CN115580444A - Control operation execution method and device, storage medium and electronic device - Google Patents

Control operation execution method and device, storage medium and electronic device Download PDF

Info

Publication number
CN115580444A
CN115580444A CN202211158203.4A CN202211158203A CN115580444A CN 115580444 A CN115580444 A CN 115580444A CN 202211158203 A CN202211158203 A CN 202211158203A CN 115580444 A CN115580444 A CN 115580444A
Authority
CN
China
Prior art keywords
gateway
message
client
encrypted
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211158203.4A
Other languages
Chinese (zh)
Inventor
周坤
丁宜辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Yilai Intelligent Technology Co Ltd
Original Assignee
Qingdao Yilai Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Yilai Intelligent Technology Co Ltd filed Critical Qingdao Yilai Intelligent Technology Co Ltd
Priority to CN202211158203.4A priority Critical patent/CN115580444A/en
Publication of CN115580444A publication Critical patent/CN115580444A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a control operation execution method and device, a storage medium and an electronic device, wherein the method comprises the following steps: receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; analyzing the message body to obtain the encrypted message; and decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.

Description

Control operation execution method and device, storage medium and electronic device
Technical Field
The present application relates to the field of communications, and in particular, to a method and an apparatus for executing a control operation, a storage medium, and an electronic apparatus.
Background
At present, in the field of smart homes, communication needs to be carried out between a client and equipment, and the traditional mode is communication through an internet cloud. The local area network communication has two obvious advantages, namely, the transmission of the message does not pass through the cloud, the message transmission speed and the success rate can be obviously improved, and therefore the user experience is improved. And secondly, the dependence on an external network is reduced, when the internet communication is abnormal, the basic control message can still be transmitted through the local area network, and the system can also run normally.
At present, authentication and communication encryption of local area network communication can be cracked by intercepting a large amount of message data, and for an intelligent home system, if an encryption protocol is cracked, the local area network system of each family can be influenced.
Aiming at the problems of low safety of local area network communication authentication and communication encryption modes and the like in the related technology, no effective solution is provided.
Disclosure of Invention
The embodiment of the application provides a control operation execution method and device, a storage medium and an electronic device, and aims to at least solve the problems that in the related art, the security of a local area network communication authentication and communication encryption mode is low and the like.
According to an embodiment of the present application, there is provided a method for controlling execution of an operation, including: receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; analyzing the message body to obtain the encrypted message; and decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
In one exemplary embodiment, decrypting the encrypted message in accordance with the first local token comprises: analyzing the message body to obtain a custom field carried in the message body and the encrypted message; determining whether the custom field is consistent with a preset field; and under the condition that the custom field is consistent with the preset field, decrypting the encrypted message according to the first local token.
In an exemplary embodiment, before receiving the message body sent by the client, the method further includes: under the condition of establishing communication connection with the client, sending a random number and an initialization variable to the client through the communication connection; receiving a first encrypted random number sent by the client, wherein the first encrypted random number is a random number obtained by encrypting the random number by the client according to the first local token and the initialization variable; determining whether the first encrypted random number is consistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable; and under the condition that the first encrypted random number is inconsistent with the second encrypted random number, disconnecting the communication connection between the client and the gateway.
In one exemplary embodiment, receiving a message body sent by a client includes: if the first encrypted random number is consistent with the second encrypted random number, maintaining the communication connection between the client and the gateway; and receiving the message body sent by the client based on the communication connection.
In an exemplary embodiment, before receiving the message body sent by the client, the method further includes: receiving a binding request sent by the client, wherein the binding request is used for requesting to establish a binding relationship between a target account and a gateway, and the target account is an account for logging in the client; and under the condition that the binding relationship between the target account and the gateway is successfully established, generating the first local token, and sending the first local token to the corresponding cloud server, so that the cloud server sends the first local token to the client.
In an exemplary embodiment, after the control operation corresponding to the control message is executed, the method further includes: receiving an operation instruction which is sent by a target object and used for initializing a gateway, and carrying out initialization operation according to the operation instruction; receiving the binding request sent by the client again; and under the condition that the binding relationship between the target account and the gateway is successfully established, generating a second local token, and sending the second local token to a corresponding cloud server, so that the cloud server sends the second local token to the client.
