CN115734221B

CN115734221B - Internet of things equipment management method, equipment, mobile terminal, device and storage medium

Info

Publication number: CN115734221B
Application number: CN202211454396.8A
Authority: CN
Inventors: 孙吉平; 刘跃峰
Original assignee: Beijing Senseshield Technology Co Ltd
Current assignee: Beijing Senseshield Technology Co Ltd
Priority date: 2022-11-21
Filing date: 2022-11-21
Publication date: 2023-11-03
Anticipated expiration: 2042-11-21
Also published as: CN115734221A

Abstract

The invention provides an Internet of things device management method, internet of things device, mobile terminal, device and storage medium, wherein the method comprises the following steps: under the condition that network communication connection based on WiFi hot spot of the Internet of things equipment is established with the mobile terminal, a security authentication request sent by the mobile terminal is obtained, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal; forming a session key ciphertext based on a session key generated by the first public key encryption Internet of things equipment and sending the session key ciphertext to the mobile terminal; obtaining and decrypting a security authentication instruction encrypted by the mobile terminal based on the session key; under the condition that the security authentication instruction passes verification, entering a secure authentication state; receiving a management command processed by the session key and the first private key from the mobile terminal through network communication connection under the condition of being in a safe authentication state; and executing the management command processed based on the session key and the first public key to manage the Internet of things equipment.

Description

Internet of things equipment management method, equipment, mobile terminal, device and storage medium

Technical Field

The embodiment of the invention relates to the technical field of the Internet of things, in particular to an Internet of things equipment management method, equipment, a mobile terminal, a device and a storage medium.

Background

The intelligent device management mode of the traditional mode comprises the following steps: the mobile phone APP is connected to the device for management through Bluetooth. The touch screen or bluetooth approach requires higher demands on the device, is not suitable for some small devices, or increases the cost of the device additionally. The key-press mode is usually interacted with by a user through voice prompt, and is not intuitive and inconvenient to operate.

Disclosure of Invention

The invention provides an Internet of things equipment management method, equipment, a mobile terminal, a device and a storage medium, which are used for carrying out safety management on Internet of things equipment.

In order to solve the above technical problems, an embodiment of the present invention provides a method for managing devices of the internet of things, which is applied to the devices of the internet of things, and includes:

under the condition that network communication connection based on WiFi hot spot of the Internet of things equipment is established with a mobile terminal, a security authentication request sent by the mobile terminal is obtained, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

Encrypting a session key generated by the Internet of things equipment based on the first public key to form a session key ciphertext, and sending the session key ciphertext to the mobile terminal;

obtaining and decrypting a security authentication instruction encrypted by the mobile terminal based on the session key;

under the condition that the security authentication instruction passes verification, entering a secure authentication state;

receiving a management command processed by the session key and the first private key from the mobile terminal through the network communication connection under the condition of being in a secure authentication state;

and executing the management command processed based on the session key and the first public key to manage the Internet of things equipment.

As an alternative embodiment, the method further comprises:

verifying a first signature based on the first public key, the first signature being derived by the mobile terminal signing the security authentication instruction based on the first private key;

and verifying the security authentication instruction in the case that the first signature passes verification.

As an alternative embodiment, the security authentication instruction includes a management password,

the method further comprises the steps of:

and under the condition that the management password prestored in the Internet of things equipment is consistent with the management password in the security authentication instruction, determining that the security authentication instruction passes verification.

As an alternative embodiment, further comprising:

after verifying the security authentication instruction, generating a security authentication result;

encrypting the security authentication result based on the session key to obtain a security authentication result ciphertext;

and sending the security authentication result ciphertext to the mobile terminal, so that the mobile terminal determines whether the Internet of things equipment enters a secure authentication state or not based on the security authentication result ciphertext and the session key.

As an alternative embodiment, the management command processed through the session key and the first private key includes:

encrypting a management command ciphertext obtained by the management command based on the session key, and signing the management command based on the first private key to obtain a second signature;

executing the management command processed based on the session key and the first public key to manage the internet of things device, including:

decrypting the management command ciphertext based on the session key to obtain a management command;

verifying the second signature based on the first public key and the management command;

and executing the management command to manage the internet of things equipment under the condition that the second signature verification is passed.

As an alternative embodiment, further comprising:

under the condition that the Internet of things equipment enters a management mode, starting a WiFi hotspot of the Internet of things equipment;

under the condition that an access request for connecting the WiFi hotspot sent by the mobile terminal is received, a corresponding network protocol port is opened;

and after the mobile terminal is connected to the network protocol port, establishing network communication connection based on the WiFi hot spot with the mobile terminal.

The invention also provides a method for managing the equipment of the internet of things, which is applied to the mobile terminal and is characterized by comprising the following steps:

under the condition that network communication connection based on WiFi hot spots of the Internet of things equipment is established with the Internet of things equipment, a security authentication request is sent, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

decrypting a session key ciphertext sent by the internet of things device based on the first private key to obtain a session key, wherein the session key ciphertext is formed by the internet of things device based on the first public key to encrypt the session key;

encrypting a security authentication instruction based on the session key and sending the security authentication instruction to the Internet of things equipment;

And under the condition that the internet of things equipment is in a safe authentication state, sending a management command processed by the session key and the first private key to the internet of things equipment through the network communication connection, and enabling the internet of things equipment to execute the management command to manage the internet of things equipment, wherein the internet of things equipment enters the safe authentication state under the condition that the safety authentication command passes verification.

As an alternative embodiment, further comprising:

the security authentication instruction is signed based on the first private key to enable the internet of things device to verify the signature based on the first public key to determine whether the security authentication instruction verifies passing.

