CN116210246A

CN116210246A - Bluetooth equipment access authentication method, electronic equipment and storage medium

Info

Publication number: CN116210246A
Application number: CN202080104853.3A
Authority: CN
Inventors: 张军; 罗朝明; 茹昭; 吕小强
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2020-08-05
Filing date: 2020-08-05
Publication date: 2023-06-02
Also published as: WO2022027364A1

Abstract

The application discloses a Bluetooth equipment access authentication method, which comprises the following steps: the gateway determines a verification certificate of the Bluetooth device; and the gateway sends the verification certificate of the Bluetooth device to a cloud platform, and the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform. The application also discloses another Bluetooth equipment access authentication method, electronic equipment and storage medium.

Description

Bluetooth equipment access authentication method, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of wireless communications technologies, and in particular, to a bluetooth device access authentication method, an electronic device, and a storage medium.

Background

With the increasing perfection of the bluetooth Mesh function and the increasing wide application, how the bluetooth Mesh network realizes access authentication to different types of bluetooth devices, and improving the universality of the access authentication of the bluetooth devices is always a goal pursued by the bluetooth network technology.

Disclosure of Invention

The embodiment of the application provides a Bluetooth device access authentication method, electronic equipment and a storage medium, which can improve the universality of Bluetooth device access authentication.

In a first aspect, an embodiment of the present application provides a bluetooth device access authentication method, including: the gateway determines a verification certificate of the Bluetooth device;

and the gateway sends the verification certificate of the Bluetooth device to a cloud platform, and the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform.

In a second aspect, an embodiment of the present application provides a bluetooth device access authentication method, including: the cloud platform receives a verification certificate of the Bluetooth device sent by the gateway;

and the cloud platform determines the legality of the Bluetooth device based on the verification certificate of the Bluetooth device.

In a third aspect, an embodiment of the present application provides a bluetooth device access authentication method, including: the equipment authentication platform receives a fifth request message sent by the cloud platform; the fifth request message includes a check certificate of the Bluetooth device;

and the device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In a fourth aspect, an embodiment of the present application provides a bluetooth device access authentication method, including: the Bluetooth device sends a verification certificate of the Bluetooth device to the gateway, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device.

In a fifth aspect, embodiments of the present application provide a gateway, the gateway including: a first processing unit configured to determine a verification credential of the bluetooth device;

the first sending unit is configured to send the verification certificate of the Bluetooth device to the cloud platform, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform.

In a sixth aspect, embodiments of the present application provide a cloud platform, the cloud platform including: the first receiving unit is configured to receive a verification certificate of the Bluetooth equipment sent by the gateway;

and the second processing unit is configured to determine the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.

In a seventh aspect, embodiments of the present application provide a device authentication platform, where the device authentication platform includes: the second receiving unit is configured to receive a fifth request message sent by the cloud platform; the fifth request message includes a check certificate of the Bluetooth device;

and the third processing unit is used for verifying the validity of the Bluetooth equipment according to the verification certificate of the Bluetooth equipment.

In an eighth aspect, embodiments of the present application provide a bluetooth device, including: and the second sending unit is configured to send the verification certificate of the Bluetooth device to the gateway, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device.

In a ninth aspect, an embodiment of the present application provides a gateway, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute, when running the computer program, the steps of the bluetooth device access authentication method executed by the gateway.

In a tenth aspect, an embodiment of the present application provides a cloud platform, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute, when running the computer program, the steps of the bluetooth device access authentication method executed by the cloud platform.

In an eleventh aspect, an embodiment of the present application provides a device authentication platform, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute, when running the computer program, the steps of the bluetooth device access authentication method executed by the device authentication platform.

In a twelfth aspect, an embodiment of the present application provides a bluetooth device, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute, when running the computer program, the steps of the bluetooth device access authentication method executed by the bluetooth device.

In a thirteenth aspect, embodiments of the present application provide a chip, including: and the processor is used for calling and running the computer program from the memory, so that the device provided with the chip executes the Bluetooth device access authentication method.

