurs in the market of the internet of things platform. Meanwhile, the safety problem of the internet of things attracts wide attention, and the safe access of equipment becomes an important research direction in the field of the internet of things. The existing equipment safety access authentication technology in the Internet of things has the problems that the complexity is high, the universality is not realized, information such as equipment identification is easy to track, and therefore the access equipment is attacked, and the like.
The access authentication means that before a user accesses a system, the system needs to identify and authenticate the user identity according to a certain strategy so as to ensure the validity of the user identity accessing the system, and meanwhile, certificate filing is carried out on the user after the authentication is completed to be used as an identity certificate of the user running in the system. The access authentication is an important ring of platform safety, and for an illegal user, an access authentication mechanism limits the access of the illegal user to platform resources; for a legitimate user, the access authentication grants the legitimate user access to the system and generates an identity certificate for the legitimate user, and the access authentication is said to be the basis of other security mechanisms of the platform.
In the prior art, the user and the system generally perform access authentication through the following factors: information known to the user, such as a password; information owned by the user, such as a smart card; and biometric characteristics of the user such as fingerprints, facial contours, irises, etc. However, the security and reliability of these three schemes are general, and the user-related information transmitted in the authentication process is easily tracked, so that the access device is attacked. In addition, the existing access authentication solution of the existing internet of things platform is high in complexity and does not have universality, additional customized development is usually needed, and development and maintenance costs are high. Meanwhile, the access authentication mode of the existing internet of things platform does not perform access control of fine granularity, and cannot limit what topics each access device can publish and subscribe.
Disclosure of Invention
In view of this, embodiments of the present application provide an access control method and apparatus for an internet of things device, an access method for an internet of things device, and an internet of things device, which solve the problems of poor security, no universality, and poor control fine granularity of the existing access authentication method.
According to an aspect of the present application, an embodiment of the present application provides an access control method for an internet of things device, including: receiving access information from Internet of things equipment, wherein the access information comprises an identity authentication identifier corresponding to the Internet of things equipment; verifying whether the identity authentication identification is legal or not; and when the identity authentication identification is verified to be legal, acquiring the access authority corresponding to the identity authentication identification.
According to another aspect of the present application, an embodiment of the present application provides an internet of things device access method, including: verifying the certificate information of the server by using a root certificate of a third-party certificate authority preset in local equipment, wherein the certificate information of the server is issued by the third-party certificate authority; when the certificate information of the server side is matched with the root certificate of the certificate authority of the third party, sending feedback information to the server side to establish a data encryption transmission channel based on a secure transmission layer protocol; and sending access information to a server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local equipment.
According to another aspect of the present application, an embodiment of the present application provides an access control apparatus for an internet of things device, including: the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive access information from the Internet of things equipment, and the access information comprises an identity authentication identifier which uniquely corresponds to the Internet of things equipment; the first verification module is configured to verify whether the identity authentication identification is legal or not; and the authentication module is configured to acquire the access authority corresponding to the identity authentication identifier when the identity authentication identifier is verified to be legal.
According to another aspect of the present application, an embodiment of the present application provides an internet of things device, including: the second verification module is configured to verify the certificate information of the server by using a root certificate of a third-party certificate authority preset in the local equipment, wherein the certificate information of the server is issued by the third-party certificate authority; the first sending module is configured to send feedback information to the server to establish a data encryption transmission channel based on a secure transport layer protocol when the certificate information of the server is matched with the root certificate of the certificate authority of the third party; and the second sending module is configured to send access information to a server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local device.
According to another aspect of the present application, an embodiment of the present application provides an electronic device, including: a processor; a memory; and computer program instructions stored in the memory, which when executed by the processor, cause the processor to perform the access control method as claimed in any one of the preceding claims.
According to another aspect of the present application, an embodiment of the present application provides a computer-readable storage medium having stored thereon computer program instructions, which, when executed by a processor, cause the processor to perform the access control method as set forth in any one of the preceding claims.
According to another aspect of the present application, an embodiment of the present application provides a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the access control method as described in any of the above.
According to the access control method of the Internet of things equipment, the access control device of the Internet of things equipment, the access method of the Internet of things equipment, the electronic equipment and the computer readable storage medium, a one-machine one-secret equipment authentication mechanism is adopted, each piece of Internet of things equipment has a unique identity authentication identifier, access authentication is completed by verifying the identity authentication identifier corresponding to the piece of Internet of things equipment, and the security risk that the piece of Internet of things equipment is broken due to leakage of user related information can be effectively reduced. In addition, an equipment authority management mechanism is further provided, when the identity authentication identifier is verified to be legal, the access authority corresponding to the identity authentication identifier is obtained, and therefore a user can achieve fine-grained control over the access authority of each equipment by pre-configuring the corresponding relation between the identity authentication identifier and the access authority.
Drawings
Fig. 1 is a schematic flow chart of an access control method for an internet of things device according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of an internet of things platform according to an embodiment of the present application.
Fig. 3 is a schematic flow chart illustrating a process of acquiring an access right corresponding to an identity authentication identifier in an access control method for internet of things equipment according to an embodiment of the present application.
Fig. 4 is a schematic flow chart of an access control method for an internet of things device according to another embodiment of the present application.
Fig. 5 is a schematic flow chart of an internet of things device access method according to an embodiment of the present application.
Fig. 6 is a schematic structural diagram of an access control device of an internet of things device according to an embodiment of the present application.
Fig. 7 is a schematic structural diagram of an access control apparatus for an internet of things device according to another embodiment of the present application.