As an alternative embodiment, further comprising:

and decrypting a security instruction authentication result ciphertext sent by the internet of things device based on the session key, and determining whether the internet of things device is in a secure authentication state.

As an optional embodiment, the sending, to the internet of things device via the network communication connection, the management command processed by the session key and the first private key includes:

responding to user operation, and correspondingly generating the management command;

Encrypting the management command based on the session key, and signing the management command through the first private key;

and sending the encrypted and signed management command to the Internet of things equipment through the network communication connection.

As an alternative embodiment, further comprising:

obtaining an execution result of the management command encrypted by the Internet of things equipment through the session key, and decrypting the execution result;

and outputting the decrypted execution result.

As an alternative embodiment, further comprising:

responding to an input wifi hotspot selection instruction, and sending an access request for accessing the wifi hotspot to the internet of things equipment to request the internet of things equipment to open a corresponding network protocol port;

and establishing network communication connection based on the WiFi hot spot with the Internet of things equipment based on the network protocol port.

Another embodiment of the present invention also provides an internet of things device, including:

the mobile terminal comprises a first communication module, a second communication module and a third communication module, wherein the first communication module is used for establishing network communication connection with the mobile terminal based on a WiFi hot spot of the Internet of things equipment, obtaining a security authentication request sent by the mobile terminal, and the security authentication request comprises a first public key which corresponds to a first private key of the mobile terminal;

The first processor is used for encrypting the session key generated by the Internet of things equipment according to the first public key to form a session key ciphertext and controlling the first communication module to send the session key ciphertext to the mobile terminal;

and under the condition of being in a safe authentication state, controlling the first communication module to be in communication connection through the network, receiving a management command processed by the session key and the first private key from the mobile terminal, and executing the management command processed based on the session key and the first public key so as to manage the Internet of things equipment.

As an optional embodiment, the internet of things device does not have a bluetooth module and/or a touch screen.

Another embodiment of the present invention also provides a mobile terminal, including:

the second communication module is used for establishing network communication connection with the Internet of things equipment based on a WiFi hotspot of the Internet of things equipment, and sending a security authentication request, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

The second processor is used for decrypting a session key ciphertext sent by the internet of things device based on the first private key to obtain a session key, and the session key ciphertext is formed by the internet of things device based on the first public key to encrypt the session key;

encrypting a security authentication instruction based on the session key, and controlling the second communication module to send the security authentication instruction to the internet of things equipment;

and under the condition that the internet of things equipment is in a safe authentication state, controlling the second communication module to send a management command processed by the session key and the first private key to the internet of things equipment through the network communication connection, and enabling the internet of things equipment to execute the management command to manage the internet of things equipment, wherein the internet of things equipment enters the safe authentication state under the condition that the safe authentication command passes verification.

Another embodiment of the present invention further provides an apparatus for managing devices of the internet of things, which is applied to the devices of the internet of things, including:

the first obtaining module is used for obtaining a security authentication request sent by the mobile terminal under the condition that network communication connection based on a WiFi hotspot of the Internet of things device is established with the mobile terminal, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

The encryption module is used for encrypting the session key generated by the Internet of things equipment based on the first public key to form a session key ciphertext and sending the session key ciphertext to the mobile terminal;

the second obtaining module is used for obtaining and decrypting a security authentication instruction encrypted by the mobile terminal based on the session key;

the verification module is used for entering a safe authentication state under the condition that the safe authentication instruction passes verification;

a receiving module, configured to receive, from the mobile terminal, a management command processed by the session key and the first private key through the network communication connection in a secure authenticated state;

and the execution module is used for executing the management command processed based on the session key and the first public key so as to manage the Internet of things equipment.

Another embodiment of the present invention further provides an apparatus for managing devices of the internet of things, which is applied to a mobile terminal, including:

the mobile terminal comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending a security authentication request under the condition that network communication connection based on a WiFi hot spot of the Internet of things equipment is established with the Internet of things equipment, the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

The second sending module is used for decrypting a session key ciphertext sent by the internet of things device based on the first private key to obtain a session key, and the session key ciphertext is formed by the internet of things device based on the first public key to encrypt the session key;

the third sending module is used for encrypting the security authentication instruction based on the session key and sending the security authentication instruction to the Internet of things equipment;

and the fourth sending module is used for sending a management command processed by the session key and the first private key to the internet of things equipment through the network communication connection under the condition that the internet of things equipment is determined to be in a safe authentication state, so that the internet of things equipment executes the management command to manage the internet of things equipment, wherein the internet of things equipment enters the safe authentication state under the condition that the safety authentication command passes verification.

Based on the above embodiment, it can be known that the method and the device have the advantages that communication connection is established between the mobile terminal and the internet of things device based on wifi hot spots, safety interaction is performed based on the connection, data for realizing safety authentication such as key ciphertext are received and transmitted, safety authentication is further realized, and after the safety authentication is confirmed to pass, the mobile terminal can send an encrypted management command to the internet of things device, so that the internet of things device executes the management command, and safety management effect is realized. Through the method of the embodiment, the mobile terminal can realize the safe communication of the mobile terminal to the Internet of things equipment, can support the management of the Internet of things equipment, enrich the operation functions of the mobile terminal to the Internet of things equipment, improve the use convenience of the user to the Internet of things equipment and increase the use experience of the user.

Drawings

Fig. 1 is a flowchart of an internet of things device management method in an embodiment of the present invention.

Fig. 2 is a flowchart of an internet of things device management method according to another embodiment of the present invention.

Fig. 3 is a flowchart of an internet of things device management method according to another embodiment of the present invention.

Fig. 4 is a flowchart of an internet of things device management method according to another embodiment of the present invention.

Fig. 5 is an interaction diagram of an internet of things device management method in an embodiment of the present invention.

Fig. 6 is a structural block diagram of an internet of things device in an embodiment of the present invention.

Fig. 7 is a block diagram of a mobile terminal according to an embodiment of the present invention.

Fig. 8 is a block diagram of an apparatus for managing devices of the internet of things according to an embodiment of the present invention.

Fig. 9 is a block diagram of an apparatus for managing devices in the internet of things according to another embodiment of the present invention.

Detailed Description

Hereinafter, specific embodiments of the present invention will be described in detail with reference to the accompanying drawings, but not limiting the invention.

It should be understood that various modifications may be made to the embodiments of the invention herein. Therefore, the following description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of the invention will occur to persons of ordinary skill in the art.

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with a general description of the invention given above, and the detailed description of the embodiments given below, serve to explain the principles of the invention.

These and other characteristics of the invention will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.

It is also to be understood that, although the invention has been described with reference to some specific examples, a person skilled in the art will certainly be able to achieve many other equivalent forms of the invention, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.

The above and other aspects, features and advantages of the present invention will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.

Specific embodiments of the present invention will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the inventive embodiments are merely examples of the invention, which may be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the invention in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present invention in virtually any appropriately detailed structure.

The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.

At present, some intelligent devices can carry out network distribution operation on the intelligent devices through a WiFi hotspot connection mode of mobile phone APP. But this approach is only suitable for performing network distribution operations on intelligent devices, and is not suitable for performing other management operations. The main reasons for this are considered by analysis to be as follows: the simple network allocation operation does not need higher safety requirements, so the method for realizing the network allocation operation lacks a safety mechanism, and the management operation of the internet of things equipment possibly involves sensitive operation of the intelligent equipment and sensitive data in the intelligent equipment, and the method for realizing the network allocation operation can not meet the requirement of the management operation.

Therefore, the application provides a new scheme for executing management operation on the Internet of things equipment by adopting a WiFi direct connection mode. The scheme does not require the Internet of things equipment to have a touch or Bluetooth function, is beneficial to simplifying the Internet of things equipment and reduces equipment cost. Moreover, the scheme also ensures the safety and reliability of the management operation of the Internet of things equipment.

Hereinafter, embodiments of the present application will be described in detail with reference to the accompanying drawings.

As shown in fig. 1, an embodiment of the present application provides a method for managing devices of the internet of things, which is applied to the devices of the internet of things, and includes:

s101: under the condition that network communication connection based on WiFi hot spot of the Internet of things equipment is established with the mobile terminal, a security authentication request sent by the mobile terminal is obtained, wherein the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

s102: forming a session key ciphertext based on a session key generated by the first public key encryption Internet of things equipment and sending the session key ciphertext to the mobile terminal;

s103: obtaining and decrypting a security authentication instruction encrypted by the mobile terminal based on the session key;

s104: under the condition that the security authentication instruction passes verification, entering a secure authentication state;

s105: receiving a management command processed by the session key and the first private key from the mobile terminal through network communication connection under the condition of being in a safe authentication state;

s106: and executing the management command processed based on the session key and the first public key to manage the Internet of things equipment.

The mobile terminal in the embodiment can realize the safe interaction with the internet of things equipment based on an application program. The application program at least comprises a management function UI which is interacted with a user, and a communication protocol for connecting intelligent equipment (such as internet of things equipment) and instructions for realizing different functions, including management commands, are stored. The management command may include, but is not limited to, a command word and related parameters of the management command. Based on the UI, a management command about the internet of things device may be correspondingly generated in response to a user instruction or a pre-configuration instruction, etc., for performing a management operation on the internet of things device.

Whereas an internet of things device may illustratively include a main function module (software providing the main functions of the smart device), a management module (software providing management functions), a WiFi module (software providing WiFi hotspot functions, networking functions). In addition, the internet of things device may further comprise an additional MCU. If there is an additional MCU, the WiFi module and MCU can be directly connected through UART, I2C, SPI or other interfaces, and the WiFi module can also comprise a command forwarding module for forwarding the received management command sent by the mobile terminal to the management module and forwarding the data fed back by the management module to the mobile terminal. The main function module and the management module may be included in the WiFi module or the MCU.

When a user wants to manage the internet of things device based on the mobile terminal, the internet of things device first needs to establish network communication connection with the mobile terminal based on a WiFi hotspot of the internet of things device. In the case of establishing the connection, a security authentication request sent by the mobile terminal for performing security authentication is obtained. The security authentication request comprises a first public key, and can also comprise a command word of the security authentication request, and the mobile terminal is provided with a corresponding first private key. The internet of things device may then generate a corresponding session key for the secure authentication request, such as randomly generating a session key based on the management module, etc. After the session key is obtained, the internet of things device encrypts the session key based on the first public key to form a session key ciphertext, and sends the session key ciphertext to the mobile terminal. After obtaining the session key ciphertext, the mobile terminal decrypts the session key ciphertext based on the first private key to obtain the session key, encrypts a security authentication instruction based on the session key, and sends the security authentication instruction to the Internet of things equipment. After receiving the encrypted security authentication instruction, the internet of things equipment decrypts the security authentication instruction based on the session key to obtain the security authentication instruction, performs security authentication on the security authentication instruction, and enters a secure authentication state if the authentication is passed. In this state, the internet of things device can obtain the management command processed by the session key and the first private key from the mobile terminal through the network communication connection based on the WiFi hotspot. At the moment, the Internet of things equipment can obtain the management command only by correspondingly processing the management command based on the session key and the first public key, and execute the management command.