In a fourteenth aspect, an embodiment of the present application provides a storage medium storing an executable program, where the executable program when executed by a processor implements the above-mentioned bluetooth device access authentication method.

In a fifteenth aspect, embodiments of the present application provide a computer program product comprising computer program instructions that cause a computer to perform the above described bluetooth device access authentication method.

In a sixteenth aspect, embodiments of the present application provide a computer program that causes a computer to execute the above bluetooth device access authentication method.

The Bluetooth equipment access authentication method, the electronic equipment and the storage medium provided by the embodiment of the application comprise the following steps: the gateway determines a verification certificate of the Bluetooth device; and the gateway sends the verification certificate of the Bluetooth device to a cloud platform, and the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform. Therefore, the gateway executes the Bluetooth equipment distribution network, decouples the Bluetooth equipment distribution network and the access authentication function from the cloud platform, and improves the universality of the access authentication of the Bluetooth equipment.

Drawings

Fig. 1 is a schematic diagram of a processing flow of access authentication of a bluetooth device in a cross-platform manner in the present application;

fig. 2 is a schematic diagram of an alternative processing flow of a bluetooth device access authentication method applied to a gateway according to an embodiment of the present application;

fig. 3 is a schematic diagram of an optional processing flow of a bluetooth device access authentication method applied to a cloud platform according to an embodiment of the present application;

fig. 4 is a schematic diagram of an alternative processing flow of a bluetooth device access authentication method applied to a device authentication platform according to an embodiment of the present application;

fig. 5 is a schematic diagram of an alternative processing flow of a bluetooth device access authentication method applied to a bluetooth device according to an embodiment of the present application;

fig. 6 is a schematic diagram of a first optional detailed processing flow of a bluetooth device access authentication method according to an embodiment of the present application;

fig. 7 is a schematic diagram of a second alternative detailed processing flow of the bluetooth device access authentication method according to the embodiment of the present application;

fig. 8 is a schematic diagram of a third alternative detailed processing flow of a bluetooth device access authentication method according to an embodiment of the present application;

fig. 9 is a schematic diagram of a fourth optional detailed processing flow of a bluetooth device access authentication method according to an embodiment of the present application;

Fig. 10 is a schematic diagram of a fifth optional detailed processing flow of a bluetooth device access authentication method according to an embodiment of the present application;

fig. 11 is a schematic diagram of a sixth alternative detailed processing flow of an access authentication method of a bluetooth device according to an embodiment of the present application;

fig. 12 is a schematic diagram of an alternative composition structure of a gateway according to an embodiment of the present application;

fig. 13 is a schematic diagram of an alternative composition structure of a cloud platform according to an embodiment of the present application;

fig. 14 is a schematic diagram of an alternative composition structure of the device authentication platform according to the embodiment of the present application;

fig. 15 is a schematic diagram of an alternative composition structure of a bluetooth device according to an embodiment of the present application;

fig. 16 is a schematic diagram of a hardware composition structure of an electronic device according to an embodiment of the present application.

Detailed Description

For a more complete understanding of the nature and the technical content of the embodiments of the present application, reference should be made to the following detailed description of embodiments of the present application in connection with the accompanying drawings, which are provided for purposes of illustration only and are not intended to limit the embodiments of the present application.

Before explaining the embodiments of the present application, the related contents will be briefly explained.

Bluetooth Mesh (wireless Mesh network): a mesh device network constructed based on a low-power Bluetooth technology can realize many-to-many Bluetooth device communication.

Gateway: the Bluetooth Mesh distribution network equipment is responsible for configuring equipment accessed to the Bluetooth Mesh network.

Bluetooth device: the blue tooth Mesh device to be matched with the network needs to be added into a blue tooth Mesh network through a blue tooth Mesh distribution flow to become a blue tooth Mesh device in the blue tooth Mesh network.

Session key: the method is used for encrypting and decrypting the distribution network data in the Bluetooth Mesh distribution network flow.

Device key: after the network allocation of the Bluetooth Mesh device is successful, the subsequent configuration of the Bluetooth Mesh device is only known by the gateway and the Bluetooth Mesh device, and the gateway and the Bluetooth Mesh device are used for secure communication between the gateway and the Bluetooth Mesh device.