According to an embodiment of the present application, a method for sending a message is provided, which is applied to a client and includes: under the condition that a control message is determined to be sent to a gateway, a first local token generated by the gateway is obtained; encrypting the control message according to the first local token to obtain an encrypted message; sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
In one exemplary embodiment, before determining the first local token for the gateway, the method further comprises: under the condition of establishing communication connection with the gateway, receiving a random number and an initialization variable transmitted by the gateway through the communication connection; encrypting the random number according to the first local token and the initialization variable to obtain a first encrypted random number, and sending the first encrypted random number to the gateway, so that the communication connection between the client and the gateway is disconnected under the condition that the gateway determines that the first encrypted random number is inconsistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable.
In one exemplary embodiment, obtaining the first local token generated by the gateway includes: sending a binding request to the gateway, wherein the binding request is used for requesting to establish a binding relationship between a target account and the gateway, and the target account is an account for logging in the client; the method comprises the steps that under the condition that a binding relationship between a target account and a gateway is successfully established, an acquisition request is sent to a cloud server, wherein under the condition that the binding relationship between the target account and the gateway is successfully established, the gateway generates a first local token and sends the first local token to a corresponding cloud server; and receiving a first local token sent by the cloud server based on the acquisition request.
According to another embodiment of the present application, there is also provided an apparatus for controlling an operation, including: a receiving module, configured to receive a message body sent by a client, where the message body includes: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; the analysis module is used for analyzing the message body to obtain the encrypted message; and the execution module is used for decrypting the encrypted message according to the first local token to obtain the control message and executing the control operation corresponding to the control message.
According to another embodiment of the present application, there is also provided a message sending apparatus, including: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a first local token generated by a gateway under the condition of determining to send a control message to the gateway; the encryption module is used for encrypting the control message according to the first local token to obtain an encrypted message; a sending module, configured to send the message body carrying the encrypted message to the gateway, so that the gateway performs the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
According to yet another aspect of the embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to perform the above method when executed.
According to another aspect of the embodiments of the present application, there is also provided an electronic apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the method by the computer program.
In an embodiment of the present application, a message body sent by a client is received, where the message body includes: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; analyzing the message body to obtain the encrypted message; decrypting the encrypted message according to the first local token to obtain the control message, and executing a control operation corresponding to the control message; by adopting the technical scheme, the problems of low safety of authentication and communication encryption modes of local area network communication and the like are solved, and further the embodiment of the invention takes the local token as the secret key for authentication and communication encryption of the gateway and the client, the local token of each gateway is different, and the local token of the gateway is the token set by the gateway for the client, so that the communication safety can be improved, other systems are not influenced even if a single system is cracked, and the normal state can be recovered by reconnection.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware configuration of a computer terminal that controls an execution method of an operation according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of performing a control operation according to an embodiment of the present application;
fig. 3 is a flowchart of a method of transmitting a message according to an embodiment of the present application;
fig. 4 is a schematic diagram of a local token acquisition method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a method of performing a control operation according to an embodiment of the present application;
fig. 6 is a block diagram of an apparatus for controlling the execution of an operation according to an embodiment of the present application;
fig. 7 is a block diagram of a message sending apparatus according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The method provided by the embodiment of the application can be executed in a computer terminal or a similar operation device. Taking the example of the present invention running on a computer terminal, fig. 1 is a block diagram of a hardware structure of a computer terminal of an execution method of a control operation according to an embodiment of the present invention. As shown in fig. 1, the computer terminal may include one or more (only one shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and in an exemplary embodiment, may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the computer terminal. For example, the computer terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration with equivalent functionality to that shown in FIG. 1 or with more functionality than that shown in FIG. 1.