It should be noted that, if the management module is located in the MCU, the data, such as the security authentication command ciphertext, the security authentication request, etc., cannot be directly sent to the management module based on the communication connection, but needs to be sent to the command forwarding module (the module may be located in the WiFi module) first, and then forwarded to the management module by the command forwarding module, and when the management module feeds back the data to the mobile terminal, the data needs to be forwarded by the command forwarding module. If the management module is not arranged in the MCU, but is arranged in the WiFi module, the interactive data, the command and the like do not need to be forwarded by the command forwarding module, and the data transmission can be directly realized based on the established communication connection.

Based on the above embodiment, it can be known that the beneficial effects that the embodiment has include through establishing communication connection based on wifi hotspot between mobile terminal and thing networking equipment, carry out safe interaction based on this connection, including receiving and dispatching secret key ciphertext etc. are used for realizing the data of safety authentication, and then realize safety authentication, and after confirming safety authentication and passing, mobile terminal alright send the management command after encrypting to thing networking equipment, make thing networking equipment execute management command, realize safety management effect. Through the method of the embodiment, the mobile terminal can realize the safe communication of the mobile terminal to the Internet of things equipment, can support the management of the Internet of things equipment, enrich the operation functions of the mobile terminal to the Internet of things equipment, improve the use convenience of the user to the Internet of things equipment and increase the use experience of the user. In addition, even if the Internet of things equipment does not have a touch or Bluetooth function, the scheme can be adopted for management, so that the structure of the Internet of things equipment is simplified, and the equipment cost is reduced.

Optionally, as shown in fig. 2, in this embodiment, when the management device of the internet of things establishes a network communication connection with the mobile terminal, the method includes:

s107: under the condition that the Internet of things equipment enters a management mode, starting a WiFi hot spot of the Internet of things equipment;

s108: under the condition that an access request for connecting a WiFi hotspot sent by a mobile terminal is received, a corresponding network protocol port is opened;

s109: after the mobile terminal is connected to the network protocol port, a network communication connection based on the WiFi hot spot is established with the mobile terminal.

For example, the internet of things device in this embodiment has a management mode, and a user can make the internet of things device enter the management mode by operating a mechanical key on the internet of things device, and in this mode, the device can automatically start a wifi hotspot of the internet of things device based on the wifi module. At this time, the user can operate the mobile terminal, and select the wifi hotspot to be connected, so that the wifi hotspot sends an access request to the internet of things equipment. Under the condition that the internet of things equipment receives an access request which is sent by the mobile terminal and is used for requesting to connect with the WiFi hotspot, a corresponding network protocol port is opened, for example, based on a management module, a connection service is provided for the mobile terminal through a TCP and other protocols, and the mobile terminal establishes network communication connection with the internet of things equipment based on the TCP and other network protocols, so that communication is realized with the management module of the internet of things equipment.

Optionally, the method in this embodiment further includes:

s110: verifying a first signature based on a first public key, the first signature being obtained by the mobile terminal signing the security authentication instruction based on a first private key;

s111: in the case that the first signature passes verification, the security authentication instruction is verified.

For example, to enhance communication security, the mobile terminal in this embodiment encrypts the generated security authentication instruction based on the session key and signs it based on the first private key. The encrypted and signed security authentication instruction is sent to the internet of things device, and the internet of things device can be decrypted by the management module based on the session key, and after the first signature is verified based on the first public key, if the signature verification is passed, the security authentication instruction is further verified.

It should be noted that, the present application is not limited to the sequence of signing and encrypting the security authentication instruction, and the sequence of verifying the signature and decrypting the security authentication instruction, as long as the implementation sequence of the signature and the encryption is realized correspondingly. For example, if the mobile terminal encrypts and signs before, the internet of things device may decrypt the signature before, and if the mobile terminal encrypts and signs before, the internet of things device may decrypt the signature before.

Optionally, the security authentication instruction in this embodiment includes a management password, where the management password may be negotiated in advance by the mobile terminal or a user of the mobile terminal and the internet of things device. The mobile terminal may obtain the management password input by the user, add the management password to the security authentication instruction, encrypt the security authentication instruction with the session key, and send the security authentication instruction to the internet of things device.

The method in this embodiment further includes:

s112: and under the condition that the management password prestored in the Internet of things equipment is consistent with the management password in the security authentication instruction, determining that the security authentication instruction passes verification.

That is, in the embodiment, when performing security authentication, the internet of things device checks a pre-stored management password, for example, a management password pre-stored in the management module, with a management password in the security authentication instruction obtained by decryption, if the management password is consistent with the management password, the security authentication instruction is determined to pass, and if the management password is inconsistent with the management password, the security authentication instruction is determined not to pass.

Optionally, the method in this embodiment further includes:

s113: after verifying the security authentication instruction, generating a security authentication result;

S114: and sending the security authentication result ciphertext to the mobile terminal, so that the mobile terminal determines whether the Internet of things equipment enters a secure authentication state or not based on the security authentication result ciphertext and the session key.

For example, after verifying the security authentication instruction, the internet of things device correspondingly generates a security authentication result based on the verification result, then encrypts the security authentication result based on the session key to obtain a security authentication result ciphertext, and sends the security authentication result ciphertext to the mobile terminal. The mobile terminal decrypts the security authentication result ciphertext based on the session key to obtain a security authentication result, and knows whether the Internet of things equipment is in a security authenticated state or not based on the security authentication result, namely whether the current mobile terminal has a right to send a management command to the Internet of things equipment so as to manage the Internet of things equipment. As described above, the above steps may be implemented by the management module in the internet of things device, when forwarding the security authentication result ciphertext, if the management module is located in the MCU, the ciphertext is sent to the command forwarding module in the WiFi module, and the ciphertext is sent to the mobile terminal through the communication connection by the module, and if the MCU is not set in the internet of things device, the management module in the WiFi module may directly send the ciphertext to the mobile terminal based on the communication connection.

Optionally, the management command processed by the session key and the first private key in this embodiment includes: and encrypting the management command ciphertext obtained by the management command based on the session key, and signing the management command based on the first private key to obtain a second signature.

If the management command is encrypted through the session key to obtain a management command ciphertext, and the management command or the management command ciphertext is signed based on the first private key to obtain a second signature of the management command, the management command can be better protected from being intercepted and decoded and tampered by adopting the mode.

When executing a management command processed based on the session key and the first public key to manage the internet of things device, the method comprises the following steps:

s115: decrypting the management command ciphertext based on the session key to obtain a management command;

s116: verifying the second signature based on the first public key and the management command;

s117: and executing the management command to manage the Internet of things device under the condition that the second signature verification is passed.

Because the management command ciphertext in the embodiment carries the second signature, when the management command ciphertext is processed by the internet of things device, the management command ciphertext can be decrypted by combining the session key based on the contract, if the management command is obtained, the carried second signature is verified based on the first public key, and if the verification is passed, the corresponding instruction content can be determined from the management command, and the response instruction is correctly responded.

It should be noted that, the sequence of signing and encrypting and the sequence of checking and decrypting of the management command can be correspondingly adjusted, so long as the relative sequences of the signing and encrypting and the sequence of checking and decrypting can be realized.

As shown in fig. 3, another embodiment of the present application provides a method for managing devices of the internet of things, which is applied to a mobile terminal, and includes:

s201: under the condition that network communication connection based on WiFi hot spot of the Internet of things equipment is established with the Internet of things equipment, a security authentication request is sent, the security authentication request comprises a first public key, and the first public key corresponds to a first private key of the mobile terminal;

s202: decrypting a session key ciphertext sent by the internet of things device based on the first private key to obtain a session key, wherein the session key ciphertext is formed by the internet of things device by encrypting the session key based on the first public key;

s203: encrypting the security authentication instruction based on the session key and sending the security authentication instruction to the Internet of things equipment;

s204: under the condition that the internet of things equipment is in the safe authentication state, sending a management command processed by the session key and the first private key to the internet of things equipment through network communication connection, and enabling the internet of things equipment to execute the management command to manage the internet of things equipment, wherein the internet of things equipment enters the safe authentication state under the condition that the safety authentication command passes verification.

The mobile terminal in this embodiment may implement secure interaction with the internet of things device based on an application program such as a mobile phone, where the application program at least includes a management function UI for interaction with a user, and stores a communication protocol for connecting to an intelligent device, such as the internet of things device, and instructions for implementing different functions, including a management command, where the management command may include, but is not limited to, a command word and related parameters of the management command. Based on the UI, a management command about the internet of things device may be correspondingly generated in response to a user instruction or a pre-configuration instruction, etc., for performing a management operation on the internet of things device.

When a user wants to manage the internet of things equipment based on the mobile terminal, network communication connection is established between the user and the internet of things equipment and between the user and the internet of things equipment, and under the condition of establishing the connection, a security authentication request for performing security authentication is sent to the internet of things equipment, wherein the security authentication request comprises a first public key and a command word of the security authentication request, and the mobile terminal is provided with a corresponding first private key. And then, the internet of things equipment generates a session key, such as a session key generated randomly based on a management module of the internet of things equipment, encrypts the session key based on the first public key after obtaining the session key to form a session key ciphertext, and sends the session key ciphertext to the mobile terminal. The mobile terminal obtains the session key ciphertext, decrypts the session key ciphertext, encrypts the security authentication instruction based on the session key, and sends the security authentication instruction to the Internet of things equipment. After receiving the encrypted security authentication command, the internet of things device decrypts the encrypted security authentication command to obtain the security authentication command, performs security authentication on the security authentication command, sends an authentication result to the mobile terminal, informs the mobile terminal whether the current internet of things device passes the authentication on the mobile terminal, and enters a secure authentication state. If the internet of things equipment is determined to be in the state based on the authentication result, the mobile terminal can send the management command processed by the session key and the first private key to the internet of things equipment through network communication connection, and at the moment, the internet of things equipment can obtain the management command only by processing the management command based on the session key and the first public key after receiving the command, and the management command is executed, so that the management of the mobile terminal to the internet of things equipment is realized.

Based on the scheme of the embodiment, the method and the device have the advantages that communication connection is established between the mobile terminal and the Internet of things device based on wifi hot spots, safety interaction is performed based on the connection, data for realizing safety authentication such as secret key ciphertext are received and transmitted, safety authentication is further realized, after the fact that the safety authentication is passed is confirmed, the mobile terminal can send an encrypted management command to the Internet of things device, the Internet of things device executes the management command, and safety management effect is realized. Through the method of the embodiment, the mobile terminal can realize the safe communication of the mobile terminal to the Internet of things equipment, can support the management of the Internet of things equipment, enrich the operation functions of the mobile terminal to the Internet of things equipment, improve the use convenience of the user to the Internet of things equipment and increase the use experience of the user.

Optionally, as shown in fig. 4, when the mobile terminal in this embodiment establishes a communication connection with the internet of things device, the method includes:

s205: responding to an input wifi hotspot selection instruction, and sending an access request for accessing the wifi hotspot to the internet of things equipment to request the internet of things equipment to open a corresponding network protocol port;

s206: and establishing a network communication connection based on the WiFi hot spot with the Internet of things equipment based on the network protocol port.

For example, in the internet of things equipment entering management mode, wifi hotspots of the internet of things equipment can be automatically started based on the wifi module. At this time, the user can operate the mobile terminal, select the WiFi hotspot to be connected, the mobile terminal can respond to the selection instruction after obtaining the selection instruction, a WiFi hotspot access request is sent to the internet of things device, when the internet of things device receives the access request sent by the mobile terminal and requesting to connect the WiFi hotspot, a corresponding network protocol port is opened, for example, based on a management module in the internet of things device, a connection service is provided for the mobile terminal through a protocol such as a TCP, the mobile terminal establishes network communication connection with the internet of things device based on a network protocol such as the TCP, and further communication is achieved with the management module of the internet of things device.

Optionally, when the mobile terminal sends the security authentication instruction to the internet of things device, in order to better ensure security, the method in this embodiment further includes:

s207: the security authentication instruction is signed based on the first private key to enable the internet of things device to verify the signature based on the first public key to determine whether the security authentication instruction is verified.

For example, in order to enhance communication security, the mobile terminal encrypts the generated security authentication instruction based on the session key and signs the security authentication instruction based on the first private key, and then sends the encrypted and signed security authentication instruction to the internet of things device, so that the internet of things device can decrypt the encrypted security authentication instruction based on the session key and verify the first signature based on the first public key, and if the signature visa passes, the security authentication instruction original text can be obtained and the security authentication instruction can be further verified.

Optionally, the method in this embodiment further includes:

s208: and decrypting the security instruction authentication result ciphertext sent by the internet of things device based on the session key, and determining whether the internet of things device is in a secure authentication state.

After authenticating the security authentication instruction, the internet of things equipment correspondingly generates a security instruction authentication result, encrypts the security instruction authentication result or simultaneously signs the security instruction authentication result and then sends the security instruction authentication result to the mobile terminal, the mobile terminal receives the security instruction authentication result ciphertext, decrypts the security instruction authentication result ciphertext to obtain a security authentication result, and determines whether the internet of things equipment is in a security authentication state or not based on the security authentication result.

Optionally, sending the management command processed by the session key and the first private key to the internet of things device through the network communication connection includes:

s210: responding to user operation, and correspondingly generating a management command;

s211: encrypting the management command based on the session key, and signing the management command through the first private key;

s212: and sending the encrypted and signed management command to the Internet of things equipment through network communication connection.

For example, when a user wants to manage the internet of things device, the mobile terminal can be operated according to requirements so as to correspondingly generate a management command, and the specific content of the management command is not unique and can be specifically determined according to actual situations. After the management command is generated, the management command is encrypted based on the session key, the management command is signed based on the first private key, and then the signed and encrypted management command is sent to the Internet of things device through network communication connection so as to manage the Internet of things device.

Optionally, the method in this embodiment further includes:

s213: obtaining an execution result of the management command encrypted by the Internet of things equipment through the session key, and decrypting the execution result;

s214: and outputting the decrypted execution result.

For example, after the management module of the internet of things device executes the operation specified in the management command, an execution result is obtained. And then encrypting the execution result based on the session key to obtain an execution result ciphertext, and feeding the execution result ciphertext back to the mobile terminal, so that the mobile terminal decrypts the execution result ciphertext based on the session key to obtain the execution result, and outputs the execution result to a user for viewing, so that the user can learn about the management result of the Internet of things equipment.

As shown in fig. 5, in order to more specifically explain the above-mentioned method for managing devices of the internet of things applied to the internet of things device and the mobile terminal according to the present application, the following description is made with reference to specific interaction examples:

for example, the internet of things device is an intelligent door lock, which is formed by combining a mechanical part and an electronic part, and the method in the embodiment mainly relates to a main control MCU and a WiFi module in the electronic part. The main control MCU is connected with the WiFi through a UART serial port. The management function inside the Internet of things equipment is realized by software in the MCU, the management service is realized by a WiFi module, and the WiFi module provides service for the mobile phone APP through a TCP protocol. Further, a management key can be arranged on the intelligent door lock, if the intelligent door lock is a physical key, the main control MCU receives the IO interrupt signal after being pressed down, enters a management mode, and sends a signal to the WiFi module through UART connection, so that the WiFi module opens a hot spot for the mobile terminal to access. The specific process steps can be as follows:

The user presses the management key, the door LOCK enters a management mode, a WiFi hotspot is started, and the name is LOCK_XXXX, wherein XXXX is the number of the door LOCK and is used for distinguishing different door LOCKs.

Step 2, the user operates on the mobile phone APP and connects to a hotspot named lock_xxxx.

Step 3, the WiFi module of the door lock starts the management service, and opens the 20000 port of the TCP protocol.

Step 4 the handset APP is also connected to the 20000 port of the management service of the door lock based on the TCP protocol.

Step 5, the mobile phone APP sends a security authentication request to the management service through TCP connection: 01|pub, where: 01 is a command word, which represents a security authentication request; pub is the public key of the mobile phone APP, and the algorithm is ECC.

The management service sends the security authentication request 01|pub to the management module in the MCU through the command forwarding module, and if the intelligent door lock does not have the MCU, the management service directly sends the security authentication request to the management module based on the WiFi module.

The management module temporarily stores the public key Pub of the mobile phone APP in the memory.

The management module randomly generates a session key K and temporarily stores the session key K in a memory, and the algorithm is AES (advanced encryption Standard).

The management module encrypts the session key K by using the public key Pub to obtain a ciphertext Enc (K) of the session key, and returns the Enc (K) to the management service through the command forwarding module. Similarly, if the door lock has no MCU, the management module directly returns Enc (K) to the management service, namely returns to the WiFi module.

The management service returns Enc (K) to the handset APP via a TCP connection.

Step 11, the mobile phone APP decrypts Enc (K) to obtain K by using the locally stored private key Pri, and temporarily stores K in the memory.

Step 12, the mobile phone APP generates a security authentication command: 02|PWD, wherein: 02 is a command word, which represents a security authentication command; the PWD is a management password.

Step 13, the mobile phone APP encrypts the security authentication command 02|pwd with the key K to obtain Enc (02|pwd), and signs the security authentication command 02|pwd with the private key Pri of the mobile phone APP to obtain Sig (02|pwd).

Step 14, the mobile APP sends Enc (02|pwd) |sig (02|pwd) to the management service via a TCP connection.

The management service sends Enc (02|pwd) |sig (02|pwd) to the management module via the command forwarding module (step 15).

The management module decrypts Enc (02|pwd) using key K, verifies Sig (02|pwd) using Pub.

The management module compares the PWD with the management password pwd_s pre-stored in the management module [ step 17 ]. If the two are different, the security authentication fails, and a failure result 01 is returned; if the result is the same, the safe authentication state is entered, and a success result 00 is returned.

The management module encrypts the security authentication command result R (00 or 01) using the key K to obtain Enc (R), and returns to the management service through the command forwarding module (step 18). If the door lock has no MCU, the management module directly returns Enc (R) to the management service, namely returns to the WiFi module.

The management service returns Enc (R) to the handset APP via a TCP connection.

Step 20, the mobile phone APP decrypts Enc (R) by using K, and if r=01, ends the management flow; if r=00, execution continues.

Step 21, according to the operation of the user, the mobile phone APP generates a corresponding management command: cmd|para, wherein: CMD is the command word of the management command, PARA is the parameter related to the management command, and different commands can require different parameters. For example, cmd=03 indicates that the management password is modified, the parameter is a new management password, for example 1234, and the generated command is: 031234, etc.

Step 22, the mobile phone APP encrypts cmd|para with the key K to obtain Enc (cmd|para), and signs cmd|para with the private key Pri to obtain Sig (cmd|para).

Step 23, the mobile phone APP sends Enc (cmd|para) |sig (cmd|para) to the management service via the TCP connection.

The management module decrypts Enc (cmd|para) using key K, verifies Sig (cmd|para) using Pub.

The management module performs CMD-specified operations, and obtains the execution result R.

The management module encrypts R using the key K to obtain Enc (R) and returns to the management service via the command forwarding module (step 27). If the door lock has no MCU, the management module directly sends Enc (R) to the management service of the WiFi module.

The management service returns Enc (R) to the handset APP via a TCP connection (step 28).

Step 29, the mobile phone APP decrypts Enc (R) by using K to obtain R, and displays the execution result for the user.

Step (30) repeats steps 21 to 29 until management is ended.

As shown in fig. 6, another embodiment of the present invention further provides an internet of things device, including:

the first processor is used for encrypting the session key generated by the Internet of things equipment according to the first public key to form a session key ciphertext and controlling the first communication module to send the session key ciphertext to the mobile terminal; obtaining and decrypting a security authentication instruction encrypted by the mobile terminal based on the session key; under the condition that the security authentication instruction passes verification, entering a secure authentication state; and under the condition of being in a safe authentication state, controlling the first communication module to be in communication connection through the network, receiving a management command processed by the session key and the first private key from the mobile terminal, and executing the management command processed based on the session key and the first public key so as to manage the Internet of things equipment.

Optionally, the internet of things device in this embodiment does not have a bluetooth module and/or a touch screen, and has a WiFi module supporting wireless communication and a physical key for inputting instructions.

As an alternative embodiment, the first processor is further configured to:

the first processor is further configured to:

As an alternative embodiment, the first processor is further configured to:

the first communication module is further configured to: and sending the security authentication result ciphertext to the mobile terminal, so that the mobile terminal determines whether the Internet of things equipment enters a secure authentication state or not based on the security authentication result ciphertext and the session key.

the first processor is further configured to:

As an alternative embodiment, the first communication module is further configured to:

In practical applications, the function of the first communication module may be implemented by a WiFi module, and part or all of the function of the first processor may be implemented by a WiFi module or a master MCU.

As shown in fig. 7, another embodiment of the present invention further provides a mobile terminal, including:

the second processor is used for decrypting a session key ciphertext sent by the internet of things device based on the first private key to obtain a session key, and the session key ciphertext is formed by the internet of things device based on the first public key to encrypt the session key; encrypting a security authentication instruction based on the session key, and controlling the second communication module to send the security authentication instruction to the internet of things equipment; and under the condition that the internet of things equipment is in a safe authentication state, controlling the second communication module to send a management command processed by the session key and the first private key to the internet of things equipment through the network communication connection, and enabling the internet of things equipment to execute the management command to manage the internet of things equipment, wherein the internet of things equipment enters the safe authentication state under the condition that the safe authentication command passes verification.

As an alternative embodiment, the second processor is further configured to:

signing the security authentication instruction based on the first private key to obtain a first signature;

and sending the first signature to the internet of things device so that the internet of things device can verify the first signature based on the first public key.

As an alternative embodiment, the second processor is further configured to:

and decrypting a security authentication result ciphertext sent by the internet of things device based on the session key, and determining whether the internet of things device is in a secure authentication state.

As an alternative embodiment, the second processor is further configured to:

and controlling the second communication module to send the encrypted and signed management command to the Internet of things equipment through the network communication connection.

As an alternative embodiment, the second processor is further configured to:

And indicating to output the decrypted execution result.

As an alternative embodiment, the second processor is further configured to:

responding to an input wifi hotspot selection instruction, controlling the second communication module to send an access request for accessing the wifi hotspot to the internet of things equipment so as to request the internet of things equipment to open a corresponding network protocol port;

As shown in fig. 8, another embodiment of the present invention further provides an apparatus for managing devices of the internet of things, which is applied to the devices of the internet of things, and includes:

As an alternative embodiment, the verification module is further configured to:

the verification module is further configured to:

As an alternative embodiment, further comprising:

The generation module is used for generating a security authentication result after verifying the security authentication instruction;

the third obtaining module is used for encrypting the security authentication result based on the session key to obtain a security authentication result ciphertext;

and the sending module is used for sending the security authentication result ciphertext to the mobile terminal so that the mobile terminal can determine whether the Internet of things equipment enters a secure authentication state or not based on the security authentication result ciphertext and the session key.

As an alternative embodiment, further comprising:

the starting module is used for starting the WiFi hot spot of the Internet of things equipment under the condition that the Internet of things equipment enters a management mode;

the opening module is used for opening a corresponding network protocol port under the condition that an access request for connecting the WiFi hotspot sent by the mobile terminal is received;

and the establishing module is used for establishing network communication connection based on the WiFi hot spot with the mobile terminal after the mobile terminal is connected to the network protocol port.

As shown in fig. 9, another embodiment of the present invention further provides an apparatus for managing devices of the internet of things, which is applied to a mobile terminal, and includes:

As an alternative embodiment, further comprising:

the first obtaining module is used for signing the security authentication instruction based on the first private key to obtain a first signature;

and the verification module is used for sending the first signature to the internet of things equipment so that the internet of things equipment can verify the first signature based on the first public key.

As an alternative embodiment, further comprising:

and the decryption module is used for decrypting the security authentication result ciphertext sent by the internet of things device based on the session key and determining whether the internet of things device is in a secure authentication state.

the response module is used for responding to the user operation and correspondingly generating the management command;

the signing module is used for encrypting the management command based on the session key and signing the management command through the first private key;

and the fifth sending module is used for sending the encrypted and signed management command to the Internet of things equipment through the network communication connection.

As an alternative embodiment, further comprising:

the second obtaining module is used for obtaining an execution result of the management command encrypted by the internet of things equipment through the session key and decrypting the execution result;

and outputting the decrypted execution result.

As an alternative embodiment, the second processor is further configured to:

a sixth sending module, configured to respond to an input wifi hotspot selection instruction, and send an access request for accessing the wifi hotspot to the internet of things device, so as to request the internet of things device to open a corresponding network protocol port;

and the establishing module is used for establishing network communication connection based on the WiFi hot spot with the Internet of things equipment based on the network protocol port.

An embodiment of the present application also provides a storage medium having stored thereon a computer program which, when executed by a processor, implements the method for managing devices of the internet of things as described above. It should be understood that each solution in this embodiment has a corresponding technical effect in the foregoing method embodiment, which is not described herein.

Embodiments of the present application also provide a computer program product tangibly stored on a computer-readable medium and comprising computer-readable instructions that, when executed, cause at least one processor to perform an internet of things device management method such as in the embodiments described above.

It should be understood that each solution in this embodiment has a corresponding technical effect in the foregoing method embodiment, which is not described herein.

The computer storage medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage media element, a magnetic storage media element, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, antenna, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

It should be understood that although the present application has been described in terms of various embodiments, not every embodiment is provided with a single embodiment, and the description is provided for clarity only, and those skilled in the art will recognize that the embodiments may be suitably combined to form other embodiments as would be understood by those skilled in the art.

The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements of this application will occur to those skilled in the art, and are intended to be within the spirit and scope of the application.

Claims

1. The method for managing the equipment of the Internet of things is applied to the equipment of the Internet of things and is characterized by comprising the following steps:

2. The method according to claim 1, wherein the method further comprises:

3. The method of claim 1, wherein the security authentication instruction comprises a management password,

the method further comprises the steps of:

4. The method as recited in claim 1, further comprising:

5. The method of claim 1, wherein the management command processed via the session key and the first private key comprises:

6. The method as recited in claim 1, further comprising:

7. The method for managing the equipment of the Internet of things is applied to a mobile terminal and is characterized by comprising the following steps of:

8. The method as recited in claim 7, further comprising:

9. The method as recited in claim 7, further comprising:

10. The method of claim 7, wherein the sending the management command processed by the session key and the first private key to the internet of things device over the network communication connection comprises:

11. The method as recited in claim 7, further comprising:

and outputting the decrypted execution result.

12. The method as recited in claim 7, further comprising:

13. An internet of things device, comprising:

14. The internet of things device of claim 13, wherein the internet of things device does not have a bluetooth module and/or a touch screen.

15. A mobile terminal, comprising:

16. The utility model provides an thing networking equipment management device is applied to thing networking equipment, its characterized in that includes:

17. The utility model provides an thing networking equipment management device, is applied to mobile terminal, which is characterized in that includes:

18. A computer-readable storage medium, characterized in that a computer program is stored, which when executed by a processor implements the internet of things device management method according to any one of claims 1-12.