CN116150729A

CN116150729A - Service processing method, device, equipment, storage medium and computer program product

Info

Publication number: CN116150729A
Application number: CN202111391503.2A
Authority: CN
Inventors: 艾虎; 胡文斌; 万小平; 邹晓东; 姜卫平; 赵迪; 刘文基; 宋博
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-11-22
Filing date: 2021-11-22
Publication date: 2023-05-23

Abstract

The application provides a business processing method, a device, equipment, a storage medium and a computer program product, which can be applied to various fields or scenes such as cloud technology, artificial intelligence, blockchain, internet of vehicles, intelligent traffic, intelligent home and the like, and the method comprises the following steps: receiving a service request sent by Internet of things equipment, wherein the service request carries an identity bill of the Internet of things equipment; the identity bill is distributed to the internet of things equipment when the internet of things equipment is activated; authenticating the Internet of things equipment according to the identity bill; and if the authentication is passed, executing the service logic corresponding to the service request. According to the embodiment of the application, the internet of things equipment can be authenticated efficiently and reliably, and the security of service processing is improved.

Description

Service processing method, device, equipment, storage medium and computer program product

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to the field of internet of things, and more particularly, to a service processing method, a service processing apparatus, a computer device, a computer readable storage medium, and a computer program product.

Background

The internet of things is a network connected with extended things on the basis of the internet, and a large number of internet of things devices are connected with a server along with the development of internet of things technology so as to realize business processing. In order to ensure that data of the internet of things are not damaged, changed and leaked due to malicious reasons, it is necessary to prevent illegal internet of things equipment from being accessed, and how to ensure the security of service processing, so that the improvement of the network security of the internet of things is a problem to be solved urgently.

Disclosure of Invention

The embodiment of the application provides a service processing method, a device, equipment, a storage medium and a computer program product, which can be used for authenticating the equipment of the Internet of things efficiently and reliably and improving the security of service processing.

In one aspect, an embodiment of the present application provides a service processing method, where the method includes:

receiving a service request sent by the Internet of things equipment, wherein the service request carries an identity bill of the Internet of things equipment; the identity bill is distributed to the internet of things equipment when the internet of things equipment is activated;

authenticating the Internet of things equipment according to the identity bill;

and if the authentication is passed, executing the service logic corresponding to the service request.

Acquiring an identity bill of the Internet of things equipment, wherein the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated;

generating a service request, wherein the service request carries an identity bill of the Internet of things equipment; the method comprises the steps of,

and sending a service request to the server, wherein the service request is used for triggering the server to authenticate the Internet of things equipment according to the identity bill, and executing service logic corresponding to the service request after the authentication is passed.

In one aspect, an embodiment of the present application provides a service processing apparatus, including:

the receiving unit is used for receiving a service request sent by the Internet of things equipment, wherein the service request carries an identity bill of the Internet of things equipment; the identity bill is distributed to the internet of things equipment when the internet of things equipment is activated;

the processing unit is used for authenticating the Internet of things equipment according to the identity bill;

the processing unit is further configured to execute service logic corresponding to the service request if the authentication passes.

In one embodiment, the receiving unit is specifically configured to: and receiving an activation request aiming at the Internet of things equipment, wherein the activation request carries the identification of the Internet of things equipment and requests to activate the account of a user of the Internet of things equipment.

In one embodiment, the processing unit is specifically configured to: authenticating the activation authority of the user according to the account of the user; if the authentication is successful, binding the identification of the Internet of things equipment with the account of the user, and activating the Internet of things equipment; and distributing the identity bill for the Internet of things equipment, and sending the identity bill to the Internet of things equipment.

In one embodiment, the processing unit is specifically configured to: acquiring an account of a legal owner of the Internet of things equipment according to the identification of the Internet of things equipment; if the account of the user is matched with the account of the legal owner, the authentication success is determined, and the authentication success is used for indicating that the user has the activation authority for the Internet of things equipment.

In one embodiment, the activation request is sent by an internet of things device; the method comprises the steps that an activated graphic code is arranged in the Internet of things equipment, and when a user uses a target terminal to execute scanning operation on the activated graphic code, the Internet of things equipment obtains an account of the user from the target terminal based on the scanning operation; alternatively, the activation request is sent by the target terminal; and the internet of things equipment is provided with an activated graphic code, and when the target terminal performs scanning operation on the activated graphic code, the target terminal obtains the identification of the internet of things equipment based on the scanning operation.

In one embodiment, the activation request is sent by an application in the target terminal; an activated graphic code is arranged in the Internet of things equipment; when the target terminal executes scanning operation on the activated graphic code, jumping to an application program in the target terminal, displaying an activated application page in the application program, and filling the activated application page with an identifier of the Internet of things equipment and an account of a user based on the scanning operation; and if the activation confirmation operation exists in the activation application page, triggering the application program to send an activation request.

In one embodiment, the service processing apparatus further includes an acquisition unit configured to: the method comprises the steps of obtaining scene attributes of the Internet of things equipment, wherein the scene attributes are used for indicating scene types which are allowed to be used by the Internet of things equipment, and the scene types comprise safe scene types or unsafe scene types.

In one embodiment, the processing unit is specifically configured to: and if the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a security scene type, encrypting the identity bill by adopting the secret key, and sending the encrypted identity bill to the Internet of things equipment.

In one embodiment, the key comprises any one of the following: the method comprises the steps of obtaining a device private key of the Internet of things device, a negotiation key and a derivative key obtained by deriving the device private key based on the Internet of things device; the device private key of the Internet of things device is encrypted and stored in a read-protection space of the Internet of things device through an encryption factor; the encryption factor is stored in the read-protected space.

In one embodiment, the processing unit is further configured to: the bill state of the identity bill is managed, and the bill state comprises an effective state or an ineffective state.

In one embodiment, the processing unit is specifically configured to: monitoring use information of the Internet of things equipment; if the use information indicates that the Internet of things equipment has use risk, setting the bill state of the identity bill to be an invalid state; wherein the usage information includes at least one of: use environment information, user information; the risk of use includes at least one of: the usage environment information indicates that the internet of things device is in an untrusted environment, and the user information indicates that the user is an illegal user.

In one embodiment, the processing unit is specifically configured to: and if the use risk is eliminated within the preset time, changing the identity bill from the invalid state to the valid state.

In one embodiment, the processing unit is specifically configured to: and if the duration of the identity bill in the invalid state exceeds the threshold value, performing inactivation treatment on the Internet of things equipment.

In one embodiment, the processing unit is specifically configured to: if the duration time of the identity bill is in the range of the validity period, setting the bill state of the identity bill as the valid state; and if the duration time of the identity bill exceeds the range of the validity period, setting the bill state of the identity bill as an invalid state.

In one embodiment, the processing unit is specifically configured to: checking whether the identity bill has an association relationship with the Internet of things equipment or not; if the identity bill is provided, the bill state of the identity bill is identified; if the bill state of the identity bill is the valid state, the authentication is passed.

the system comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is used for acquiring an identity bill of the Internet of things equipment, and the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated;

the processing unit is used for generating a service request, wherein the service request carries an identity bill of the Internet of things equipment;

the sending unit is used for sending a service request to the server, the service request is used for triggering the server to authenticate the internet of things equipment according to the identity bill, and service logic corresponding to the service request is executed after the authentication is passed.

In one embodiment, the processing unit is specifically configured to: after receiving the identity bill distributed by the server, encrypting the identity bill by adopting an encryption factor, and storing the encrypted identity bill in a read-protection space.

In one aspect, an embodiment of the present application provides a computer device, where the computer device includes a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, and the memory stores a computer program, and the processor is configured to invoke the computer program to execute a service processing method in any of the possible implementation manners.

In one aspect, embodiments of the present application provide a computer readable storage medium storing a computer program that is executed by a processor to perform a service processing method according to any one of the possible implementations described above.

In one aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the business processing method of any of the possible implementations described above.

In the embodiment of the application, the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated, and the mechanism can ensure that only the Internet of things equipment which is activated according to the requirement can obtain the identity bill to become legal Internet of things equipment, so that illegal equipment is prevented from being connected into the Internet of things; in addition, when the internet of things equipment initiates a service request, the internet of things equipment needs to carry an identity bill of the internet of things equipment, and the identity bill can be used for verifying the legal identity of the internet of things equipment; the server authenticates the Internet of things equipment according to the identity bill carried in the service request, and after the authentication is passed, service logic corresponding to the service request is executed; in the scheme, authentication can be efficiently and reliably realized based on the identity bill, and only legal internet of things equipment passing the authentication can trigger the execution process of service logic, so that the security of service processing in the internet of things can be ensured.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic diagram of a network architecture of an internet of things according to an embodiment of the present application;

fig. 2 is a schematic flow chart of a service processing method provided in an embodiment of the present application;

fig. 3 is a second flow chart of a service processing method according to an embodiment of the present application;

fig. 4 is a flowchart of a service processing method according to an embodiment of the present application;

fig. 5 is a schematic flow chart of a bill issuing method according to an embodiment of the present application;

fig. 6 is a second flow chart of a bill issuing method according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a service processing device according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a service processing device according to the embodiment of the present application;

fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

Description of terms related to embodiments of the present application:

1. the Internet of things:

the internet of things (The Internet of Things, IOT) refers to collecting any object or process needing to be monitored, connected and interacted in real time through various devices and technologies such as various information sensors, radio frequency identification technologies, global positioning systems, infrared sensors and laser scanners, collecting various needed information such as sound, light, heat, electricity, mechanics, chemistry, biology and positions, and realizing ubiquitous connection of the object and people through various possible network access, thereby realizing intelligent sensing, identification and management of the object and the process. The internet of things is an information carrier based on the internet, a traditional telecommunication network and the like, and enables all common physical objects which can be independently addressed to form an interconnection network.

2. Internet of things equipment

The internet of things device is a nonstandard computing device that is wirelessly connectable to a network and has the capability to transmit data. The internet of things device can be used for collecting information and uploading the collected information to the internet of things. The internet of things device may include sensors such as: the environmental temperature sensor, the environmental humidity sensor, the air concentration sensor, and the like may also include a terminal device, for example, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a vehicle-mounted terminal, and the like, but are not limited thereto.

3. Identity bill

The identity bill (Ticket) is a technical implementation way for realizing SSO (Single Sign-on), can be a character string or a number string formed by one or more of numbers, characters and symbols, can decode the cross-domain login and the like, and has the characteristics of high safety and good stability. The identity bill in the embodiment of the application is used as the identity of the internet of things equipment, uniquely corresponds to the internet of things equipment and is used for verifying the legal identity of the internet of things equipment.

4. Cloud technology

Cloud Technology (Cloud Technology) is a generic term of network Technology, information Technology, integration Technology, management platform Technology, application Technology and the like based on Cloud computing business model application, and can form a resource pool, so that the Cloud computing business model application system is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical networking systems require a large amount of computing, storage resources, such as video websites, picture-like websites, and more portals. Along with the high development and application of the internet industry, each article possibly has an own identification mark in the future, the identification mark needs to be transmitted to a background system for logic processing, data with different levels can be processed separately, and various industry data needs strong system rear shield support and can be realized only through cloud computing.

5. Cloud internet of things

The Cloud IOT aims to connect information perceived by sensing equipment in the traditional IOT and accepted instructions into the Internet, networking is truly realized, mass data storage and operation are realized through a Cloud computing technology, the current running state of each object is perceived in real time due to the fact that the object is connected with the Internet, a large amount of data information can be generated in the process, how to collect the information, how to screen useful information in the mass information and make decision support for subsequent development, and the Cloud IOT based on the Cloud computing and Cloud storage technology becomes a key problem affecting the development of the IOT.

6. Artificial intelligence

Artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use the knowledge to obtain optimal results. In other words, artificial intelligence is an integrated technology of computer science that attempts to understand the essence of intelligence and to produce a new intelligent machine that can react in a similar way to human intelligence. Artificial intelligence, i.e. research on design principles and implementation methods of various intelligent machines, enables the machines to have functions of sensing, reasoning and decision.

7. Block chain

Blockchains are novel application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.

There are a large number of internet of things equipment in the internet of things, and in order to ensure the network security of the internet of things, the internet of things equipment needs to be managed. The embodiment of the application firstly provides a management scheme as follows:

(1) after the internet of things equipment is purchased, the purchaser needs to submit data to conduct internet of things background audit, and the submitted data can comprise identification of the purchased internet of things equipment, information of a user applying for using the purchased internet of things equipment, business scenes of the purchased internet of things equipment applying for use and the like.

(2) And after the background audit is passed, the keys required by the applied business scene are canned in the internet of things equipment in advance based on the data. Canning may also be referred to as injection, where it refers to writing a key into the internet of things device in advance. The canned keys are also different for different traffic scenarios, for example: different keys need to be filled in a payment scene and a balance inquiry scene; the canned secret keys are different for different types of Internet of things equipment; for example: the internet of things device such as the intelligent watch is different from the key filled by the internet of things device such as the intelligent sweeping robot.

(3) The canned internet of things device may be posted to the purchaser. Before the Internet of things equipment is used, the Internet of things equipment also needs to be activated, and the information of the user passing the audit needs to be bound with the Internet of things equipment in the activation process; after the activation is successful, in the use process, the internet of things device initiates a service request by using a pre-canned secret key according to a service scene, for example: using a key corresponding to the payment scene in a service request initiated in the payment scene; and using the key corresponding to the balance inquiry scene in the balance inquiry scene. The server authenticates the internet of things equipment based on the key, wherein the authentication comprises judging whether the requested service belongs to a service scene applied in advance, judging whether the used key corresponds to the service scene, judging whether the key is a key canned in the internet of things equipment in advance, and the like, and responding to the service request after the authentication is passed only when the requested service belongs to the service scene applied in advance and the used key corresponds to the service scene, and the key is the key canned in the internet of things equipment in advance.

(4) If the user wants to change the service scene, the Internet of things equipment needs to be sent back to the manufacturer, and the manufacturer destroys the original secret key and then refills the secret key.

In the implementation process of the scheme, the management process of the Internet of things equipment is found to require more human participation, the efficiency is lower, in addition, the service scene and the secret key are high in coupling degree, the communication protocol and the updating program are too complex, the management and distribution difficulty of the secret key is increased, the authentication flow is relatively complex, and the authentication efficiency and the passing rate are lower; canning generally requires the internet of things device to use a secure CPU to store the key, which results in a higher cost for the internet of things device.

Then, the embodiment of the application is improved and practiced, and another management scheme is provided, wherein the management of the internet of things equipment is realized by adopting the identity bill, and the management scheme is specifically expressed as a service processing scheme and comprises the following steps: when the internet of things equipment is activated, an identity bill is distributed to the internet of things equipment, so that the mechanism can ensure that only the internet of things equipment which is activated according to the requirement can obtain the identity bill to become legal internet of things equipment, and illegal equipment is prevented from being connected into the internet of things; in addition, when the internet of things equipment initiates a service request, the internet of things equipment needs to carry an identity bill of the internet of things equipment, and the identity bill can be used for verifying the legal identity of the internet of things equipment; the server authenticates the Internet of things equipment according to the identity bill carried in the service request, and after the authentication is passed, service logic corresponding to the service request is executed; in the scheme, the identity bill is adopted to replace the pre-canned secret key to realize the management of the Internet of things equipment, so that service scenes do not need to be applied in advance, secret keys corresponding to the service scenes do not need to be canned in advance, the management flow is simplified, and the management process is more flexible; authentication can be efficiently and reliably realized based on the identity bill, and only legal internet of things equipment passing the authentication can trigger the execution process of service logic, so that the security of service processing in the internet of things can be ensured. Through the improved service processing scheme, decoupling of service scenes and keys can be achieved, meanwhile, various service scenes can be matched through the identity notes, the service scenes can not be distinguished, the complexity of a communication protocol can be greatly reduced, the authentication flow is simplified, the authentication efficiency and the passing rate are improved, in addition, distribution of the identity notes can be automatically achieved without human intervention, and management difficulty and distribution difficulty are reduced.

The business processing scheme provided by the embodiment of the application can be applied to various fields or scenes such as cloud technology, artificial intelligence, blockchain, internet of vehicles, intelligent traffic, intelligent home and the like. In one embodiment, the business processing scheme may be applied in Cloud technology (Cloud technology) scenarios. The business processing scheme can be specifically realized by applying a cloud Internet of things technology related to a cloud technology scene; for example: in the service processing scheme of the embodiment of the application, information related to the service collected by the internet of things device can be stored in the cloud server, or the cloud server is used for issuing an identity bill for the internet of things device, or the cloud server is used for processing the service of the internet of things device, and the like.

In another implementation, the service processing scheme provided by the embodiments of the present application may be applied to an artificial intelligence (Artificial Intelligence, AI) scenario. The business processing scheme can be realized by one or more of distributed storage and big data processing technologies in an artificial intelligence basic technology related to an artificial intelligence scene; for example: in the service processing scheme of the embodiment of the application, the identity notes of each piece of internet of things equipment can be stored in a distributed storage mode.

In yet another implementation, the service processing scheme provided in the embodiments of the present application may be applied to a blockchain scenario, for example: in the service processing scheme of the embodiment of the application, the data required for executing the service processing scheme can be stored in the form of blocks on a block chain; data (e.g., identity tickets, keys, etc.) generated by executing the business process scheme may be stored in blocks on the blockchain; in addition, the computer device executing the traffic handling scheme may be a node device in a blockchain network.

The service processing scheme (i.e., the improved management scheme) according to the embodiment of the present application will be described in detail below.

Please refer to fig. 1, which is a schematic diagram of a network architecture of the internet of things according to an embodiment of the present application; the network architecture shown in fig. 1 can be used to implement the service processing method proposed in the embodiment of the present application. As shown in fig. 1, the network architecture includes: a server 10 and a plurality of internet of things devices 11 (3 are shown as an example).

The server 10 may be a server with a data processing function, may be an independent physical server, may be a server cluster or a distributed system formed by a plurality of physical servers, and may be a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms. The internet of things device 11 may be a sensor having a data processing function, for example: an ambient temperature sensor, an ambient humidity sensor, an air concentration sensor, etc., or may be an intelligent terminal having a data processing function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, an intelligent voice interaction device, an intelligent home appliance, a vehicle-mounted terminal, a collection device, a smart bracelet, an intelligent door lock, etc. The internet of things device 11 and the server 10 shown in fig. 1 are connected through a network, and the number of the internet of things devices 11 can be tens or hundreds or more, and the number and the device type of the internet of things terminal devices are not limited in the application.

The network architecture shown in fig. 1 may implement the service processing method provided in the embodiment of the present application, where an implementation flow of the method approximately includes:

(1) when the server 10 activates the internet of things device 11, an identity ticket can be allocated to the internet of things device 11, and the identity ticket is sent to the internet of things device 11.

(2) When the internet of things device 11 has a service requirement, a service request can be generated and sent to the server 10, and the service request carries an identity bill which is distributed to the internet of things device 11 by the server 10 in advance.

(3) The server 10 authenticates the internet of things device 11 according to the identity ticket, and executes service logic corresponding to the service request after the authentication is passed.

In the method, the identity bill distributed by the server uniquely corresponds to the Internet of things equipment, the identity bill is used for carrying out identity verification on the Internet of things equipment during authentication, and whether the Internet of things equipment is legal or not can be detected based on the identity bill, so that the authentication can be efficiently and reliably realized, the security of service processing in the Internet of things is ensured, illegal equipment is prevented from being accessed in the Internet of things, meanwhile, compared with the authentication mode of filling a secret key, the complexity of a communication protocol can be greatly reduced, the authentication flow is simplified, the authentication efficiency and the passing rate are improved, and the network security of the Internet of things is effectively ensured.

It may be understood that the network architecture schematic described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and does not constitute a limitation on the technical solution provided in the embodiments of the present application, and those skilled in the art can know that, with evolution of the network architecture and occurrence of new service scenarios, the technical solution provided in the embodiments of the present application is equally applicable to similar technical problems.

The service processing method provided by the embodiment of the application is briefly described above, and a specific implementation manner of the service processing method is described in detail below.

Referring to fig. 2, fig. 2 is a schematic flow chart of a service processing method according to an embodiment of the present application. The service processing method may be performed by a computer device, which may be the server 10 in fig. 1. The method comprises the following steps S201-S203:

s201, receiving a service request sent by the Internet of things equipment, wherein the service request carries an identity bill of the Internet of things equipment; the identity ticket is assigned to the internet of things device when the internet of things device is activated.

The internet of things equipment is sensing equipment in the internet of things, and can collect information (such as various needed information of sound, light, heat, electricity, mechanics, chemistry, biology, position and the like) of the environment where the user is located, for example: the internet of things device may be a collection device that collects a paycode collection, or an intelligent door lock that is unlocked using a fingerprint, or the like. The service request is used to request the server to perform service processing, for example: transfer processing of electronic money, viewing processing of balance, and the like.

The internet of things equipment needs to be activated before being used, and the server can distribute the identity bill for the internet of things equipment when the internet of things equipment is activated. The identity ticket may include one or more of information of a user, device information of the internet of things device. The user refers to a user who requests to use the internet of things equipment; the information of the user can comprise a mobile phone number, an account number and the like of the user; the device information of the internet of things device may include a device serial number (a serial number uniquely corresponding to the internet of things device), a device model number, a device name, and the like of the internet of things device. Because the identity bill corresponding to each internet of things device is unique, the activated internet of things device can carry the identity bill when generating a service request to be used for proving the legal identity of the internet of things device.

In a possible implementation manner, the server may further allocate service rights to the internet of things device, where the service rights are used to represent functions or service capabilities that the internet of things device has; when the service rights are allocated, the service rights can be directly opened according to the basic service rights, or can be opened based on the service rights selected by the user, for example: the internet of things equipment for collecting money directly opens basic service rights, wherein the basic service rights can comprise collection rights, balance viewing rights and the like; if the user selects to open the historical order service authority, the historical order inquiry authority, the historical order summarizing authority, the historical order analysis authority and the like can be opened for the internet of things equipment for collecting money. In this embodiment, when an identity ticket is allocated to the internet of things device, the identity ticket may further include a permission identifier of a service permission allocated to the internet of things device, for example: the authority identification of the service authority can be combined with the mobile phone number of the user to generate an identity bill and then issued to the Internet of things equipment.

S202, authenticating the Internet of things equipment according to the identity bill.

The authentication is to check whether the Internet of things equipment is legal equipment in the Internet of things or not aiming at the Internet of things equipment initiating the service request and check whether the Internet of things equipment has the authority of the service request or not. If the authentication of the internet of things device is passed, the internet of things device is a legal access internet of things device, the internet of things device has service request authority and needs to respond to the service request initiated by the internet of things device, and then S203 can be executed. Otherwise, if the authentication of the internet of things equipment is not passed, the internet of things equipment is illegally accessed to the internet of things equipment, or the internet of things equipment does not have the service request authority, the service request initiated by the internet of things equipment can be discarded and not responded; or may perform some management measures on the internet of things device, such as: the Internet of things equipment is shielded, and any service request of the Internet of things equipment is not received any more; or, sending a risk prompt to the internet of things device, and the like.

And S203, if the authentication is passed, executing service logic corresponding to the service request.

When the authentication passes, the server may determine service logic according to the service request, and execute corresponding service logic, for example: when the business logic indicated by the business request is bill checking, the server can call the bill record and send the bill record to the Internet of things equipment; or when the service logic indicated by the service request is to change the password of the intelligent door lock, the server can change the password of the intelligent door lock.

In the embodiment of the application, the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated, and the mechanism can ensure that only the Internet of things equipment which is activated according to the requirement can obtain the identity bill to become legal Internet of things equipment, so that illegal equipment is prevented from being connected into the Internet of things; in addition, when the internet of things equipment initiates a service request, the internet of things equipment needs to carry an identity bill of the internet of things equipment, and the identity bill can be used for verifying the legal identity of the internet of things equipment; the server authenticates the Internet of things equipment according to the identity bill carried in the service request, and after the authentication is passed, service logic corresponding to the service request is executed; according to the method, authentication can be efficiently and reliably realized based on the identity bill, and only legal internet of things equipment passing the authentication can trigger the execution process of service logic, so that the security of service processing in the internet of things can be ensured.

Referring to fig. 3, fig. 3 is a second flow chart of a service processing method according to an embodiment of the present application. The service processing method may be performed by a computer device, which may be the internet of things device 11 in fig. 1. The method comprises the following steps S301-S303:

S301, acquiring an identity bill of the Internet of things equipment, wherein the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated.

S302, generating a service request, wherein the service request carries an identity bill of the Internet of things equipment.

When a service requirement exists in the internet of things device, a service request can be generated, for example: when a payment demand exists in the internet of things device, a payment request can be generated. In one embodiment, the internet of things device may encrypt the identity ticket carried in the service request, so as to ensure the security of the identity ticket in the transmission process; or, according to the service type related to the service request, deciding whether to encrypt the identity ticket in the service request, for example: if the business needing confidentiality such as checking the bill and the like is not needed, the identity bill can be not encrypted, and if the business needing confidentiality such as paying the electronic money and the like is needed, the identity bill can be encrypted, so that the safety of the identity bill is ensured in a more flexible mode.

In one embodiment, the service request further carries service data, and the internet of things device can encrypt the service data to ensure the safety of the service data; or, the internet of things device may also determine whether to encrypt the service data according to the service type related to the service request, for example: if the business which needs to be kept secret such as checking bills and the like is not needed, the business data can be not encrypted, and if the business which needs to be kept secret such as paying electronic money and the like is needed, the business data can be encrypted, so that the security of the business data can be ensured in a more flexible way.

S303, sending a service request to the server, wherein the service request is used for triggering the server to authenticate the Internet of things equipment according to the identity bill, and executing service logic corresponding to the service request after the authentication is passed.

And the server authenticates the Internet of things equipment according to the identity bill after receiving the service request. The authentication is to check whether the Internet of things equipment is legal equipment in the Internet of things or not aiming at the Internet of things equipment initiating the service request and check whether the Internet of things equipment has the authority of the service request or not. If the authentication of the internet of things device is passed, the internet of things device is a legal access internet of things device, the internet of things device has service request authority, and the server needs to respond to the service request initiated by the internet of things device, namely, execute service logic corresponding to the service request, for example: when the service logic indicated by the service request is bill viewing, the server can call the bill record and send the bill record to the internet of things equipment. Otherwise, if the authentication of the internet of things device is not passed, the internet of things device is illegally accessed to the internet of things device, or the internet of things device does not have the service request authority, the server can discard the service request initiated by the internet of things device and does not respond; or the server may perform some management measures on the internet of things device, such as: the Internet of things equipment is shielded, and any service request of the Internet of things equipment is not received any more; or, sending a risk prompt to the internet of things device, and the like. It can be understood that if the service request generated by the internet of things device does not carry an identity ticket, which indicates that the internet of things device is an illegal device, the server can directly determine that the authentication of the internet of things device is not passed.

Referring to fig. 4, fig. 4 is a flowchart illustrating a service processing method according to an embodiment of the present application. The service processing method may be performed by a computer device, which may include the server 10 and the internet of things device 11 in fig. 1, that is, the service processing method of the present embodiment may be performed jointly by the server 10 and the internet of things device 11 in fig. 1. The method comprises the following steps S401-S407:

S401, a server receives an activation request aiming at the Internet of things equipment, wherein the activation request carries an identifier of the Internet of things equipment and an account of a user requesting to activate the Internet of things equipment.

The method comprises the steps that before the Internet of things equipment is used, the Internet of things equipment needs to be activated, and an activation request is used for requesting activation of the Internet of things equipment; the internet of things equipment which is successfully activated can be put into use to realize the processing of the service. In the activation request: the account of the user is an account obtained by registering the user in the internet of things where the internet of things equipment is located, and can comprise a mobile phone number, a login account number, a name of the user and the like. The identifier of the internet of things device is used for uniquely identifying the internet of things device, and can be a device serial number of the internet of things device, and the device serial number can be filled in the internet of things device by a manufacturer during production of the internet of things device. In addition, the manufacturer can also pack the equipment information such as the product ID (Identity Document, identity card identification number) of the Internet of things equipment into the Internet of things equipment when the Internet of things equipment is produced.

Several ways of activation are described below in relation to embodiments of the present application:

1. the manner in which activation is requested by the internet of things device itself.

An activation graphic code may be provided in the internet of things device, where the activation graphic code may be a static code, for example: one-dimensional codes, two-dimensional codes and the like which are stuck on the internet of things equipment when the internet of things equipment leaves the factory; the activation graphic code may also be a dynamic code, such as: and dynamically displaying the changed one-dimensional code, two-dimensional code and the like in the Internet of things equipment at intervals.

In one embodiment, the activation graphic may be used to guide the user to provide the user's account to the internet of things device. The user may perform a scanning operation on the activated graphic code using a target terminal (may include a smart phone, a tablet computer, etc.), an account of the user may be stored in the target terminal, and when the user scans the activated graphic code using the target terminal, the target terminal may transmit the stored account of the user to the internet of things device according to the direction of the activated graphic code. The internet of things device can acquire the account of the user from the target terminal based on the scanning operation, further, the internet of things device can acquire the identification of the internet of things device from the storage space of the internet of things device, and an activation request is generated by using the account of the user and the identification of the internet of things device and is sent to the server.

In another embodiment, the activation graphic includes a link to an activation page that may be used to jump to the activation page. The user can adopt the target terminal to execute scanning operation on the activated graphic code, jump to an activated page in the target terminal, and input the account of the user in the activated page; when a confirmation operation for the input account of the user is detected, the target terminal sends the input account to the Internet of things equipment, and the Internet of things equipment takes the input account as the account of the user. Further, the internet of things device can acquire the identifier of the internet of things device from the storage space of the internet of things device, generate an activation request by using the account of the user and the identifier of the internet of things device, and send the activation request to the server.

2. The manner in which activation is requested by the target terminal.

In one embodiment, an activation graphic code is provided in the internet of things device, and the activation graphic code may be used to guide the internet of things device to provide the user with an identification of the internet of things device. The user can adopt the target terminal (which can comprise a smart phone, a tablet personal computer and the like) to execute scanning operation on the activated graphic code, the identifier of the internet of things device is stored in the internet of things device, and when the user adopts the target terminal to scan the activated graphic code, the internet of things device can send the stored identifier of the internet of things device to the target terminal according to the guidance of the activated graphic code. The target terminal can acquire the identification of the internet of things device based on the scanning operation, further, the target terminal can acquire the account of the user from the storage space of the target terminal, generate an activation request by using the account of the user and the identification of the internet of things device, and send the activation request to the server.

In another embodiment, the activation graphic includes a link to an activation page that may be used to jump to the activation page. The user can adopt the target terminal to execute scanning operation on the activated graphic code, jump to an activated page in the target terminal, and input the identification of the Internet of things equipment in the activated page; when a confirmation operation for the input identifier of the internet of things device is detected, the target terminal takes the input identifier as the identifier of the internet of things device. Further, the target terminal can acquire the account of the user from the storage space of the target terminal, generate an activation request by using the account of the user and the identifier of the internet of things device, and send the activation request to the server.

3. The manner in which activation is requested by an application in the target terminal, such as an installation-free application (i.e., applet).

The internet of things device may be provided with an activation graphic code, where the activation graphic code includes a link for activating an application page, and may be used to jump to the activation application page, where the activation application page is provided by an application program in the target terminal, and the activation graphic code may guide the target terminal to jump to the activation application page in the application program, where the application program may include an applet, where the applet is an application that may be used without downloading and installing, and the applet may run depending on a host application (e.g., an instant messaging application), where the host application may call the applet in the host application to run; when the host application is not running, the applet in the host application cannot be evoked; in the host application, the jump to the applet can be made by scanning the corresponding graphic code of the applet or searching the name of the applet. When the user uses the target terminal to perform the scanning operation on the activated graphic code, the user can jump to the application program in the target terminal and display the activated application page in the application program (the user can directly display the activated application page when jumping to the application program or display the activated application page when detecting the display operation on the activated application page). The activation application page is filled with an identification of the internet of things device and an account of a user based on the scanning operation. In an embodiment, the target terminal may acquire the identifier of the internet of things device and the account of the user, and automatically fill the identifier of the internet of things device and the account of the user into the activated application page; or the target terminal can display an activated application page, and the user fills the identification of the Internet of things equipment and the account of the user in the activated application page; or the target terminal can fill any one of the identifier of the internet of things device and the account of the user in the displayed activated application page, and the user supplements the identifier of the internet of things device or the account of the user in the activated application page. When the activation confirmation operation exists in the activation application page, the trigger application program sends an activation request.

In this embodiment, the user may be guided to initiate an activation flow for the internet of things device through the graphic activation code or the application program, so that the activation efficiency of the internet of things device may be improved.

S402, the server authenticates the activation authority of the user according to the account of the user.

The authentication here is to check whether the user has the activation right, and if the authentication is successful, it means that the user has the activation right, and the server needs to respond to the activation request. If the authentication fails, indicating that the user does not have the activation right, the server does not need to respond to the activation request.

In a possible implementation manner, the server side may pre-store a user list of the internet of things device, where the user list may be configured automatically by the server or may be configured based on a purchaser of the internet of things device. In the step, the account of the user is compared with a preset user list, if the account of the user is in the list, the user is indicated to have the activation authority for the Internet of things equipment, and the authentication is successful; if the account of the user is not in the list, the user does not have the activation authority, and authentication fails.

In one possible implementation, in order to guarantee business security, it is required that the user of the internet of things device must be the legitimate owner of the internet of things device. In this step, the server may obtain the account of the legal owner of the internet of things device according to the identifier of the internet of things device, if the account of the user is matched with the account of the legal owner, the authentication is successful, and if the account of the user is not matched with the account of the legal owner, the authentication is failed.

In one implementation, the account of the legal owner may refer to an account of the purchaser when purchasing the internet of things device, the account of the legal owner may include a mobile phone number of the purchaser, a purchase account number of the purchaser, a name of the purchaser, and the like, if the account of the legal owner and the account of the user both include the mobile phone numbers, whether the mobile phone numbers corresponding to the two accounts are the same or not may be matched, if the mobile phone numbers are the same, authentication is successful, and if the mobile phone numbers are not the same, authentication is failed; or verifying whether the applicant of the mobile phone number corresponding to the two accounts is the same person, if so, the authentication is successful, and if not, the authentication is failed; if the account of the legal owner comprises a purchasing account of a purchaser, the account of the legal owner comprises a login account, whether an incidence relation exists between the purchasing account and the login account (the incidence relation can comprise the same incidence relation, binding and the like) can be detected, if the incidence relation exists, authentication is successful, and if the incidence relation does not exist, authentication fails; if the account of the legal owner comprises the name of the purchaser (which can be a person name or a nickname), the account of the user comprises the name of the user (which can be a person name or a nickname), whether the name of the legal owner is identical with the name of the user can be matched, if so, the authentication is successful, and if not, the authentication fails.

In another implementation, the server may obtain order transaction information of the internet of things device according to the identifier of the internet of things device, and query an account of a legal owner from the order transaction information; or when the transaction of the internet of things equipment is completed, the server establishes a mapping relation between the order transaction information and the identification of the internet of things equipment, the order transaction information can be obtained according to the identification of the internet of things equipment, and the account of the legal owner is queried from the order transaction information.

Through the embodiment, the user of the internet of things equipment can be ensured to be the legal owner of the internet of things equipment, so that the safety management of the internet of things equipment can be realized, and especially when the internet of things equipment relates to the scenes such as electronic money, illegal transaction can be prevented, and the service safety is ensured.

S403, if the authentication is successful, binding the identification of the Internet of things equipment with the account of the user, and activating the Internet of things equipment.

When authentication is successful, the user has the right to use the internet of things device, namely has the activating right, the server can bind the identification of the internet of things device with the account of the user, and when the binding of the identification of the internet of things device with the account of the user is completed, the internet of things device is successfully activated.

S404, the server distributes the identity bill for the Internet of things equipment and sends the identity bill to the Internet of things equipment.

In an embodiment, a server obtains a scene attribute of an internet of things device, where the scene attribute is used to indicate a scene type that the internet of things device is allowed to use, the scene type includes a security scene type or a non-security scene type, and the security scene type indicates that a service scene related to the internet of things device is a scene that needs security, for example: the non-security scene type indicates that the service scene related to the Internet of things equipment is a service scene except the security scene type. If the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a safe scene type, encrypting the identity bill by adopting a secret key, sending the encrypted identity bill to the Internet of things equipment, and if the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a non-safe scene type, sending the identity bill to the Internet of things equipment.

When the scene attribute of the internet of things device indicates that the scene type that the internet of things device is allowed to use is a security scene type, the identity ticket can be encrypted by adopting a key, and the key can comprise any one of the following: the device private key of the Internet of things device, the negotiation key and the derived key derived from the device private key of the Internet of things device. The device private key is generated from an identification of the internet of things device, for example: the device serial number of the internet of things device can be used as a device private key. The negotiation key may be generated according to a key negotiation protocol (for example, diffie-Hellman key negotiation protocol, key negotiation protocol based on bilinear pair, etc.), the internet of things device and the server may establish a shared session key (a key used only in one session) together as the negotiation key according to the key negotiation protocol, or the server may use the negotiated key as the negotiation key after determining the key through negotiation with the internet of things device, and fill the internet of things device. The derivative key is derived based on a device private key of the internet of things device, and may be derived from the device private key by using a key derivation function, for example, the key derivation function may be a key derivation function (Key Derivation Function, KDF). By encrypting the identity bill, the safety of the identity bill in the transmission process can be improved.

In an embodiment, in order to ensure the security of the device private key, the internet of things device may encrypt the device private key of the internet of things device by using an encryption factor, and store the encrypted device private key in a read protection space of the internet of things device. The data in the read-protected space is not allowed to be changed (can be erased), and can be a space provided for a flash memory (flash) chip in the Internet of things equipment; the encryption factor can be a series of random numbers generated during the production of the Internet of things equipment, or can be derived from the random numbers; by storing the encryption factors in the read-protected space, the encryption factors can be ensured not to be changed, and the credibility and the safety of the encryption factors are ensured; meanwhile, the encrypted equipment private key is stored in the read-protection space, so that the equipment private key can be further guaranteed not to be changed on the basis of encryption protection, and the credibility and the safety of the equipment private key are guaranteed.

In an implementation manner, in order to ensure the security of the derivative key (or the negotiation key), the internet of things device may encrypt the derivative key (or the negotiation key) by using an encryption factor, and store the encrypted derivative key (or the encrypted negotiation key) in the read-protected space; the key derivative function (or key negotiation protocol) can be stored in the read-protected space after being encrypted by the encryption factor, so that the derivative key (or negotiation key) can be ensured not to be changed, and the credibility and the safety of the derivative key (or negotiation key) can be ensured.

In an embodiment, in order to ensure the security of the identity bill, after the internet of things device acquires the identity bill, the internet of things device can encrypt the identity bill by using an encryption factor, and store the encrypted identity bill in a read protection space of the internet of things device, so that the identity bill can be ensured not to be changed, and the credibility and the security of the identity bill are ensured.

In the embodiment, the credibility and the safety of the secret key and the identity bill can be effectively ensured through the reading protection space, and the safety central processing unit (Central Processing Unit, CPU) in the Internet of things equipment can be replaced, so that the cost is reduced, and the safety can be ensured.

Referring to fig. 5, fig. 5 is a schematic flow chart of a ticket issuing method provided in the embodiment of the present application, a user may perform a scanning operation (i.e. code scanning in fig. 5) on an activation graphic code in an internet of things device (which may be a collection device, a smart bracelet, etc.) by using a target terminal, jump to an applet in the target terminal, send an activation request (carrying an identifier of the internet of things device and an account of the user) for the internet of things device to a server through the applet, and the server responds to the activation request, after authentication of an activation authority of the user is successful, binds the identifier of the internet of things device with the account of the user, and activates the internet of things device, and in addition, may synchronize a binding state with a binding state recorded in the applet, and send an allocated identity ticket and a binding result to the internet of things device, so that activation of the internet of things device and issuing of the identity ticket can be effectively achieved.

Referring to fig. 6, fig. 6 is a second flow chart of a ticket issuing method provided in the embodiment of the present application, after receiving an identity ticket sent by a server, an internet of things device may obtain an encryption factor from a space (abbreviated as an internal flash) provided by an internal flash chip of the internet of things device, encrypt the identity ticket with the encryption factor, and store the encrypted identity ticket in the internal flash in a ciphertext form or store the encrypted identity ticket in a space (abbreviated as an external flash) provided by an external flash chip of the internet of things device. In addition, when the vendor generates the internet of things device, the vendor can fill the initial key (which may include one or more of the device private key, the negotiation key, the key negotiation protocol, the derivative key and the key derivative function) in the internet of things device, and the internet of things device can also store the initial key filled in the internet of things device in the form of ciphertext in the internal flash or the external flash after encrypting the initial key by adopting the encryption factor. The bill issuing method can ensure the credibility and the safety of the identity bill and the secret key.

Through the steps, the server can authenticate the activation authority of the user according to the account of the user carried by the activation request, and when authentication is successful, the assigned identity bill is sent to the internet of things equipment, so that issuing of the identity bill can be efficiently realized, and meanwhile, the security of the identity bill can be ensured under the condition that a high-cost security CPU is not used by storing the identity bill in a read protection space, and the production cost of the internet of things equipment can be reduced.

In one embodiment, after the server distributes the identity ticket for the internet of things device, the server can manage the ticket state of the identity ticket, wherein the ticket state of the identity ticket comprises a valid state or an invalid state, and the valid state is used for indicating that the identity ticket is valid and can be used for verifying the legal identity of the internet of things device. The invalid state is used for indicating that the identity bill is invalid and cannot be used for verifying the legal identity of the physical networking equipment. In one implementation, ticket status may be managed by setting a validity period, which may be set according to security requirements, e.g., a month, year, etc. If the duration of the identity bill is within the valid period, setting the bill state of the identity bill as a valid state, and if the duration of the identity bill is beyond the valid period, setting the bill state of the identity bill as an invalid state. Here, the duration takes the last time the identity ticket was in the valid state as a reference time point, and in one implementation, if the identity ticket has just been allocated, the reference time point of the duration is the allocation time of the identity ticket, for example: if an identity ticket is assigned at 10:00:00 of xx-month-xx-day, the current time is 11:00:00 of xx-year-xx-month-xx-day, and the duration time of the identity ticket is 1 hour. In another implementation, if the identity ticket is changed from the invalid state to the valid state again, the reference time point of the duration is the time of last reentry into the valid state; for example: the identity bill is changed from the invalid state to the valid state again in the period of 10:00:00 of xx-month-xx-date, and the current time is 11:00:00 of xx-year-xx-month-xx-date, so that the duration time of the identity bill is 1 hour. In addition, the valid state and the invalid state may be represented by a state code, for example: the active state is denoted by 1 and the inactive state is denoted by 0.

S405, the Internet of things equipment generates a service request and sends the service request to a server, wherein the service request carries an identity bill of the Internet of things equipment.

In an embodiment, the service request carries service data, and the service data in the service request may be encrypted by using a key stored in the read-protection space to ensure the security of the service data, where the key may include one or more of a device private key, a negotiation key, and a derivative key, for example: encrypting the business data such as transfer amount by adopting a device private key stored in a read-protected space; or, the internet of things device may also determine, according to the service type related to the service request, whether to encrypt the service data using the key stored in the read protection space, for example: if the business which needs to be kept secret such as a bill is checked, the business data can be encrypted without adopting the equipment private key stored in the read-protection space, and if the business which needs to be kept secret such as payment of electronic money is checked, the business data can be encrypted by adopting the equipment private key stored in the read-protection space, so that the safety of the business data can be ensured in a more flexible mode.

In one embodiment, the internet of things device may also encrypt the identity ticket in the service request by using the key stored in the read protection space, so as to ensure the security of the identity ticket; or, according to the service type related to the service request, deciding whether to encrypt the identity ticket by using the key stored in the read-protected space, for example: if the business needing confidentiality such as checking the bill and the like is not needed to be kept secret, the equipment private key stored in the read-protection space can be not used for encrypting the identity bill, and if the business needing confidentiality such as paying electronic money and the like is needed to be kept secret, the equipment private key stored in the read-protection space can be used for encrypting the identity bill, so that the safety of the identity bill can be improved.

When the subsequent internet of things equipment sends a service request to the server, the service request carries an identity bill, the server can authenticate the internet of things equipment by using the identity bill, and further, the authority management and control can be carried out by using the identity bill, and the detailed process is explained by the following steps.

S406, the server authenticates the Internet of things equipment according to the identity bill.

In an embodiment, the server authenticates the internet of things device according to the identity ticket, specifically: the server checks whether the association relation exists between the identity bill and the Internet of things equipment, if so, the bill state of the identity bill is identified, and if the bill state of the identity bill is in a valid state, the authentication is passed. After the server distributes the identity bill for the internet of things equipment, the mapping relation between the identity bill and the identification of the internet of things equipment can be stored, namely, the mapping relation between one identity bill and the identification of only one internet of things equipment is stored. In this step, when the server verifies that the identity ticket and the internet of things device have an association relationship, the server can verify according to a mapping relationship stored in advance, when the mapping relationship exists, the server can confirm that the identity ticket and the internet of things device have an association relationship, and when the mapping relationship does not exist, the server can confirm that the identity ticket and the internet of things device do not have an association relationship. And when the identity bill does not have an association relationship with the Internet of things equipment, the authentication is not passed.

If the identity bill is verified to have the association relation with the Internet of things equipment, the bill state of the identity bill is identified, and if the bill state of the identity bill is invalid, the authentication is not passed.

When the authentication is not passed, the server may send a prompt message that the authentication is not passed to the internet of things device, and may also carry a reason that the authentication is not passed in the prompt message, for example: the reason that the authentication is not passed can be that the identity bill does not have an association relationship with the internet of things equipment, so that the prompt information can also instruct a user to reactivate the internet of things equipment; and the following steps: the reason that the authentication is not passed can be that the bill state of the identity bill is in an invalid state, and the prompt information can also indicate the reason that the bill is invalid, if not in the validity period, further can also indicate a renewal method and the like.

S407, if the authentication is passed, the server executes the service logic corresponding to the service request.

When the authentication of the internet of things device passes, the server may determine service logic according to the service request, and execute the service logic, for example, when the service request is used for requesting to view a bill, the server may call a bill record of an account of the user, and send the bill record to the internet of things device.

As mentioned above, the server may also manage the ticket status of the identity ticket, where the managing may further include: (1) monitoring use information of the Internet of things equipment; (2) if the use information indicates that the Internet of things equipment has use risk, setting the bill state of the identity bill to be an invalid state; (3) if the use risk is eliminated within the preset time, changing the identity bill from an invalid state to an effective state; (4) if the duration of the identity bill in the invalid state exceeds a threshold value, performing inactivation treatment on the Internet of things equipment; the threshold value can be set according to actual needs, for example, the threshold value is one year, one month or one day, etc.; the deactivation process is to release the binding relationship between the identifier of the internet of things device and the account of the user, so that if the user still needs to use the internet of things device, the internet of things device needs to be activated again to acquire a new identity ticket.

The usage information may be carried in the service request, that is, the internet of things device actively reports the usage information to the server through the service request. The use information can also be obtained by actively monitoring the Internet of things equipment by the server. The usage information may include at least one of: the method comprises the steps of using environment information and user information, and when the using environment information indicates that the Internet of things equipment is in an untrusted environment or the user information indicates that a user is an illegal user, the using information indicates that the Internet of things equipment has a using risk.

In an embodiment, the usage environment information may include a location of an internet of things device, where the location of the internet of things device may be determined by a base station, and the base station is a radio station for performing information transfer with the internet of things device, is an interface device of the internet of things device accessing to the internet of things device, and the base station location refers to a function of calculating the location of the internet of things device by a distance between the base station and the internet of things device; in addition, the position of the base station can be directly acquired, and the position of the base station is used as the position of the Internet of things equipment. When the interval between the acquired position of the internet of things device and the position reported last time exceeds a threshold value, the internet of things device can be indicated to be in an untrusted environment, for example: and when the interval distance exceeds 20 km, or the acquired position of the Internet of things equipment is in the forbidden area, the Internet of things equipment can be indicated to be in an untrusted environment. The usage environment information may further include time information of the service request, and when a time indicated by the acquired time information of the service request exceeds a threshold from a time indicated by the time information of the last service request, the internet of things device may be indicated to be in an untrusted environment, for example: when the interval exceeds one year; if the internet of things device relates to the transaction of the electronic money, the using environment information can also comprise the transaction amount of the electronic money, and if the transaction amount is too large or the transaction is too frequent, the internet of things device can be indicated to be in an untrusted environment.

In another embodiment, the user information may include an account of the user, and when the server determines that the account of the user and the internet of things device do not have a binding relationship, the account of the user may be an illegal account or a newly logged-in account after the internet of things device is stolen, the server may indicate that the internet of things device has a use risk.

It may be appreciated that if the risk event of the internet of things device is not monitored during the validity period of the identity ticket, the server may also perform a renewal process on the validity period before the validity period of the identity ticket arrives, for example: the validity period is one month, and the duration treatment can increase the validity period of the identity bill by one month. In addition, the server also has the right to change the validity period and the validity state of the identity bill, for example: the validity period is changed from one month to one week, and the validity state of the identity bill is changed to the invalid state. In addition, when the server determines that the use information of the internet of things equipment has use risk, the risk prompt information can be sent to the internet of things equipment, and a user can analyze and process the risk reasons of the internet of things equipment according to the risk prompt information, so that the internet of things equipment is in a safe environment again.

In the embodiment of the application, the identity bill is distributed to the Internet of things equipment when the Internet of things equipment is activated, and the mechanism can ensure that only the Internet of things equipment which is activated according to the requirement can obtain the identity bill to become legal Internet of things equipment, so that illegal equipment is prevented from being connected into the Internet of things; in addition, the server can confirm the legal identity of the Internet of things equipment according to the identity bill carried in the service request and execute the service logic corresponding to the service request; in the scheme, authentication can be efficiently and reliably realized based on the identity bill, and only legal internet of things equipment passing the authentication can trigger the execution process of service logic, so that the security of service processing in the internet of things can be ensured; meanwhile, the server can manage the bill state of the identity bill, and can shield the risk equipment by invalidating the identity bill, so that the network security of the Internet of things is ensured.

It will be appreciated that in the specific embodiments of the present application, related data such as usage information, accounts, etc. are referred to, and when the above embodiments of the present application are applied to specific products or technologies, user permissions or consents need to be obtained, and the collection, usage, and processing of related data need to comply with related laws and regulations and standards of related countries and regions.

The foregoing details of the method of embodiments of the present application are set forth in order to provide a better understanding of the foregoing aspects of embodiments of the present application, and accordingly, the following provides a device of embodiments of the present application. Referring to fig. 7, fig. 7 is a schematic structural diagram of a service processing apparatus provided in an embodiment of the present application, where the service processing apparatus may correspond to a computer device, and in particular may correspond to a server in the computer device, and the service processing apparatus 70 may include:

the receiving unit 701 is configured to receive a service request sent by an internet of things device, where the service request carries an identity ticket of the internet of things device; the identity bill is distributed to the internet of things equipment when the internet of things equipment is activated;

the processing unit 702 is configured to authenticate the internet of things device according to the identity ticket;

the processing unit 702 is further configured to execute service logic corresponding to the service request if the authentication is passed.

In one embodiment, the receiving unit 701 is specifically configured to: and receiving an activation request aiming at the Internet of things equipment, wherein the activation request carries the identification of the Internet of things equipment and requests to activate the account of a user of the Internet of things equipment.

In one embodiment, the processing unit 702 is specifically configured to: authenticating the activation authority of the user according to the account of the user; if the authentication is successful, binding the identification of the Internet of things equipment with the account of the user, and activating the Internet of things equipment; and distributing the identity bill for the Internet of things equipment, and sending the identity bill to the Internet of things equipment.

In one embodiment, the processing unit 702 is specifically configured to: acquiring an account of a legal owner of the Internet of things equipment according to the identification of the Internet of things equipment; if the account of the user is matched with the account of the legal owner, the authentication success is determined, and the authentication success is used for indicating that the user has the activation authority for the Internet of things equipment.

In an embodiment, the service processing apparatus further includes an acquiring unit 703, where the acquiring unit 703 is configured to: the method comprises the steps of obtaining scene attributes of the Internet of things equipment, wherein the scene attributes are used for indicating scene types which are allowed to be used by the Internet of things equipment, and the scene types comprise safe scene types or unsafe scene types.

In one embodiment, the processing unit 702 is specifically configured to: and if the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a security scene type, encrypting the identity bill by adopting the secret key, and sending the encrypted identity bill to the Internet of things equipment.

In one embodiment, the processing unit 702 is specifically configured to: the bill state of the identity bill is managed, and the bill state comprises an effective state or an ineffective state.

In one embodiment, the processing unit 702 is specifically configured to: monitoring use information of the Internet of things equipment; if the use information indicates that the Internet of things equipment has use risk, setting the bill state of the identity bill to be an invalid state; wherein the usage information includes at least one of: use environment information, user information; the risk of use includes at least one of: the usage environment information indicates that the internet of things device is in an untrusted environment, and the user information indicates that the user is an illegal user.

In one embodiment, the processing unit 702 is specifically configured to: and if the use risk is eliminated within the preset time, changing the identity bill from the invalid state to the valid state.

In one embodiment, the processing unit 702 is specifically configured to: and if the duration of the identity bill in the invalid state exceeds the threshold value, performing inactivation treatment on the Internet of things equipment.

In one embodiment, the processing unit 702 is specifically configured to: if the duration time of the identity bill is in the range of the validity period, setting the bill state of the identity bill as the valid state; and if the duration time of the identity bill exceeds the range of the validity period, setting the bill state of the identity bill as an invalid state.

In one embodiment, the processing unit 702 is specifically configured to: checking whether the identity bill has an association relationship with the Internet of things equipment or not; if the identity bill is provided, the bill state of the identity bill is identified; if the bill state of the identity bill is the valid state, the authentication is passed.

It may be understood that the functions of each functional unit of the service processing apparatus described in the embodiments of the present application may be specifically implemented according to the method in the foregoing method embodiments, and the specific implementation process may refer to the relevant description of the foregoing method embodiments, which is not repeated herein.

Accordingly, referring to fig. 8, fig. 8 is a schematic structural diagram two of a service processing apparatus provided in the embodiment of the present application, where the service processing apparatus may correspond to a computer device, and in particular may correspond to an internet of things device in the computer device, and the service processing apparatus 80 may include:

an obtaining unit 801, configured to obtain an identity ticket of an internet of things device, where the identity ticket is assigned to the internet of things device when the internet of things device is activated;

a processing unit 802, configured to generate a service request, where the service request carries an identity ticket of the internet of things device;

and the sending unit 803 is configured to send a service request to the server, where the service request is used to trigger the server to authenticate the internet of things device according to the identity ticket, and execute service logic corresponding to the service request after the authentication passes.

In one embodiment, the processing unit 802 is specifically configured to: after receiving the identity bill distributed by the server, encrypting the identity bill by adopting an encryption factor, and storing the encrypted identity bill in a read-protection space.

As shown in fig. 9, fig. 9 is a schematic structural diagram of a computer device provided in an embodiment of the present application, and an internal structure of the computer device 90 is shown in fig. 9, including: one or more processors 901, memory 902, a communication interface 903. The processor 901, the memory 902, and the communication interface 903 may be connected by a bus 904 or otherwise, and embodiments of the present application are exemplified by connection via the bus 904.

Among them, the processor 901 (or CPU (Central Processing Unit, central processing unit)) is a computing core and a control core of the computer device 90, which can parse various instructions in the computer device 90 and process various data of the computer device 90, for example: the CPU may be configured to parse a power-on instruction sent by a user to the computer device 90, and control the computer device 90 to perform a power-on operation; and the following steps: the CPU may transfer various types of interaction data between the internal structures of the computer device 90, and so on. The communication interface 903 may optionally include a standard wired interface, a wireless interface (e.g., wi-Fi, mobile communication interface, etc.), and is controlled by the processor 901 to transmit and receive data. Memory 902 (Memory) is a Memory device in computer device 90 for storing computer programs and data. It will be appreciated that the memory 902 herein may include both built-in memory of the computer device 90 and extended memory supported by the computer device 90. The memory 902 provides storage space that stores an operating system of the computer device 90, which may include, but is not limited to: windows system, linux system, android system, iOS system, etc., which are not limiting in this application. In one embodiment, the computer device 90 is a server, and the processor 901 performs the following operations by running a computer program stored in the memory 902:

authenticating the Internet of things equipment according to the identity bill;

In one embodiment, the processor 901 is specifically configured to: receiving an activation request aiming at the Internet of things equipment, wherein the activation request carries an identifier of the Internet of things equipment and an account of a user requesting to activate the Internet of things equipment; authenticating the activation authority of the user according to the account of the user; if the authentication is successful, binding the identification of the Internet of things equipment with the account of the user, and activating the Internet of things equipment; and distributing the identity bill for the Internet of things equipment, and sending the identity bill to the Internet of things equipment.

In one embodiment, the processor 901 is specifically configured to: acquiring an account of a legal owner of the Internet of things equipment according to the identification of the Internet of things equipment; if the account of the user is matched with the account of the legal owner, the authentication success is determined, and the authentication success is used for indicating that the user has the activation authority for the Internet of things equipment.

In one embodiment, the processor 901 is specifically configured to: acquiring scene attributes of the Internet of things equipment, wherein the scene attributes are used for indicating scene types which are allowed to be used by the Internet of things equipment, and the scene types comprise safe scene types or unsafe scene types; and if the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a security scene type, encrypting the identity bill by adopting the secret key, and sending the encrypted identity bill to the Internet of things equipment.

In one embodiment, the processor 90 is specifically configured to: the bill state of the identity bill is managed, and the bill state comprises an effective state or an ineffective state.

In one embodiment, the processor 901 is specifically configured to: monitoring use information of the Internet of things equipment; if the use information indicates that the Internet of things equipment has use risk, setting the bill state of the identity bill to be an invalid state; wherein the usage information includes at least one of: use environment information, user information; the risk of use includes at least one of: the usage environment information indicates that the internet of things device is in an untrusted environment, and the user information indicates that the user is an illegal user.

In one embodiment, the processor 901 is specifically configured to: and if the use risk is eliminated within the preset time, changing the identity bill from the invalid state to the valid state.

In one embodiment, the processor 901 is specifically configured to: and if the duration of the identity bill in the invalid state exceeds the threshold value, performing inactivation treatment on the Internet of things equipment.

In one embodiment, the processor 901 is specifically configured to: if the duration time of the identity bill is in the range of the validity period, setting the bill state of the identity bill as the valid state; and if the duration time of the identity bill exceeds the range of the validity period, setting the bill state of the identity bill as an invalid state.

In one embodiment, the processor 901 is specifically configured to: checking whether the identity bill has an association relationship with the Internet of things equipment or not; if the identity bill is provided, the bill state of the identity bill is identified; if the bill state of the identity bill is the valid state, the authentication is passed.

In an embodiment, the computer device 90 is an internet of things device, and the processor 901 executes the following operations by running a computer program stored in the memory 902:

In one embodiment, the processor 901 is specifically configured to: after receiving the identity bill distributed by the server, encrypting the identity bill by adopting an encryption factor, and storing the encrypted identity bill in a read-protection space.

In a specific implementation, the processor 901, the memory 902 and the communication interface 903 described in the embodiments of the present application may execute an implementation manner described in a service processing method provided in the embodiments of the present application, or may execute an implementation manner described in a service processing device provided in the embodiments of the present application, which is not described herein again.

The embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, which when run on a computer, causes the computer to perform the service processing method of any one of the possible implementations described above. The specific implementation manner may refer to the foregoing description, and will not be repeated here.

Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the business processing method of any of the possible implementations described above. The specific implementation manner may refer to the foregoing description, and will not be repeated here.

It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the described order of action, as some steps may take other order or be performed simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.

Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program to instruct related hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), magnetic or optical disk, and the like.

The foregoing disclosure is only illustrative of some of the embodiments of the present application and is not, of course, to be construed as limiting the scope of the appended claims, and therefore, all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims

1. A method of service processing, the method comprising:

receiving a service request sent by Internet of things equipment, wherein the service request carries an identity bill of the Internet of things equipment; the identity bill is distributed to the internet of things equipment when the internet of things equipment is activated;

authenticating the Internet of things equipment according to the identity bill;

2. The method according to claim 1, wherein the method further comprises:

Receiving an activation request for the Internet of things equipment, wherein the activation request carries an identifier of the Internet of things equipment and an account of a user requesting to activate the Internet of things equipment;

authenticating the activation authority of the user according to the account of the user;

if the authentication is successful, binding the identification of the Internet of things equipment with the account of the user, and activating the Internet of things equipment;

and distributing an identity bill for the Internet of things equipment, and sending the identity bill to the Internet of things equipment.

3. The method of claim 2, wherein the authenticating the user's activation rights based on the user's account comprises:

acquiring an account of a legal owner of the Internet of things equipment according to the identifier of the Internet of things equipment;

if the account of the user is matched with the account of the legal owner, determining that the authentication is successful, wherein the authentication is used for indicating that the user has the activation authority for the Internet of things equipment.

4. The method of claim 2, wherein the activation request is sent by the internet of things device; the internet of things equipment is provided with an activated graphic code, and when the user uses a target terminal to execute scanning operation on the activated graphic code, the internet of things equipment acquires an account of the user from the target terminal based on the scanning operation; or alternatively, the process may be performed,

The activation request is sent by the target terminal; and an activated graphic code is arranged in the Internet of things equipment, and when the target terminal performs scanning operation on the activated graphic code, the target terminal acquires the identification of the Internet of things equipment based on the scanning operation.

5. The method of claim 2, wherein the activation request is sent by an application in the target terminal; an activated graphic code is arranged in the Internet of things equipment; when the target terminal executes scanning operation on the activated graphic code, jumping to the application program in the target terminal, and displaying an activated application page in the application program, wherein the activated application page is filled with the identification of the Internet of things equipment and the account of the user based on the scanning operation; and if the activation confirmation operation exists in the activation application page, triggering the application program to send an activation request.

6. The method of claim 2, wherein the sending the identity ticket to the internet of things device comprises:

acquiring scene attributes of the Internet of things equipment, wherein the scene attributes are used for indicating scene types which are allowed to be used by the Internet of things equipment, and the scene types comprise safe scene types or non-safe scene types;

And if the scene attribute indicates that the scene type allowed to be used by the Internet of things equipment is a security scene type, encrypting the identity bill by adopting a secret key, and sending the encrypted identity bill to the Internet of things equipment.

7. The method of claim 6, wherein the key comprises any one of: the device private key of the Internet of things device, the negotiation key and the derived key derived based on the device private key of the Internet of things device;

the device private key is generated according to the identifier of the Internet of things device, and the device private key of the Internet of things device is stored in a read-protection space of the Internet of things device in an encrypted manner through an encryption factor; the encryption factor is stored in the read-protected space.

8. The method according to any one of claims 1 to 7, further comprising:

and managing the bill state of the identity bill, wherein the bill state comprises a valid state or an invalid state.

9. The method of claim 8, wherein managing the ticket status of the identity ticket comprises:

monitoring the use information of the Internet of things equipment;

If the use information indicates that the use risk exists in the Internet of things equipment, setting the bill state of the identity bill to be an invalid state;

wherein the usage information includes at least one of: use environment information, user information;

the use risk includes at least one of: the usage environment information indicates that the Internet of things device is in an untrusted environment, and the user information indicates that the user is an illegal user.

10. The method according to claim 9, wherein the method further comprises:

and if the use risk is eliminated within the preset time, changing the identity bill from the invalid state to the valid state.

11. The method of claim 8, wherein managing the ticket status of the identity ticket comprises:

and if the duration of the identity bill in the invalid state exceeds a threshold value, performing inactivation treatment on the Internet of things equipment.

12. The method of claim 8, wherein the identity ticket has an expiration date; the managing the bill state of the identity bill comprises the following steps:

if the duration time of the identity bill is in the range of the validity period, setting the bill state of the identity bill as the valid state;

And if the duration time of the identity bill exceeds the valid period range, setting the bill state of the identity bill as an invalid state.

13. The method of claim 1, wherein authenticating the internet of things device from the identity ticket comprises:

checking whether the identity bill and the Internet of things equipment have an association relation or not;

if yes, identifying the bill state of the identity bill;

and if the bill state of the identity bill is the valid state, passing the authentication.

14. A method of service processing, the method comprising:

acquiring an identity bill of an internet of things device, wherein the identity bill is distributed to the internet of things device when the internet of things device is activated;

and sending the service request to a server, wherein the service request is used for triggering the server to authenticate the internet of things equipment according to the identity bill, and executing service logic corresponding to the service request after the authentication is passed.

15. The method of claim 14, wherein a read-protected space is provided in the internet of things device, and an encryption factor is stored in the read-protected space; the method further comprises the steps of:

And after receiving the identity bill distributed by the server, encrypting the identity bill by adopting the encryption factor, and storing the identity bill obtained by the encryption in the read-protection space.

16. A service processing apparatus, the apparatus comprising:

and the processing unit is also used for executing the service logic corresponding to the service request if the authentication is passed.

17. A service processing apparatus, the apparatus comprising:

the sending unit is used for sending the service request to a server, the service request is used for triggering the server to authenticate the internet of things equipment according to the identity bill, and service logic corresponding to the service request is executed after the authentication is passed.

18. A computer device comprising a memory, a communication interface, and a processor, wherein the memory, the communication interface, and the processor are interconnected; the memory stores a computer program, and the processor invokes the computer program stored in the memory to implement the service processing method of any one of claims 1 to 15.

19. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed by a processor, implements the service processing method of any one of claims 1 to 13 or the service processing method of any one of claims 14 to 15.

20. A computer program product, characterized in that the computer program product comprises a computer program or computer instructions which, when executed by a processor, implement the service processing method according to any of claims 1 to 15.