CN114329534A

CN114329534A - Authority determination method and device, computer equipment and computer readable storage medium

Info

Publication number: CN114329534A
Application number: CN202111590467.2A
Authority: CN
Inventors: 李辉
Original assignee: Shenzhen TCL New Technology Co Ltd
Current assignee: Shenzhen TCL New Technology Co Ltd
Priority date: 2021-12-23
Filing date: 2021-12-23
Publication date: 2022-04-12
Also published as: WO2023116239A1

Abstract

The embodiment of the invention discloses a permission determination method, a permission determination device, computer equipment and a computer readable storage medium; in the embodiment of the application, the target server trusts the target application program because the target server and the target application program belong to the same merchant. When the target digital certificate passes the verification of the Internet of things equipment by adopting the authentication public key, the target digital certificate is the certificate authenticated by the authentication authority. Because the certification authority is a trusted authority of the internet of things device, the internet of things device can trust the content of the target digital certificate, so that whether the target server can be trusted can be determined according to the content of the target digital certificate and the first challenge value sent by the target server, and whether the target application program can be trusted is determined, and further, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be ensured when the internet of things device is controlled through the target application program on the control device.

Description

Authority determination method and device, computer equipment and computer readable storage medium

Technical Field

The invention relates to the technical field of Internet of things equipment, in particular to a permission determination method and device, computer equipment and a computer readable storage medium.

Background

With the development of science and technology, Internet of Things (IOT) devices are increasingly widely used.

At present, in order to ensure safety, the internet of things equipment is generally controlled through an Application program (Application) of the internet of things equipment, so that a user needs to download a new Application program every time one internet of things equipment is added, which is troublesome. And if the internet of things equipment is controlled through other application programs, the safety cannot be guaranteed.

Disclosure of Invention

The embodiment of the invention provides a permission determining method and device, computer equipment and a computer readable storage medium, which can ensure safety when other application programs are used for controlling Internet of things equipment.

A permission determination method is applied to a control device and comprises the following steps:

receiving a target digital certificate sent by a target server, wherein the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key;

sending the target digital certificate to Internet of things equipment so that the Internet of things equipment verifies the target digital certificate by using a built-in authentication public key, and acquiring the content of the target digital certificate when the verification is passed;

receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified;

sending the first challenge information to the target server so that the target server generates a first challenge value based on the first challenge information;

and receiving the first challenge value sent by the target server, and sending the first challenge value to the internet of things device, so as to determine the control authority of the target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate.

A permission determination method is applied to Internet of things equipment and comprises the following steps:

receiving a target digital certificate sent by control equipment, wherein the target digital certificate is obtained after an authentication mechanism authenticates a target server by using an authentication private key;

verifying the target digital certificate by adopting a built-in authentication public key;

when the verification is passed, acquiring the content of the target digital certificate, and returning first challenge information to the control device, so that the control device sends the first challenge information to the target server, wherein the first challenge information is used for instructing the target server to generate a first challenge value and returning the first challenge value to the control device;

receiving the first challenge value sent by the control equipment;

and determining the control authority of the target application program on the control equipment to the equipment of the Internet of things based on the first challenge value and the content of the target digital certificate.

A permission determination method is applied to a target server and comprises the following steps:

sending a target digital certificate to control equipment so that the control equipment sends the target digital certificate to Internet of things equipment, wherein the target digital certificate is used for indicating the Internet of things equipment to verify, acquiring the content of the target digital certificate when the verification is passed, and returning first challenge information to the control equipment, and the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates a target server by using an authentication private key;

receiving the first challenge information sent by the control equipment;

generating a first challenge value based on the first challenge information;

and sending the first challenge value to the control device, so that the control device sends the first challenge value to the internet of things device, and the first challenge value and the content of the target digital certificate are used by the internet of things device to determine the control authority of a target application program on the control device on the internet of things device.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, which is applied to a control device, and includes:

the first receiving module is used for receiving a target digital certificate sent by a target server, wherein the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key;

the first sending module is used for sending the target digital certificate to the Internet of things equipment so that the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate, and when the verification is passed, the content of the target digital certificate is obtained;

the second receiving module is used for receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified;

a second sending module, configured to send the first challenge information to the target server, so that the target server generates a first challenge value based on the first challenge information;

a third receiving module, configured to receive the first challenge value sent by the target server, and send the first challenge value to the internet of things device, so as to determine, based on the first challenge value and the content of the target digital certificate, a control right of a target application program on the control device to the internet of things device.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, which is applied to an internet of things device, and includes:

the fourth receiving module is used for receiving a target digital certificate sent by the control equipment, wherein the target digital certificate is obtained after the certification authority certifies the target server by adopting a certification private key;

the first checking module is used for checking the target digital certificate by adopting a built-in authentication public key;

a third sending module, configured to, when the verification passes, obtain content of the target digital certificate, and send first challenge information to the control device, so that the control device sends the first challenge information to the target server, where the first challenge information is used to instruct the target server to generate a first challenge value, and return the first challenge value to the control device;

a fifth receiving module, configured to receive the first challenge value sent by the control device;

and the determining module is used for determining the control authority of the target application program on the control equipment to the internet of things equipment based on the first challenge value and the content of the target digital certificate.

Correspondingly, an embodiment of the present invention provides an authority determining apparatus, applied to a target server, including:

a fourth sending module, configured to send a target digital certificate to a control device, so that the control device sends the target digital certificate to an internet of things device, where the target digital certificate is used to instruct the internet of things device to perform verification, and when the verification passes, obtains content of the target digital certificate, and returns first challenge information to the control device, where the target digital certificate includes a certificate obtained after an authentication mechanism authenticates the target server with an authentication private key;

a sixth receiving module, configured to receive the first challenge information sent by the control device;

a generating module, configured to generate a first challenge value based on the first challenge information;

a fifth sending module, configured to send the first challenge value to the control device, so that the control device sends the first challenge value to the internet of things device, where the first challenge value and the content of the target digital certificate are used by the internet of things device to determine a control right of a target application on the control device to the internet of things device.

In addition, an embodiment of the present invention further provides a computer device, which includes a processor and a memory, where the memory stores a computer program, and the processor is configured to run the computer program in the memory to implement the method for determining an authority provided in the embodiment of the present invention.

In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and the computer program is suitable for being loaded by a processor to perform any one of the steps in the method for determining an authority provided by the embodiment of the present invention.

In the embodiment of the application, a target digital certificate sent by a target server is received, wherein the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key. And then, the target digital certificate is sent to the Internet of things equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate, and when the verification is passed, the content of the target digital certificate is obtained. And then, receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified. And then the first challenge information is sent to the target server so that the target server generates a first challenge value based on the first challenge information. And finally, receiving the first challenge value of the target server, and sending the first challenge value to the internet of things device so as to determine the control authority of the target application program of the control device on the internet of things device based on the first challenge value and the content of the target digital certificate.

That is, in the embodiment of the present application, since the target server and the target application belong to the same merchant, the target server trusts the target application. When the target digital certificate passes the verification of the Internet of things equipment by adopting the authentication public key, the target digital certificate is the certificate authenticated by the authentication authority. Because the certification authority is a trusted authority of the internet of things device, the internet of things device can trust the content of the target digital certificate, so that whether the target server can be trusted can be determined according to the content of the target digital certificate and the first challenge value sent by the target server, and whether the target application program can be trusted is determined, and further, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be ensured when the internet of things device is controlled through the target application program on the control device.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flowchart of a method for determining a permission according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of another method for determining permissions according to an embodiment of the present invention;

fig. 3 is a schematic flowchart of another method for determining permissions according to an embodiment of the present invention;

fig. 4 is an interaction diagram of another permission determination method provided in the embodiment of the present invention;

fig. 5 is a schematic structural diagram of a permission determination apparatus according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of another permission determination apparatus according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of another permission determination apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the invention provides a permission determination method, a permission determination device, computer equipment and a computer readable storage medium. The permission determination device may be integrated in a computer device, and the computer device may be a server, a control device, or an internet of things device.

The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Network acceleration service (CDN), big data and an artificial intelligence platform.

The control device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.

The internet of things equipment refers to equipment capable of performing network communication with other equipment, for example, the equipment can be an intelligent air conditioner, an intelligent sound box and the like.

The server, the control device and the internet of things device may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.

In the related art, the process of controlling the internet of things device may be as follows: and sending a control instruction to the Internet of things equipment through an application program corresponding to the Internet of things equipment on the control equipment, and executing operation corresponding to the control instruction by the Internet of things equipment.

In order to ensure the safety, before the internet of things equipment is controlled through the application program corresponding to the internet of things equipment on the control equipment, the authority of the application program corresponding to the internet of things equipment is checked. The checking process may be: the method comprises the steps of loading and unloading an application program corresponding to the Internet of things equipment on the control equipment, storing a private key carried by the application program, setting a public key corresponding to the private key on the Internet of things equipment, and determining the safety of the control equipment through the public key.

However, the stored private key on the control device is easy to crack, and when cracked, the control device without authority can control the internet of things device according to the cracked private key, so that insecurity is caused.

In addition, if the user wants to control the internet of things device through other application programs on the control device, since the other application programs do not carry the private key (the other application programs and the internet of things device do not belong to the same merchant, the merchant of the internet of things device cannot set the private key on the other application programs), the authority of the other application programs on the control device cannot be verified, and therefore the problem of safety exists. Therefore, in the related art, it is not yet possible to control the internet of things device through other application programs.

In order to solve the above security problem, an embodiment of the present application provides an authority determining method, where in the method, a target digital certificate sent by a target server is received first, where the target digital certificate includes a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key. And then, the target digital certificate is sent to the Internet of things equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate, and when the verification is passed, the content of the target digital certificate is obtained. And then, receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified. And then the first challenge information is sent to the target server so that the target server generates a first challenge value based on the first challenge information. And finally, receiving the first challenge value of the target server, and sending the first challenge value to the internet of things device so as to determine the control authority of the target application program on the control device to the internet of things device based on the first challenge value and the content of the target digital certificate.

The following describes in detail a method for determining a right provided in an embodiment of the present application. As shown in fig. 1, the specific process of the method for determining the authority is as follows:

s101, receiving a target digital certificate sent by a target server, wherein the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key.

The certification Authority refers to an e-commerce Certification Authority (CA). Because the authentication structure is a trusted third party, after the authentication structure authenticates the target server, the target server is trusted by the authentication mechanism, and the target server can be trusted by the internet of things device.

The target digital certificate refers to a string of numbers that can indicate identity information of the target server. The target server firstly authenticates on the authentication mechanism, and then the target digital certificate can be obtained.

The control device may receive the target digital certificate through a target application on the control device. The target application program refers to an application program for actually controlling the internet of things device, and the target application program may be an application program developed by a merchant of the internet of things device, that is, an application program corresponding to the internet of things device, or an application program developed by another merchant (when the target application program is an application program corresponding to the internet of things device, the permission determination method provided by the embodiment of the present application may also provide security for controlling the internet of things device).

It should be understood that, in the method embodiment of the present application, the control device may implement information interaction with the target server and the internet of things device through the target application program. For example, the target digital certificate may be sent to the internet of things device through the target application program, and for example, the first challenge information may be received by the target application program and sent to the target server through the target application program.

The target server may be an initial server produced by a merchant of the internet of things device, and the target application program is an application program corresponding to the internet of things device at this time.

Alternatively, the target server may be a server of another merchant (a merchant other than the merchant that produces the internet of things device), and in this case, the target application is another application on the control device (the other application refers to an application installed on the control device other than the application corresponding to the internet of things device).

For example, if the internet of things device is a device produced by a manufacturer a, the application program corresponding to the internet of things device is an application program a. And the business B develops the application program B, the target server can be the server of the business B, and the target application program can be the application program B.

When a user of the control device wants to control the internet of things device through a target application program on the control device, the user can operate the target application program on the control device, so that the target application program of the control device generates an authority verification request and sends the authority verification request to a target server, the target server sends a target digital certificate to the control device based on the authority verification request, and the control device receives the target digital certificate.

Or, when the user completes the installation of the target application program, the authority verification request may be automatically generated and sent to the target server, and the target server sends the target digital certificate to the control device based on the authority verification request, so that the control device receives the target digital certificate.

For the time when the control device receives the target digital certificate, the user may set the time according to the actual situation, which is not limited herein.

S102, the target digital certificate is sent to the Internet of things equipment, so that the Internet of things equipment verifies the target digital certificate by adopting a built-in authentication public key, and when the verification is passed, the content of the target digital certificate is obtained.

When the target application program is another application program on the control device, the target server corresponding to the another application program is a server of another merchant, so that the merchant producing the internet of things device cannot store the private key of the internet of things device on the target server. Therefore, the target server can be authenticated by the authentication mechanism trusted by the internet of things equipment by using the authentication private key, and then the authentication public key of the authentication mechanism is set on the internet of things equipment.

And then, after the control equipment acquires the target digital certificate, sending the target digital certificate to the Internet of things equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate. If the verification is passed, the target digital certificate is a certificate authenticated by the certification authority, that is, the content of the target digital certificate can be trusted by the internet of things device.

The content of the target digital certificate may include, but is not limited to, identity information of the target server, information of the certification authority, and the first public key of the target server.

S103, first challenge information returned by the Internet of things equipment after the target digital certificate is verified is received.

And after the target digital certificate is verified by the Internet of things equipment, returning the first challenge information to the control equipment, and receiving the first challenge information by the control equipment. Wherein the first challenge information may be a string of random characters.

It should be understood that, after the internet of things device passes the verification of the target certificate, the first challenge information may not be returned to the control device, and when the challenge information acquisition request sent by the control device is received, if the target certificate passes the verification, the first challenge information is returned to the control device. The control device may send the challenge information acquisition request to the internet of things device together with the target digital certificate. Or, the control device may also send the target digital certificate to the internet of things device, and then send the challenge information acquisition request to the internet of things device.

The internet of things device can generate the first challenge information and return the first challenge information when the target digital certificate is verified. Or, the internet of things device may also generate the first challenge information first, and then return the first challenge information when the target digital certificate is verified. For the time when the internet of things device generates the first challenge information, the user may select the first challenge information according to the actual situation, which is not limited herein.

And S104, sending the first challenge information to the target server so that the target server generates a first challenge value based on the first challenge information.

After receiving the first challenge information, the control device sends the first challenge information to the target server, so that the target server generates a first challenge value based on the first challenge information.

Optionally, the target server may sign the first challenge information with a first private key of the target server, thereby obtaining the first challenge value.

Alternatively, the target server may encrypt the first challenge information by using a preset encryption algorithm, so as to obtain the first challenge value. At this time, the content of the target digital certificate includes a decryption algorithm corresponding to a preset encryption algorithm.

It should be noted that, since the target application and the target server belong to the same merchant, the target server may trust the target application. Thus, the target application may not be verified after the target server receives the first challenge information.

Alternatively, to further ensure security, the target server may also verify the rights of the control device, i.e. verify the rights of the target application of the control device. And when the verification is passed, the target server generates a first challenge value based on the first challenge information.

For the method for verifying the authority of the target application program by the target server, the user can select the method according to the actual situation. For example, the token and the first challenge information may be sent to the target server through the target application program, after the token is received by the target server, the token is compared with the token stored in the target server, and if the token is the same as the token stored in the target server, the verification of the target application program is passed.

For another example, the control device and the target server may both generate a random number according to a preset rule, then the control device encrypts the random number by using the stored public key, and sends the encrypted random number and the first challenge information to the target server through the target application program. And after receiving the random number, the target server decrypts the random number by adopting the stored private key, compares the decrypted random number with the random number generated according to the preset rule, and if the decrypted random number is the same as the random number generated according to the preset rule, passes the verification of the target application program. The present application is not specifically limited herein.

And S105, receiving the first challenge value sent by the target server, and sending the first challenge value to the Internet of things equipment so as to determine the control authority of the target application program on the control equipment to the Internet of things equipment based on the first challenge value and the content of the target digital certificate.

After receiving the first challenge value sent by the target server, the control device sends the first challenge value to the internet of things device, so that the internet of things device determines the control authority of a target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate.

The process of determining the control authority of the target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate may be:

because the content of the target digital certificate is trusted by the internet of things device, when the content of the target digital certificate of the internet of things device passes the verification of the first challenge value and the first challenge information obtained when the verification passes is the same as the first challenge information sent by the internet of things device, the internet of things device can trust the target server, and the target server trusts the target application program, so that the target application program can be marked as the application program with the control authority of the internet of things device by the internet of things device at this time.

And when the content of the target digital certificate fails to verify the first challenge value, the target server cannot be trusted by the Internet of things equipment, and the target application program is marked as the application program without the control authority of the Internet of things equipment.

Optionally, when the target server signs the first challenge information by using the first private key of the target server to obtain the first challenge value and the content of the target digital certificate includes the first public key of the target server, the process of verifying the first challenge value by using the content of the target digital certificate may be: the first challenge value is verified using the first public key.

Or, when the target server encrypts the first challenge information by using a preset encryption algorithm to obtain the first challenge value and the content of the target digital certificate includes a decryption algorithm corresponding to the preset encryption algorithm, the process of verifying the first challenge value by using the content of the target digital certificate may be: the first challenge value is decrypted using a decryption algorithm.

As can be seen from the above, in the method, a target digital certificate sent by a target server is received first, where the target digital certificate includes a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key. And then, the target digital certificate is sent to the Internet of things equipment, so that the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate, and when the verification is passed, the content of the target digital certificate is obtained. And then, receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified. And then the first challenge information is sent to the target server so that the target server generates a first challenge value based on the first challenge information. And finally, receiving the first challenge value of the target server, and sending the first challenge value to the internet of things device so as to determine the control authority of the target application program on the control device to the internet of things device based on the first challenge value and the content of the target digital certificate.

In some embodiments, the target digital certificate includes a first digital certificate, and the first digital certificate may be a certificate obtained after the certification authority certifies the first public key of the target server with a certification private key.

Correspondingly, the sending of the target digital certificate to the internet of things device so that the internet of things device verifies the target digital certificate by using the built-in authentication public key, and when the verification is passed, the obtaining of the content of the target digital certificate includes:

and sending the first digital certificate to the Internet of things equipment so that the Internet of things equipment verifies the first digital certificate by adopting a built-in authentication public key, and acquiring the first public key of the target server when the verification is passed.

Receiving first challenge information returned by the Internet of things equipment after the target digital certificate is verified, wherein the first challenge information comprises:

and receiving first challenge information returned by the Internet of things equipment after the first digital certificate is verified.

Sending the first challenge information to the target server to cause the target server to generate a first challenge value based on the first challenge information, including:

and sending the first challenge information to the target server so that the target server signs the first challenge information by adopting a first private key of the target server to obtain a first challenge value.

Receiving a first challenge value sent by a target server, and sending the first challenge value to an internet of things device so as to determine the control authority of a target application program on a control device on the internet of things device based on the first challenge value and the content of a target digital certificate, wherein the control authority comprises the following steps:

the method comprises the steps of receiving a first challenge value sent by a target server, sending the first challenge value to the Internet of things equipment, enabling the Internet of things equipment to verify the first challenge value by adopting a first public key, and marking a target application program on the control equipment as an application program with control authority over the Internet of things equipment when the verification is passed.

In this embodiment, the certification authority signs the first public key of the target server by using the certification private key to obtain the first digital certificate. After the internet of things equipment verifies the first digital certificate by adopting the authentication public key, if the verification is passed, the first public key can be obtained, and the fact that the internet of things equipment can trust the first public key is shown. And then the Internet of things equipment verifies the first challenge value obtained after signature by the first private key by using the first public key, if the verification is passed, the target server can be trusted by the Internet of things equipment, and the target application program is trusted by the target server, so that the target application program can be trusted by the Internet of things equipment, namely the target application program is marked as the application program with the control authority of the Internet of things equipment.

It should be noted that, when the first challenge value is verified by the internet of things device using the first public key, the first digital certificate may also be marked as a certificate with authority.

Although the internet of things device verifies the authority of the target application program of the control device, the target application program does not verify the authority of the internet of things device. Therefore, in other embodiments, sending the target digital certificate to the internet of things device includes:

the control equipment sends a certificate acquisition request to the Internet of things equipment. And after the Internet of things equipment receives the certificate acquisition request, the second digital certificate returned based on the certificate acquisition request is obtained. And then the control equipment receives a second digital certificate, wherein the second digital certificate is obtained after the certification authority signs a second public key of the equipment of the Internet of things by using a certification private key.

And then, the control equipment verifies the second digital certificate by adopting a built-in authentication public key, and when the verification is passed, the second public key of the Internet of things equipment is obtained.

The control device generates second challenge information again, and sends the second challenge information to the internet of things device, so that the internet of things device generates a second challenge value based on the second challenge information.

And finally, the control equipment receives the second challenge value and verifies the second challenge value according to the second public key. And when the verification is passed, the internet of things equipment is trustable, and the target digital certificate is sent to the internet of things equipment.

It should be understood that, in the process of verifying the authority of the internet of things device by the target application program, the control device may also implement information interaction with the internet of things device through the target application program. The control equipment can check the second challenge value and check the equipment information of the Internet of things equipment. The device information includes, but is not limited to, a merchant identifier of the internet of things device, a device identifier of the internet of things device, a serial number of the internet of things device, and the like.

The process of generating the second challenge value based on the second challenge information by the internet of things device may be: and the Internet of things equipment signs the second challenge information by adopting a second private key to obtain a second challenge value.

In this embodiment, the control device trusts the certificate authority. And (3) an authentication public key is built in the equipment of the Internet of things, the authentication public key is adopted to verify the second digital certificate signed by the authentication private key, if the verification is passed, the second public key can be obtained, and the second digital certificate is a certificate authenticated by an authentication organization, namely the control equipment can trust the second public key. When the control device adopts the second public key to check the second challenge value, the control device can trust the internet of things device, that is, the target application program on the control device can trust the internet of things device.

Before the control equipment performs information interaction with the Internet of things equipment, the control equipment needs to be connected with the Internet of things equipment. The process of establishing connection between the control device and the internet of things device may be as follows: and receiving the information of the network to be distributed broadcasted by the Internet of things equipment. And establishing connection with the Internet of things equipment according to the information of the network to be distributed. And sending the target digital certificate to the Internet of things equipment based on the connection.

The internet of things equipment can broadcast the information of the network to be distributed through Bluetooth, or the internet of things equipment also broadcasts the information of the network to be distributed through a soft wireless access point (softAP).

The information of the network to be distributed includes, but is not limited to, a merchant identifier of the internet of things device, a device identifier of the internet of things device, a serial number of the internet of things device, a Media Access Control Address (MAC), and the like.

After receiving the information of the network to be distributed, the control equipment displays the information of the network to be distributed so that a user can know the information of the network to be distributed. And the user selects the displayed information to be networked, and the control equipment responds to the selection operation of the user and establishes connection with the Internet of things equipment corresponding to the information to be networked. Information interaction between subsequent control equipment and the equipment of the Internet of things can be carried out through the connection. For example, the target digital certificate is sent to the internet of things device through the connection, and for example, the first challenge information sent by the internet of things device is received through the connection.

It should be noted that, in the process of establishing connection between the control device and the internet of things device, in order to ensure security, the user may be prompted to input an Identification Number (PIN) of the internet of things device

After the control device is connected with the internet of things device through the SoftAP, the control device cannot use the network, namely the control device is in an off-line state, namely the control device cannot send the first challenge information to the target server. Therefore, after the control device receives the first challenge information or after the second challenge value is verified, the control device may connect to the router and send a Service Set Identifier (SSID) and a password of the router to the internet of things device, and the internet of things device connects to the router based on the SSID and the password. And then the control equipment sends the first challenge information to the target server through the router, receives a first challenge value sent by the target server through the router, and sends the first challenge value to the Internet of things equipment through the router.

In addition, after the target application is marked as the application having the control authority for the internet of things device, the control device may send a control instruction to the internet of things device through the target application based on the router, so that the internet of things device executes an operation corresponding to the control instruction.

Or if the control device and the internet of things device establish the bluetooth connection, the control device sends a control instruction to the internet of things device through the target application program based on the bluetooth connection, so that the internet of things device executes the operation corresponding to the control instruction.

The process of the internet of things device executing the operation corresponding to the control instruction may be: the internet of things equipment checks the mark of the target application program carried in the control instruction, and if the target application program is marked as the application program with the control authority, the internet of things equipment can execute the operation corresponding to the control instruction.

Or, the control device may send the first digital certificate and the control instruction to the internet of things device together based on the router or the bluetooth connection, and after the internet of things device receives the first digital certificate, since the first digital certificate has been checked before, the control device may execute an operation corresponding to the control instruction when receiving the first digital certificate.

In other embodiments, after marking the target application on the control device as an application having control authority over the internet of things device, the control device may connect to the router and send a Service Set Identifier (SSID) and a password of the router to the internet of things device, and the internet of things device connects to the router based on the SSID and the password. Or the control device and the internet of things device can establish Bluetooth connection. And finally, the control equipment controls the equipment of the Internet of things on the basis of the router or Bluetooth connection.

Wherein, the process that the control equipment controls the internet of things equipment can be as follows: and sending the control instruction to the Internet of things equipment through the target application program. And after receiving the mark, the Internet of things equipment checks the mark of the target application program. And if the mark of the target application program is the application program with the control authority, the Internet of things equipment executes the operation corresponding to the control instruction.

Or, the process of controlling the internet of things device by the control device may also be: when the Control equipment passes the verification of the authority of the equipment of the internet of things, the Control equipment can send Control authority information (Access Control List, ACL) to the equipment of the internet of things through a target application program, if the equipment of the internet of things does not verify the target application program on the Control equipment, the Control authority information is marked as distrusted, and if the equipment of the internet of things passes the verification of the target application program, the Control authority information is marked as trusted and stored.

And then the control device can send the control instruction and the control authority information to the Internet of things device together. After receiving the control instruction and the control authority information, the Internet of things equipment compares the received control authority information with the stored control authority information, and if the received control authority information is the same as the stored control authority information, the Internet of things equipment executes the operation corresponding to the control instruction.

Another method for determining authority provided in the embodiment of the present application is described in detail below. As shown in fig. 2, the specific process of the method for determining the authority is as follows:

s201, receiving a target digital certificate sent by the control equipment, wherein the target digital certificate is obtained after an authentication mechanism authenticates a target server by adopting an authentication private key.

The target digital certificate refers to a string of numbers that can indicate identity information of the target server. The target server firstly authenticates on the authentication mechanism, and then the target digital certificate can be obtained. The target server then sends the target digital certificate to the control device.

When a user of the control device wants to control the internet of things device through a target application program on the control device, the user can operate the target application program on the control device, so that the control device sends a target digital certificate to the internet of things device, and the internet of things device receives the target digital certificate.

S202, verifying the target digital certificate by adopting a built-in authentication public key.

And after the Internet of things equipment receives the target digital certificate, verifying the target digital certificate by adopting a built-in authentication public key.

And S203, when the verification is passed, obtaining the content of the target digital certificate, and returning first challenge information to the control device, so that the control device sends the first challenge information to the target server, wherein the first challenge information is used for indicating the target server to generate a first challenge value, and returning the first challenge value to the control device.

If the verification is passed, the target digital certificate is a certificate authenticated by the certification authority, that is, the content of the target digital certificate can be trusted by the internet of things device. The first challenge information is sent to the control device, and the control device sends the first challenge information to the target server.

After receiving the first challenge information, the target server may sign the first challenge information by using a first private key of the target server, thereby obtaining a first challenge value.

The content of the target digital certificate may include, but is not limited to, identity information of the target server, information of the certification authority, and the first public key of the target server. The first challenge information may be a string of random characters.

And S204, receiving the first challenge value sent by the control equipment.

After the target server sends the first challenge value to the control device, the control device sends the first challenge value to the internet of things device, and the internet of things device receives the first challenge value.

S205, determining the control authority of the target application program on the control device to the Internet of things device based on the first challenge value and the content of the target digital certificate.

Because the content of the target digital certificate is trusted by the internet of things device, when the first challenge value passes the verification of the content of the target digital certificate and the first challenge information obtained when the verification passes is the same as the first challenge information sent by the internet of things device, it is indicated that the internet of things device can trust the target server, and the target server trusts the target application program, so that the internet of things device can mark the target application program as the application program with the control authority over the internet of things device.

When the verification passes, the target digital certificate may be marked as a certificate having authority.

In this embodiment, the internet of things device first receives a target digital certificate sent by the control device, where the target digital certificate is obtained after an authentication authority authenticates a target server by using an authentication private key. And then, the Internet of things equipment adopts a built-in authentication public key to verify the target digital certificate. When the verification is passed, the internet of things color bar obtains the content of the target digital certificate and returns first challenge information to the control equipment, so that the control equipment sends the first challenge information to the target server, and the first challenge information is used for indicating the target server to generate a first challenge value and returning the first challenge value to the control equipment. And the Internet of things equipment receives the first challenge value sent by the control equipment, and finally determines the control authority of the target application program on the control equipment on the Internet of things equipment based on the first challenge value and the content of the target digital certificate.

That is, in this embodiment, the target application is trusted by the target server because the target server and the target application belong to the same merchant. When the target digital certificate passes the verification of the Internet of things equipment by adopting the authentication public key, the target digital certificate is the certificate authenticated by the authentication authority. Because the certification authority is a trusted authority of the internet of things device, the internet of things device can trust the content of the target digital certificate, so that whether the target server can be trusted can be determined according to the content of the target digital certificate and the first challenge value sent by the target server, and whether the target application program can be trusted is determined, and further, even if the target application program on the control device is not the application program corresponding to the internet of things device, the security can be ensured when the internet of things device is controlled through the target application program on the control device.

Other implementation processes and corresponding beneficial effects in this embodiment may refer to the above method embodiment, and this implementation is not described herein again.

Another method for determining authority provided in the embodiment of the present application is described in detail below. As shown in fig. 3, the specific process of the method for determining the authority is as follows:

s301, the target digital certificate is sent to the control equipment, so that the control equipment sends the target digital certificate to the Internet of things equipment, the target digital certificate is used for indicating the Internet of things equipment to check, when the check is passed, the content of the target digital certificate is obtained, first challenge information is returned to the control equipment, and the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates a target server by using an authentication private key.

When a user of the control device wants to control the internet of things device through a target application program on the control device, the user can operate the target application program on the control device, so that the target application program of the control device generates an authority verification request and sends the authority verification request to a target server, and the target server sends a target digital certificate to the control device based on the authority verification request.

Or, the authority verification request may be automatically generated when the user completes installation of the target application program, and the authority verification request is sent to the target server, and the target server sends the target digital certificate to the control device based on the authority verification request.

For the time when the target server sends the target digital certificate, the user may set the time according to the actual situation, which is not limited herein.

And after the Internet of things equipment receives the target digital certificate, verifying the target digital certificate by adopting a built-in authentication public key. If the verification is passed, the target digital certificate is a certificate authenticated by the certification authority, that is, the content of the target digital certificate can be trusted by the internet of things device. The first challenge information is returned to the control device, which receives the first challenge information accordingly. Wherein the first challenge information may be a string of random characters.

S302, first challenge information sent by the control equipment is received.

The control device, after receiving the first challenge information, sends the first challenge information to the target server, which thus receives the first challenge information.

And S303, generating a first challenge value based on the first challenge information.

The process of generating the first challenge value based on the first challenge information may be: the target server may sign the first challenge information with a first private key of the target server to obtain the first challenge value.

S304, the first challenge value is sent to the control device, so that the control device sends the first challenge value to the Internet of things device, and the first challenge value and the content of the target digital certificate are used for the Internet of things device to determine the control authority of the target application program on the control device on the Internet of things device.

The process that the internet of things device determines the control authority of the target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate may be:

When the content of the target digital certificate is adopted to not verify the first challenge value, the target server cannot be trusted by the Internet of things equipment, and the Internet of things equipment marks the target application program as the application program without the control authority of the Internet of things equipment.

As can be seen from the above, in the method, the target server first sends the target digital certificate to the control device, so that the control device sends the target digital certificate to the internet of things device, the target digital certificate is used to instruct the internet of things device to perform verification, and when the verification passes, the content of the target digital certificate is obtained, and the first challenge information is returned to the control device, where the target digital certificate includes a certificate obtained after the target server is authenticated by an authentication authority using an authentication private key. Then, the target server receives the first challenge information sent by the control device. Next, the target server generates a first challenge value based on the first challenge information. And finally, the target server sends the first challenge value to the control equipment so that the control equipment sends the first challenge value to the Internet of things equipment, and the first challenge value and the content of the target digital certificate are used for the Internet of things equipment to determine the control authority of the target application program on the control equipment to the Internet of things equipment.

Another method for determining rights provided by the present application is described below. Referring to fig. 4, the authority determination method includes:

and the target server sends the first digital certificate to the control equipment, wherein the first digital certificate is obtained after the certification authority adopts the certification private key to certify the first public key of the target server. The Internet of things equipment broadcasts the information of the network to be distributed, and the control equipment establishes connection with the Internet of things equipment according to the information of the network to be distributed after receiving the information of the network to be distributed.

And the control equipment sends a certificate acquisition request to the Internet of things equipment through the target application program. The Internet of things equipment returns a second digital certificate to the control equipment based on the certificate acquisition request, wherein the second digital certificate is obtained after a certification authority signs a second public key of the Internet of things equipment by using a certification private key.

The control equipment adopts the built-in authentication public key to verify the second digital certificate, obtains the second public key of the Internet of things equipment when the verification is passed, generates second challenge information, and sends the second challenge information to the Internet of things equipment through the target application program.

The Internet of things equipment signs the second challenge information by adopting a second private key to obtain a second challenge value, and sends the second challenge value to the control equipment. And the control device verifies the second challenge value according to the second public key. And when the verification is passed, establishing connection with the router, and sending the service set identifier and the password of the connected router to the Internet of things equipment.

After the internet of things equipment is connected to the router, the control equipment sends a control instruction to the internet of things equipment through the target application program based on the router. At this time, the internet of things device does not check the authority of the target application program, so that the response is in error and error information is sent to the control device.

And after the control equipment receives the error information, the first digital certificate and the challenge information acquisition request are sent to the Internet of things equipment through the target application program. The internet of things equipment verifies the first digital certificate by adopting a built-in authentication public key, obtains the first public key of the target server when the verification is passed, and returns first challenge information to the control equipment based on the challenge information obtaining request.

The control device sends the first challenge information to the target server. The target server signs the first challenge information by adopting a first private key to obtain a first challenge value, and sends the first challenge value to the control equipment. The control equipment sends the first challenge value to the Internet of things equipment.

And the IOT equipment adopts the first public key to verify the first challenge value. And when the verification is passed, obtaining verification first challenge information, and if the verification first challenge information is compared with the sent first challenge information, marking the first digital certificate as a certificate with control authority.

The control device sends a control instruction and a first digital certificate to the Internet of things device through the target application program. Because the first digital certificate is a certificate with control authority, the internet of things equipment executes the operation corresponding to the control instruction.

The terms in this embodiment have the same meanings as those in the above-described method for determining the authority, and details of implementation may refer to the descriptions in the above-described method embodiments.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination apparatus, which is applied in a control device, for example, as shown in fig. 5, the authority determination apparatus may include:

the first receiving module 501 is configured to receive a target digital certificate sent by a target server, where the target digital certificate includes a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key.

The first sending module 502 is configured to send the target digital certificate to the internet of things device, so that the internet of things device verifies the target digital certificate by using a built-in authentication public key, and obtains the content of the target digital certificate when the verification is passed.

The second receiving module 503 is configured to receive first challenge information returned by the internet of things device after the target digital certificate is verified.

A second sending module 504, configured to send the first challenge information to the target server, so that the target server generates the first challenge value based on the first challenge information.

And a third receiving module 505, configured to receive the first challenge value sent by the target server, and send the first challenge value to the internet of things device, so as to determine, based on the first challenge value and the content of the target digital certificate, a control right of a target application on the control device to the internet of things device.

Optionally, the target digital certificate includes a first digital certificate, where the first digital certificate is obtained after the certification authority certifies the first public key of the target server by using the certification private key.

Accordingly, the first sending module 502 is specifically configured to perform:

The second receiving module 503 is specifically configured to perform:

The second sending module 504 is specifically configured to perform:

The third receiving module 505 is specifically configured to perform:

the method comprises the steps of receiving a first challenge value sent by a target server, sending the first challenge value to the Internet of things equipment, so that the Internet of things equipment verifies the first challenge value by adopting a first public key, and marking a target application program as an application program with control authority over the Internet of things equipment when the verification is passed.

Optionally, the first sending module 502 is specifically configured to perform:

sending a certificate acquisition request to the Internet of things equipment;

receiving a second digital certificate returned by the Internet of things equipment based on the certificate acquisition request, wherein the second digital certificate is obtained after a certification authority signs a second public key of the Internet of things equipment by using a certification private key;

verifying the second digital certificate by using a built-in authentication public key, and acquiring a second public key of the Internet of things equipment when the verification is passed;

generating second challenge information, and sending the second challenge information to the internet of things equipment so that the internet of things equipment generates a second challenge value based on the second challenge information;

receiving a second challenge value, and verifying the second challenge value according to a second public key;

and when the verification is passed, the target digital certificate is sent to the Internet of things equipment.

Optionally, the first sending module 502 is specifically configured to perform:

receiving information to be networked broadcasted by the Internet of things equipment;

establishing connection with the Internet of things equipment according to the information of the network to be distributed;

and sending the target digital certificate to the Internet of things equipment based on the connection.

Optionally, the authority determination device further includes:

and the instruction sending module is used for sending the control instruction to the Internet of things equipment through the target application program so as to enable the Internet of things equipment to execute the operation corresponding to the control instruction.

In a specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as one or several entities, and the specific implementation method and corresponding beneficial effects of the above modules may refer to the foregoing method embodiments, which are not described herein again.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination apparatus, which is applied in an internet of things device, for example, as shown in fig. 6, the authority determination apparatus may include:

the fourth receiving module 601 is configured to receive a target digital certificate sent by the control device, where the target digital certificate is obtained after the certification authority authenticates the target server by using the certification private key.

The first verifying module 602 is configured to verify the target digital certificate by using a built-in authentication public key.

The third sending module 603 is configured to, when the verification passes, obtain content of the target digital certificate, and send first challenge information to the control device, so that the control device sends the first challenge information to the target server, where the first challenge information is used to instruct the target server to generate a first challenge value, and return the first challenge value to the control device.

A fifth receiving module 604, configured to receive the first challenge value sent by the control device.

A determining module 605, configured to determine, based on the first challenge value and the content of the target digital certificate, a control right of the target application on the control device to the internet of things device.

In specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and specific implementation manners and corresponding beneficial effects of the above modules may refer to the foregoing method embodiments, which are not described herein again.

In order to better implement the above method, an embodiment of the present invention further provides an authority determination device, which is applied in a target server, for example, as shown in fig. 7, the authority determination device may include:

the fourth sending module 701 is configured to send the target digital certificate to the control device, so that the control device sends the target digital certificate to the internet of things device, where the target digital certificate is used to instruct the internet of things device to perform verification, and when the verification passes, obtain the content of the target digital certificate, and return the first challenge information to the control device, where the target digital certificate includes a certificate obtained after an authentication mechanism authenticates a target server with an authentication private key.

A sixth receiving module 702, configured to receive the first challenge information sent by the control device.

A generating module 703 is configured to generate a first challenge value based on the first challenge information.

And the fifth sending module is used for sending the first challenge value to the control equipment so that the control equipment sends the first challenge value to the internet of things equipment, and the first challenge value and the content of the target digital certificate are used for the internet of things equipment to determine the control authority of the target application program on the control equipment to the internet of things equipment.

An embodiment of the present invention further provides a computer device, as shown in fig. 8, which shows a schematic structural diagram of a computer device according to an embodiment of the present invention, specifically:

the computer device may include components such as a processor 801 of one or more processing cores, memory 802 of one or more computer-readable storage media, a power supply 803, and an input unit 804. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 8 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components. Wherein:

the processor 801 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, and performs various functions of the computer device and processes data by running or executing computer programs and/or modules stored in the memory 802 and calling data stored in the memory 802, thereby monitoring the computer device as a whole. Alternatively, processor 801 may include one or more processing cores; preferably, the processor 801 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 801.

The memory 802 may be used to store computer programs and modules, and the processor 801 executes various functional applications and data processing by operating the computer programs and modules stored in the memory 802. The memory 802 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, a computer program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 802 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 802 may also include a memory controller to provide the processor 801 access to the memory 802.

The computer device further includes a power supply 803 for supplying power to the various components, and preferably, the power supply 803 is logically connected to the processor 801 via a power management system, so that functions such as managing charging, discharging, and power consumption are performed via the power management system. The power supply 803 may also include one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and any like components.

The computer device may further include an input unit 804, the input unit 804 being operable to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.

Although not shown, the computer device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 801 in the computer device loads an executable file corresponding to one or more processes of the computer program into the memory 802 according to the following instructions, and the processor 801 executes the computer program stored in the memory 802, thereby implementing various functions, such as:

sending the target digital certificate to the Internet of things equipment so that the Internet of things equipment verifies the target digital certificate by adopting a built-in authentication public key, and acquiring the content of the target digital certificate when the verification is passed;

sending the first challenge information to a target server so that the target server generates a first challenge value based on the first challenge information;

and receiving a first challenge value sent by the target server, and sending the first challenge value to the Internet of things equipment so as to determine the control authority of a target application program on the control equipment to the Internet of things equipment based on the first challenge value and the content of the target digital certificate.

The specific implementation of the above operations and the corresponding beneficial effects can be referred to the foregoing embodiments, and are not described herein again.

It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by a computer program, which may be stored in a computer-readable storage medium and loaded and executed by a processor, or by related hardware controlled by the computer program.

To this end, the embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, where the computer program can be loaded by a processor to execute the steps in any one of the permission determination methods provided by the embodiment of the present invention.

Wherein the computer-readable storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.

Since the computer program stored in the computer-readable storage medium can execute the steps in any permission determination method provided in the embodiment of the present invention, beneficial effects that can be achieved by any permission determination method provided in the embodiment of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.

According to an aspect of the application, there is provided, among other things, a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute the authority determination method.

The method, the apparatus, the computer device and the computer-readable storage medium for determining permission provided by the embodiments of the present invention are described in detail above, and a specific example is applied in the present disclosure to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. An authority determination method applied to a control device includes:

sending the target digital certificate to Internet of things equipment so that the Internet of things equipment verifies the target digital certificate by adopting a built-in authentication public key, and acquiring the content of the target digital certificate when the verification is passed;

sending the first challenge information to the target server to cause the target server to generate a first challenge value based on the first challenge information;

and receiving the first challenge value sent by the target server, and sending the first challenge value to the internet of things device so as to determine the control authority of a target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate.

2. The authority determination method according to claim 1, wherein the target digital certificate includes a first digital certificate, and the first digital certificate is a certificate obtained after a certification authority certifies a first public key of the target server by using a certification private key;

correspondingly, the sending the target digital certificate to the internet of things device so that the internet of things device verifies the target digital certificate by using a built-in authentication public key, and when the verification is passed, obtaining the content of the target digital certificate includes:

sending the first digital certificate to Internet of things equipment so that the Internet of things equipment verifies the first digital certificate by adopting a built-in authentication public key, and acquiring the first public key of the target server when the verification is passed;

the receiving of the first challenge information returned by the internet of things device after the target digital certificate is verified to pass includes:

receiving first challenge information returned by the Internet of things equipment after the first digital certificate is verified;

the sending the first challenge information to the target server to cause the target server to generate a first challenge value based on the first challenge information includes:

sending the first challenge information to the target server so that the target server signs the first challenge information by using a first private key of the target server to obtain a first challenge value;

the receiving the first challenge value sent by the target server and sending the first challenge value to the internet of things device so as to determine the control authority of a target application program on the control device on the internet of things device based on the first challenge value and the content of the target digital certificate, and the method comprises the following steps:

receiving the first challenge value sent by the target server, sending the first challenge value to the internet of things equipment, so that the internet of things equipment verifies the first challenge value by adopting the first public key, and marking the target application program as the application program with the control authority of the internet of things equipment when the verification is passed.

3. The permission determination method of claim 1, wherein the sending the target digital certificate to an internet of things device comprises:

sending a certificate acquisition request to the Internet of things equipment;

receiving a second digital certificate returned by the Internet of things equipment based on the certificate acquisition request, wherein the second digital certificate is obtained after the certification authority signs a second public key of the Internet of things equipment by using the certification private key;

receiving the second challenge value, and verifying the second challenge value according to the second public key;

4. The permission determination method of claim 1, wherein the sending the target digital certificate to an internet of things device comprises:

5. The permission determination method according to claim 2, wherein after the receiving the first challenge value sent by the target server and sending the first challenge value to the internet of things device, so that the internet of things device verifies the first challenge value by using the first public key, and when the verification passes, marking the target application as an application having a control permission for the internet of things device, the method further includes:

and sending a control instruction to the Internet of things equipment through the target application program so as to enable the Internet of things equipment to execute the operation corresponding to the control instruction.

6. An authority determination method applied to Internet of things equipment comprises the following steps:

when the verification is passed, obtaining the content of the target digital certificate, and returning first challenge information to the control device, so that the control device sends the first challenge information to the target server, wherein the first challenge information is used for indicating the target server to generate a first challenge value, and returning the first challenge value to the control device;

receiving the first challenge value sent by the control equipment;

determining control authority of a target application on the control device to the IOT device based on the first challenge value and the content of the target digital certificate.

7. An authority determination method applied to a target server includes:

receiving the first challenge information sent by the control equipment;

generating a first challenge value based on the first challenge information;

sending the first challenge value to the control device, so that the control device sends the first challenge value to the internet of things device, and the first challenge value and the content of the target digital certificate are used for the internet of things device to determine the control authority of a target application program on the control device on the internet of things device.

8. An authority determination device applied to a control apparatus, comprising:

the first receiving module is used for receiving a target digital certificate sent by a target server, wherein the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by adopting an authentication private key;

9. An authority determination device applied to Internet of things equipment comprises:

the first verification module is used for verifying the target digital certificate by adopting a built-in authentication public key;

a determining module, configured to determine, based on the first challenge value and the content of the target digital certificate, a control right of a target application on the control device to the internet of things device.

10. An authority determination device applied to a target server, comprising:

the fourth sending module is used for sending the target digital certificate to the control equipment so that the control equipment sends the target digital certificate to the Internet of things equipment, the target digital certificate is used for indicating the Internet of things equipment to check, when the check is passed, the content of the target digital certificate is obtained, first challenge information is returned to the control equipment, and the target digital certificate comprises a certificate obtained after an authentication mechanism authenticates the target server by using an authentication private key;

11. A computer device comprising a processor and a memory, the memory storing a computer program, the processor being configured to execute the computer program in the memory to perform the method of determining rights of any one of claims 1 to 5, the method of determining rights of claim 6 or the method of determining rights of claim 7.

12. A computer-readable storage medium, characterized in that it stores a computer program adapted to be loaded by a processor to execute the method of determining rights of any one of claims 1 to 5, the method of determining rights of claim 6 or the method of determining rights of claim 7.