Fig. 8 is a schematic structural diagram of an internet of things device according to an embodiment of the present application.
Fig. 9 is a schematic structural diagram of an internet of things device according to another embodiment of the present application.
Fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Summary of the application
As described above, although the access authentication method of the existing internet of things platform can complete authentication of the user of the internet of things device, since authentication is performed by using information known by the user, information owned by the user, or a biometric feature of the user, the user-related information transmitted during the authentication process is easily tracked, and thus the access device is attacked. In addition, the existing internet of things platform does not perform access control with fine granularity, and cannot limit what topics each access device can publish and subscribe.
In view of the potential safety hazard existing in authentication by using user-related information, the access authentication can be completed by using the identity authentication identifier corresponding to the internet of things equipment, so that a user can generally not know the identity authentication identifier corresponding to the internet of things equipment when using the internet of things equipment to access a server, and the security risk of breaking the internet of things equipment can be effectively reduced. In addition, an equipment authority management mechanism is further provided, when the identity authentication identifier is verified to be legal, the access authority corresponding to the identity authentication identifier is obtained, and therefore a user can achieve fine-grained control over the access authority of each equipment by pre-configuring the corresponding relation between the identity authentication identifier and the access authority.
It should be noted that the access control method for the internet of things device provided by the application can be applied to an access control process in any scene of the internet of things. Specifically, a purpose that a user can access a server through the internet of things device is to perform specific operation on resources on the server, the resources may be computing resources or storage resources, for example, the computing resources may be a neural network model for completing face recognition or mechanical control, the storage resources may be cloud storage resources, and the like, functions that can be satisfied by the resources on the server are related to an application scenario of the server, and the application does not limit the application scenario of the server, and also does not limit the internet of things scenario to which the internet of things device access control method is applicable.
Having described the general principles of the present application, various non-limiting embodiments of the present application will now be described with reference to the accompanying drawings.
Access control method for equipment of exemplary Internet of things
Fig. 1 is a schematic flow chart of an access control method for an internet of things device according to an embodiment of the present application. The method for controlling the access of the equipment of the Internet of things is specifically executed by the server, and a user needs to access the server through the equipment of the Internet of things so as to call resources on the server to complete specific operation. As shown in fig. 1, the method for controlling access to an internet of things device includes:
step 101: and receiving access information from the Internet of things equipment, wherein the access information comprises an identity authentication identifier corresponding to the Internet of things equipment.
The internet of things equipment is locally operated or interacted by a user, and the user needs to access the server through the internet of things equipment. The server executes the method provided by the embodiment to realize access control on the Internet of things equipment. It should be understood that the specific type of the internet of things device is related to a specific application scenario, for example, in a face recognition scenario, the internet of things device interacted locally by the user may be a camera, but the specific type of the internet of things device is not limited in the present application.
The Internet of things equipment performs access authentication by sending the access information to the server, and the access authentication method is different from the existing access method of performing access authentication by using user-related information, wherein the access information comprises an identity authentication identifier corresponding to the Internet of things equipment. For example, during the phase of initiating the access to the internet of things, the access information that needs to be transmitted to the server may include a clientID (user identity number), a username (user name), a password (user password), and the like. The clientID is used as an identity authentication identifier and represents a unique identity identifier of the Internet of things equipment accessed to the Internet of things, and the clientID of each equipment cannot be the same. Meanwhile, a one-machine one-password mechanism is adopted for the user name and the user password, and the user name and the password of each Internet of things device are unique and different.
Step 102: and verifying whether the identity authentication identification is legal or not.
In an embodiment, whether a record exists in the content in the access information submitted by the user can be inquired, if the record exists, the identity authentication is passed, and the internet of things device is a legal device. If the record is not recorded, the authentication fails, the internet of things equipment is illegal, and the operation authority cannot be obtained.
Step 103: and when the identity authentication identifier is verified to be legal, acquiring the access authority corresponding to the identity authentication identifier.
When the identity authentication identifier is verified to be legal, the internet of things equipment is indicated to be legal, the access right corresponding to the identity authentication identifier is obtained at the moment, namely the access right corresponding to the internet of things equipment is obtained, and a user can perform corresponding operation by using the internet of things equipment within the obtained right range. The corresponding relation between the identity authentication identification and the access authority can be configured in advance, so that fine-grained authority control for each piece of Internet of things equipment can be realized.
It should be understood that the content of the access right is that the user can perform corresponding operations by using the internet of things device within the acquired right range. Still taking the foregoing face recognition as an example, the access right means specific operations performed after a user accesses the internet through an internet of things device (e.g., a camera), for example, the access right may be read and written according to different types of the user, and after the user accesses the service end through the camera, the user may read, write or read only according to different obtained access rights.
Therefore, the method for controlling access to the internet of things equipment, provided by the embodiment of the application, adopts an equipment authentication mechanism with one secret, each piece of internet of things equipment has a unique identity authentication identifier, access authentication is completed by verifying the identity authentication identifier corresponding to the piece of internet of things equipment, and the security risk that the piece of internet of things equipment is broken due to leakage of user related information can be effectively reduced. In addition, an equipment authority management mechanism is further provided, when the identity authentication identifier is verified to be legal, the access authority corresponding to the identity authentication identifier is obtained, and therefore a user can achieve fine-grained control over the access authority of each equipment by pre-configuring the corresponding relation between the identity authentication identifier and the access authority.
Fig. 2 is a schematic structural diagram of an internet of things platform according to an embodiment of the present application. As shown in fig. 2, the internet of things platform can provide safe and reliable connection communication capability, and the server can be connected with mass internet of things devices downwards to support data acquisition and cloud-up of the internet of things devices. The device management cloud provides device management service, the server side provides an API (application programming interface) of the device management cloud upwards, and the API calls and issues instruction data to realize remote control of the device. The Internet of things equipment end can complete state reporting and event reporting through an MQTT (message queue telemetry transport) protocol, receive and execute instructions, and the equipment management service issues the instructions through the MQTT protocol.
The EMQ X is an open-source MQTT message server, currently supports an MQTT 5.0 protocol, and is a message server supporting the MQTT 5.0 protocol at the earliest in an open-source community, as shown in fig. 2, a service end provided in the platform of the internet of things may select the EMQ X, and specifically, a message server plug-in the EMQ X, such as a MongoDB plug-in, may be selected to implement access authentication and access control of the device of the internet of things. The device management cloud and the internet of things device end are both equivalent to the client of the MQTT server, and interact with the server end (corresponding to the MQTT agent in fig. 2) through the MQTT protocol.
In an embodiment of the present application, when verifying whether the authentication identifier is legal, the server may call a message server plug-in of the MQTT protocol to access the identity information database, and query whether there is a recorded authentication identifier corresponding to the authentication identifier in the identity information database. In another embodiment of the present application, after verifying that the authentication identifier is legal, when obtaining the access right corresponding to the authentication identifier, the server may call a message server plug-in (e.g., a MongoDB plug-in EMQ X) of the MQTT protocol to access the access right database, and obtain an access right table corresponding to the authentication identifier from the access right database, where the access right table includes a topic classification that a user corresponding to the authentication identifier can publish and subscribe. Because the EMQ X has good plug-in development, the EMQ X plug-in can directly access the identity information database and the access authority database, so that additional customized development authentication service is not needed, new service is not needed to be introduced, the method has wide universality, and the universality of the access control method of the equipment of the Internet of things is further improved.
Specifically, the internet of things device access control process implemented by the internet of things platform shown in fig. 2 may be as follows: when the internet of things equipment terminal performs the internet of things access initialization stage, the information which needs to be transmitted to the MQTT browser can comprise a clientID, a username and a password. The MQTT browser loads the mongoDB plug-in, acquires whether the corresponding username and password are recorded or not by inquiring the mongoDB, and passes the identity authentication if the user has the record. In an embodiment of the present application, it is considered that if the server side stores the recorded authentication identifier in a plaintext manner, a security risk is easily caused, and therefore, the recorded authentication identifier may be subjected to encryption processing and/or salting processing, for example, the recorded username and password may be encrypted and salted by using an encryption algorithm sha 256. After the identity authentication identifier of the internet of things equipment is verified, in order to realize fine-grained management of the authority of the internet of things equipment, the following convention can be made on a theme format issued by an equipment end: such as/smartome/{ client ID }/temperature. Thus, when the device side of the internet of things publishes and subscribes a theme, the mongoDB plug-in is triggered to carry out ACL (access control list) access control check. If the theme issued by the internet of things equipment exceeds the scope defined by the ACL, the theme is discarded by the internet of things access layer of the server side because the theme is not controlled by the ACL.
In an embodiment of the present application, as shown in fig. 3, in order to further refine the fine granularity of access control, access rights may be further distinguished according to a user type to which the internet of things device belongs. Specifically, when the identity authentication identifier is verified to be legal, the obtaining of the access right corresponding to the identity authentication identifier may include the following steps:
step 301: and when the identity authentication identifier is verified to be legal, determining the user type of the identity authentication identifier.
Although the authentication mark is verified to be legal, the obtained access right is different due to different user types of the authentication mark. It should be understood that the specific content of the user type is also related to the specific application scenario. For example, when the internet of things platform corresponds to a customer service system of a bank, the internet of things device operated by the user may be an intelligent human-computer interaction device in the bank, and the specific content of the user type may be related to a customer level registered by the user in the bank, such as an ordinary user and a VIP user. However, the specific content of the user type is not strictly limited in the present application.
Step 302: and opening access rights consistent with the user type for the identity authentication identification based on the user type.
In an embodiment of the present application, if the user type is a first preset type, all access permissions are opened for the user corresponding to the identity authentication identifier. And if the user type is a second preset type, acquiring an access authority table corresponding to the identity authentication identifier from the access authority database, wherein the access authority table comprises subject classifications which can be issued and subscribed by the user corresponding to the identity authentication identifier.
Taking the internet of things platform shown in fig. 2 as an example, the mongoDB plug-in will search whether the internet of things device is an administeror (administrator user), i.e., the first preset type. If the internet of things equipment is the administrator user, the internet of things equipment is released, and the permission of publishing and subscribing all the topics is possessed. If the device is a non-administrator user, namely the device is of a second preset type, the mongoDB plug-in can perform authority verification on the Internet of things device, and the authority verification can be specifically realized by accessing the access control list. The internet of things equipment can only issue the authorized subjects in the access control list, and the specific rules can be configured through the access control list.
In an embodiment of the application, in order to implement differentiated access control on internet of things devices of different user types, if the internet of things device is of a second preset type, the internet of things device is configured to subscribe to a preset theme published by the internet of things device of a first preset type, so that the internet of things device actually executes corresponding operations according to content of the preset theme published by the internet of things device of the first preset type. The Internet of things equipment corresponding to the administrator user manages the Internet of things equipment corresponding to other non-administrator users, the Internet of things equipment corresponding to the administrator user can have equipment identifications of the Internet of things equipment corresponding to all the non-administrator users, the Internet of things equipment corresponding to the administrator user publishes topics subscribed by the Internet of things equipment corresponding to the non-administrator user and control instructions corresponding to the topics, and the Internet of things equipment corresponding to the non-administrator user can execute corresponding operation by subscribing the preset topics to the Internet of things equipment corresponding to the administrator user.
In another embodiment of the application, in order to further improve the security of the access control method of the internet of things, the server may further establish a data encryption transmission channel with the device of the internet of things in a one-way authentication manner through a security transport layer protocol (TLS). Specifically, before receiving the access information from the internet of things device as shown in fig. 4, the method further includes:
step 100: when feedback information fed back by the Internet of things equipment and matching a third party certificate authority root certificate preset in the Internet of things equipment with server certificate information is received, a data encryption transmission channel based on a secure transmission layer protocol between the Internet of things equipment and the equipment is established; wherein the server certificate information is issued by a third party certificate authority.
Specifically, the internet of things equipment can verify the certificate information of the server by using a root certificate of a third-party certificate authority preset in the local, wherein the certificate information of the server is issued by the third-party certificate authority. And when the certificate information of the server side is matched with the root certificate of the certificate authority of the third party, sending feedback information to the server side. When the server receives the feedback information, the server indicates that the internet of things equipment has performed one-way identity verification on the server, a data encryption transmission channel based on a secure transmission layer protocol can be established with the internet of things equipment at the moment, and the internet of things equipment can send access information to the server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local equipment. If the server cannot receive the feedback information from the internet of things equipment, the server does not pass the one-way identity authentication of the internet of things equipment, the internet of things equipment cannot trust the server, and at the moment, the server is not connected with the internet of things equipment.
The access information is sent to the server side by using the data encryption transmission channel, so that the confidentiality and the integrity of data can be effectively guaranteed, important information is prevented from being stolen and tampered, and the safety of the access control process is further improved.
Exemplary Internet of things equipment access method
Fig. 5 is a schematic flow chart of an internet of things device access method according to an embodiment of the present application. As shown in fig. 5, the method for accessing the internet of things device is applicable to the internet of things device, and the internet of things device can access the server by executing the method for accessing the internet of things device, and the method specifically includes:
step 501: and verifying the certificate information of the server by using a root certificate of a third-party certificate authority preset in the local equipment, wherein the certificate information of the server is issued by the third-party certificate authority.
Specifically, the local device is an internet of things device. In order to further improve the security of the internet of things access control method, a data encryption transmission channel can be established between the server and the internet of things equipment in a one-way authentication mode of a security transport layer protocol (TLS). The Internet of things equipment can verify the certificate information of the server side by using a root certificate of a third-party certificate authority preset in the local, wherein the certificate information of the server side is issued by the third-party certificate authority.
Step 502: and when the certificate information of the server side is matched with the root certificate of the certificate authority of the third party, sending feedback information to the server side to establish a data encryption transmission channel based on a secure transmission layer protocol.
And when the certificate information of the server side is matched with the root certificate of the certificate authority of the third party, the equipment of the internet of things sends feedback information to the server side. When the server receives the feedback information, the server indicates that the internet of things equipment has performed one-way identity verification on the server, a data encryption transmission channel based on a secure transmission layer protocol can be established with the internet of things equipment at the moment, and the internet of things equipment can send access information to the server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local equipment. If the server cannot receive the feedback information from the internet of things equipment, the server does not pass the one-way identity authentication of the internet of things equipment, the internet of things equipment cannot trust the server, and at the moment, the server is not connected with the internet of things equipment.
Step 503: and sending access information to the server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local equipment.
Based on the data encryption transmission channel, the Internet of things equipment performs access authentication by sending the access information to the server side, the access authentication is different from the existing access mode that the access authentication is performed by using the user-related information, and the access information comprises an identity authentication identifier corresponding to the Internet of things equipment. For example, during the phase of initiating the access to the internet of things, the access information that needs to be transmitted to the server may include a clientID (user identity number), a username (user name), a password (user password), and the like. The clientID is used as an identity authentication identifier and represents a unique identity identifier of the Internet of things equipment accessed to the Internet of things, and the clientID of each equipment cannot be the same. Meanwhile, a one-machine one-password mechanism is adopted for the user name and the user password, and the user name and the password of each Internet of things device are unique and different.
In an embodiment of the application, the local device is of a second preset type, the local device is configured to subscribe to a preset topic published by the internet of things device of the first preset type, and the method for accessing the internet of things device further includes: executing corresponding operation according to the content of a preset theme issued by the Internet of things equipment of the first preset type; the first preset type of Internet of things equipment has all access rights of the server side. The conceptual explanation of the first preset type and the second preset type herein can refer to the related description in the embodiment shown in fig. 3, and will not be described herein again.
Therefore, the method for accessing the equipment of the internet of things provided by the embodiment of the application adopts an equipment authentication mechanism with one secret, each piece of equipment of the internet of things has a unique identity authentication identifier, access authentication is completed by verifying the identity authentication identifier corresponding to the equipment of the internet of things, and the security risk that the equipment of the internet of things is broken due to leakage of relevant information of a user can be effectively reduced. In addition, an equipment authority management mechanism is further provided, when the identity authentication identifier is verified to be legal, the access authority corresponding to the identity authentication identifier is obtained, and therefore a user can achieve fine-grained control over the access authority of each equipment by pre-configuring the corresponding relation between the identity authentication identifier and the access authority.
Exemplary Internet of things equipment access control device
Fig. 6 is a schematic structural diagram of an access control device of an internet of things device according to an embodiment of the present application. As shown in fig. 6, the internet-of-things device access control apparatus 60 includes:
the receiving module 601 is configured to receive access information from the internet of things device, where the access information includes an identity authentication identifier uniquely corresponding to the internet of things device;
a first verification module 602 configured to verify whether the identity authentication identifier is legal; and
the authentication module 603 is configured to obtain an access right corresponding to the identity authentication identifier when the identity authentication identifier is verified to be legal.
In an embodiment of the present application, the first verification module 602 is further configured to: and calling a message server plug-in of a message queue telemetry transmission protocol to access the identity information database, and inquiring whether a recorded identity authentication identifier corresponding to the identity authentication identifier exists in the identity information database.
In an embodiment of the present application, the recorded authentication identifier is encrypted and/or salted.
In an embodiment of the present application, the authentication module 603 is further configured to: and calling a message server plug-in of a message queue telemetry transmission protocol to access an access authority database, and acquiring an access authority table corresponding to the identity authentication identifier from the access authority database, wherein the access authority table comprises subject classifications which can be issued and subscribed by a user and correspond to the identity authentication identifier.
In an embodiment of the present application, as shown in fig. 7, the authentication module 603 includes:
a user type determination unit 6031 configured to determine a user type of the identity authentication identifier when the identity authentication identifier is verified to be legitimate;
and an authentication performing unit 6032 configured to open an access right consistent with the user type for the identity authentication identifier based on the user type.
In an embodiment of the present application, the authentication performing unit 6032 is further configured to: if the user type is a first preset type, opening all access rights for the user corresponding to the identity authentication identifier; or if the user type is a second preset type, obtaining an access authority table corresponding to the identity authentication identifier from the access authority database, wherein the access authority table comprises subject classifications which can be issued and subscribed by the user corresponding to the identity authentication identifier.
In an embodiment of the present application, as shown in fig. 7, the internet of things device access control apparatus 60 further includes:
the transmission encryption module 604 is configured to establish a data encryption transmission channel based on a secure transport layer protocol with the internet of things device when receiving feedback information, which is fed back by the internet of things device and matches a third party certificate authority root certificate preset in the internet of things device with the server certificate information; wherein the server certificate information is issued by a third party certificate authority.
Exemplary Internet of things device
Fig. 8 is a schematic structural diagram of an internet of things device according to an embodiment of the present application. As shown in fig. 8, the internet of things device 80 includes:
a second verification module 801 configured to verify the server certificate information by using a third-party certificate authority root certificate preset in the local device, where the server certificate information is issued by the third-party certificate authority;
a first sending module 802, configured to send feedback information to the server to establish a data encryption transmission channel based on a secure transport layer protocol when the server certificate information matches with the third-party certificate authority root certificate; and
the second sending module 803 is configured to send access information to the server through the data encryption transmission channel, where the access information includes an identity authentication identifier corresponding to the local device.
In an embodiment of the present application, as shown in fig. 9, the local device is of a second preset type, and the local device is configured to subscribe to a preset topic published by the internet of things device 80 of the first preset type, where the internet of things device 80 further includes:
a subscription executing module 804 configured to execute a corresponding operation according to the content of the preset topic issued by the internet of things device 80 of the first preset type; the internet of things device 80 of the first preset type has all access rights of the server.
The specific functions and operations of the respective modules in the internet-of-things device access control apparatus 60/the internet-of-things device 80 are described in detail in the internet-of-things device access control method/the internet-of-things device access method described above with reference to fig. 1 to 5, and therefore, repeated descriptions thereof will be omitted herein.
It should be noted that the internet-of-things device access control apparatus 60/internet-of-things device 80 according to the embodiment of the present application may be integrated into the electronic device 90 as a software module and/or a hardware module, in other words, the electronic device 90 may include the internet-of-things device access control apparatus 60/internet-of-things device 80. For example, the internet-of-things device access control apparatus 60/internet-of-things device 80 may be a software module in the operating system of the electronic device 90, or may be an application developed therefor; of course, the internet-of-things device access control apparatus 60/the internet-of-things device 80 may also be one of the hardware modules of the electronic device 90.
In another embodiment of the present application, the internet of things device access control apparatus 60/internet of things device 80 and the electronic device 90 may also be separate devices (e.g., servers), and the internet of things device access control apparatus 60/internet of things device 80 may be connected to the electronic device 90 through a wired and/or wireless network and transmit the interaction information according to an agreed data format.
Exemplary embodiments of the inventionElectronic device
Fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 8, the electronic apparatus 90 includes: one or more processors 901 and memory 902; and computer program instructions stored in the memory 902, which, when executed by the processor 901, cause the processor 901 to perform the internet of things device access control method/internet of things device access method as any of the embodiments described above.
The processor 901 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
Memory 902 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by the processor 901 to implement the steps of the internet of things device access control method/internet of things device access method of the various embodiments of the present application described above and/or other desired functions. Information such as light intensity, compensation light intensity, position of the filter, etc. may also be stored in the computer readable storage medium.
In one example, the electronic device 90 may further include: an input device 903 and an output device 904, which are interconnected by a bus system and/or other form of connection mechanism (not shown in fig. 7).
For example, when the electronic device is a robot in an industrial production line, the input device 903 may be a camera for capturing the position of the part to be processed. When the electronic device is a stand-alone device, the input means 903 may be a communication network connector for receiving the collected input signal from an external removable device. The input device 903 may also include, for example, a keyboard, a mouse, a microphone, and so on.
The output device 904 may output various information to the outside, and may include, for example, a display, a speaker, a printer, and a communication network and a remote output apparatus connected thereto, and so on.
Of course, for simplicity, only some of the components of the electronic device 90 relevant to the present application are shown in fig. 7, and components such as buses, input devices/output interfaces, and the like are omitted. In addition, the electronic device 90 may include any other suitable components, depending on the particular application.
Exemplary computer program product and computer-readable storage Medium
In addition to the above-described methods and devices, embodiments of the present application may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps of the internet of things device access control method/internet of things device access method of any of the above-described embodiments.
The computer program product may write program code for carrying out operations for embodiments of the present application in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present application may also be a computer-readable storage medium having stored thereon computer program instructions, which, when executed by a processor, cause the processor to perform the steps in the internet of things device access control method/internet of things device access method according to various embodiments of the present application described in the section "exemplary internet of things device access control method/internet of things device access method" above in this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a random access memory ((RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing describes the general principles of the present application in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present application are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present application. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the foregoing disclosure is not intended to be exhaustive or to limit the disclosure to the precise details disclosed.
The block diagrams of devices, apparatuses, systems referred to in this application are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
It should also be noted that in the devices, apparatuses, and methods of the present application, the components or steps may be decomposed and/or recombined. These decompositions and/or recombinations are to be considered as equivalents of the present application.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present application. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the application. Thus, the present application is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, the description is not intended to limit embodiments of the application to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modifications, equivalents and the like that are within the spirit and principle of the present application should be included in the scope of the present application.
Claims (13)
1. An Internet of things equipment access control method comprises the following steps:
receiving access information from Internet of things equipment, wherein the access information comprises an identity authentication identifier corresponding to the Internet of things equipment;
verifying whether the identity authentication identification is legal or not; and
and when the identity authentication identification is verified to be legal, acquiring the access authority corresponding to the identity authentication identification.
2. The method of claim 1, wherein said verifying that said authentication identity is legitimate comprises:
and calling a message server plug-in of a message queue telemetry transmission protocol to access an identity information database, and inquiring whether a recorded identity authentication identifier corresponding to the identity authentication identifier exists in the identity information database.
3. The method of claim 2, wherein the recorded authentication identity is encrypted and/or salted.
4. The method of claim 1, wherein the obtaining access rights corresponding to the identity authentication identifier comprises:
and calling a message server plug-in of a message queue telemetry transmission protocol to access an access authority database, and acquiring an access authority table corresponding to the identity authentication identifier from the access authority database, wherein the access authority table comprises subject classifications which can be issued and subscribed by a user and correspond to the identity authentication identifier.
5. The method of claim 1, wherein when the authentication identifier is verified to be legitimate, acquiring the access right corresponding to the authentication identifier comprises:
when the identity authentication identification is verified to be legal, determining the user type of the identity authentication identification;
and opening access permission consistent with the user type for the identity authentication identification based on the user type.
6. The method of claim 5, the opening access rights consistent with the user type for the authentication identity based on the user type comprising:
if the user type is a first preset type, opening all access rights for the user corresponding to the identity authentication identifier; or the like, or, alternatively,
and if the user type is a second preset type, acquiring an access authority table corresponding to the identity authentication identifier from an access authority database, wherein the access authority table comprises subject classifications which can be issued and subscribed by the user corresponding to the identity authentication identifier.
7. The method of claim 1, prior to receiving access information from an internet of things device, further comprising:
when feedback information fed back by the Internet of things equipment and matching a third party certificate authority root certificate preset in the Internet of things equipment with server certificate information is received, a data encryption transmission channel based on a secure transmission layer protocol between the Internet of things equipment and the Internet of things equipment is established;
wherein the server certificate information is issued by a third party certificate authority.
8. An Internet of things equipment access method comprises the following steps:
verifying the certificate information of the server by using a root certificate of a third-party certificate authority preset in local equipment, wherein the certificate information of the server is issued by the third-party certificate authority;
when the certificate information of the server side is matched with the root certificate of the certificate authority of the third party, sending feedback information to the server side to establish a data encryption transmission channel based on a secure transmission layer protocol; and
and sending access information to a server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local equipment.
9. The method of claim 8, wherein the local device is of a second preset type, the local device is configured to subscribe to a preset topic published by an internet of things device of the first preset type, the method further comprising:
executing corresponding operation according to the content of the preset theme issued by the Internet of things equipment of the first preset type; the Internet of things equipment of the first preset type has all access rights of the server side.
10. An access control device for equipment of the Internet of things comprises:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive access information from the Internet of things equipment, and the access information comprises an identity authentication identifier which uniquely corresponds to the Internet of things equipment;
the first verification module is configured to verify whether the identity authentication identification is legal or not; and
and the authentication module is configured to acquire the access authority corresponding to the identity authentication identifier when the identity authentication identifier is verified to be legal.
11. An internet of things device, comprising:
the second verification module is configured to verify the certificate information of the server by using a root certificate of a third-party certificate authority preset in the local equipment, wherein the certificate information of the server is issued by the third-party certificate authority;
the first sending module is configured to send feedback information to the server to establish a data encryption transmission channel based on a secure transport layer protocol when the certificate information of the server is matched with the root certificate of the certificate authority of the third party; and
and the second sending module is configured to send access information to a server through the data encryption transmission channel, wherein the access information comprises an identity authentication identifier corresponding to the local device.
12. An electronic device, comprising:
a processor; and
a memory having stored therein computer program instructions which, when executed by the processor, cause the processor to perform the method of any of claims 1 to 9.
13. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082665.0A CN112787979A (en) | 2019-11-07 | 2019-11-07 | Internet of things equipment access control method and internet of things equipment access control device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911082665.0A CN112787979A (en) | 2019-11-07 | 2019-11-07 | Internet of things equipment access control method and internet of things equipment access control device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112787979A true CN112787979A (en) | 2021-05-11 |
Family
ID=75747869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911082665.0A Pending CN112787979A (en) | 2019-11-07 | 2019-11-07 | Internet of things equipment access control method and internet of things equipment access control device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112787979A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN113596141A (en) * | 2021-07-26 | 2021-11-02 | 深圳Tcl新技术有限公司 | Method and device for setting equipment control authority, computer equipment and storage medium |
| CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
| CN113923241A (en) * | 2021-09-29 | 2022-01-11 | 青岛海尔空调器有限总公司 | Method and device for network distribution of Internet of things equipment, router and Internet of things equipment |
| CN114513792A (en) * | 2022-04-13 | 2022-05-17 | 优游宝科技(深圳)有限公司 | Remote network control method and device based on eSIM card |
| CN114553592A (en) * | 2022-03-23 | 2022-05-27 | 深圳市美科星通信技术有限公司 | Method, equipment and storage medium for equipment identity verification |
| CN114584382A (en) * | 2022-03-08 | 2022-06-03 | 广东南方电信规划咨询设计院有限公司 | Security management method and system for wireless data transmission |
| CN115051877A (en) * | 2022-08-12 | 2022-09-13 | 国网浙江省电力有限公司杭州供电公司 | Power grid cloud service security access method based on zero trust model |
| CN115102731A (en) * | 2022-06-12 | 2022-09-23 | 上海慧程工程技术服务有限公司 | Safety interaction method based on identity authentication of industrial Internet of things equipment |
| CN115460299A (en) * | 2022-08-25 | 2022-12-09 | 京东科技信息技术有限公司 | Equipment access method, device, electronic equipment, system and storage medium |
| CN115865529A (en) * | 2023-02-20 | 2023-03-28 | 深圳融安网络科技有限公司 | Control method and device of embedded communication bus, terminal equipment and storage medium |
| WO2023098816A1 (en) * | 2021-12-02 | 2023-06-08 | 中兴通讯股份有限公司 | Device communication method and apparatus based on mqtt protocol |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491093A (en) * | 2013-09-25 | 2014-01-01 | 国网重庆市电力公司 | Smart power grid user access authorization method |
| CN103581167A (en) * | 2013-07-29 | 2014-02-12 | 华为技术有限公司 | Security authentication method, equipment and system based on transport layer security protocol |
| CN103647787A (en) * | 2013-12-23 | 2014-03-19 | 国网重庆市电力公司 | Access credibility and rapid permission assignment based smart power grid access control method |
| CN103906050A (en) * | 2012-12-30 | 2014-07-02 | 航天信息股份有限公司 | WPKI security monitoring and control method and system based on mobile terminal |
| CN104639534A (en) * | 2014-12-30 | 2015-05-20 | 北京奇虎科技有限公司 | Website safety information uploading method and browser device |
| CN105101194A (en) * | 2014-04-28 | 2015-11-25 | 华为技术有限公司 | Terminal security authentication method, device and system |
| CN105429991A (en) * | 2015-12-02 | 2016-03-23 | 成都汇合乾元科技有限公司 | Efficient data transmission method for mobile terminal |
| CN105827573A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团山东有限公司 | System and method for strong authentication of internet of things equipment and related devices |
| CN106304052A (en) * | 2015-06-08 | 2017-01-04 | 中国移动通信集团公司 | A kind of method of secure communication, device, terminal and client identification module card |
| CN106657130A (en) * | 2017-01-09 | 2017-05-10 | 上海浦东软件园汇智软件发展有限公司 | Access authentication method and access authentication equipment based on MQTT |
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method |
| CN109587228A (en) * | 2018-11-23 | 2019-04-05 | 济南浪潮高新科技投资发展有限公司 | A kind of publicly-owned agreement platform of internet of things and equipment cut-in method |
| CN110071911A (en) * | 2019-03-20 | 2019-07-30 | 北京龙鼎源科技股份有限公司 | The method and device of information transferring method and device, certificate update |
-
2019
- 2019-11-07 CN CN201911082665.0A patent/CN112787979A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103906050A (en) * | 2012-12-30 | 2014-07-02 | 航天信息股份有限公司 | WPKI security monitoring and control method and system based on mobile terminal |
| CN103581167A (en) * | 2013-07-29 | 2014-02-12 | 华为技术有限公司 | Security authentication method, equipment and system based on transport layer security protocol |
| CN103491093A (en) * | 2013-09-25 | 2014-01-01 | 国网重庆市电力公司 | Smart power grid user access authorization method |
| CN103647787A (en) * | 2013-12-23 | 2014-03-19 | 国网重庆市电力公司 | Access credibility and rapid permission assignment based smart power grid access control method |
| CN105101194A (en) * | 2014-04-28 | 2015-11-25 | 华为技术有限公司 | Terminal security authentication method, device and system |
| CN104639534A (en) * | 2014-12-30 | 2015-05-20 | 北京奇虎科技有限公司 | Website safety information uploading method and browser device |
| CN105827573A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团山东有限公司 | System and method for strong authentication of internet of things equipment and related devices |
| CN106304052A (en) * | 2015-06-08 | 2017-01-04 | 中国移动通信集团公司 | A kind of method of secure communication, device, terminal and client identification module card |
| CN105429991A (en) * | 2015-12-02 | 2016-03-23 | 成都汇合乾元科技有限公司 | Efficient data transmission method for mobile terminal |
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method |
| CN106657130A (en) * | 2017-01-09 | 2017-05-10 | 上海浦东软件园汇智软件发展有限公司 | Access authentication method and access authentication equipment based on MQTT |
| CN109587228A (en) * | 2018-11-23 | 2019-04-05 | 济南浪潮高新科技投资发展有限公司 | A kind of publicly-owned agreement platform of internet of things and equipment cut-in method |
| CN110071911A (en) * | 2019-03-20 | 2019-07-30 | 北京龙鼎源科技股份有限公司 | The method and device of information transferring method and device, certificate update |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
| CN113596141A (en) * | 2021-07-26 | 2021-11-02 | 深圳Tcl新技术有限公司 | Method and device for setting equipment control authority, computer equipment and storage medium |
| CN113923241A (en) * | 2021-09-29 | 2022-01-11 | 青岛海尔空调器有限总公司 | Method and device for network distribution of Internet of things equipment, router and Internet of things equipment |
| CN113923241B (en) * | 2021-09-29 | 2024-05-24 | 青岛海尔空调器有限总公司 | Method and device for Internet of things equipment distribution network, router and Internet of things equipment |
| WO2023098816A1 (en) * | 2021-12-02 | 2023-06-08 | 中兴通讯股份有限公司 | Device communication method and apparatus based on mqtt protocol |
| CN114584382A (en) * | 2022-03-08 | 2022-06-03 | 广东南方电信规划咨询设计院有限公司 | Security management method and system for wireless data transmission |
| CN114584382B (en) * | 2022-03-08 | 2024-02-02 | 广东南方电信规划咨询设计院有限公司 | Security management method and system for wireless data transmission |
| CN114553592A (en) * | 2022-03-23 | 2022-05-27 | 深圳市美科星通信技术有限公司 | Method, equipment and storage medium for equipment identity verification |
| CN114553592B (en) * | 2022-03-23 | 2024-03-22 | 深圳市美科星通信技术有限公司 | Method, equipment and storage medium for equipment identity verification |
| CN114513792A (en) * | 2022-04-13 | 2022-05-17 | 优游宝科技(深圳)有限公司 | Remote network control method and device based on eSIM card |
| CN115102731A (en) * | 2022-06-12 | 2022-09-23 | 上海慧程工程技术服务有限公司 | Safety interaction method based on identity authentication of industrial Internet of things equipment |
| CN115051877B (en) * | 2022-08-12 | 2022-11-01 | 国网浙江省电力有限公司杭州供电公司 | Zero-trust model-based power grid cloud service security access method |
| CN115051877A (en) * | 2022-08-12 | 2022-09-13 | 国网浙江省电力有限公司杭州供电公司 | Power grid cloud service security access method based on zero trust model |
| CN115460299A (en) * | 2022-08-25 | 2022-12-09 | 京东科技信息技术有限公司 | Equipment access method, device, electronic equipment, system and storage medium |
| CN115865529B (en) * | 2023-02-20 | 2023-05-12 | 深圳融安网络科技有限公司 | Control method and device of embedded communication bus, terminal equipment and storage medium |
| CN115865529A (en) * | 2023-02-20 | 2023-03-28 | 深圳融安网络科技有限公司 | Control method and device of embedded communication bus, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112787979A (en) | Internet of things equipment access control method and internet of things equipment access control device | |
| KR102431834B1 (en) | System and method for carrying strong authentication events over different channels | |
| US20180234464A1 (en) | Brokered authentication with risk sharing | |
| US8572686B2 (en) | Method and apparatus for object transaction session validation | |
| US8726339B2 (en) | Method and apparatus for emergency session validation | |
| CN113302894B (en) | Secure account access | |
| US20130047202A1 (en) | Apparatus and Method for Handling Transaction Tokens | |
| US9935953B1 (en) | Secure authenticating an user of a device during a session with a connected server | |
| US11539526B2 (en) | Method and apparatus for managing user authentication in a blockchain network | |
| US8806602B2 (en) | Apparatus and method for performing end-to-end encryption | |
| US11363007B2 (en) | Methods and systems for accessing a resource | |
| WO2014131279A1 (en) | Bidirectional authorization system, client and method | |
| US8752157B2 (en) | Method and apparatus for third party session validation | |
| US11140158B1 (en) | Authentication for application downloads | |
| WO2014014793A1 (en) | Anti-cloning system and method | |
| US8572690B2 (en) | Apparatus and method for performing session validation to access confidential resources | |
| US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
| WO2014153959A1 (en) | Method, related apparatus and system for preventing cross-site request forgery | |
| US20230208831A1 (en) | Service processing method and apparatus, server, and storage medium | |
| US8572724B2 (en) | Method and apparatus for network session validation | |
| Olanrewaju et al. | A frictionless and secure user authentication in web-based premium applications | |
| CN106295384B (en) | Big data platform access control method and device and authentication server | |
| US8850515B2 (en) | Method and apparatus for subject recognition session validation | |
| KR102284876B1 (en) | System and method for federated authentication based on biometrics | |
| US20220417020A1 (en) | Information processing device, information processing method, and non-transitory computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |