CN114257406B

CN114257406B - Equipment communication method and device based on identification algorithm and computer equipment

Info

Publication number: CN114257406B
Application number: CN202111363380.1A
Authority: CN
Inventors: 吴金宇; 陶文伟; 曹扬; 胡荣; 周鹏; 张喜铭
Original assignee: China Southern Power Grid Co Ltd
Current assignee: China Southern Power Grid Co Ltd
Filing date: 2021-11-17
Publication date: 2024-07-02
Anticipated expiration: 2041-11-17

Abstract

The application relates to a device communication method, a device, a computer device and a storage medium based on an identification algorithm. After the authentication server and the authentication Internet of things equipment are activated, the authentication server sends the first identifier of the authentication Internet of things equipment and a corresponding transmission rule generated according to the first identifier to the authentication Internet of things equipment, so that the authentication Internet of things equipment obtains a second identifier corresponding to the authentication server according to an access information license corresponding to the first identifier and the transmission rule, and the authentication server can obtain the second identifier and communicate with the authentication Internet of things equipment according to the first identifier, the second identifier and the transmission rule. Compared with the traditional mode of simply connecting the Internet of things equipment with the server, the method and the device have the advantages that corresponding identification information is respectively set for the authentication server and the authentication Internet of things equipment, and correct corresponding relation of equipment at two ends of communication is guaranteed through communication based on identification, so that safety of equipment communication is improved.

Description

Equipment communication method and device based on identification algorithm and computer equipment

Technical Field

The present application relates to the field of network security technologies, and in particular, to a device communication method, device, computer device, and storage medium based on an identification algorithm.

Background

With the increasing heat of the concept of the internet of things, a large number of connection devices developed based on the internet of things appear on the market: internet of things systems applied industrially from various industries such as electric power, gas and the like; to household safety cameras, cardiac pacemakers and other safety and sanitary equipment closely related to life of people; to wearable devices such as fitness trackers, smart watches and the like which are closely related to the health of people. However, at present, the internet of things equipment and a server are generally in a simple connection relationship, so that a large number of holes exist in the equipment accessed to the internet, and the equipment is easy to control.

Therefore, the communication mode of the internet of things equipment has the defect of low safety at present.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a device communication method, apparatus, computer device, and storage medium based on an identification algorithm, which can improve the communication security of the internet of things device.

A device communication method based on an identification algorithm, applied to an authentication server, the method comprising:

Detecting authentication server activation information, acquiring a first identifier corresponding to authentication Internet of things equipment and sending the first identifier to the authentication Internet of things equipment; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier;

Generating a corresponding transmission rule according to the first identifier and sending the transmission rule to the authentication Internet of things equipment; the authentication Internet of things device is used for acquiring a second identifier corresponding to the authentication server according to the transmission rule and the access information license;

and acquiring the second identifier, and communicating with the authentication Internet of things device according to the first identifier, the second identifier and the transmission rule.

In one embodiment, before the authentication server activation information is detected, the method further includes:

Server authentication information corresponding to a server to be authenticated is sent to an authentication platform; and the authentication platform is used for inquiring whether an access information license corresponding to the server authentication information exists in the license database according to the server authentication information, if so, determining that the server to be authenticated is an authentication server, and sending an activation instruction to the authentication server.

In one embodiment, the communicating with the authentication internet of things device according to the first identifier, the second identifier and the transmission rule includes:

Acquiring password information sent by the authentication Internet of things device based on the second identifier and the transmission rule;

and connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information so as to access information in the authentication physical network equipment.

An equipment communication method based on an identification algorithm is applied to authenticating equipment of the internet of things, and the method comprises the following steps:

Detecting authentication internet of things equipment activation information, and acquiring a first identifier corresponding to the authentication internet of things equipment and a transmission rule corresponding to the first identifier, which are sent by an authentication server;

Inquiring a license database according to the first identifier to acquire a corresponding access information license;

And acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule.

In one embodiment, the communicating with the authentication server based on the second identification, the first identification, and the transmission rule includes:

Generating password information through a dynamic random number generator, and transmitting the password information to the authentication server based on the second identifier and the transmission rule; the authentication server is used for connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information.

In one embodiment, the authentication server stores a plurality of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

after the communication with the authentication server based on the second identifier, the first identifier and the transmission rule, the method further comprises:

Inquiring service object information in the authentication server, and if the service object information is detected to change, sending the change information of the service object information to a topology information encryption node in the identity authentication equipment; and encrypting and storing the change information through the topology information encryption node.

A device communication system based on an identification algorithm, the system comprising: an authentication server and an authentication Internet of things device;

The authentication server is used for detecting authentication server activation information, acquiring a first identifier corresponding to the authentication Internet of things equipment, sending the first identifier to the authentication Internet of things equipment, generating a corresponding transmission rule according to the first identifier, and sending the transmission rule to the authentication Internet of things equipment;

The authentication internet of things device is used for detecting authentication internet of things device activation information and acquiring a first identifier corresponding to the authentication internet of things device and a transmission rule corresponding to the first identifier, which are sent by an authentication server; inquiring a license database according to the first identifier, and acquiring a corresponding obtained access information license; acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule;

The authentication server is configured to obtain the second identifier, and communicate with the authentication internet of things device according to the first identifier, the second identifier, and the transmission rule.

A device communication apparatus based on an identification algorithm, applied to an authentication server, the apparatus comprising:

The first sending module is used for detecting the activation information of the authentication server, obtaining a first identifier corresponding to the authentication Internet of things equipment and sending the first identifier to the authentication Internet of things equipment; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier;

The second sending module is used for generating a corresponding transmission rule according to the first identifier and sending the transmission rule to the authentication Internet of things equipment; the authentication Internet of things device is used for acquiring a second identifier corresponding to the authentication server according to the transmission rule and the access information license;

the first communication module is used for acquiring the second identifier and communicating with the authentication Internet of things device according to the first identifier, the second identifier and the transmission rule.

An identification algorithm-based device communication apparatus applied to authenticating an internet of things device, the apparatus comprising:

the first acquisition module is used for detecting the activation information of the authentication Internet of things equipment and acquiring a first identifier corresponding to the authentication Internet of things equipment and a transmission rule corresponding to the first identifier, which are sent by the authentication server;

The second acquisition module is used for inquiring the license database according to the first identification and acquiring a corresponding access information license;

and the second communication module is used for acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule.

A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.

A computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method described above.

According to the device communication method, the device, the computer device and the storage medium based on the identification algorithm, after the authentication server and the authentication Internet of things device are activated, the authentication server is used for sending the first identification of the authentication Internet of things device and generating the corresponding transmission rule according to the first identification to the authentication Internet of things device, so that the authentication Internet of things device obtains the second identification corresponding to the authentication server according to the access information license corresponding to the first identification and the transmission rule, and the authentication server can obtain the second identification and communicate with the authentication Internet of things device according to the first identification, the second identification and the transmission rule. Compared with the traditional mode of simply connecting the Internet of things equipment with the server, the method and the device have the advantages that corresponding identification information is respectively set for the authentication server and the authentication Internet of things equipment, and correct corresponding relation of equipment at two ends of communication is guaranteed through communication based on identification, so that safety of equipment communication is improved.

Drawings

FIG. 1 is an application environment diagram of a device communication method based on an identification algorithm in one embodiment;

FIG. 2 is a flow diagram of a method of device communication based on an identification algorithm in one embodiment;

FIG. 3 is a flow chart of a method of device communication based on an identification algorithm in another embodiment;

FIG. 4 is a flow chart of a method of device communication based on an identification algorithm in yet another embodiment;

FIG. 5 is a block diagram of an apparatus communication device based on an identification algorithm in one embodiment;

FIG. 6 is a block diagram of an apparatus communication device based on an identification algorithm in yet another embodiment;

fig. 7 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

The device communication method based on the identification algorithm provided by the application can be applied to an application environment shown in figure 1. Wherein the authentication internet of things device 102 communicates with the authentication server 104 over a network. When activated, the authentication server 104 may obtain a first identifier corresponding to the authentication internet of things device 102 and send the first identifier to the authentication internet of things device 102, so that the authentication internet of things device 102 may obtain an access information license corresponding to the first identifier, the authentication server 104 may generate a corresponding transmission rule based on the first identifier and send the transmission rule to the authentication internet of things device 102, so that the authentication internet of things device 102 may obtain a second identifier corresponding to the authentication server 104 based on the transmission rule and the access information license, and the authentication server 104 may obtain the second identifier and communicate with the authentication internet of things device 102 according to the first identifier, the second identifier and the transmission rule. The authentication internet of things device 102 may be, but not limited to, various intelligent devices such as personal computers, notebook computers, smart phones, smart home devices, smart wearable devices, etc., and the authentication server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.

In one embodiment, as shown in fig. 2, there is provided a device communication method based on an identification algorithm, which is described by taking an authentication server in fig. 1 as an example, and includes the following steps:

Step S202, detecting authentication server activation information, acquiring a first identifier corresponding to an authentication Internet of things device and sending the first identifier to the authentication Internet of things device; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier.

The authentication server 104 may be a server that has passed authentication and is activated, and the authentication internet of things device 102 may be an internet of things device that has passed authentication and is activated, that is, the authentication server 104 and the authentication internet of things device 102 may both perform authentication in advance and be activated after passing authentication. When the authentication server 104 detects the authentication server activation information, the authentication server 104 may start and acquire a first identifier corresponding to the authentication internet of things device 102, and send the first identifier to the authentication internet of things device 102, so that the authentication internet of things device 102 may query with the first identifier to obtain a corresponding access information license after receiving the first identifier. The first identifier may be identifier information, and the access information license may be object information which corresponds to the first identifier and allows access. For example, authentication server 104 may send an identifier located at authentication internet of things device 102 to the service portal, and authentication internet of things device 102 may retrieve an access information license associated with the first identification from the license database in response to receiving the identifier.

Step S204, corresponding transmission rules are generated according to the first identification and sent to the authentication Internet of things equipment; the authentication Internet of things device is used for acquiring a second identifier corresponding to the authentication server according to the transmission rule and the access information license.

The first identifier may be identifier information corresponding to the authentication internet of things device 102, and the authentication server 104 may generate a corresponding transmission rule according to the first identifier, and may also send the transmission rule to the authentication internet of things device 102, so that the authentication internet of things device 102 may obtain the second identifier corresponding to the authentication server 104 according to the received transmission rule and the access information license obtained by the query. The second identifier may be an identifier corresponding to the authentication server 104, and the transmission rule may be a transmission security rule, including a network protocol, etc. The authentication internet of things device 102 may obtain the second identification based on the network protocol in the transmission rule. For example, the authentication server 104 may perform configuration of the transmission security rule, and send the transmission rule obtained by the configuration to the authentication internet of things device 102 for execution, and the authentication internet of things device 102 may perform connection deduction based on a preset network protocol to obtain the identification number of the authentication server 104, that is, the second identification.

Step S206, the second identifier is obtained, and communication is carried out with the authentication Internet of things equipment according to the first identifier, the second identifier and the transmission rule.

The authentication server 104 may obtain the second identifier of the authentication internet of things device 102, and may also communicate with the authentication internet of things device 102 according to the first identifier, the second identifier, and the generated transmission rule. The first identifier may be an identifier pointing to the authentication internet of things device 102, so that the authentication server 104 may determine a sending target of information, and the second identifier may be an identifier corresponding to the authentication server 104, so that the authentication internet of things device 102 may determine a sending target of information, and the authentication server 104 and the authentication internet of things device 102 may discover each other through the first identifier and the second identifier, so that the authentication internet of things device 102 and the authentication server 104 may communicate through the transmission rule.

The second identifier may be obtained by the authentication server 104 by sending a request to authenticate the internet of things device 102. For example, the server receives the message carrying the network protocol sent by the authentication internet of things device 102, and the authentication server 104 may also send a request for obtaining the server identifier corresponding to the internet of things terminal, where the internet of things terminal stores the identifier of the server, and the authentication internet of things device 102 may send the identifier of the server to the authentication server 104 in response to the request.

According to the equipment communication method based on the identification algorithm, after the authentication server and the authentication Internet of things equipment are activated, the authentication server is used for sending the first identification of the authentication Internet of things equipment and the corresponding transmission rule generated according to the first identification to the authentication Internet of things equipment, so that the authentication Internet of things equipment obtains the second identification corresponding to the authentication server according to the access information license corresponding to the first identification and the transmission rule, and the authentication server can obtain the second identification and communicate with the authentication Internet of things equipment according to the first identification, the second identification and the transmission rule. Compared with the traditional mode of simply connecting the Internet of things equipment with the server, the method and the device have the advantages that corresponding identification information is respectively set for the authentication server and the authentication Internet of things equipment, and correct corresponding relation of equipment at two ends of communication is guaranteed through communication based on identification, so that safety of equipment communication is improved.

In one embodiment, before detecting the authentication server activation information, further comprising: server authentication information corresponding to a server to be authenticated is sent to an authentication platform; the authentication platform is used for inquiring whether an access information license corresponding to the server authentication information exists in the license database according to the server authentication information, if so, determining that the server to be authenticated is an authentication server, and sending an activation instruction to the authentication server.

In this embodiment, the authentication server 104 and the authentication internet of things device 102 may be devices that are activated after authentication. The authentication server 104 and the authentication internet of things device 102 described above may authenticate and activate in an authentication platform. The authentication platform may be provided with a license database, where access information licenses of the server and 104 and the authentication internet of things device 102 are stored. The authentication server 104 may send server authentication information corresponding to the server to be authenticated to the authentication platform, for example, may be information representing the identity of the authentication server 104, and the authentication platform may query whether an access information license corresponding to the server authentication information exists in the license database according to the server authentication information sent by the authentication server 104, if not, it is indicated that the authentication server 104 does not pass the authentication; if so, the server to be authenticated may be used as the authentication server, and after the authentication server 104 passes the authentication, the authentication platform may activate the authentication server 104. The authentication internet of things device 102 and the authentication server 104 need to be authenticated in the authentication platform before being started. For example, the authentication internet of things device 102 and the authentication server 104 respectively complete authentication of the server side and authentication of the internet of things terminal on the authentication platform, and after the authentication is completed, system activation of the server side and system activation of the internet of things terminal are realized, that is, the authentication internet of things device 102 may also send internet of things device authentication information of the internet of things device to be authenticated to the authentication platform, for example, may be information representing identity of the authentication internet of things device 102, the authentication platform may query whether an access information license corresponding to the internet of things device authentication information exists in the license database according to the internet of things device authentication information of the internet of things device to be authenticated, and if not, it is indicated that the authentication internet of things device 102 does not pass the authentication; if so, the to-be-authenticated internet of things device can be used as the authenticated internet of things device, and after the authenticated internet of things device 102 passes the authentication, the authentication platform can activate the authenticated internet of things device 102.

In addition, after the authentication of the internet of things device 102 and the authentication server 104 are all authenticated and started, in the actual operation process, mutual identity authentication can be performed between the authentication of the internet of things device 102 and the authentication server 104. For example, in some embodiments, for a server side and an internet of things terminal that complete authentication and activation, identity authentication of the internet of things terminal by the server side may be performed; the terminal of the Internet of things can also carry out identity authentication on a server side which completes identity authentication with the terminal of the Internet of things.

Through the above embodiment, the authentication server 104 and the authentication internet of things device 102 are put into use after being authenticated by the authentication platform, so that the operation safety of the authentication server 104 and the authentication internet of things device 102 is ensured.

In one embodiment, communicating with an authenticated internet of things device according to a first identity, a second identity, and a transmission rule, comprises: acquiring password information sent by the authentication Internet of things equipment based on the second identifier and the transmission rule; and connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information so as to access the information in the authentication physical network equipment.

In this embodiment, the authentication server 104 may communicate with the authentication internet of things device 102 through the first identifier, the second identifier, and the transmission rule, and the communication may be an encrypted communication. The authentication server 104 may obtain the password information sent by the authentication internet of things device 102 based on the second identifier and the transmission rule, and the authentication server 104 may connect to the authentication internet of things device 102 according to the first identifier and the transmission rule, and log in the authentication internet of things device 102 through the password information, so that the authentication server 104 may access the information in the authentication internet of things device 102. The authentication internet of things device 102 may be provided with a corresponding dynamic random number generator, and the authentication internet of things device 102 may generate the password information based on the dynamic random number generator and send the password information to the authentication server 104. For example, when the internet of things device 102 and the authentication server 104 are authenticated to establish a communication link, the internet of things terminal generates a random password through a dedicated encryption chip and sends the random password to the server, and the authentication server 104 may log in the internet of things terminal by using the identifier information and the random password after the server is successfully corresponding to the corresponding relationship according to the configuration corresponding relationship of the transmission security rule.

Through the embodiment, the authentication server 104 can establish a communication link with the authentication internet of things device 102 based on the identification information and the transmission rule, and log in and access information in the authentication internet of things device 102 through the password information generated by the authentication internet of things device 102, so that the security of the communication between devices is improved.

In one embodiment, as shown in fig. 3, a device communication method based on an identification algorithm is provided, and the method is applied to the authenticated internet of things device in fig. 1 for illustration, and includes the following steps:

Step S302, the activation information of the authentication Internet of things equipment is detected, and a first identifier corresponding to the authentication Internet of things equipment and a transmission rule corresponding to the first identifier are obtained, wherein the first identifier is sent by an authentication server.

The authentication of the internet of things device 102 may be performed by the authentication platform, where the authentication of the internet of things device 102 may be performed by the device activated after authentication. The authentication server 104 may be a server activated after authentication, and after the authentication server 104 is activated and operated, the first identifier corresponding to the authentication internet of things device 102 and a transmission rule corresponding to the first identifier may be sent to the authentication internet of things device 102. So that the authentication internet of things device 102 can respond to the first identification sent by the authentication server 104 and the transmission rule.

Step S304, inquiring a license database according to the first identification, and acquiring a corresponding access information license.

The first identifier may be identifier information corresponding to the authentication of the internet of things device 102, which is sent by the authentication server 104. The authentication internet of things device 102 may query the license database with the first identifier to obtain the access information license corresponding to the first identifier. For example, the authentication internet of things device 102 may send a query instruction that the instruction information includes the first identifier to the above-described authentication platform, so that an access information license corresponding to the first identifier stored in the license database may be obtained.

Step S306, a second identifier corresponding to the authentication server is obtained according to the access information license and the transmission rule, and communication is carried out with the authentication server based on the second identifier, the first identifier and the transmission rule.

The authentication internet of things device 102 may obtain the second identifier corresponding to the authentication server 104 according to the access information license obtained by the query and the received transmission rule, and then the authentication internet of things device 102 may determine the communication object based on the second identifier, and communicate with the authentication server 104 based on the second identifier, the first identifier and the transmission rule. For example, the transmission rule may include a corresponding network protocol, and the authentication internet of things device 102 may derive the server identifier by performing connection derivation based on the preset network protocol, so as to obtain the second identifier, so that the server and the internet of things terminal may discover and communicate with each other.

In one embodiment, communicating with an authentication server based on a second identification, a first identification, and a transmission rule includes: generating password information through a dynamic random number generator, and transmitting the password information to an authentication server based on the second identifier and a transmission rule; the authentication server is used for connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information.

In this embodiment, a dynamic random number generator may be disposed in the authentication internet of things device 102, the authentication internet of things device 102 may generate password information through the dynamic random number generator, determine a sending object according to the second identifier, send the generated password information to an authentication server based on a transmission rule, so that the server 104 may determine that the transmitted information is sent from the authentication internet of things device 102 according to the first identifier, connect to the authentication internet of things device 102 through the transmission rule, log in the authentication internet of things device 102 through the received password information, and thereby realize access of the authentication server 104 to the information in the authentication internet of things device 102. The dynamic random number generator in the authentication internet of things device 102 may perform call triggering according to actual needs. For example, the authentication internet of things device 102 may be further provided with a user device, an identity authentication server, and an identity authentication token; the authentication token is a mobile communication terminal with an internet of things interface, each terminal in the internet of things terminal adopts a point-to-point and many-to-many communication mode, the authentication internet of things device 102 can trigger a dynamic random number generator to generate a random key according to the use requirement time as the password information, and when the authentication internet of things device 102 establishes a communication link with the authentication server 104, the internet of things terminal can also generate a random password in a special encryption chip in the authentication internet of things device 102 by using the dynamic random number generator and send the random password to the server. The special encryption chip can be used for protecting the secret key, the special encryption chip can be replaced by virtual equipment to store the secret key, the processing logic of the virtual equipment for encrypting and protecting the secret key by the analog encryption chip is realized in a software mode, and the secret key is protected by combining a symmetric encryption algorithm and a secret key dispersing algorithm, so that the secret key can be used across multiple platforms.

The identifiers such as the first identifier, the second identifier and the random key are keys for verifying identities of the server side and the terminal of the Internet of things, the identifiers and the random key are stored in a special encryption chip, and the identifiers and the random key are respectively protected by combining an identification algorithm and a key dispersion algorithm. It should be noted that, in the actual use scenario, even if the user name and the password are stolen, because of the uniqueness of the identifier, related devices, such as the authentication server 104 and the authentication internet of things device 102, do not execute any other operation instructions and have no operability, besides the instruction after the cloud passes the identity authentication, so that the system is very safe and reliable in the whole internet of things system.

Through the embodiment, the authentication internet of things device 102 and the authentication server 104 can communicate based on the identifier information and the password information, so that the security of communication between the devices is improved. Moreover, the generation of the password information adopts a light key system, is simple and efficient, and can support hundreds of millions of users. By adopting the identification identity authentication of the CA center, the man-in-the-middle attack can be prevented, and only the user authenticated by the identification key is allowed to access the resources with corresponding rights. The terminal data of the Internet of things realize full-secret state through a professional encryption chip in network transmission and storage, and even if the network is attacked or the data is copied away, only messy codes are seen; and the key exchange is independent of the CA center, so that off-line exchange is realized. The key is fully encrypted in transmission and storage, and when information is changed, the session key can be refreshed in real time, so that the construction cost of the CA center is saved. After the identifier and the server end identification number are adopted in the whole Internet of things system, all links (between the intelligent terminal fulcrum, the cloud end and the user end) are accessed and authenticated by the respective identifiers after the information license is accessed, so that the trusted links and safe login are ensured, all interactive instructions, messages and the like are end-to-end secret interaction, only the corresponding receiving terminal can be applied after decryption through the key certificate, and the secret interaction environment of the whole Internet is constructed without fear of robbing.

In one embodiment, after communicating with the authentication server based on the second identification, the first identification, and the transmission rule, the method further comprises: inquiring service object information in an authentication server, and if the service object information is detected to change, sending the change information of the service object information to a topology information encryption node in identity authentication equipment; the change information is encrypted and stored by the topology information encryption node.

In this embodiment, the authentication server 104 further stores a plurality of service object information, and the authentication internet of things device 102 may be further provided with an identity authentication device, for example, the identity authentication server described above. When the security state verification of the server side on the identity authentication of the internet of things terminal is passed, the internet of things terminal can analyze the service object information of the server side from the background data; the service object responds to the inquiry instruction of the terminal of the Internet of things. The authentication internet of things device 102 may also identify the change information of the service object, the authentication internet of things device 102 may query the service object information in the authentication server 104, and if the change of the service object information is detected, the authentication internet of things device 102 may send the change information of the service object to a topology information encryption node in the identity authentication device, and encrypt the change information through the topology information encryption node and store the encrypted change information. For example, the authentication internet of things device 102 may query the service object for information through the query instruction, and when the information is changed, send the change information of the service object to the topology information encryption node of the identity authentication server, so that the identity authentication server receives the change information, encrypts the change information by using a data encryption key obtained by the topology information encryption node for the change information, encrypts the change information by using the data encryption key, and sends the encrypted change information to the internet of things terminal.

In addition, in some embodiments, the authentication internet of things device 102 can also deal with physical layer attacks at the same time, based on cloud access and access initiative characteristics of the internet of things, each server end can reserve access ports, once the normal access ports of the internet of things terminals are attacked by the physical layer and cause blocking and other phenomena, the standby access ports are started while the attacks are dealt with, all intelligent terminals access to the standby access ports through end-to-end secret state interaction instructions issued to the whole internet of things terminals and all fulcrums, so that the internet of things terminals can be disconnected from the physical layer attacks in a short time, and normal work can be quickly recovered in the existing protection of increasing the computing capacity.

Through the embodiment, the authentication internet of things device 102 can perform information query on the service object and update the changed content in time when the information is changed, so that the safety of communication between devices is improved. Moreover, when the change information is detected, the Internet of things terminal can immediately deduce the change of the current environment without depending on the geographic coordinate mapping relation of any server side, and the characteristics are obviously different from the information service method of the prior mobile terminal and server in a simple request and response mode based on a geographic information system. And after the whole Internet of things system adopts an identification algorithm information processing system, all access change information can realize trusted linking and interactive operation after passing identification identity authentication, thereby avoiding attacks such as DDOS and the like on various application layers due to various fake logins.

In one embodiment, as shown in fig. 4, fig. 4 is a schematic flow chart of a device communication method based on an identification algorithm in yet another embodiment. The method comprises the following steps:

Step S1, storing an access information license of the authentication server 104 and the authentication Internet of things device 102 in a license database of the authentication platform;

Step S2, authentication of the authentication server 104 and authentication of the authentication Internet of things device 102 are respectively completed on the authentication platform, and system activation of the authentication server 104 and system activation of the authentication Internet of things device 102 are realized after authentication is completed;

step S3, the authentication server 104 sends an identifier located at the authenticated internet of things device 102 to the service portal;

step S4, in response to the received identifier, authenticating the internet of things device 102, retrieving from the license database an access information license related to the identifier;

Step S5, the authentication server 104 performs configuration of transmission security rules and sends the configuration to the authentication Internet of things device 102 for execution;

In step S6, the authentication internet of things device 102 derives the identification number of the authentication server 104 based on the preset network protocol, and the authentication server 104 and the authentication internet of things device 102 may discover each other and communicate with each other. When the communication link is established by the mutual communication, the terminal of the Internet of things generates a random password through the special encryption chip and sends the random password to the server side.

Through the embodiment, the corresponding identification information is respectively set for the authentication server and the authentication Internet of things equipment, and the correct corresponding relation of the equipment at the two ends of communication is ensured through the communication based on the identification, so that the safety of equipment communication is improved. And the server side derives the relation between the state of the terminal of the Internet of things and the environment state of the terminal of the Internet of things based on the transmission security rule and the network protocol, so that the content and the mode of the service provided by the server side can be flexibly changed, and the rule for dynamically connecting the communication link to the user can be flexibly changed without changing the application program. Authentication and key exchange realize off-line, reduce dependence on server performance, and reduce system construction cost. The system has low structural complexity, is not easy to fail, and has low upgrading and maintenance costs.

It should be understood that, although the steps in the flowcharts of fig. 2-4 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps of fig. 2-4 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily occur sequentially, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.

In one embodiment, there is provided a device communication system based on an identification algorithm, comprising: an authentication server and an authentication Internet of things device;

The authentication server is used for detecting the activation information of the authentication server, acquiring a first identifier corresponding to the authentication Internet of things equipment and sending the first identifier to the authentication Internet of things equipment, generating a corresponding transmission rule according to the first identifier and sending the transmission rule to the authentication Internet of things equipment;

The authentication Internet of things device is used for detecting authentication Internet of things device activation information and acquiring a first identifier corresponding to the authentication Internet of things device and a transmission rule corresponding to the first identifier, which are sent by an authentication server; inquiring a license database according to the first identifier, and acquiring a corresponding access information license; acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule;

and the authentication server is used for acquiring the second identifier and communicating with the authentication Internet of things equipment according to the first identifier, the second identifier and the transmission rule.

For specific limitations on the identification algorithm-based device communication system, reference may be made to the above limitations on the identification algorithm-based device communication method, and no further description is given here.

In one embodiment, as shown in fig. 5, there is provided a device communication apparatus based on an identification algorithm, including: a first transmission module 500, a second transmission module 502, and a first communication module 504, wherein:

the first sending module 500 is configured to detect activation information of the authentication server, obtain a first identifier corresponding to the authentication internet of things device, and send the first identifier to the authentication internet of things device; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier.

The second sending module 502 is configured to generate a corresponding transmission rule according to the first identifier and send the transmission rule to the authenticated internet of things device; the authentication Internet of things device is used for acquiring a second identifier corresponding to the authentication server according to the transmission rule and the access information license.

The first communication module 504 is configured to obtain the second identifier, and communicate with the authentication internet of things device according to the first identifier, the second identifier, and the transmission rule.

In one embodiment, the apparatus further comprises: the authentication module is used for sending server authentication information corresponding to the server to be authenticated to the authentication platform; the authentication platform is used for inquiring whether an access information license corresponding to the server authentication information exists in the license database according to the server authentication information, if so, determining that the server to be authenticated is an authentication server, and sending an activation instruction to the authentication server.

In one embodiment, the first communication module 504 is specifically configured to obtain the password information sent by the authentication internet of things device based on the second identifier and the transmission rule; and connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information so as to access the information in the authentication physical network equipment.

In one embodiment, as shown in fig. 6, there is provided a device communication apparatus based on an identification algorithm, including: a first acquisition module 600, a second acquisition module 602, and a second communication module 604, wherein:

The first obtaining module 60 is configured to detect the activation information of the authenticated internet of things device, and obtain a first identifier corresponding to the authenticated internet of things device and a transmission rule corresponding to the first identifier, which are sent by the authentication server.

The second obtaining module 602 is configured to query the license database according to the first identifier, and obtain a corresponding access information license.

The second communication module 604 is configured to obtain a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicate with the authentication server based on the second identifier, the first identifier, and the transmission rule.

In one embodiment, the second communication module 604 is specifically configured to generate, by using a dynamic random number generator, the password information, and send the password information to the authentication server based on the second identifier and the transmission rule; the authentication server is used for connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information.

In one embodiment, the apparatus further comprises: the updating module is used for inquiring the service object information in the authentication server, and if the service object information is detected to change, the change information of the service object information is sent to the topology information encryption node in the identity authentication equipment; the change information is encrypted and stored by the topology information encryption node.

For specific limitations on the respective identification algorithm-based device communication means, reference may be made to the above description of the corresponding identification algorithm-based device communication method, and no further description is given here. The various modules in the identification algorithm-based device communication means described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be an authentication server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store data related to device communications. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of device communication based on an identification algorithm.

It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided that includes a memory having a computer program stored therein and a processor that when executing the computer program implements the identification algorithm-based device communication method described above.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor implements the identification algorithm-based device communication method described above.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims

1. A device communication method based on an identification algorithm, applied to an authentication server, the method comprising:

detecting authentication server activation information, acquiring a first identifier corresponding to authentication Internet of things equipment and sending the first identifier to the authentication Internet of things equipment; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier; the authentication server stores a plurality of pieces of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

Acquiring the second identifier, communicating with the authentication internet of things device according to the first identifier, the second identifier and the transmission rule, wherein the authentication internet of things device is also used for inquiring service object information in the authentication server, and if the service object information is detected to change, sending the change information of the service object information to a topology information encryption node in the identity authentication device; and encrypting and storing the change information through the topology information encryption node.

2. The method of claim 1, wherein prior to detecting authentication server activation information, further comprising:

3. The method of claim 1, wherein the communicating with the authentication internet of things device according to the first identification, the second identification, and the transmission rule comprises:

And connecting the authentication Internet of things equipment according to the first identifier and the transmission rule, and logging in the authentication Internet of things equipment through the password information so as to access information in the authentication Internet of things equipment.

4. An equipment communication method based on an identification algorithm, which is characterized by being applied to equipment of an authentication internet of things, and comprising the following steps:

Detecting authentication internet of things equipment activation information, and acquiring a first identifier corresponding to the authentication internet of things equipment and a transmission rule corresponding to the first identifier, which are sent by an authentication server; the authentication server stores a plurality of pieces of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

Acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule;

Further comprises: inquiring service object information in the authentication server, and if the service object information is detected to change, sending the change information of the service object information to a topology information encryption node in the identity authentication equipment; and encrypting and storing the change information through the topology information encryption node.

5. The method of claim 4, wherein the communicating with the authentication server based on the second identification, the first identification, and the transmission rule comprises:

6. A device communication system based on an identification algorithm, the system comprising: an authentication server and an authentication Internet of things device; the authentication server stores a plurality of pieces of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

the authentication server is used for acquiring the second identifier and communicating with the authentication Internet of things equipment according to the first identifier, the second identifier and the transmission rule;

The authentication internet of things device is further configured to query service object information in the authentication server, and if the service object information is detected to change, send change information of the service object information to a topology information encryption node in the identity authentication device; and encrypting and storing the change information through the topology information encryption node.

7. A device communication apparatus based on an identification algorithm, applied to an authentication server, the apparatus comprising:

The first sending module is used for detecting the activation information of the authentication server, obtaining a first identifier corresponding to the authentication Internet of things equipment and sending the first identifier to the authentication Internet of things equipment; the authentication internet of things device is used for acquiring an access information license corresponding to the first identifier; the authentication server stores a plurality of pieces of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

The first communication module is used for acquiring the second identifier, communicating with the authentication internet of things equipment according to the first identifier, the second identifier and the transmission rule, and inquiring service object information in the authentication server by the authentication internet of things equipment, and if the service object information is detected to change, sending change information of the service object information to a topology information encryption node in the identity authentication equipment; and encrypting and storing the change information through the topology information encryption node.

8. A device communication apparatus based on an identification algorithm, applied to authenticating an internet of things device, the apparatus comprising:

The first acquisition module is used for detecting the activation information of the authentication Internet of things equipment and acquiring a first identifier corresponding to the authentication Internet of things equipment and a transmission rule corresponding to the first identifier, which are sent by the authentication server; the authentication server stores a plurality of pieces of service object information; the authentication internet of things equipment is provided with identity authentication equipment;

The second communication module is used for acquiring a second identifier corresponding to the authentication server according to the access information license and the transmission rule, and communicating with the authentication server based on the second identifier, the first identifier and the transmission rule;

Also used for: inquiring service object information in the authentication server, and if the service object information is detected to change, sending the change information of the service object information to a topology information encryption node in the identity authentication equipment; and encrypting and storing the change information through the topology information encryption node.

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.