The memory 104 can be used for storing computer programs, for example, software programs and modules of application software, such as computer programs corresponding to the methods in the embodiments of the present application, and the processor 102 executes the computer programs stored in the memory 104 to thereby execute various functional applications and data processing, i.e., to implement the methods described above. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 can further include memory located remotely from the processor 102, which can be connected to a computer terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices via a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In this embodiment, a method for executing a control operation is provided, and is applied to a gateway, and fig. 2 is a flowchart of a method for executing a control operation according to an embodiment of the present application, where the flowchart includes the following steps:
step S202, receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
step S204, analyzing the message body to obtain the encrypted message;
and step S206, decrypting the encrypted message according to the first local token to obtain the control message, and executing a control operation corresponding to the control message.
Through the steps, a message body sent by a client is received, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; analyzing the message body to obtain the encrypted message; the encrypted message is decrypted according to the first local token to obtain the control message, and the control operation corresponding to the control message is executed, so that the problems that the safety of authentication of local area network communication and communication encryption modes is low and the like in the related technology are solved.
It should be noted that the number of the first local tokens may be one or more, and when the number of the first local tokens is multiple, the message body is analyzed to obtain a field carried in the message body and used for indicating a target local token; and determining the target local token according to the field, decrypting the encrypted message according to the target local token to obtain the control message, and executing the control operation corresponding to the control message.
Since the number of the first local tokens in this embodiment is multiple, even if a single local token is cracked, the single local token is not a token for encrypting a message with probability, and thus, the communication security can be improved.
In the embodiment of the present invention, the step S204 may be implemented in various ways, and in an alternative embodiment, the following ways may be implemented: analyzing the message body to acquire a custom field carried in the message body and the encrypted message; determining whether the custom field is consistent with a preset field; and under the condition that the custom field is consistent with a preset field, decrypting the encrypted message according to the first local token.
That is to say, the gateway only processes the message body with the same beginning as the preset field, so that, when the message body sent by the client is received, the message body is analyzed to obtain the custom field written by the message body, and when the custom field is the same as the preset field, the encrypted message is decrypted; and determining not to decrypt the encrypted message under the condition that the custom field is different from the preset field.
In an exemplary embodiment, before receiving the message body sent by the client, the method further includes: under the condition of establishing communication connection with the client, sending a random number and an initialization variable to the client through the communication connection; receiving a first encrypted random number sent by the client, wherein the first encrypted random number is a random number obtained by encrypting the random number by the client according to the first local token and the initialization variable; determining whether the first encrypted random number is consistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable; under the condition that the first encrypted random number is inconsistent with the second encrypted random number, disconnecting the communication connection between the client and the gateway; if the first encrypted random number is consistent with the second encrypted random number, maintaining the communication connection between the client and the gateway; and receiving the message body sent by the client based on the communication connection.
It can be understood that before receiving the message body sent by the client, the communication connection between the client and the gateway needs to be established, and therefore, in the process of establishing the communication connection between the client and the gateway, the gateway needs to verify the identity information of the client, specifically: the client establishes communication connection (for example, socket connection) with the gateway, and the client initiates a connection request to the gateway; after receiving a connection request of a client, the gateway returns a random number and an initialization variable to the client; the client encrypts a random number and sends the random number to the gateway by taking a local token and an initialization variable of the gateway as keys; after the gateway receives the encrypted message, the gateway encrypts the random number by using the same local token and initialization variable, and compares and identifies the random number encrypted by the gateway and the random number encrypted by the client; the gateway confirms the comparison result, and if the comparison result is inconsistent, the communication connection with the client is disconnected; if the two are consistent, the authentication is passed, and the message transmission is allowed.
In an exemplary embodiment, before receiving the message body sent by the client, the method further includes:
step 1: receiving a binding request sent by the client, wherein the binding request is used for requesting to establish a binding relationship between a target account and a gateway, and the target account is an account for logging in the client;
step 2: and under the condition that the binding relationship between the target account and the gateway is successfully established, generating the first local token, and sending the first local token to a corresponding cloud server, so that the cloud server sends the first local token to the client.
It can be understood that the client logs in the target account, binds the gateway to the target account, and generates a local token after the gateway is successfully connected; the cloud server establishes communication connection with the gateway, acquires a local token of the gateway and stores the local token in the cloud server; when the client needs to communicate with the gateway local area network, the client initiates a request to the cloud server to obtain the local token of the gateway. In this embodiment, only the client under the same account can obtain the local token of the gateway, so that the communication security can be improved.
In an exemplary embodiment, after the control operation corresponding to the control message is executed, the method further includes: receiving an operation instruction which is sent by a target object and used for initializing a gateway, and carrying out initialization operation according to the operation instruction; receiving the binding request sent by the client again; and under the condition that the binding relationship between the target account and the gateway is successfully established, generating a second local token, and sending the second local token to a corresponding cloud server, so that the cloud server sends the second local token to the client.
It should be noted that, when the gateway receives an initialized operation instruction, the gateway performs an initialization operation, and then the client binds the gateway to the target account again, and regenerates a second local token (different from the previous first local token) after the gateway is successfully connected; the cloud server establishes communication connection with the gateway, acquires a second local token of the gateway and stores the second local token in the cloud server; when the client needs to communicate with the gateway local area network, the client initiates a request to the cloud server to obtain the second local token of the gateway, and the local token is updated when the client reconnects, so that the communication safety can be improved.
In this embodiment, a message sending method is provided and applied to a client, and fig. 3 is a flowchart of a message sending method according to an embodiment of the present application, where the flowchart includes the following steps:
step S302, under the condition that control information is determined to be sent to a gateway, a first local token generated by the gateway is obtained;
step S304, encrypting the control message according to the first local token to obtain an encrypted message;
step S306, sending the message body carrying the encrypted message to the gateway, so that the gateway performs the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
Through the steps, under the condition that the control message is determined to be sent to the gateway, the first local token generated by the gateway is obtained; encrypting the control message according to the first local token to obtain an encrypted message; sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: the message body is analyzed to obtain the encrypted message, the encrypted message is decrypted according to the first local token to obtain the control message, and control operation corresponding to the control message is executed, so that the problems that authentication of local area network communication and safety of a communication encryption mode are low and the like in the related technology are solved.
In an exemplary embodiment, encrypting the control message according to the first local token to obtain an encrypted message includes: the client generates a first initialization vector; the client encrypts the message by using the first local token to obtain an encrypted message; the client combines the user-defined field, the message length, the first initialization vector and the encrypted message into a message body and sends the message body to the gateway.
In an exemplary embodiment, before determining the first local token of the gateway, the method further includes: under the condition of establishing communication connection with the gateway, receiving a random number and an initialization variable sent by the gateway through the communication connection; encrypting the random number according to the first local token and the initialization variable to obtain a first encrypted random number, and sending the first encrypted random number to the gateway, so that the communication connection between the client and the gateway is disconnected under the condition that the gateway determines that the first encrypted random number is inconsistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable.
It can be understood that before receiving the message body sent by the client, the communication connection between the client and the gateway needs to be established, and therefore, during the process of establishing the communication connection between the client and the gateway, the gateway needs to verify the identity information of the client, specifically: the method comprises the following steps that a client establishes communication connection (for example, socket connection) with a gateway, and the client initiates a connection request to the gateway; after receiving a connection request of a client, a gateway returns a random number and an initialization variable to the client; the client encrypts a random number and sends the random number to the gateway by taking a local token and an initialization variable of the gateway as keys; after the gateway receives the encrypted message, the gateway encrypts the random number by using the same local token and initialization variable, and compares and identifies the random number encrypted by the gateway and the random number encrypted by the client; the gateway confirms the comparison result, if not, the communication connection with the client is disconnected; if the two are consistent, the authentication is passed, and the message transmission is allowed.
In one exemplary embodiment, obtaining the first local token generated by the gateway includes: sending a binding request to the gateway, wherein the binding request is used for requesting to establish a binding relationship between a target account and the gateway, and the target account is an account for logging in the client; the method comprises the steps that under the condition that a binding relationship between a target account and a gateway is successfully established, an acquisition request is sent to a cloud server, wherein under the condition that the binding relationship between the target account and the gateway is successfully established, the gateway generates a first local token and sends the first local token to a corresponding cloud server; and receiving a first local token sent by the cloud server based on the acquisition request.
In order to better understand the process of the above method, the following describes the above implementation method flow with reference to an optional embodiment, but the implementation method flow is not limited to the technical solution of the embodiment of the present application.
In this embodiment, an execution method of a control operation is provided, and in a local token acquisition stage, fig. 4 is a schematic diagram of an acquisition method of a local token according to an embodiment of the present application, and as shown in fig. 4, the following steps are specifically provided:
step S401: a client logs in a system account (equivalent to the target account in the embodiment), connects a gateway to the system account, and generates a localtoken (equivalent to the local token in the embodiment) after the gateway is successfully connected;
step S402: the method comprises the steps that a cloud server is in communication connection with a gateway, and localtoken of the gateway is obtained and stored in the cloud server;
step S403: when the client needs to communicate with the gateway, the client initiates a request to the cloud server to obtain the localtoken of the gateway.
In this embodiment, an execution method of a control operation is provided, and in an identity authentication phase, fig. 5 is a schematic diagram of an execution method of a control operation according to an embodiment of the present application, as shown in fig. 5, the following steps are specifically provided:
step S501: the client establishes socket connection with the gateway and initiates a connection request;
step S502: after receiving the connection request of the client, the gateway returns random (equivalent to the random number in the above embodiment) and an initialization variable iv to the client;
step S503: the client encrypts the random by taking the gateway localtoken requested from the cloud as a key and sends the encrypted random to the gateway;
step S504: encrypting random according to the localtoken of the gateway under the condition that the gateway receives the encrypted message to obtain the localtoken encrypted by the gateway, and comparing and identifying the localtoken encrypted by the gateway and the localtoken encrypted by the client;
step S505: the gateway confirms the comparison result, if the comparison result is inconsistent, the socket connection with the client is disconnected;
step S506: the gateway confirms the comparison result, if the comparison result is consistent, the authentication is passed, and the message transmission is allowed;
step S507: and returning a response result.
In this embodiment, a method for executing a control operation is provided, where in an identity authentication phase and a message transmission phase, the method includes the following steps:
step S601: the client calculates the length of a message to be sent;
step S602: the client generates iv (initialization vector);
step S603: the client encrypts the message by using localtoken to obtain an encrypted message;
step S604: the client combines the user-defined field, the message length, iv and the encrypted message into a message body and sends the message body to the gateway;
step S605: the gateway receives the message body and analyzes the message body;
it should be noted that the gateway only processes the message body with the same beginning as the self-defined field;
step S606: the gateway obtains the message length, iv, the encrypted message according to the message body format;
step S607: the gateway decrypts the message by using localtoken;
step S608: the gateway executes the decrypted message content.
According to the embodiment of the application, the localtoken is used as a secret key for authentication communication encryption of the gateway and the client, the client can obtain the localtoken only under the same system account, each gateway of the localtoken is different, and the gateway can update the localtoken when the gateway is connected with the client again, so that the communication safety can be improved, other systems cannot be influenced even if a single system is cracked, and the normal state can be recovered after the reconnection.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method of the embodiments of the present application.
Fig. 6 is a block diagram of an apparatus for controlling the execution of an operation according to an embodiment of the present application; as shown in fig. 6, includes:
a receiving module 62, configured to receive a message body sent by a client, where the message body includes: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
a parsing module 64, configured to parse the message body to obtain the encrypted message;
and the execution module 66 is configured to decrypt the encrypted message according to the first local token to obtain the control message, and execute a control operation corresponding to the control message.
Through the above device, a message body sent by a client is received, wherein the message body includes: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client; analyzing the message body to obtain the encrypted message; the encrypted message is decrypted according to the first local token to obtain the control message, and the control operation corresponding to the control message is executed, so that the problems that the safety of authentication of local area network communication and communication encryption modes is low and the like in the related technology are solved.
In an exemplary embodiment, the parsing module 64 is configured to parse the message body to obtain the custom field and the encrypted message carried in the message body; determining whether the custom field is consistent with a preset field; and under the condition that the custom field is consistent with the preset field, decrypting the encrypted message according to the first local token.
In an exemplary embodiment, the execution module 66 is configured to, in a case that a communication connection is established with the client, send a random number and an initialization variable to the client through the communication connection; receiving a first encrypted random number sent by the client, wherein the first encrypted random number is a random number obtained by encrypting the random number by the client according to the first local token and the initialization variable; determining whether the first encrypted random number is consistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable; and under the condition that the first encrypted random number is inconsistent with the second encrypted random number, disconnecting the communication connection between the client and the gateway.
In an exemplary embodiment, the executing module 66 is configured to maintain the communication connection between the client and the gateway if the first encrypted random number is identical to the second encrypted random number; and receiving the message body sent by the client based on the communication connection.
In an exemplary embodiment, the receiving module 62 is further configured to receive a binding request sent by the client, where the binding request is used to request to establish a binding relationship between a target account and a gateway, where the target account is an account for logging in the client; and under the condition that the binding relationship between the target account and the gateway is successfully established, generating the first local token, and sending the first local token to the corresponding cloud server, so that the cloud server sends the first local token to the client.
In an exemplary embodiment, the receiving module 62 is further configured to receive an operation instruction sent by the target object and used for initializing the gateway, and perform an initialization operation according to the operation instruction; receiving a binding request sent by the client again; and under the condition that the binding relationship between the target account and the gateway is successfully established, generating a second local token, and sending the second local token to a corresponding cloud server, so that the cloud server sends the second local token to the client.
Fig. 7 is a block diagram of a message transmitting apparatus according to an embodiment of the present application; as shown in fig. 7, includes:
an obtaining module 72, configured to obtain a first local token generated by a gateway when it is determined that a control message is sent to the gateway;
an encryption module 74, configured to encrypt the control message according to the first local token to obtain an encrypted message;
a sending module 76, configured to send the message body carrying the encrypted message to the gateway, so that the gateway performs the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
By the device, under the condition that the control message is determined to be sent to the gateway, the first local token generated by the gateway is acquired; encrypting the control message according to the first local token to obtain an encrypted message; sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: the message body is analyzed to obtain the encrypted message, the encrypted message is decrypted according to the first local token to obtain the control message, and control operation corresponding to the control message is executed, so that the problems that authentication of local area network communication and safety of a communication encryption mode are low and the like in the related technology are solved.
In an exemplary embodiment, the obtaining module 72 is configured to, in a case that a communication connection is established with the gateway, receive, through the communication connection, a random number and an initialization variable sent by the gateway; encrypting the random number according to the first local token and the initialization variable to obtain a first encrypted random number, and sending the first encrypted random number to the gateway, so that the communication connection between the client and the gateway is disconnected under the condition that the gateway determines that the first encrypted random number is inconsistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable.
In an exemplary embodiment, the obtaining module 72 is configured to send a binding request to the gateway, where the binding request is used to request to establish a binding relationship between a target account and the gateway, where the target account is an account for logging in the client; the method comprises the steps that under the condition that a binding relationship between a target account and a gateway is successfully established, an acquisition request is sent to a cloud server, wherein under the condition that the binding relationship between the target account and the gateway is successfully established, the gateway generates a first local token and sends the first local token to a corresponding cloud server; and receiving a first local token sent by the cloud server based on the acquisition request.
Embodiments of the present application also provide a storage medium including a stored program, where the program performs any one of the methods described above when executed.
Alternatively, in this embodiment, the storage medium may be configured to store program codes for performing the following steps:
s11, receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
s12, analyzing the message body to obtain the encrypted message;
s13, the encrypted message is decrypted according to the first local token to obtain the control message, and the control operation corresponding to the control message is executed.
Alternatively, in this embodiment, the storage medium may be configured to store program codes for performing the following steps:
s21, under the condition that the control message is determined to be sent to the gateway, a first local token generated by the gateway is obtained;
s22, encrypting the control message according to the first local token to obtain an encrypted message;
s23, sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
Embodiments of the present application further provide an electronic device, comprising a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the method embodiments described above.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s11, receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
s12, analyzing the message body to obtain the encrypted message;
s13, the encrypted message is decrypted according to the first local token to obtain the control message, and the control operation corresponding to the control message is executed.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s21, under the condition that the control message is determined to be sent to the gateway, a first local token generated by the gateway is obtained;
s22, encrypting the control message according to the first local token to obtain an encrypted message;
s23, sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present application described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the principle of the present application shall be included in the protection scope of the present application.

Claims (13)

1. A method for controlling execution of an operation, applied to a gateway, includes:
receiving a message body sent by a client, wherein the message body comprises: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
analyzing the message body to obtain the encrypted message;
and decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
2. The method of claim 1, wherein decrypting the encrypted message based on the first local token comprises:
analyzing the message body to obtain a custom field carried in the message body and the encrypted message;
determining whether the custom field is consistent with a preset field;
and under the condition that the custom field is consistent with the preset field, decrypting the encrypted message according to the first local token.
3. The method for controlling the execution of operations according to claim 1, wherein before receiving the message body sent by the client, the method further comprises:
under the condition of establishing communication connection with the client, sending a random number and an initialization variable to the client through the communication connection;
receiving a first encrypted random number sent by the client, wherein the first encrypted random number is a random number obtained by encrypting the random number by the client according to the first local token and the initialization variable;
determining whether the first encrypted random number is consistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable;
and under the condition that the first encrypted random number is inconsistent with the second encrypted random number, disconnecting the communication connection between the client and the gateway.
4. The method for controlling the execution of the operation according to claim 3, wherein receiving the message body sent by the client comprises:
if the first encrypted random number is consistent with the second encrypted random number, maintaining the communication connection between the client and the gateway;
and receiving the message body sent by the client based on the communication connection.
5. The method for controlling execution of operations according to claim 1, wherein before receiving the message body sent by the client, the method further comprises:
receiving a binding request sent by the client, wherein the binding request is used for requesting to establish a binding relationship between a target account and a gateway, and the target account is an account for logging in the client;
and under the condition that the binding relationship between the target account and the gateway is successfully established, generating the first local token, and sending the first local token to a corresponding cloud server, so that the cloud server sends the first local token to the client.
6. The method for performing control operation according to claim 1, wherein after performing the control operation corresponding to the control message, the method further includes:
receiving an operation instruction which is sent by a target object and used for initializing a gateway, and carrying out initialization operation according to the operation instruction;
receiving the binding request sent by the client again;
and under the condition that the binding relationship between the target account and the gateway is successfully established, generating a second local token, and sending the second local token to a corresponding cloud server, so that the cloud server sends the second local token to the client.
7. A message sending method is applied to a client side and comprises the following steps:
under the condition that the control message is determined to be sent to the gateway, a first local token generated by the gateway is obtained;
encrypting the control message according to the first local token to obtain an encrypted message;
sending the message body carrying the encrypted message to the gateway, so that the gateway executes the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
8. The method of claim 7, wherein before determining the first local token of the gateway, the method further comprises:
under the condition of establishing communication connection with the gateway, receiving a random number and an initialization variable transmitted by the gateway through the communication connection;
encrypting the random number according to the first local token and the initialization variable to obtain a first encrypted random number, and sending the first encrypted random number to the gateway, so that the communication connection between the client and the gateway is disconnected under the condition that the gateway determines that the first encrypted random number is inconsistent with a second encrypted random number, wherein the second encrypted random number is a random number obtained by encrypting the random number by the gateway according to the first local token and the initialization variable.
9. The method according to claim 7, wherein obtaining the first local token generated by the gateway comprises:
sending a binding request to the gateway, wherein the binding request is used for requesting to establish a binding relationship between a target account and the gateway, and the target account is an account for logging in the client;
the method comprises the steps that under the condition that a binding relationship between a target account and a gateway is successfully established, an acquisition request is sent to a cloud server, wherein under the condition that the binding relationship between the target account and the gateway is successfully established, the gateway generates a first local token and sends the first local token to a corresponding cloud server;
and receiving a first local token sent by the cloud server based on the acquisition request.
10. An apparatus for controlling an operation, comprising:
a receiving module, configured to receive a message body sent by a client, where the message body includes: encrypting the message; the encrypted message is obtained by encrypting a control message by the client according to a first local token of the gateway, wherein the first local token is a token set by the gateway for the client;
the analysis module is used for analyzing the message body to obtain the encrypted message;
and the execution module is used for decrypting the encrypted message according to the first local token to obtain the control message and executing the control operation corresponding to the control message.
11. An apparatus for sending a message, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a first local token generated by a gateway under the condition of determining to send a control message to the gateway;
the encryption module is used for encrypting the control message according to the first local token to obtain an encrypted message;
a sending module, configured to send the message body carrying the encrypted message to the gateway, so that the gateway performs the following operations: and analyzing the message body to obtain the encrypted message, decrypting the encrypted message according to the first local token to obtain the control message, and executing the control operation corresponding to the control message.
12. A computer-readable storage medium, comprising a stored program, wherein the program is operable to perform the method of any one of claims 1 to 6 or 7 to 9.
13. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is arranged to execute the method of any one of claims 1 to 6 or 7 to 9 by means of the computer program.
CN202211158203.4A 2022-09-22 2022-09-22 Control operation execution method and device, storage medium and electronic device Pending CN115580444A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211158203.4A CN115580444A (en) 2022-09-22 2022-09-22 Control operation execution method and device, storage medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211158203.4A CN115580444A (en) 2022-09-22 2022-09-22 Control operation execution method and device, storage medium and electronic device

Publications (1)

Publication Number Publication Date
CN115580444A true CN115580444A (en) 2023-01-06

Family

ID=84581234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211158203.4A Pending CN115580444A (en) 2022-09-22 2022-09-22 Control operation execution method and device, storage medium and electronic device

Country Status (1)

Country Link
CN (1) CN115580444A (en)

Similar Documents

Publication Publication Date Title
EP2858393B1 (en) Subscription manager secure routing device switching method and device
CN110708164B (en) Control method and device for Internet of things equipment, storage medium and electronic device
US20200044867A1 (en) Collaborative operating system
CN113613227B (en) Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN112883388B (en) File encryption method and device, storage medium and electronic device
CN111614670A (en) Method and device for sending encrypted file and storage medium
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
CN109729000B (en) Instant messaging method and device
CN111787514B (en) Method and device for acquiring equipment control data, storage medium and electronic device
CN113433831A (en) Control method and module of intelligent household equipment and storage medium
CN112040484A (en) Password updating method and device, storage medium and electronic device
CN114499990A (en) Vehicle control method, device, equipment and storage medium
WO2021138217A1 (en) Method, chip, device and system for authenticating a set of at least two users
CN116830525A (en) Data transmission method, device, system, electronic equipment and readable medium
CN110602133B (en) Intelligent contract processing method, block chain management device and storage medium
CN112053477A (en) Control system, method and device of intelligent door lock and readable storage medium
Urien Cloud of secure elements perspectives for mobile and cloud applications security
CN110213346B (en) Encrypted information transmission method and device
CN110971426A (en) Method for constructing group session, client and storage medium
CN114338132B (en) Secret-free login method, client application, operator server and electronic equipment
CN110875902A (en) Communication method, device and system
CN115580444A (en) Control operation execution method and device, storage medium and electronic device
CN113452513B (en) Key distribution method, device and system
CN111404901A (en) Information verification method and device
CN114007214A (en) Client terminal equipment, network switching method thereof and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination