CN113411293A - Internet of things connection framework - Google Patents

Internet of things connection framework Download PDF

Info

Publication number
CN113411293A
CN113411293A CN202110385342.XA CN202110385342A CN113411293A CN 113411293 A CN113411293 A CN 113411293A CN 202110385342 A CN202110385342 A CN 202110385342A CN 113411293 A CN113411293 A CN 113411293A
Authority
CN
China
Prior art keywords
client
cloud
key
client device
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110385342.XA
Other languages
Chinese (zh)
Other versions
CN113411293B (en
Inventor
陈煜仁
李皞白
黄祥麟
陈育进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Li Haobai
Original Assignee
Gainia Intellectual Asset Services Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gainia Intellectual Asset Services Inc filed Critical Gainia Intellectual Asset Services Inc
Priority to CN202110385342.XA priority Critical patent/CN113411293B/en
Publication of CN113411293A publication Critical patent/CN113411293A/en
Application granted granted Critical
Publication of CN113411293B publication Critical patent/CN113411293B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1045Proxies, e.g. for session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management

Abstract

An internet of things connection architecture is composed of a client device, a cloud device and a plurality of agent devices; the client device is a device with a wireless communication function and a specific user identifier; the cloud device has a function of communicating with the client, and confirms that the client device is one of the client devices in the Internet of things by the specific user identifier of the client; and the proxy server device is provided with the website and the password and can communicate with the cloud device. After the cloud device confirms that the client device is a device of the internet of things, the client device can only communicate with the proxy server device, and then the proxy server device communicates with the cloud device.

Description

Internet of things connection framework
Technical Field
The present invention relates to a cloud service application system, and more particularly, to a management system using an internet of things connection structure and transmitting logistics, warehousing and sales conditions of products to a cloud device for processing by using the internet of things connection structure.
Background
With the rapid development of technology and the huge change of economic structure, the traditional "business-to-business" competition has evolved into "supply chain-to-supply chain" competition. The improvement of the information integration function of the supply chain to improve the logistics efficiency and reduce the logistics cost is an important issue for creating competitiveness in the enterprise today. With the advancement of Radio Frequency Identification (RFID) technology, RFID has been increasingly adopted for supply chain activities and process engineering.
Among the characteristics of logistics management, two characteristic factors contributing to improvement of industrial competitiveness are efficiency and integrity, respectively. First, in terms of efficiency, not only is goods delivered to customers within a certain time, but also an integrated delivery method is added, in which different goods are delivered to different customers within the same time. Second, in terms of integrity, not only is the physical integrity of the good provided, but also the goods content information. In order to improve the two characteristics, manufacturers must acquire real-time information of the goods, and cooperate the RFID technology with the cloud monitoring system, so as to assist the enterprise and its partners (dealers) to control the logistics in the first time, so as to generate real-time information of the goods in real time.
By means of the real-time information provided by the RFID and the cloud monitoring system, the satisfaction degree of a customer on the integrity of goods can be improved. The integrity of the goods is not only the integrity of the physical goods, but also the information of the goods content is provided, and the integrity of the goods is considered. And the RFID enables the logistics center to monitor the goods and provide goods information in real time in the process of the process from the production factory to the hands of customers, so that the risk assessment can be further carried out.
Among the characteristics of logistics management, efficiency and safety are the two most important links, and therefore, how to effectively track and manage commodities is one of the most important issues for manufacturers and shippers. If the manufacturer wants to improve the two characteristics, it is necessary to obtain the real-time information of the goods, and the complete information of the goods can be generated in real time through the technologies of the RFID and the cloud monitoring system.
In addition, through the establishment of the RFID and the cloud monitoring system, the stock of the business end can be quickly returned to the headquarters of the enterprise, so that the headquarters of the enterprise can master the first-hand commodity sales condition and the market demand in the shortest time. Therefore, the time course of making purchases by enterprises in the past can be effectively improved, for example, the time course of making purchases next is always in a month unit, and if estimation is wrong, goods are accumulated (more estimation) or sales profit opportunities are lost (less estimation); when the headquarters of the enterprise can control the sales status and the market demand in real time, the enterprise can quickly respond, the shorter the purchase making time is, the more or less the supply of goods can be increased or decreased in time according to the actual response of the market, the risk is effectively reduced, and the profit is increased.
These applications can be made due to the establishment of an Internet of Things (IOT) connectivity infrastructure. The Internet of things is characterized in that each person and surrounding things are all connected in one network through a highly integrated cloud network; such as manufacturers, consumers, machines, production materials, production processes of products, logistics management, product sales conditions, consumption habits, and the like, all of which are from product production to product sales, and further to the fact that the consumption habits of the consumers are inferred or predicted according to big data (big data) of the product sales conditions, and the like, can be connected to the platform of the internet of things through sensing components (e.g., RFID, electronic tags) and software programs on the products. Similarly, the internet of things is the two most important key conditions in terms of efficiency and safety, however, the efficiency and safety are two conflicting indexes. Therefore, how to compromise efficiency and safety is the key to successful application of the logistics management system.
Disclosure of Invention
In order to make the above requirements practically applicable to enterprise operations, the present invention provides a connectivity framework of the internet of things, which includes a client device, which is a device with wireless communication function and confirms that the client device is one of the client devices in the internet of things by a specific user identifier; the cloud device has a function of communicating with the client, and can confirm that the client device is one of the client devices in the Internet of things by the specific user identifier; the proxy server device is provided with a website and a password and can communicate with the cloud device; after the cloud device provides the website and the password of the proxy server device to the client device, the client device can only communicate with the proxy server device and then communicate with the cloud device through the proxy server device so as to transmit the message on the client device to the cloud device; the safety and efficiency of the Internet of things can be improved, and the cost of commercial operation is reduced.
Another objective of the present invention is to provide an article logistics management system using the internet of things connectivity framework of the present invention, which can improve the efficiency of logistics management and reduce the operation cost.
In accordance with the above objects, the present invention provides a connectivity framework for internet of things, comprising a client device having a wireless communication function and a specific user identifier; the cloud device has a communication function with the client device, and confirms that the client device is one of the client devices in the Internet of things through the specific user identifier; the proxy server device is provided with a website and a password and can communicate with the cloud device; after the cloud device provides the address and the password of the proxy server device to the client device in the internet of things, the client device can only communicate with the proxy server device and then communicate with the cloud device through the proxy server device, so that the message on the client device is transmitted to the cloud device.
The invention provides a communication architecture of the Internet of things, which comprises a plurality of client devices, a plurality of server devices and a plurality of server devices, wherein each client device is a device with a wireless communication function and has a specific user identifier; the cloud device has a communication function with each client device, and confirms that each client device is one client device in the Internet of things by each specific user identifier; a plurality of proxy servers, each proxy server having a website and a password and capable of communicating with the cloud device; after the cloud device provides the website and the password of each proxy server device for the client devices in at least one internet of things to form pairing, each client device can only communicate with the paired proxy server devices and then communicates with the cloud device through the proxy server devices, so that the information on each client device is transmitted to the cloud device.
Drawings
Fig. 1 is a schematic diagram of the internet of things connection architecture of the present invention.
Fig. 2 is a schematic diagram of another embodiment of the internet of things connection architecture of the present invention.
Fig. 3 is a flowchart of the internet of things connection method of the present invention.
Fig. 4 is a schematic diagram of another embodiment of the internet of things connection method of the invention.
Fig. 5 is a schematic diagram of a logistics management system of an internet of things product according to the invention.
FIG. 6 is a schematic diagram of a read/write apparatus according to the present invention.
Fig. 7A is a schematic structural diagram of a cloud device according to the present invention.
FIG. 7B is a diagram illustrating security judgment data stored in the memory module according to the present invention.
FIG. 7C is a diagram illustrating the warehousing data stored in the memory module according to the present invention.
Fig. 8 is a schematic diagram of a product logistics management system of the internet of things according to a first embodiment of the invention.
Fig. 9 is a schematic diagram of a second location area in the first embodiment of the product logistics management system of the internet of things of the invention.
Fig. 10 is a schematic diagram of product warehousing management of a second embodiment of the internet of things product logistics management system according to the invention.
Fig. 11 is a schematic view of product sales management of a second embodiment of the product logistics management system of the internet of things of the invention.
FIG. 12 is a diagram illustrating a manager message display in the present invention.
[ description of main reference symbols ]
Communication directions S1-S10
Product 10
Electronic label 12
Read-write device 31/32/33/41/42/43/51/52/53/61/62/63/71
Client device (read/write device)100
Controller 110/210/310/410
Antenna 120/220/320/420
Input/output interface 130
Wireless transmission module 140/240/340/440
Positioning device 150
Degaussing module 170
Cloud device 500
Receive/transmit interface module 510
Data processing module 520
Memory module 530
Display module 600
Proxy server 700
Detailed Description
To enable the objects, features and advantages of the present invention to be understood and readily carried into effect by those skilled in the relevant art, the features and embodiments of the present invention are set forth in the description which follows, taken in conjunction with the accompanying drawings, and further illustrate the preferred embodiments, although the following description is not intended to limit the invention thereto, and the drawings referred to in the following, illustrate the features and aspects of the present invention.
First, please refer to fig. 1, which is a schematic diagram of an internet of things connection architecture according to the present invention. As shown in fig. 1, the internet of things connection architecture is composed of a client device (client device)100, a cloud device (cloud device)500, and at least one broker device (broker device) 700; the client device 100 is a device having a wireless communication function and a specific user identifier; the cloud device 500 has a communication function with the client 100, and confirms that the client 100 is one of the client 100 in the internet of things by using the specific user identifier of the client 100; and a proxy server 700 having its website address and password and capable of communicating with the cloud device 500.
In the internet of things connection architecture of the present invention, the client devices 100 are devices with a varying wireless communication function of a floating ip (internet protocol) (e.g., personal computers, notebook computers, smart phones, smart portable devices, smart readers, etc.), and each client device 100 has a Unique Identifier (e.g., a code set by a manufacturer at a factory time; hardware data such as MAC Address, etc.) so as to generate a universal Unique Identifier (uuid) of the client device 100 for identifying or preventing hackers from invading. In addition, in the internet of things connection architecture of the present invention, the cloud device 500 is a fixed Domain Name System (DNS), which has the function of a server (server) and the function of communicating with the client device 100, and the cloud device 500 at least comprises a receiving/transmitting interface module, a data processing module, and a memory module; therefore, the cloud device 500 has recorded all uuids belonging to all clients in the internet of things of the present invention and has stored in the memory module to form a database. Furthermore, the proxy server 700 is a floating IP that changes at any time, and the main task of the proxy server is to directly send out the encoded data string transmitted by the client device 100 in the internet of things to the cloud device 500 after receiving the encoded data string; specifically, the proxy server 700 does not perform any processing after receiving the data string transmitted by the client device, but directly transmits the received data string. It is obvious that in the internet of things connection architecture of the present invention, in the process of transmitting data to the cloud device 500 by the whole client device 100, the cloud device 500 does not directly expose its own address, so that the probability of hacking the cloud device 500 can be reduced, and the security of the internet of things can be greatly improved.
In the preferred embodiment of the internet of things connection architecture of the present invention, the plurality of client devices 100 can be divided into a plurality of groups, and each group corresponds to or is paired with one proxy server device 700, so that there can be a plurality of proxy server devices 700 in the internet of things connection architecture of the present invention, as shown in fig. 2. When the cloud device 500 determines that one of the proxy servers 700 is hacked, the hacked proxy server 700 may be selected to be turned off, or a new website and password of the proxy server 700 may be re-established, so as to further ensure the security of the internet of things of the present invention. In addition, in the embodiment of the present invention, the proxy server 700 selects a communication standard (protocol) using mqtt (message Queuing technical transport) to transmit the data string. MQTT is a protocol designed for the Internet of things, particularly a lightweight message transfer protocol based on publish/subscribe mode, invented by IBM, Dr.Andy Stanford-Clark, and by Arcom, Dr.Arlen Nipper, 1999; originally, protocols were designed for communication between a large number of remote sensors and control devices with limited computational power and operating over low bandwidth, unreliable networks. Therefore, the MQTT has the advantages of small and light transmitted data and can have great advantages in bandwidth and speed; because the required network bandwidth is very low, the required hardware resource is also low, so that the efficiency of the internet of things system or various commercial operation systems (such as logistics management or production history of products and the like) using the internet of things architecture can be improved; and therefore, the cost of commercial operation can be effectively reduced.
Next, the process and method for actually completing the connection of the internet of things according to the present invention will be described in detail.
Referring to fig. 1, first, the client device 100 logs in to the cloud device 500 (the communication direction is indicated by S1 in fig. 1), for example, the client device 100 logs in to the cloud device 500 through https, so as to start the internet of things system. Then, when the cloud apparatus 500 receives the request from the client apparatus 100 (as indicated by the communication direction indicated by S2 in fig. 1), the cloud apparatus 500 verifies whether the MAC Address used by the client apparatus 100 is already stored in the database of the cloud apparatus 500; if it is confirmed that the MAC Address used by the client apparatus 100 is already stored in the database of the cloud apparatus 500, a client identifier (client u id) is generated; next, the cloud device 500 generates a pair of keys for exclusive use by the client; in the preferred embodiment of the present invention, this Key is an RSM Asymmetric Key (Asymmetric Key); therefore, a pair of client _ pub _ key and client _ pri _ key can be generated; the RSM asymmetric key has long decoding time, so that the security is high. In another preferred embodiment, the cloud device 500 can further selectively generate a Symmetric Key (Symmetric Key) client _ share _ Key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the RSM symmetric key can be selectively used together; since the symmetric key has short decoding time and relatively low security, the client _ share _ key needs to be changed at any time to ensure security; therefore, the cloud device 500 may further generate/set a variable time (share _ key _ exception data time), and the security is improved by changing the share _ key _ exception data time at variable times; therefore, when the cloud device 500 detects that the client _ share _ key that changes at any time exceeds the time that the share _ key _ expiry date time is set to change, a new client _ share _ key is automatically generated to ensure the security. When the cloud apparatus 500 determines that the MAC Address data of one client apparatus 100 is the same as the MAC Address data stored in the database, it determines that the client apparatus 100 is a client in the internet of things, and then the cloud apparatus 500 transmits messages such as the uuid and the key back to the client apparatus 100 (as indicated by S3 in fig. 1), where the messages transmitted back to the client apparatus 100 include a client _ uuid, a server _ pub _ key (the server _ pub _ key is a client _ pub _ key), and since all the client apparatuses 100 use the same pub _ key, the server _ pub _ key may be referred to as a server _ pub _ key) and a client _ print _ key.
In addition, if the cloud device 500 compares that the MAC Address used by the client device 100 is not in the database of the cloud device 500 after the cloud device 500 receives the request of the client device 100, and determines that the MAC Address used by the client device 100 is not a client device in the internet of things, the MAC Address message is stored in another database for subsequent comparison. It should be noted that, in general, the backhaul mechanism in the S3 communication direction has no error, but has a mechanism in which an error occurs; for example, if the Server response time is too long and the connection fails, the client device 100 executes the process again, but the cloud device 500 determines that the MAC address is recorded in the database, and returns the uuid corresponding to the MAC address, and the pair of keys generated by the cloud device 500 and returned to the client device 100 is updated. Therefore, even if there is a fake device that uses any method to copy the MAC address of the client device 100, the same key cannot be obtained. In other words, only one determined uuid can survive in the system.
Then, as the communication direction indicated by S4 in fig. 1, when the client device 100 obtains the client _ share _ key, share _ key _ expiration date, MQTT _ Broker IP, MQTT _ Broker account and password (user/password) with the encoded client _ uuid (i.e., the client _ uuid will turn to the messy code according to the server _ pub _ key) through https "request"; when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes the client _ share _ key, the share _ key _ expiration date, the MQTT _ Broker IP, the MQTT _ Broker account number, the password, and the like by the client _ pub _ key and then transmits the encoded account number, the password, and the like back to the client device 100 (for example, the communication direction indicated by S5 in fig. 1).
In addition, in a preferred embodiment of the present invention, the IP, account number and password of MQTT _ Broker can be obtained in two times; for example, for the first time (the communication direction indicated by S4 in fig. 1), the client device 100 obtains the client _ share _ key, the share _ key _ expiration date time, and the MQTT _ Broker IP through https "request" with the encoded client _ uuid (i.e., the client _ uuid would turn into a scrambling code according to the server _ pub _ key); when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes and transmits the client _ share _ key, the share _ key _ explicit data time, the MQTT _ Broker IP, and the like with the client _ pub _ key back to the client device 100 (as the communication direction indicated by S5 in fig. 1). For the second time (as the communication direction indicated by S6 in fig. 1), the client device 100 further obtains the MQTT _ Broker account and the password by using the encoded client _ uuid (i.e., the client _ uuid will turn into the messy code according to the server _ pub _ key) through https "request"; when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 transmits the MQTT _ Broker account, the password, and the like encoded by the client _ pub _ key back to the client device 100 (as the communication direction indicated by S7 in fig. 1). It should be noted that, in the content to be obtained for the first time and the second time, the IP, the account number and the password of the MQTT _ Broker are only required to be obtained in two times, and the others are not limited.
Obviously, in the process of identifying and confirming the client device 100 and the cloud device 500, https used by the client device 100 belongs to a hybrid cipher hack-proof, Secure communication protocol (SSL) or Transport Layer Security protocol (TLS), which belongs to a recognized Security protocol, and a recognized certificate required by the cloud device 500 can be used by the client device 100 to confirm whether a message is directly transmitted from the cloud device 500 by a digital signature of an authentication center; therefore, when a hacker performs tampering, embezzlement or denial actions in the message transmission process, the password can be prevented from being tampered or embezzled by the security authentication.
Then, as the communication direction indicated by S8 in fig. 1, when the client device 100 obtains the relevant data from the cloud device 500, the client device 100 is connected to the proxy server device 700; before proceeding with the connection to the proxy server 700, it is necessary to confirm that the received message is complete, and the complete message includes 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key; share _ key _ expiration date time. After the client device 100 confirms that the complete message is received, the client _ share _ key is used to encode the client _ uuid and the data content (data consumed) to be transmitted to the cloud by the client device 100, and then the encoded data content is uploaded to the proxy server device 700 (i.e., MQTT Broker).
In the preferred embodiment of the present invention, the client device 100 further checks whether the age of the share _ key _ expiration date time has expired (e.g., expiration date of 2015/0501); if the age of the share _ key _ expiration data time has elapsed (for example, the result of checking the expiration date is 2015/0502), the client device 100 will re-use the encoded client _ uuid (i.e., the client _ uuid will be converted into a messy code according to the server _ pub _ key), and request a new share _ key _ expiration data time message through https; when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 determines that the client _ uuid is correct, the cloud device 500 encodes the new share _ key _ exception data with the client _ pub _ key and transmits the encoded share _ key _ exception data back to the client device 100. In addition, to increase security, the time set by the share _ key _ expiration data time may be periodic or random, and may be determined by the cloud device 500.
After the client device 100 confirms that the complete message has been received, at this time, the client device 100 already knows the MQTT _ Broker IP and MQTT _ Broker account numbers and passwords of the proxy server device 700, so that the client device 100 can upload the encoded client _ uuid and data string to the proxy server device 700 (as indicated by the communication direction indicated by S8 in fig. 1); then, the proxy server 700 directly (i.e., without any processing) transmits the message uploaded by the client device 100 to the cloud device 500 after receiving the encoded client _ uuid and the data string uploaded by the client device 100; obviously, in the process of transmitting the message to the cloud device 500 by the client device 100, the cloud device 500 does not directly expose its address, so that the probability of hacking the cloud device 500 can be reduced. Since the proxy server 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, the probability of breaking the MQTT _ Broker IP and MQTT _ Broker accounts and passwords of the proxy server 700 can be reduced, and the security of the internet of things communication process can be further improved.
Then, as indicated by S9 in fig. 1, after receiving the data (i.e., the encoded client _ u id and the data string) directly transmitted by the proxy server 700, the cloud device 500 immediately decodes (Decode) the data by using the client _ share _ key, and verifies whether the received client _ u id and the data string are complete and correct; if the data string is correct, storing the data string into a memory module, and waiting for the user to perform specific application on the received data string; and if the received client _ uuid and the data string are verified to be incomplete or incorrect, recording. It should be noted that the purpose of verifying the incorrect message is to prevent or reduce the probability of hacking by the internet of things system through a verification mechanism of artificial intelligence for deep learning or artificial addition, modification or correction. In this embodiment, the incorrect message includes, for example, (1) news crawlers find the counterfeit of certain commodities rampant; or (2) the same client _ uuid set at the beginning of the program appears in two completely different places at the same time, at the moment, the internet of things system informs the company inspectors or gives an alarm, and the treatment modes which can be made by the inspectors at least have actions of observation or neglect and the like, so that the effects of early warning and preventing hacker are achieved; also, (3) the device 500 itself is continuously sent suspicious information by a specific proxy server 700, such as unknown client _ uuid information; if the incorrect message continues to appear, and it is determined that the proxy server 700 is likely to be hacked, the cloud device 500 may choose to turn off the proxy server 700 (as indicated by S10 in fig. 1).
In the embodiment of the present invention, the client _ share _ key encoding manner may be matched with a hash function to prevent tampering, wherein the hash function may select MD5, SHA-1, SHA-256, or the like. Meanwhile, the client _ share _ key can also be matched with different decoding (decode) modes, such as block cipher, stream cipher, ECB mode or the mixed method, and the like, so that the decoding difficulty can be effectively improved, and the decoding time can not be lost.
Please refer to fig. 2, which is a schematic diagram of another embodiment of the internet of things connection architecture of the present invention. As shown in fig. 2, the internet of things connection architecture is composed of a plurality of client devices 100, a cloud device 500 and at least one proxy device 700; wherein each client device 100 is a device having a wireless communication function and a specific user identifier; a cloud device 500 having a function of communicating with each client 100, and identifying the client 100 as one client 100 in the internet of things by using a specific user identifier unique to each client 100; the proxy server 700 has its website address and password, and can communicate with the cloud device 500. Since the basic connection architecture of the embodiment of fig. 2 is the same as that of the embodiment of fig. 1, the difference between the two is that after the cloud device 500 provides the address, account and password of each proxy server to the client devices 100 in at least one internet of things and forms a pair, the paired client devices 100 can only communicate with the paired proxy server 700, and then the proxy server 700 communicates with the cloud device 500, so as to transmit the data on each client device 100 to the cloud device 500. The process of actually completing the connection of the internet of things in fig. 2 is briefly described as follows.
Referring to fig. 2, first, each client device 100 logs in to the cloud device 500 through https. Then, after the cloud device 500 receives the request of each client device 100, the cloud device 500 verifies whether the MAC Address used by each client device 100 is already stored in the database of the cloud device 500; if it is determined that the MAC Address used by each client device 100 is already stored in the database of the cloud device 500, generating an individual identification code (client u id) for each client; next, the cloud device 500 generates a pair of keys for the specific client according to each client device 100; after the cloud device 500 determines that each client device 100 is a client in the internet of things, the cloud device 500 returns the generated messages such as each uuid and the key to each corresponding client device 100, where the messages returned to each client device 100 include client _ uuid, server _ pub _ key, and client _ pri _ key.
Then, each client device 100 may obtain the client _ share _ key, share _ key _ expiry date, MQTT _ Broker IP, MQTT _ Broker account and password (username/password) from the encoded client _ uuid through https "request"; when the cloud device 500 receives the client _ uuid converted into the random code, the client _ uuid is decoded according to the respective server _ pri _ key, so as to determine whether each received client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes and transmits the client _ share _ key, the share _ key _ expiration date, the MQTT _ Broker IP, the MQTT _ Broker account number, the password and the like to the client device 100 in the form of the client _ pub _ key. For example, the IP, the account number and the password of the agent device (Broker-1) are transmitted back to the Client-1 to the Client-5; the IP, the account number and the password of the agent device (Broker-2) are transmitted back to Client-6 to Client-15; the IP, the account number and the password of the agent device (Broker-3) are transmitted back to Client-16 to Client-50; it is obvious that the internet of things has paired 50 individual client devices 100 from 3 proxy servers 700 to communicate with the cloud device 500. Then, after each client device 100 obtains the related data through the cloud device 500, the client device 100 connects with the obtained paired proxy server 700; meanwhile, when each client device 100 determines that the message received by the cloud device 500 includes 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key; after the share _ key _ explicit data time, the client _ side and the data content to be transmitted to the cloud by the client apparatus 100 are encoded by using the client _ share _ key, and then are uploaded to the proxy server apparatus 700 (i.e., MQTT Broker).
Since each client 100 already knows the MQTT _ Broker IP and MQTT _ Broker account and password of its paired proxy server 700 after confirming that the complete message has been received, the client 100 can upload the encoded client _ uuid and data string to the paired proxy server 700; then, each proxy server 700 directly (i.e., without any processing) transmits the message uploaded by the client device 100 to the cloud device 500 after receiving the encoded client _ uuid and the data string uploaded by the paired client device 100; obviously, in the process of transmitting the message to the cloud device 500 by the client device 100, the cloud device 500 does not directly expose its address, so that the probability of hacking the cloud device 500 can be reduced. Since each proxy server 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, the probability of breaking the MQTT _ Broker IP and MQTT _ Broker accounts and passwords of the proxy server 700 can be reduced, and the security of the internet of things communication process can be further increased. Next, after receiving the data (i.e., the encoded client _ uuid and data string) directly transmitted by each proxy server 700, the cloud device 500 immediately decodes the data using each client _ share _ key, and verifies whether the received client _ uuid and data string are complete and correct; if the data string is correct, storing the data string into a memory module, and waiting for the user to perform specific application on the received data string; if the received client _ uuid and the data string are verified to be incomplete or incorrect, recording; in this embodiment, the generation of the incorrect message may include that each client issues a message with a certain regularity, for example, if a message issued by a certain client with abnormal or excessive frequency is generated, the message is regarded as an incorrect message; or the agent server 700 itself issues the frequency release information not via MQTT, but tries to connect to the cloud device 500; when the incorrect message continues to appear, it is determined that the proxy server 700 is likely to be hacked; the cloud device 500 may choose to shut down the proxy server 700.
In summary, the main technical means of the internet-of-things connection architecture of the present invention is that after the cloud device 500 confirms that each client device 100 is a user of the internet of things, the cloud device 500 returns the MQTT _ Broker IP, MQTT _ Broker account, and password of the proxy server device 700 to each client device 100, and then each client device 100 connects with the proxy server device 700 according to the received MQTT _ Broker IP, MQTT _ Broker account, and password, and uploads the data strings to be transmitted by each client device 100 to the proxy server device 700 together after encoding the data strings, and then the proxy server device 700 directly transmits the data strings transmitted by the client devices 100 to the cloud device 500 for decoding and processing without processing the data strings transmitted by the client devices 100. It is obvious that the internet of things connection architecture of the present invention is divided into two stages for connection, and after the identification of the client device 100 is completed in the first stage, the client device 100 can only be connected with the proxy server device 700 in the second stage; since the first phase is completed before the client 100 connects, the client 100 can only connect and communicate with the proxy server 700 while it is transmitting data; therefore, the cloud device 500 does not directly expose its own address, so that the probability of hacking the cloud device 500 can be reduced, and the security of the internet of things connection architecture can be effectively improved.
Next, a connection method and a connection process of the internet of things connection architecture of the present invention are described in detail, and through the connection method and the connection process of the internet of things connection architecture, the innovation point of using the proxy server 700 of the present invention can be more clearly understood.
Please refer to fig. 3, which is a flowchart of the internet of things connection method of the present invention. As shown in fig. 3, the internet of things connection method of the present invention includes:
in step 1, the client device 100 logs in to the cloud device 500, for example, the client device 100 logs in to the cloud device 500 through https, so as to start the internet of things system.
Step 2, after the cloud device 500 receives the request of the client device 100, the cloud device 500 verifies whether the MAC Address used by the client device 100 is already stored in the database of the cloud device 500.
Step 3, when the cloud device 500 confirms that the MAC Address used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, and the client device 100 is the client device 100 in the internet of things, and the cloud device 500 generates a client authentication code (client uuid) and a pair of keys used by an exclusive client. In this embodiment, the Key is an RSM Asymmetric Key (asymmetry Key) with high security; therefore, a pair of client _ pub _ key and client _ pri _ key can be generated; the messages sent back to the client device 100 include client _ uuid and server _ pub _ key (the server _ pub _ key is client _ pub _ key), and if the cloud device 500 receives the request from the client device 100, the cloud device 500 compares that the MAC Address used by the client device 100 is not in the database of the cloud device 500, and determines that the MAC Address used by the client device 100 is not a client device in the internet of things, the MAC Address is stored in another database for subsequent comparison.
Step 4, the client device 100 determines whether the uuid and the key generated by the cloud device 500 are correctly received; when the client device 100 confirms that the message such as the uuid and the key has been correctly received, the client device 100 immediately requests the cloud device 500 to obtain the client _ share _ key, the MQTT _ Broker IP of the proxy server device 700, the MQTT _ Broker account and the password (user/password) by using the encoded client _ uuid (i.e., the client _ uuid is converted into the messy code according to the server _ pub _ key).
Step 5, after receiving the client _ uuid converted into the random code, the cloud device 500 decodes the client _ uuid according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes and transmits the client _ share _ key, the MQTT _ Broker IP and MQTT _ Broker account number and password of the proxy server 700 and the like in the client _ pub _ key to the client device 100.
Step 6, after the client device 100 obtains the relevant data from the cloud device 500, the client device 100 immediately decodes the relevant data by using the client _ pri _ key and confirms that the received message is complete, wherein the complete message comprises 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key. When the client device 100 confirms that the complete message is received, it will connect with the proxy server device 700; if the client device 100 determines that the received message is incomplete, it returns to step 4 to request the cloud device 500 to obtain the client _ share _ key, the MQTT _ Broker IP of the proxy server device 700, the MQTT _ Broker account and the password (user name/password).
Step 7, the client device 100 uses MQTT _ Broker IP and MQTT _ Broker account and password to connect with the proxy server device 700; meanwhile, the client _ side _ key is used to encode the client _ uuid and the data content (data included) to be transmitted to the cloud end device 500 by the client apparatus 100, and then upload the encoded data to the proxy server apparatus 700.
In step 8, the proxy server 700 directly (i.e., without any processing) transmits the message uploaded by the client device 100 to the cloud device 500 after receiving the encoded client _ uuid and the data string uploaded by the client device 100.
Step 9, after receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the data by using the client _ share _ key, and verifies whether the received client _ uuid and data string are complete and correct.
Step 10, when the cloud device 500 judges that the received client _ uuid and the data string are complete and correct, storing the decoded client data string into a memory module, and waiting for a user to perform specific application on the received data string; if the received client _ uuid and the data string are verified to be incomplete or incorrect, recording; in this embodiment, the incorrect message includes (1) that the client _ u corresponding to an ip is incorrect, which may cause a theft problem (2) if a client _ u has data upload matching Geo Location, it can be verified by verifying the validity of Geo Location (whether a client _ u is in asia for one minute and in north america for the next minute); when the incorrect message continues to appear, it is determined that the proxy server 700 is likely to be hacked; the cloud device 500 may choose to shut down the proxy server 700.
Obviously, in the process of the connection method of the entire internet of things architecture, from step 1 to step 6, the connection with the cloud end device 500 is completed before each client end device 100 leaves the factory, that is, after each client end device 100 leaves the factory, a complete message is obtained from the cloud end device 500, including 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key. After the internet of things system is started, the data string to be transmitted to the cloud device 500 for processing by each client device 100 is transmitted to the proxy server device 700 according to MQTT _ Broker IP, and then the proxy server device 700 directly transmits the data string of the client device 100 to the cloud device 500. Therefore, in the message transmission process from step 7 to step 10, the cloud device 500 does not directly expose its own address, so that the probability of hacking the cloud device 500 can be reduced. Since the proxy server 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, the probability of breaking the MQTT _ Broker IP and MQTT _ Broker accounts and passwords of the proxy server 700 can be reduced, and the security of the internet of things communication process can be further improved.
Next, please refer to fig. 4, which is a flowchart illustrating an internet of things connection method according to another embodiment of the present invention.
As shown in fig. 4, the internet of things connection method of the present invention includes:
in step 1, the client device 100 logs in to the cloud device 500, for example, the client device 100 logs in to the cloud device 500 through https, so as to start the internet of things system.
Step 2, after the cloud device 500 receives the request of the client device 100, the cloud device 500 verifies whether the MAC Address used by the client device 100 is already stored in the database of the cloud device 500.
Step 3, when the cloud device 500 confirms that the MAC Address used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, and the client device 100 is the client device 100 in the internet of things, and the cloud device 500 generates a client authentication code (client uuid) and a pair of keys used by an exclusive client. In this embodiment, the Key is an RSM Asymmetric Key (asymmetry Key) with high security; therefore, a pair of client _ pub _ key and client _ pri _ key can be generated; the messages sent back to the client device 100 include client _ uuid and server _ pub _ key (the server _ pub _ key is client _ pub _ key), and if the cloud device 500 receives the request from the client device 100, the cloud device 500 compares that the MAC Address used by the client device 100 is not in the database of the cloud device 500, and determines that the MAC Address used by the client device 100 is not a client device in the internet of things, the MAC Address is stored in another database for subsequent comparison.
Step 4, the client device 100 determines whether the uuid and the key generated by the cloud device 500 are correctly received; when the client device 100 confirms that the message such as the uuid and the key has been correctly received, the client device 100 immediately requests the cloud device 500 to obtain the client _ share _ key, the share _ key _ expiration date, the MQTT _ Broker IP and MQTT _ Broker account and password (username/password) by https with the encoded client _ uuid (i.e., the client _ uuid converts to the random code according to the server _ pub _ key).
In the preferred embodiment of the present invention, this Key is an RSM Asymmetric Key (Asymmetric Key); therefore, a pair of client _ pub _ key and client _ pri _ key can be generated; the RSM asymmetric key has long decoding time, so that the security is high. In another preferred embodiment, the cloud device 500 can further selectively generate a Symmetric Key (Symmetric Key) client _ share _ Key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the RSM symmetric key can be selectively used together; since the symmetric key has short decoding time and relatively low security, the client _ share _ key needs to be changed at any time to ensure security; therefore, the cloud device 500 may further generate a share _ key _ exception data time that changes at any time, so as to improve the security by changing the client _ share _ key at any time; therefore, when the cloud device 500 detects that the client _ share _ key that changes at any time exceeds the set change time, a new client _ share _ key is automatically generated to ensure security.
Step 5, after receiving the client _ uuid converted into the random code, the cloud device 500 decodes the client _ uuid according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes and transmits the client _ share _ key, the share _ key _ expiry date, the MQTT _ Broker IP and the MQTT _ Broker account and password of the proxy server 700 to the client device 100 through the client _ pub _ key.
Step 6, after the client device 100 obtains the relevant data from the cloud device 500, the client device 100 immediately decodes the relevant data by using the client _ pri _ key and confirms that the received message is complete, wherein the complete message comprises 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key; share _ key _ expiration date time. When the client device 100 confirms that the complete message is received, it will connect with the proxy server device 700; if the client device 100 determines that the received message is not complete, it returns to step 4 to request the cloud device 500 to obtain the message again.
Step 7, the client device 100 uses MQTT _ Broker IP and MQTT _ Broker account and password to connect with the proxy server device 700; meanwhile, the client _ side _ key is used to encode the client _ uuid and the data content (data included) to be transmitted to the cloud end device 500 by the client apparatus 100, and then upload the encoded data to the proxy server apparatus 700.
Step 8, the client device 100 checks whether the age of the share _ key _ expiry date time has expired; if the checking result is not expired, the encoded client _ uuid and the data string content are uploaded to the proxy server 700; if the check result is the expired state, the process returns to step 4 to request the cloud device 500 to obtain a new share _ key _ expiration date. For example, an expiration date of 2015/0501; if the check result is aged by the share _ key _ exception data time (for example, the check date result is 2015/0502), the client device 100 will re-use the encoded client _ uuid (i.e., the client _ uuid will be converted into a scrambled code according to the server _ pub _ key), and request to obtain a new share _ key _ exception data time through https; when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 determines that the client _ uuid is correct, the cloud device 500 encodes the new share _ key _ exception data with the client _ pub _ key and transmits the encoded share _ key _ exception data back to the client device 100. In addition, to increase security, the time set by the share _ key _ expiration data time may be periodic or random, and may be determined by the cloud device 500.
In step 9, the proxy server 700 directly (i.e., without any processing) transmits the message uploaded by the client device 100 to the cloud device 500 after receiving the encoded client _ uuid and the data string uploaded by the client device 100.
Step 10, after receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the data by using the client _ share _ key, and verifies whether the received client _ u id and the data string are complete and correct.
Step 11, when the cloud device 500 judges that the received client _ uuid and the data string are complete and correct, storing the decoded client data string into the memory module, and waiting for the user to perform specific application on the received data string; if the received client _ uuid and the data string are verified to be incomplete or incorrect, recording; in this embodiment, the incorrect message includes (1) that the client _ u corresponding to the IP is incorrect, which may cause a theft problem (2) that if a client _ u has a data upload matching Geo Location, it can be verified by verifying the validity of Geo Location (whether a client _ u is in asia for one minute and in north america for the next minute). When the incorrect message continues to appear, it is determined that the proxy server 700 is likely to be hacked; the cloud device 500 may choose to shut down the proxy server 700.
Obviously, in the process of the connection method of the entire internet of things architecture, from step 1 to step 6, the connection with the cloud end device 500 is completed before each client end device 100 leaves the factory, that is, after each client end device 100 leaves the factory, a complete message is obtained from the cloud end device 500, including 1. segment _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key; share _ key _ expiration date time. After the internet of things system is started, the data string to be transmitted to the cloud device 500 for processing by each client device 100 is transmitted to the proxy server device 700 according to MQTT _ Broker IP, and then the proxy server device 700 directly transmits the data string of the client device 100 to the cloud device 500. Therefore, in the message transmission process from step 7 to step 10, the cloud device 500 does not directly expose its own address, so that the probability of hacking the cloud device 500 can be reduced. Since the proxy server 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, the probability of breaking the MQTT _ Broker IP and MQTT _ Broker accounts and passwords of the proxy server 700 can be reduced, and the security of the internet of things communication process can be further improved.
Next, in step 4 of fig. 3, the process of the client device 100 obtaining the MQTT _ Broker IP, MQTT _ Broker account, and MQTT _ Broker password of the proxy server device 700 from the cloud device 500 may be divided into two steps to be executed; for example, the client device 100 acquires the client _ share _ key and the MQTT _ Broker IP through https request for the first time with the encoded client _ uuid (i.e., the client _ uuid will be converted into scrambled code according to the server _ pub _ key); when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 encodes the client _ share _ key, the MQTT _ Broker IP and the like by the client _ pub _ key and then transmits the encoded client _ share _ key back to the client device 100; the second time, the client device 100 uses the encoded client _ uuid (i.e. the client _ uuid will be converted into a messy code according to the server _ pub _ key), and obtains the MQTT _ Broker account and the password through https; when the cloud device 500 receives the client _ uuid converted into the random code, decoding is performed according to the server _ pri _ key to determine whether the client _ uuid is correct; after the cloud device 500 confirms that the client _ uuid is correct, the cloud device 500 transmits the MQTT _ Broker account, the password, and the like, encoded by the client _ pub _ key, back to the client device 100. It should be noted that, in the content to be obtained for the first time and the second time, the IP, the account number and the password of the MQTT _ Broker are only required to be obtained in two times, and the others are not limited.
Next, an embodiment of the internet of things architecture applied to a logistics management system of a product is described in detail.
First, please refer to fig. 5, which is a schematic diagram of an internet of things product logistics management system of the present invention. As shown in fig. 5, the logistics management system of a product of the invention comprises a plurality of products 10, electronic tags 12 disposed on each product, at least one client device 100 (e.g., a personal computer, a notebook computer, a smart phone, a smart portable device, a smart reader device, etc.), and each client device 100 can read and transmit the information inside the electronic tags 12 to a cloud device 500 through a proxy server device 700 and a display device 600 connected to the cloud device 500, and a communication link is formed between the logistics management systems by using a wireless network; wherein each client device 100 is a wireless communication device with a floating IP, and each client device 100 has a specific user identifier; the cloud processing device 500 is a fixed Domain Name System (DNS) having a function of a server (server) and a function of communicating with each client device 100, and confirms that each client device 100 is a client device in one of the internet of things by using a specific user identifier of each client device 100; the proxy server 700 (MQTT Broker) is a floating IP that changes at any time, has a website and a password, and mainly works to receive a coded data string transmitted from the client device 100 in the internet of things, directly transmit the coded data string to the cloud device 500, and communicate with the cloud device 100; after the cloud device 500 provides the address and the password of the proxy server 700 to each client device 100 in the internet of things, the client devices 100 can only communicate with the proxy server 700, and then the proxy server 700 communicates with the cloud device 500, so as to transmit the product 10 message to be transmitted by each client device 100 to the cloud device 100, and after the cloud device 100 processes the message, the processed result is displayed on a display device 600.
Referring to fig. 6, a schematic diagram of a client device (e.g., a personal computer, a notebook computer, a smart phone, a smart portable device, a smart reader, etc.) according to the present invention is shown; as shown in fig. 6, the client device 100 includes a controller 110, a plurality of antennas 120, a plurality of input/output interfaces 130, and a wireless transmission module 140; next, please refer to fig. 7A, which is a schematic structural diagram of the cloud device according to the present invention; as shown in fig. 7A, the cloud device 500 comprises a receiving/transmitting interface module 510, a data processing module 520, and a memory module 530, wherein a security judgment database is established in the memory module 530, and includes data such as a number, a user identifier (e.g., MAC Address), a name or number of a warehouse located therein, and coordinates (including latitude and longitude) of a location thereof, so that the data processing module 520 performs comparison and verification, for example, whether at least a user identifier (e.g., MAC Address) used by each client device 100 is stored in the memory module 530 database of the cloud device 500; in addition, the cloud device 500 can also communicate with each client device 100, the proxy server 700 and the display module 600 through the receiving/transmitting interface module 510.
When the logistics management system is in operation, each client device 100 has logged in to the cloud device 500 through https by the wireless transmission module 140, and has confirmed that each client device 100 is a client device in the internet of things, and meanwhile, each client device 100 has also confirmed that a complete message is received, including 1. server _ pub _ key; 2, client _ pri _ key; MQTT _ Broker IP; MQTT _ Broker username/passcard; client _ share _ key; share _ key _ expiration date time; the login and authentication process is as described in the previous embodiment. The client device 100 in the embodiment of the logistics management system is a read/write device, and can send an electrical signal to the electronic tag 12 on the product 10 through the antenna 120, and trigger the electronic tag 12 to transmit the information stored inside, and then the antenna 120 of the read/write device receives the information transmitted by the electronic tag 12, and transmits the information to the controller 110 through the input/output interface 130 for processing, and after using the client _ share _ key to encode the client _ uuid and the information data of the electronic tag 12, the wireless transmission module 140 transmits the encoded information to the proxy server device 700; after receiving the data string transmitted by the client device, the proxy server device 700 does not perform any processing, but directly transmits the received data string; after receiving the data string of the proxy server 700, the receiving/transmitting interface module 510 of the cloud device 500 decodes the data string by the data processing module 520, and at this time, the information in the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, in the storage space set by a specific company; or the information in the electronic tag 12 can be synchronously transmitted to the display module 600 to display the information; or the to-be-processed data processing module 520 performs specific processing on the information in the plurality of electronic tags 12, and then transmits the information to the display module 600 to display the set information status; when the data processing module 520 performs the security identification process, the data processing module 520 may also compare the data, such as the number of each reader/writer 100, the user identifier, the name or number of the warehouse located therein, and the coordinates (including longitude and latitude) of the location where the data is located, received by the receiving/transmitting interface module 510 with the data stored in the memory module 530, as shown in fig. 7B, it is a schematic diagram of the security judgment data stored in the memory module 530 according to the present invention; and if the received client _ uuid and the data string are verified to be incomplete or incorrect, recording.
In this embodiment, the generation of the incorrect message may include that each client device 100 issues a message with a certain regularity, for example, if a message is generated that a certain client device 100 issues with abnormal or excessive frequency; or the client _ uuid corresponding to the ip of a certain client device 100 is incorrect, there may be a theft problem; alternatively, if a client _ u id has a data upload matching the Geo Location, it can be verified by verifying the validity of the Geo Location (whether a client _ u id is in asia for one minute and north america for the next minute); or the agent server 700 itself issues the frequency release information not via MQTT, but tries to connect to the cloud device 500; the message is deemed incorrect. When the incorrect message continues to appear, it is determined that the proxy server 700 is likely to be hacked; the cloud device 500 may choose to shut down the proxy server 700. In addition, the mode of transmitting the message processed by the cloud device 500 to the display module 600 may be wireless transmission (WiFi, Bluetooth) or wired transmission. It is obvious that in the internet of things connection architecture of the present invention, in the process of transmitting data to the cloud device 500 by the whole client device 100, the cloud device 500 does not directly expose its own address, so that the probability of hacking the cloud device 500 can be reduced, and the security of the internet of things can be greatly improved.
It should be emphasized that, in the aforementioned detailed description, in the following description of the product logistics management system according to the embodiment of the invention, each client device 100 has logged in to the cloud device 500 through the wireless transmission module 140, and it has been confirmed that each client device 100 is a client device in the internet of things, and meanwhile, each client device 100 has also confirmed that a complete message, including MQTT _ Broker IP and MQTT _ Broker account numbers and passwords of the proxy server 700, is received, and details are not repeated.
Next, referring to fig. 8, a first embodiment of the product logistics management system of the internet of things of the invention is shown. As shown in fig. 8, the product logistics management system of the present invention includes a first location area (1), such as a warehouse where products are stored; and the product 10 may be any goods, such as, for example, consumer products such as athletic shoes, luggage, clothing, and the like. A plurality of products 10 are stored in the first position area 1, each product 10 is provided with an electronic tag 12, and the electronic tags 12 can be attached one by one after the products 10 are stored in the first position area 1; meanwhile, the electronic tag 12 at least stores the name and identification code (ID code) of the product 10; the first location area 1 has an entrance and an exit, and the entrance and the exit are configured with at least one first reader 31/32/33 (for example, the security identification codes of the three first reader are a001, a002 and a003, respectively) that can be used as the client device 100, and each first reader 31/32/33 has a security identification code, the name or number of the warehouse and the coordinates (including longitude and latitude) of the location; the purpose of configuring a plurality of first reading-writing devices on the gateway is to effectively improve the reading-writing speed and accuracy of product information and reduce the error rate of reading-writing of product information when the number of products passing through the gateway in unit time is increased.
When the products 10 stored in the first location area 1 need to be transported to the point of sale, each product 10 must pass through at least one first reader/writer 31/32/33 provided on the doorway, the first antenna 120 of each of the first reader/writer 31/32/33 transmits a signal, so that after each electronic tag 12 passing through the first reader 31/32/33 receives the signal transmitted by the first antenna 120, the electronic tag 12 is triggered to transmit the product message stored therein, the first antenna 120 of the first read/write device 31/32/33 receives the message transmitted by the electronic tag 12, the message is transmitted to the controller 110 through the input/output interface 130 for processing, after the client _ side and the message data of the electronic tag 12 are encoded by using the client _ share _ key, the wireless transmission module 140 transmits the encoded message to the proxy server 700; after receiving the data string transmitted by the client device 100, the proxy server device 700 does not perform any processing, but directly transmits the received data string; after receiving the data string of the proxy server 700, the receiving/transmitting interface module 510 of the cloud device 500 decodes the data string by the data processing module 520, and at this time, the information in the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, in the storage space set by a specific company; or the information in the electronic tag 12 can be synchronously transmitted to the display module 600 to display the information; or after the data processing module 520 performs specific processing on the messages in the plurality of electronic tags 12, the messages are transmitted to the display module 600 to display the set information status, so that the cloud device 500 can grasp which products and quantities have moved out of the first location area 1; therefore, the data may be further compared with the warehousing data stored in the memory module 530 to determine whether the quantity is the same.
Then, when the removed products 10 need to be transported to another area for sale, the products may need to be transported to a predetermined area for storage through a transportation device; for example, ten thousand pairs of sneakers placed in the Shanghai free trade area are shipped to a point-of-sale warehouse in the great street of Wangfu well, Beijing. In order to ensure that the sports shoes to be transported are stored in a predetermined area, for example, for a long period of time, it must be ensured that the shoes enter the transport device (for example, a container) when entering the entrance of the transport device, and that the products stored in the transport device are not missing during the entire transport process.
In order to solve the above-mentioned requirement, the first embodiment of the product logistics management system of the present invention proceeds with the following procedure. A container (or referred to as a second location area 2) on the transportation apparatus is configured with a doorway, at least one second reader 41/42/43 (for example, the security identifiers of three second readers are P004, P005 and P006, respectively) is configured on the doorway as the client apparatus 100, and the second antenna 220 on each second reader 41/42/43 transmits a signal, so that each electronic tag 12 passing through the second reader 41/42/43 receives the signal transmitted by the second antenna 220, triggers the electronic tag 12 to transmit the product information stored inside, receives the information transmitted by the electronic tag 12 by the second antenna 220 of the second reader 41/42/43, transmits the information to the controller 210 through the input/output interface 130, and encodes the information data of the client _ uuid and the electronic tag 12 by using the client _ share _ key, the wireless transmission module 240 transmits the encoded message to the proxy server 700; after receiving the data string transmitted by the client device, the proxy server device 700 does not perform any processing, but directly transmits the received data string; after receiving the data string of the proxy server 700, the receiving/transmitting interface module 510 of the cloud device 500 decodes the data string by the data processing module 520, and at this time, the information in the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, in the storage space set by a specific company; or the information in the electronic tag 12 can be synchronously transmitted to the display module 600 to display the information; or the to-be-processed data processing module 520 performs specific processing on the information in the plurality of electronic tags 12, and then transmits the information to the display module 600 to display the set information status; the cloud device 500 can know the number of products sent to the second location area 2, the name and the identification code of each product, and can further compare the number with the warehousing data in the memory module 530, so that the cloud device 500 can master which products and the number have entered the second location area 2 for storage; in addition, the security confirmation method for the message transmitted by the second read/write device 41/42/43 in the present embodiment is the same as the above, and will not be described further; the difference is in the security identification code, and in this embodiment, P in P004 represents a read/write device disposed on the transport container, so that it can select to transmit or not transmit coordinate (including longitude/latitude) information.
Next, referring to fig. 9, a second location area of the internet of things product logistics management system in the first embodiment of the invention is shown. In the second location area 2, at least one third reader 51/52/53 (for example, the security identifiers of the three third readers are G007, G008, and G009, respectively) that can be used as the client device 100 is further configured, wherein each third reader 51/52/53 is composed of at least one third antenna 320, a third control module 310, a positioning device 150, and a third wireless transmission module 340. These third read-write devices 51/52/53 are used to scan or monitor the products 10 placed in the second location area 2 to ensure that the amount of products stored in the second location area 2 is safely placed in the second location area 2; it is obvious that, in this embodiment, the second location area 2 is a transportation container for transporting products, such that during the transportation of the whole product 10, the third reading and writing devices 51/52/53 will continuously send out messages to the electronic tag 12 on the product 10 through the third antenna 320, and then trigger the electronic tag 12 to send out the product messages stored inside, and then the third antenna 320 of the third reading and writing device 51/52/53 will receive the messages sent by the electronic tag 12, and transmit the messages to the controller 110 through the input/output interface 130 for processing, and after the message data of the client _ sure and the electronic tag 12 are encoded by using the client _ share _ key, the wireless transmission module 140 will transmit the encoded messages to the proxy server 700; after receiving the data string transmitted by the client device, the proxy server device 700 does not perform any processing, but directly transmits the received data string; after receiving the data string of the proxy server 700, the receiving/transmitting interface module 510 of the cloud device 500 decodes the data string by the data processing module 520, and at this time, the information in the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, in the storage space set by a specific company; or the information in the electronic tag 12 can be synchronously transmitted to the display module 600 to display the information; or the to-be-processed data processing module 520 performs specific processing on the information in the plurality of electronic tags 12, and then transmits the information to the display module 600 to display the set information status; so that the cloud device 500 can determine where the product is currently transported according to the GPS coordinate information.
Furthermore, it is emphasized that the electronic tag according to the above embodiments may comprise one of NFC, RFID, ID stamp, or ID sticker; wherein the third reading and writing means 51/52/53 arranged in the second location (container) 2 can be fixed in one location if the electronic tag 12 on the product 10 placed in the second location (container) 2 is an RFID; if the electronic tags 12 on the products 10 placed in the second location (container) 2 are NFC, ID stamp or ID sticker, then the third reader 51/52/53 arranged in the second location 2 must be able to move in the second location (container) 2 to be sure that each product 10 can be scanned. Furthermore, the frequencies of the electronic tag 12 on the system and the first antenna 120, the second antenna 220 and the third antenna 320 are matched.
In addition, it is emphasized that the cloud device 500 is a fixed Domain Name System (DNS) having a function of a server (server) and a function of communicating with the client device 100, and is composed of a receiving/transmitting interface module 510, a data processing module 520 and a memory module 530, and can be connected to the display module 600 through the receiving/transmitting interface module 510; the data processing module 520 has recorded and stored information such as the security identification code of at least one first reader/writer 31/32/33 (for example, 3 first reader/writers) disposed at the first entrance of the first location area 1, the name or number of the warehouse and the coordinates (including longitude and latitude) of the location in the memory of the memory module 530; similarly, the data processing module 520 has also recorded and stored information such as the security identification code of at least one second reading and writing device 41/42/43 disposed at the second entrance/exit of the second location area 2 (for example, 3 second reading and writing devices are disposed), the name or number of the warehouse and the coordinates (including longitude and latitude) of the location thereof in the memory of the memory module 530; the information of the security identification code, the name or number of the warehouse and the coordinates (including latitude and longitude) of the location thereof, etc. of the at least one third read-write device 51/52/53 configured in the second location 2 are also recorded and stored in the memory of the memory module 530, as shown in fig. 7B and 7C, wherein fig. 7C is a schematic diagram of the warehouse data stored in the memory module according to the present invention. When the data processing module 520 determines that the received client _ uuid and the data string are correct, the messages can be stored in the specific storage space set by the memory module 530; when the received client _ uuid and the data string are determined to be incorrect or wrong, it indicates that the received read/write device is not transmitted by the logistics management system, and there may be a hacking message to intrude or a client data is abnormal, so the data processing module 520 of the cloud device 500 determines to ignore the message or to select to close the proxy server 700 or send an alarm notification according to the determination result, and does not perform subsequent processing.
In addition, the product 10 message in the first location area 1 may be recorded in the data processing module 520 or the memory module 530 of the cloud device 500 before the product 10 enters the first location area 1; alternatively, after the plurality of products 10 pass through the first read/write device 31/32/33 in the first location area 1, the number of the products 10 passing through the first location area 1, the name and the identification code of each product are recorded, the number of the products in the first location area 1, the name and the identification code of each product are then established, and the number and the identification code of each product are also recorded in the data processing module 520 or the memory module 530 of the cloud device 500, as shown in fig. 7C; at this time, the cloud device 500 adds a data storage time record to be used as one of the subsequently compared data in the process of executing the storage to the memory module 530 by the data processing module 520. The number of products in the first location area 1 and the name and identification code data of each product are selected to be recorded in any of the manners described above, but the present invention is not limited thereto.
Obviously, after the data of the product quantity, the product name, the identification code, and the like of each product in the first location area 1 are established in the memory module 530 of the cloud device 500, the data are processed and compared by the data processing module 520 in the cloud device 500; after the data processing module 520 performs the security judgment and the message processing, it knows the number of products passing through the first location area 1, and the name and the identification code of each product, and can further compare the number with the warehousing data (as shown in fig. 7C) in the memory module 530, so that the cloud device 500 can grasp which products and the number have moved out of the first location area 1. At this time, the cloud device 500 may be connected to the display 600 through the receiving/transmitting interface module 510, so as to display the number of products, product names and recorded time originally stored in the first location area 1; or when which products and quantities have been removed from first location area 1 and how many products and quantities remain stored in first location area 1; the manager can grasp the number of products and the names of the products in the first location area 1; of course, the manager can also know the product name and the identification code thereof stored in the first location area 1 by querying through the cloud device 500.
Finally, after the first embodiment of the product logistics management system of the invention is operated, the manager can see the information of how many products are stored in the warehouse, how many products are in the way of transportation, where the products are transported and when the products are scheduled to reach the destination (Wangfu well street) on the display module 600 connected to the cloud device 500; meanwhile, the manager can also query the product name and the identification code of the product in the management system through the cloud device 500. Similarly, in another preferred embodiment of the present invention, the first reader 31/32/33 disposed in the second position 1 can be moved in the first position 1 as the third reader 51/52/53 is necessary to confirm that each product 10 can be scanned.
The article management system of the present invention can be further integrated with an article warehousing and sales management system into a complete system, and the detailed operation process thereof is described below.
Fig. 10 is a schematic view of article warehousing management of a product logistics management system of the internet of things according to a second embodiment of the invention. Firstly, when a plurality of products 10 with electronic tags 12 attached thereto are placed in the first storage area 1, for example, in the first embodiment, the products (a pair of gym shoes) are transported to the first storage area 1 of the Wangfu well street for storage, and the number of the products, the product names and the identification codes placed in the first storage area 1 are also stored in the memory device of the cloud device; it is obvious that the first warehousing area 1 has an entrance and an exit, and at least one first reader/writer is disposed on the entrance, and each first reader/writer has a number 31/32/33 (for example, the security identification codes of the three first reader/writers are a001, a002 and a003, respectively), the name or number of the warehouse and the coordinates (including longitude and latitude) of the position, and all the information is recorded or stored in the memory device of the cloud device. Then, when the manager wants to send the products in the first warehousing area (1) to different sales sites, the system can be used to achieve the purpose.
When a manager wants to send a product (ten thousand pairs of sports shoes) placed in the first storage area 1 to a first sales site, three thousand pairs of sports shoes to a second sales site and one thousand pairs of sports shoes to a third sales site respectively; at this time, when the sports shoes with product numbers 1 to 5000 are transported to the first sales location, the sports shoes with product numbers 1 to 5000 pass through the entrance and exit of the first storage area 1, and at least one first read-write device is configured on the entrance and exit, wherein the first antenna 120 of each first read-write device 31/32/33 transmits a signal, so that each electronic tag 12 passing through the first read-write device 31/32/33 receives the signal transmitted by the first antenna 120, triggers the electronic tag 12 to transmit the product information stored inside, receives the information transmitted by the electronic tag 12 through the first antenna 120 of the first read-write device 31/32/33, transmits the information to the controller 110 through the input/output interface 130 for processing, and encodes the information data of the client _ uuid and the electronic tag 12 by using the client _ share _ key, the wireless transmission module 140 transmits the encoded message to the proxy server 700; after receiving the data string transmitted by the client device, the proxy server device 700 does not perform any processing, but directly transmits the received data string; after receiving the data string of the proxy server 700, the receiving/transmitting interface module 510 of the cloud device 500 decodes the data string by the data processing module 520, and at this time, the information in the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, in the storage space set by a specific company; the message sent by the first reader 31/32/33 includes its serial number, the name or serial number of the warehouse, the coordinates (including longitude and latitude) of its location, the product name in the electronic tag, and the identification code; after the sports shoes numbered 1 to 5000 pass through the first read-write device 31/32/33 of the first storage area 1, it is obvious that after the data processing module 520 of the cloud device 500 processes the sports shoes numbered 1 to 5000, it is known that the sports shoes numbered 1 to 5000 have moved out of the first storage area 1, and the data processing module 520 in the cloud device 500 records the time when the sports shoes numbered 1 to 5000 move out of the first storage area 1, for example, 9 am. During the processing process of the data processing module 520 of the cloud device 500, the data processing module 520 may first determine whether the received messages are sent by the first read/write device 31/32/33 of the management system; for example, the data processing module 520 at least confirms whether the information, such as the number of the first reader/writer, the name or number of the warehouse and the coordinates (including longitude and latitude) of the location, is the same as the recorded information stored in the memory module 530; when the received message is determined to be correct, the messages sent by the first read/write device 31/32/33 can be stored in the specific storage space set by the memory module 530 or the messages in the electronic tag 12 can be synchronously sent to the display module 600 to display the information; or the to-be-processed data processing module 520 performs specific processing on the information in the plurality of electronic tags 12, and then transmits the information to the display module 600 to display the set information status; causing the cloud appliance 500; when the received message is judged to be incorrect, the hacker message is possibly invaded, so the data processing module ignores the message, does not perform subsequent processing, or can choose to close the proxy server device 700 or further send an alarm to the cloud device.
Similarly, after the sports shoes numbered 5001 to 8000 pass through at least one first read/write device 31/32/33 at the entrance/exit of the first storage area 1, the cloud device 500 knows that the sports shoes numbered 5001 to 8000 have been moved out of the first storage area 1 through the same system operation, and the data processing module 520 in the cloud device 500 records the time when the sports shoes numbered 5001 to 8000 are moved out of the first storage area 1, for example, 10 am. After the sports shoes numbered 8001 to 9000 pass through at least one first read-write device 31/32/33 at the entrance of the first storage area 1, the cloud device 500 knows that the sports shoes numbered 8001 to 9000 have moved out of the first storage area 1 through the same system operation, and the data processing module 520 in the cloud device 500 records the time when the sports shoes numbered 8001 to 9000 move out of the first storage area 1, for example, 11 am. When the second embodiment is operated, the manager can see that the sports shoes numbered 9001 to 10000 are currently stored in the warehouse on the display module 600 connected to the cloud device 500; the athletic shoes numbered 1 through 5000, the athletic shoes numbered 5001 through 8000, and the athletic shoes numbered 8001 through 9000 indicate that the shoes have been removed from the first storage area 1 at different times.
Then, after the sports shoes numbered 1 to 5000 have been transported to the first sales location, the shoes pass through the read/write device 61 (for example, the security identification code is S010) disposed in the first sales location, so that the manager can see that the sports shoes numbered 9001 to 10000 are currently stored in the warehouse on the display module 600 connected to the cloud device 500 through the same operation of the system; the sports shoes numbered 1 to 5000 are already stored in the first sales location at 11 am, and the manager can also query product messages through the cloud device 500, for example, query size messages of the sports shoes numbered 1 to 5000. Similarly, after the sports shoes numbered 5001 to 8000 have been delivered to the second sales location, the shoes are passed through the read/write device 62 (e.g., S011), so that the manager can see on the display module 600 connected to the cloud device 500 that the sports shoes numbered 9001 to 10000 are currently stored in the warehouse, the sports shoes numbered 1 to 5000 are already stored in the first sales location at 11 am, and the sports shoes numbered 5001 to 8000 are already stored in the second sales location at 30 am, and the manager can also query the product information through the cloud device 500, for example, query the size information of the sports shoes numbered 5001 to 8000. And then, after the sports shoes numbered 8001 to 9000 have been delivered to the third sales site, that is, since the read/write device 63 (for example, the security identification code is S012) disposed in the third point of sale location, after the same operation as described above, the manager can see on the display module 600 connected to the cloud end device 500 that the sports shoes numbered 9001 to 10000 are currently stored in the warehouse, the sports shoes numbered 1 to 5000 have been stored in the first sales site at 11 am, the sports shoes numbered 5001 to 8000 have been stored in the second sales site at 11 am for 30 minutes, and the sports shoes numbered 8001 to 9000 have been stored in the third sales site at 12 am, the manager can also query product messages through the cloud device 500, such as the size messages of the sports shoes numbered 8001 to 9000.
Finally, please refer to fig. 11, which is a schematic diagram illustrating a sales management of the product logistics management system of the internet of things according to the second embodiment of the present invention. As shown in FIG. 11, after the customer has determined the product to be purchased (e.g., athletic shoe number 999), the attendant will carry product 10 to the counter for checkout. At this time, the salesperson will take the electronic tag 12 on the product 10 to a read-write device 71 (for example, the number is CS0100) disposed on the counter, wherein the read-write device 71 disposed on the counter has a demagnetization module 170 in addition to the same structure as a general read-write device; after the customer is confirmed to have finished paying, the counter informs the read-write device 71 to send out the message that the sports shoe with the number 999 has been sold, and since the messages such as the number of the read-write device 71 configured on the counter, the name or the number of the point of sale and the coordinates (including latitude and longitude) of the position where the name or the number is located are stored in the cloud device, after the message that the product sale is finished is sent out by the read-write device 71 configured on the counter, the message that the sports shoe with the number 999 originally stored at the first point of sale has been sold is displayed on the display module 600 through the receiving/transmitting interface module 510 after being processed by the data processing module 520 of the cloud device 500. Therefore, through the same operation of the system, the manager can see the sold information of the sports shoes with the number 999 stored at the first point of sale on the display module 600 connected to the cloud device 500. Similarly, after the read/write device (not shown) at the second point of sale sends out the message that the sneaker at the number 5999 has been sold and the read/write device (not shown) at the third point of sale sends out the message that the sneaker at the number 8999 has been sold, the message that the sneaker at the first point of sale has been sold, the message that the sneaker at the number 5999 at the second point of sale has been sold and the message that the sneaker at the number 8999 at the third point of sale has been sold are displayed on the display module 600 through the receiving/transmitting interface module 510 after being processed by the data processing module 520 of the cloud end device 500; the sales information is finally displayed on the display module 600, and the display result of the sales information is shown in fig. 12, which is a schematic diagram of the administrator information display in the present invention.
In addition, when the electronic tag provided on the product 10 uses RFID, the RFID can be recycled; of course, other types of electronic tags 12 may be used, including NFC, ID stamp, or ID sticker, for example. The frequencies of the electronic tag 12 and each antenna 120/220/320 in the system are matched.
After the above detailed description of the first embodiment and the second embodiment, the present invention can be further combined to form a complete article warehousing, logistics and sales management system, and therefore, the detailed description is omitted.
Although the present invention has been described with reference to the above preferred embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention.

Claims (10)

1. A connection architecture of an Internet of things, comprising:
a client device having a wireless communication function and having a MAC Address;
the proxy server device is a floating IP which changes at any time, and is provided with a website, an account and a password so as to form pairing with the client device, and the paired client device can only communicate with the paired proxy server device and can communicate with the cloud device through an MQTT communication standard; and
the cloud device at least comprises a receiving/transmitting interface module, a data processing module and a memory module, the cloud device is communicated with the client device and the proxy server device through the receiving/transmitting interface module, wherein,
after the cloud device receives the request of the client device, the data processing module executes comparison and verification, and confirms that the MAC Address of the client device is stored in the memory module of the cloud device, the client device obtains the website, the account and the password of the proxy servo device from the cloud device through https, the client device is connected with the proxy servo device according to the received website, the account and the password, and the proxy servo device directly transmits a message from the client device without any processing with the cloud device through the MQTT communication standard so as to transmit the message on the client device to the cloud device.
2. A connection architecture of an Internet of things, comprising:
the system comprises a plurality of client devices, a server and a server, wherein each client device is a device with a wireless communication function and is provided with an MAC Address;
each agent servo device is provided with a floating IP which changes at any time, has a website, an account and a password to form pairing with each client device, and the paired client devices can only communicate with the paired agent servo devices and can communicate with a cloud device through an MQTT communication standard; and
the cloud device at least comprises a receiving/transmitting interface module, a data processing module and a memory module, the cloud device is communicated with each client device and each proxy server device through the receiving/transmitting interface module, wherein,
after the cloud device receives the request of each client device, the data processing module executes comparison and verification, and confirms that the MAC Address of each client device is stored in the memory module of the cloud device, each client device obtains the website, the account and the password of each proxy server device from the cloud device through https, the client device is connected with each proxy server device according to the received website, the account and the password, and each proxy server device directly transmits a message from each client device without any processing with the cloud device through the MQTT communication standard so as to transmit the message on each client device to the cloud device.
3. The internet-of-things connection architecture as claimed in claim 1 or 2, wherein the cloud device is capable of selecting to obtain the website and the password of the proxy server device in a split manner when providing the website and the password to the client device in the internet of things.
4. The internet of things connection architecture as claimed in claim 1 or 2, wherein the data processing module performs comparison and verification to generate a client identification code when the MAC Address of each of the client devices is confirmed to be stored in the memory module of the cloud device.
5. The internet of things connection architecture of claim 1 or 2, wherein the cloud device generates a key for a specific client upon confirming that the MAC Address of each of the client devices is stored in the memory module of the cloud device.
6. The internet of things connection architecture of claim 5, wherein the key is an RSM asymmetric key.
7. The internet of things connection architecture of claim 5, wherein the key is a symmetric key.
8. The internet-of-things connection architecture of claim 7, wherein the cloud device further sets a variable time and transmits the variable time to the client device when the pair key is the symmetric key.
9. The internet of things connection architecture of claim 8, wherein the varying time is periodic or a random variable.
10. The internet-of-things connection architecture of claim 8, wherein the client device checks whether the aging of the varied time has expired when the client device makes a connection to the proxy server device.
CN202110385342.XA 2015-06-05 2015-06-05 Internet of things connection framework Active CN113411293B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110385342.XA CN113411293B (en) 2015-06-05 2015-06-05 Internet of things connection framework

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510307290.9A CN106254400B (en) 2015-06-05 2015-06-05 Internet of things connection framework
CN202110385342.XA CN113411293B (en) 2015-06-05 2015-06-05 Internet of things connection framework

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201510307290.9A Division CN106254400B (en) 2015-06-05 2015-06-05 Internet of things connection framework

Publications (2)

Publication Number Publication Date
CN113411293A true CN113411293A (en) 2021-09-17
CN113411293B CN113411293B (en) 2022-09-13

Family

ID=57626339

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110385342.XA Active CN113411293B (en) 2015-06-05 2015-06-05 Internet of things connection framework
CN201510307290.9A Active CN106254400B (en) 2015-06-05 2015-06-05 Internet of things connection framework

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201510307290.9A Active CN106254400B (en) 2015-06-05 2015-06-05 Internet of things connection framework

Country Status (1)

Country Link
CN (2) CN113411293B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106487753B (en) * 2015-08-27 2019-11-22 冠研(上海)专利技术有限公司 The production record management system of Internet of Things
CN106487838B (en) * 2015-08-27 2019-12-24 冠研(上海)专利技术有限公司 System for establishing product production record by using Internet of things

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067086A1 (en) * 2011-03-11 2013-03-14 Qualcomm Incorporated System and method using a web proxy-server to access a device having an assigned network address
CN103179210A (en) * 2013-03-26 2013-06-26 太原罗克佳华工业有限公司 Internet of Things cloud access method and system based on Web Service
CN103873477A (en) * 2014-03-27 2014-06-18 江苏物联网研究发展中心 Access authentication method based on two-dimension code and asymmetric encryption in agricultural material Internet of Things
CN103944890A (en) * 2014-04-08 2014-07-23 山东乾云启创信息科技有限公司 Virtual interaction system and method based on client/server mode
US20140266613A1 (en) * 2013-03-13 2014-09-18 Mark Sehmer Radio frequency identification system
US20150026343A1 (en) * 2013-07-22 2015-01-22 International Business Machines Corporation Cloud-connectable middleware appliance
CN104601665A (en) * 2014-12-22 2015-05-06 西安电子科技大学 System and method for real-time cloud simulation on Internet of things sensing device
CN104639625A (en) * 2015-01-27 2015-05-20 华南理工大学 Data concentrator acquisition control method based on MQTT (Message Queuing Telemetry Transport), data concentrator acquisition control device based on MQTT and data concentrator acquisition control system based on MQTT

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841537B (en) * 2010-04-13 2013-01-16 北京时代亿信科技有限公司 Method and system for realizing file sharing access control based on protocol proxy
CN104079608A (en) * 2013-03-29 2014-10-01 株式会社日立制作所 Proxy module equipment for Internet of things and method thereof
US10185934B2 (en) * 2013-07-09 2019-01-22 Qualcomm Incorporated Real-time context aware recommendation engine based on a user internet of things environment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067086A1 (en) * 2011-03-11 2013-03-14 Qualcomm Incorporated System and method using a web proxy-server to access a device having an assigned network address
US20140266613A1 (en) * 2013-03-13 2014-09-18 Mark Sehmer Radio frequency identification system
CN103179210A (en) * 2013-03-26 2013-06-26 太原罗克佳华工业有限公司 Internet of Things cloud access method and system based on Web Service
US20150026343A1 (en) * 2013-07-22 2015-01-22 International Business Machines Corporation Cloud-connectable middleware appliance
CN103873477A (en) * 2014-03-27 2014-06-18 江苏物联网研究发展中心 Access authentication method based on two-dimension code and asymmetric encryption in agricultural material Internet of Things
CN103944890A (en) * 2014-04-08 2014-07-23 山东乾云启创信息科技有限公司 Virtual interaction system and method based on client/server mode
CN104601665A (en) * 2014-12-22 2015-05-06 西安电子科技大学 System and method for real-time cloud simulation on Internet of things sensing device
CN104639625A (en) * 2015-01-27 2015-05-20 华南理工大学 Data concentrator acquisition control method based on MQTT (Message Queuing Telemetry Transport), data concentrator acquisition control device based on MQTT and data concentrator acquisition control system based on MQTT

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姜妮等: "基于MQTT物联网消息推送系统", 《网络新媒体技术》 *

Also Published As

Publication number Publication date
CN106254400A (en) 2016-12-21
CN106254400B (en) 2021-03-09
CN113411293B (en) 2022-09-13

Similar Documents

Publication Publication Date Title
US11113699B2 (en) Open registry for identity of things
US11107088B2 (en) Open registry for internet of things
US9256881B2 (en) Authenticating and managing item ownership and authenticity
CN105007303B (en) Internet of Things connection method
US20160358187A1 (en) Open registry for identity of things including social record feature
US20060167811A1 (en) Product locker for multi-merchant purchasing environment for downloadable products
WO2016192535A1 (en) Product logistics management system for internet-of-things
US20170270217A1 (en) ID Tag Authentication System and Method
US20110218872A1 (en) System and Method for Remote Management of Sale Transaction Data
US11489679B2 (en) Methods and systems for submission and validating decentralized verifiable claims in a physical world
US20060167812A1 (en) Communication mechanisms for multi-merchant purchasing environment for downloadable products
US20150278789A1 (en) System and method for remote management of sale transaction data
US20200067709A1 (en) Methods, apparatuses, and computer program products for frictionlesscustody chain management
TWM522426U (en) Products management system for internet of things
US20220156753A1 (en) End-to-End Product Authentication Technique
CN106254400B (en) Internet of things connection framework
US10735304B2 (en) System and method for remote management of sale transaction data
WO2016192537A1 (en) System for establishing product authenticity identification data module by using internet of things
JP6667115B2 (en) Non-contact communication device, non-contact communication method, program, and non-contact communication system
US11854020B2 (en) Multi-dimensional approach to anti-counterfeiting across different industries
TWM522425U (en) IOT connected architecture
CN106487838B (en) System for establishing product production record by using Internet of things
CN106487753B (en) The production record management system of Internet of Things
KR20210071235A (en) method of managing stock of goods based on barcode recognition
TWM526243U (en) Things build products using the history of architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230511

Address after: No. 28, Lane 15, Lane 194, Datong Road, Longxing Lane 5, Longtan District, Taoyuan City, Taiwan, China, China

Patentee after: Li Haobai

Address before: Room 219, hall 53, Industrial Research Institute, No. 195, section 4, Zhongxing Road, Zhudong Town, Hsinchu County, Taiwan, China

Patentee before: GAINIA INTELLECTUAL ASSET SERVICES, Inc.

TR01 Transfer of patent right