In the related art, when the bluetooth device and the gateway do not belong to the same manufacturer, access authentication needs to be performed on the bluetooth device in a cross-platform (i.e. two cloud platforms are needed), and a processing flow of access authentication on the bluetooth device in a cross-platform manner is shown in fig. 1.

And step 1, the Bluetooth device broadcasts a Bluetooth Mesh unassigned network broadcast packet according to the specification.

The Bluetooth device is Bluetooth Mesh device developed by the E company based on the B platform, and a platform identification (CID) of the B platform is included in a Bluetooth Mesh unassigned broadcast packet.

And step 2, after the gateway accessed to the A platform acquires the broadcast information of the non-distribution network, uploading the information to the A platform, and inquiring the type of the equipment.

And 3, after receiving the equipment information reported by the gateway, the platform A judges that the equipment is not equipment developed based on the platform A (other platforms are required to be authorized) through the CID, firstly, acquiring B-platform information (including information such as an Auth Server of the B-platform) corresponding to the CID through the interconnection Server, and then acquiring the equipment type through the B-platform cloud.

And 4, after the gateway and the E company equipment complete the invitation, the gateway and the equipment exchange Public Key, and the B platform calculates (provisioner confirmation) according to the static OOB information and sends the calculated static OOB information to the gateway.

And 5, the gateway sends provisioner confirmation to the equipment, the equipment calculates device confirmation of the equipment end according to the static OOB information and sends device confirmation of the equipment end to the gateway, the gateway sends provisioner random to the equipment, and the equipment pair provisioner confirmation returns to the equipment end after verification.

And step 6, the gateway reports device confirmation and device range of the equipment to the A platform, the A platform sends device confirmation and device range to the B platform cloud for confirmation value authentication, and then an authentication result is returned.

And 7, if the authentication result is passed, the gateway and the Bluetooth Mesh equipment complete network access configuration, and the Bluetooth Mesh equipment joins the Bluetooth Mesh network.

As can be seen from fig. 1, the cloud platform needs to perform bluetooth Mesh device authentication in the communication flow of the bluetooth Mesh distribution network, that is, the cloud platform needs to support the function of computing the bluetooth Mesh device distribution network such as the confirmation value, and also needs to provide the bluetooth device access authentication function; the access authentication mode of the Bluetooth device has no universality, such as being not suitable for the access authentication of non-Bluetooth Mesh devices and being not suitable for the access authentication of Bluetooth devices belonging to the same manufacturer with the gateway.

The technical solution of the embodiment of the application can be applied to various communication systems, for example: global system for mobile communications (global system of mobile communication, GSM), code division multiple access (code division multiple access, CDMA) system, wideband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD) system, long term evolution advanced (advanced long term evolution, LTE-a) system, new Radio (NR) system, evolution system of NR system, LTE (LTE-based access to unlicensed spectrum, LTE-U) system on unlicensed band, NR (NR-based access to unlicensed spectrum, NR-U) system on unlicensed band, universal mobile communication system (universal mobile telecommunication system, UMTS), universal internet microwave access (worldwide interoperability for microwave access, wiMAX) communication system, wireless local area network (wireless local area networks, WLAN), wireless fidelity (wireless fidelity, wiFi), next generation communication system or other communication system, etc.

The system architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided in the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.

The network device involved in the embodiments of the present application may be a common base station (such as a NodeB or eNB or gNB), a new radio controller (new radio controller, NR controller), a centralized network element (centralized unit), a new radio base station, a remote radio module, a micro base station, a relay, a distributed network element (distributed unit), a receiving point (transmission reception point, TRP), a transmission point (transmission point, TP), or any other device. The embodiment of the application does not limit the specific technology and the specific device form adopted by the network device. For convenience of description, in all embodiments of the present application, the above-mentioned apparatus for providing a wireless communication function for a terminal device is collectively referred to as a network device.

In the embodiment of the present application, the terminal device may be any terminal, for example, the terminal device may be a user device for machine type communication. That is, the terminal device may also be referred to as a user equipment UE, a Mobile Station (MS), a mobile terminal (mobile terminal), a terminal (terminal), etc., which may communicate with one or more core networks via a radio access network (radio access network, RAN), e.g., the terminal device may be a mobile phone (or "cellular" phone), a computer with a mobile terminal, etc., e.g., the terminal device may also be a portable, pocket, hand-held, computer-built-in or car-mounted mobile device, which exchanges voice and/or data with the radio access network. The embodiments of the present application are not specifically limited.

Alternatively, the network devices and terminal devices may be deployed on land, including indoors or outdoors, hand-held or vehicle-mounted; the device can be deployed on the water surface; but also on aerial planes, balloons and satellites. The embodiment of the application does not limit the application scene of the network equipment and the terminal equipment.

Optionally, communication between the network device and the terminal device and between the terminal device and the terminal device may be performed through a licensed spectrum (licensed spectrum), communication may be performed through an unlicensed spectrum (unlicensed spectrum), or communication may be performed through both the licensed spectrum and the unlicensed spectrum. Communication between the network device and the terminal device and between the terminal device and the terminal device may be performed through a frequency spectrum of 7 gigahertz (GHz) or less, may be performed through a frequency spectrum of 7GHz or more, and may be performed using a frequency spectrum of 7GHz or less and a frequency spectrum of 7GHz or more simultaneously. The embodiments of the present application do not limit the spectrum resources used between the network device and the terminal device.

Generally, the number of connections supported by the conventional communication system is limited and easy to implement, however, with the development of communication technology, the mobile communication system will support not only conventional communication but also, for example, device-to-device (D2D) communication, machine-to-machine (machine to machine, M2M) communication, machine type communication (machine type communication, MTC), inter-vehicle (vehicle to vehicle, V2V) communication, and the like, to which the embodiments of the present application can also be applied.

An optional processing flow of the bluetooth device access authentication method applied to the gateway provided in the embodiment of the present application, as shown in fig. 2, may include the following steps:

in step S201, the gateway determines the verification credentials of the bluetooth device.

In some embodiments, the bluetooth Mesh device actively sends the gateway a verification credential of the bluetooth Mesh device.

In other embodiments, a first request message may be sent by the gateway to the bluetooth Mesh device, where the first request message is used to request to obtain a check credential of the bluetooth Mesh device; after receiving the first request message, the Bluetooth Mesh device sends a verification credential of the Bluetooth Mesh device to the gateway.

Step S202, a gateway sends a verification certificate of the Bluetooth device to a cloud platform, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform.

In some embodiments, the gateway requests the gateway-accessed cloud platform to verify the validity of the bluetooth Mesh device by sending a verification credential of the bluetooth Mesh device to the gateway-accessed cloud platform. The cloud platform accessed by the gateway judges that the Bluetooth Mesh device is not the device developed based on the cloud platform according to the CID in the unassigned network broadcasting packet broadcast by the Bluetooth device, and the cloud platform accessed by the gateway acquires the corresponding device authentication platform according to the CID in the unassigned network broadcasting packet; and the cloud platform accessed by the gateway sends a verification certificate of the Bluetooth Mesh device to the device authentication platform, and requests the device authentication platform to verify the legality of the Bluetooth Mesh device. Or if the cloud platform accessed by the gateway judges that the Bluetooth Mesh device is the device developed based on the cloud platform according to the CID in the unassigned network broadcast packet, the cloud platform accessed by the gateway checks the legality of the Bluetooth Mesh device.

In some embodiments, the method may further comprise:

step S203, the gateway receives a device verification result sent by the cloud platform, where the device verification result is used to indicate validity of the bluetooth device.

In some embodiments, the method may further comprise:

step S204, the gateway determines the verification credentials of the gateway and/or the cloud platform.

In some embodiments, the gateway pre-stores the verification credentials of the gateway and/or the cloud platform; the verification credentials of the gateway and/or the cloud platform are pre-stored when the gateway leaves the factory or the gateway is powered on and activated.

In other embodiments, the gateway sends a second request message to the cloud platform, where the second request message is used to request acquisition of verification credentials of the gateway and/or the cloud platform; and the gateway receives the verification credentials of the gateway and/or the cloud platform, which are sent by the cloud platform.

Step S205, a gateway sends a verification credential of the gateway and/or the cloud platform to the bluetooth device, where the verification credential of the gateway and/or the cloud platform is used for the bluetooth device to verify the validity of the gateway and/or the cloud platform.

In some embodiments, a gateway may actively send verification credentials of the gateway and/or the cloud platform to a bluetooth device. The gateway may also receive a third request message sent by the bluetooth device, where the third request message is used to request to obtain a verification credential of the gateway and/or the cloud platform; and the gateway sends the verification certificate of the gateway and/or the cloud platform to the Bluetooth equipment according to the third request message.

Step S206, the gateway receives the gateway and/or the cloud platform verification result sent by the bluetooth device, where the gateway and/or the cloud platform verification result is used to indicate validity for the gateway and/or the cloud platform.

In some embodiments, the method may further comprise:

step S207, the gateway sends a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, wherein the fourth request message is used for requesting to acquire a verification certificate of the device authentication platform; the verification certificate of the equipment authentication platform is used for the Bluetooth equipment to verify the validity of the equipment authentication platform.

Step S208, the gateway receives the verification certificate of the equipment authentication platform sent by the cloud platform, and the gateway sends the verification certificate of the equipment authentication platform to the Bluetooth equipment.

Step S209, the gateway requests the cloud platform to add the bluetooth device.

In some embodiments, if the verification results of the bluetooth device, the gateway and/or the cloud platform and the device authentication platform are all legal, after the gateway sends configuration information for network access configuration of the bluetooth device to the bluetooth device, the gateway may also request the cloud platform to add the bluetooth device; specifically, the gateway sends information of the Bluetooth device to the cloud platform, and the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device.

In some embodiments, if one of the verification results of the bluetooth device, the gateway and/or the cloud platform, the device authentication platform is illegal, the bluetooth device is deleted from the bluetooth Mesh network or the bluetooth Mesh distribution network is stopped.

In some embodiments, the method may further comprise:

step S200, the gateway receives a check mark sent by the Bluetooth device, wherein the check mark is used for indicating an object to be checked.

In some embodiments, the bluetooth device broadcasts an unassigned broadcast packet (Unprovisioned Device Beacon) to the gateway; wherein the device universal unique identifier (Universally Unique Identifier, UUID) included in the unassigned network broadcast packet is key information for identifying the device.

In some embodiments, the format of the device UUID is shown in table 1 below: the device UUID includes a verification flag (verifflag) for indicating an object of validity authentication; such as: the check mark is used for indicating at least one of the following: the device comprises an authentication Bluetooth Mesh device, an authentication gateway, an authentication cloud platform and an authentication device authentication platform. The device UUID may further include: one or more of CID, DID, and PID; the CID is used for characterizing vendor/cloud platform identifiers of the equipment, the DID is used for characterizing equipment identifiers, and the PID is used for characterizing equipment type identifiers. In the embodiment of the application, the check mark is used for indicating authentication of the Bluetooth Mesh device.

TABLE 1 UUID Format of device

An optional processing flow of the bluetooth device access authentication method applied to the cloud platform, as shown in fig. 3, may include the following steps:

step S301, the cloud platform receives a verification certificate of the Bluetooth device sent by the gateway.

Step S302, the cloud platform determines the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.

In some embodiments, if the bluetooth device is not a device corresponding to the cloud platform, the cloud platform sends a fifth request message carrying a verification credential of the bluetooth device to a device authentication platform; the fifth request message is used for requesting the device authentication platform to check the validity of the Bluetooth device; and the cloud platform receives a device verification result sent by the device authentication platform, wherein the device verification result is used for indicating the legality of the Bluetooth device.

In some embodiments, if the bluetooth device is a device corresponding to the cloud platform, the cloud platform verifies the validity of the bluetooth device.

In some embodiments, the method may further comprise:

step S303, a cloud platform receives a second request message sent by the gateway, wherein the second request message is used for requesting to acquire verification credentials of the gateway and/or the cloud platform; and the cloud platform confirms the gateway and/or the verification certificate of the cloud platform.

In the implementation, if the Bluetooth device is not the device corresponding to the cloud platform, the cloud platform determines a device authentication platform corresponding to the Bluetooth device; the cloud platform sends a sixth request message to the equipment authentication platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform. The cloud platform receives the gateway and/or the verification certificate of the cloud platform sent by the equipment authentication platform, and sends the gateway and/or the verification certificate of the cloud platform to the gateway.

In some embodiments, the method may further comprise:

step S304, the cloud platform receives the gateway and sends a fourth request message, wherein the fourth request message is used for requesting to acquire a verification certificate of the equipment authentication platform.

In step S305, the cloud platform determines a verification credential of the device authentication platform.

In some embodiments, the cloud platform sends a seventh request message to the device authentication platform, the seventh request message being for requesting acquisition of a verification credential of the device authentication platform; and the cloud platform receives the verification certificate of the equipment authentication platform, which is sent by the equipment authentication platform, and sends the verification certificate of the equipment authentication platform to the gateway.

In some embodiments, the method may further comprise:

in step S306, the cloud platform adds the bluetooth device.

If the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform are legal, the gateway requests the cloud platform to add the Bluetooth device; specifically, the gateway sends information of the Bluetooth device to the cloud platform, wherein the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device; and the gateway sends configuration information to the Bluetooth equipment, wherein the configuration information is used for executing network access configuration of the Bluetooth equipment.

An optional processing flow of the bluetooth device access authentication method applied to the device authentication platform provided in the embodiment of the present application, as shown in fig. 4, may include the following steps:

step S401, the equipment authentication platform receives a fifth request message sent by the cloud platform; the fifth request message includes a check credential of the bluetooth device.

Step S402, the device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In some embodiments, the method may further comprise:

step S403, the equipment authentication platform receives a sixth request message sent by the cloud platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.

Step S404, the equipment authentication platform generates a verification certificate of the gateway and/or the cloud platform according to the identification of the gateway and/or the cloud platform; and the equipment authentication platform sends the gateway and/or the verification certificate of the cloud platform to the cloud platform.

An optional processing flow of the bluetooth device access authentication method applied to a bluetooth device provided in the embodiment of the present application, as shown in fig. 5, may include the following steps:

in step S501, the bluetooth device sends a verification credential of the bluetooth device to the gateway, where the verification credential of the bluetooth device is used to determine validity of the bluetooth device.

In some embodiments, it may be that the bluetooth device actively sends the gateway with the verification credentials of the bluetooth device. Or the Bluetooth device receives a first request message sent by the gateway, where the first request message is used for requesting to obtain a check certificate of the Bluetooth device; and the Bluetooth device sends the verification certificate of the Bluetooth device to the gateway according to the first request message.

In some embodiments, the method may further comprise:

step S502, the bluetooth device receives a verification credential of the gateway and/or the cloud platform, where the verification credential of the gateway and/or the cloud platform is used for the bluetooth device to verify validity of the gateway and/or the cloud platform.

In some embodiments, the bluetooth device may send a third request message to a gateway, where the third request message is used to request to obtain verification credentials of the gateway and/or the cloud platform. After the gateway obtains the verification credentials of the gateway and/or the cloud platform, the gateway sends the verification credentials of the gateway and/or the cloud platform to the Bluetooth equipment.

In step S503, the bluetooth device verifies the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.

Step S504, the bluetooth device sends a gateway and/or the cloud platform verification result sent by the bluetooth device to the gateway, where the gateway and/or the cloud platform verification result is used to indicate validity for the gateway and/or the cloud platform.

In some embodiments, the method may further comprise:

in step S505, the bluetooth device receives the verification credential of the device authentication platform sent by the gateway.

Step S506, the Bluetooth device verifies the validity of the device authentication platform based on the verification credentials of the device authentication platform.

If the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform are legal, the Bluetooth device receives configuration information sent by the gateway, wherein the configuration information is used for executing network access configuration of the Bluetooth device.

In the embodiment of the application, the gateway executes the Bluetooth equipment distribution network, the cloud platform verifies the legality (namely the access authentication function) of the Bluetooth equipment, the Bluetooth equipment distribution network and the access authentication function are decoupled from the cloud platform, and the universality of access authentication of the Bluetooth equipment is improved.

Before completing the bluetooth Mesh distribution network, for example, the gateway verifies the validity of the bluetooth device, and the first optional detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application, as shown in fig. 6, includes the following steps:

in step S601, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

In some embodiments, if the bluetooth Mesh device is in an unassigned state, the bluetooth Mesh device broadcasts an unassigned broadcast packet; the UUID included in the unassigned broadcast packet is key information for identifying the device. The format of the UUID of the device is shown in table 1.

Step S602-S603, the Bluetooth Mesh device and the gateway start a Bluetooth Mesh distribution network flow.

In some embodiments, the starting the bluetooth Mesh distribution network procedure may include: calculating a security key, wherein the security key is used for encrypting/decrypting the check certificate between the Bluetooth Mesh device and the gateway; the security keys may include one or more of session keys, device keys, network keys, and application keys, among others.

In the embodiment of the application, before the Bluetooth Mesh device and the gateway execute the Bluetooth Mesh distribution network, the gateway checks the validity of the Bluetooth Mesh device; if the gateway verifies that the Bluetooth Mesh device is legal, the Bluetooth Mesh device and the gateway continue to execute network access configuration of the Bluetooth Mesh device; if the gateway verifies that the Bluetooth Mesh device is illegal, the Bluetooth Mesh distribution network is terminated.

Step S604, the gateway obtains a verification certificate of the Bluetooth Mesh device.

In some embodiments, the check mark in the unassigned broadcast packet indicates that the bluetooth Mesh device is checked, and then the bluetooth Mesh device actively sends a check credential of the bluetooth Mesh device to the gateway.

Step S605, the gateway sends a verification certificate of the Bluetooth Mesh device to a cloud platform accessed by the gateway.

In some embodiments, the gateway requests the gateway-accessed cloud platform to verify the validity of the bluetooth Mesh device by sending a verification credential of the bluetooth Mesh device to the gateway-accessed cloud platform.

Step S606, the cloud platform accessed by the gateway requests the device authentication platform to check the legality of the Bluetooth Mesh device.

In some embodiments, if the cloud platform accessed by the gateway judges that the bluetooth Mesh device is not a device developed based on the cloud platform according to the CID in the unassigned network broadcast packet, the cloud platform accessed by the gateway acquires a corresponding device authentication platform according to the CID in the unassigned network broadcast packet; and the cloud platform accessed by the gateway sends a verification certificate of the Bluetooth Mesh device to the device authentication platform, and requests the device authentication platform to verify the legality of the Bluetooth Mesh device.

In other embodiments, if the cloud platform accessed by the gateway determines that the bluetooth Mesh device is a device developed based on the cloud platform according to the CID in the unassigned broadcast packet, the cloud platform accessed by the gateway verifies the validity of the bluetooth Mesh device.

In step S607, the device authentication platform verifies the validity of the bluetooth Mesh device.

In some embodiments, if the verification credential of the bluetooth Mesh device is a security credential, the device authentication platform verifies whether the security credential is legitimate; if the security certificate is verified to be legal, the Bluetooth Mesh device is authenticated to be legal; if the security certificate is verified to be illegal, the Bluetooth Mesh device is authenticated to be illegal.

In specific implementation, the device authentication platform can adopt an asymmetric encryption or symmetric encryption method to verify the validity of the Bluetooth Mesh device. For example, for an asymmetric encryption method, the bluetooth Mesh device pre-stores a public key of a device authentication platform, encrypts a verification certificate of the bluetooth Mesh device by using the public key of the device authentication platform, decrypts the verification certificate received by the device authentication platform by using a private key of the device authentication platform, and if the verification certificate can be decrypted normally, the bluetooth Mesh device proves to be a legal bluetooth Mesh device, and if the verification certificate cannot be decrypted normally, the bluetooth Mesh device proves to be an illegal bluetooth Mesh device. For the symmetric encryption method, the device authentication platform and the Bluetooth Mesh device share the same secret key (namely the pre-shared secret key), the Bluetooth Mesh device encrypts a verification certificate of the Bluetooth Mesh device by using the pre-shared secret key, and the device authentication platform decrypts the verification certificate received by the device authentication platform by using the same pre-shared secret key, if the device authentication platform can decrypt normally, the device authentication platform proves to be a legal Bluetooth Mesh device; if the decryption cannot be normally performed, the device is an illegal Bluetooth Mesh device.

Step S608, the device authentication platform feeds back a verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S609, the cloud platform accessed by the gateway feeds back a verification result of the Bluetooth Mesh device to the gateway.

Step S610, if the verification result of the Bluetooth Mesh device is legal, the gateway executes the network access configuration of the Bluetooth Mesh device.

In some embodiments, if the verification result of the bluetooth Mesh device is legal, the gateway starts the bluetooth Mesh network access configuration data distribution, and sends configuration information such as a network address and a security key (such as a network key and/or a device key) to the bluetooth Mesh device, so as to complete the network access configuration process of the bluetooth Mesh device.

In step S611, the gateway requests the cloud platform accessed by the gateway to add the bluetooth Mesh device.

In some embodiments, the gateway sends device information including UUID of the bluetooth Mesh device to the gateway-accessed cloud platform, and the gateway-accessed cloud platform adds the device information of the bluetooth Mesh device.

Taking the example that the verification result of the bluetooth Mesh device is legal, steps S610 to S611 are performed. If the checking result of the Bluetooth Mesh device is illegal, the gateway terminates the network access configuration flow of the Bluetooth Mesh device.

Taking the example that the gateway verifies the validity of the bluetooth device before completing the bluetooth Mesh distribution network and the bluetooth Mesh device verifies the validity of the gateway/cloud platform, the second optional detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application, as shown in fig. 7, includes the following steps:

In step S801, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

In some embodiments, the description of the unassigned broadcast packet is the same as step S601 in the above embodiments, and will not be repeated here.

Step S802-S803, the Bluetooth Mesh device and the gateway start a Bluetooth Mesh distribution network flow.

In some embodiments, the processing flow of the bluetooth Mesh device and the gateway to start the bluetooth Mesh network configuration flow is the same as that of steps S602-S603 in the above embodiments, and will not be described here again.

In step S804, the gateway sends the verification credentials of the gateway/platform to the bluetooth Mesh device.

In some embodiments, the gateway may actively send the gateway/platform's check credentials to the bluetooth Mesh device.

In other embodiments, as shown in step S804A, a third request message may be sent by the bluetooth Mesh device to the gateway according to the check mark, where the third request message is used to request to obtain the check credential of the gateway and/or the cloud platform.

In this scenario, after the gateway receives the third request message, the gateway obtains the verification credentials of the gateway and/or the cloud platform. The specific implementation process of the gateway obtaining the verification credentials of the gateway and/or the cloud platform may include:

in step S804-1, the gateway sends a second request message to the cloud platform, where the second request message is used to request to obtain verification credentials of the gateway and/or the cloud platform.

In some embodiments, the second request message carries an identifier of the gateway/cloud platform, and is used for requesting the cloud platform to acquire the verification credentials of the gateway and/or the cloud platform.

Step S804-2, the cloud platform acquires the gateway and/or the equipment authentication platform information corresponding to the cloud platform.

In some embodiments, the cloud platform judges that the bluetooth Mesh device is not a device developed based on the cloud platform through the CID, and the device authentication platform is required to perform authentication, and then the cloud platform acquires the gateway and/or the device authentication platform information corresponding to the cloud platform through the CID.

Step S804-3, the cloud platform sends a sixth request message to the device authentication platform; the sixth request is for requesting acquisition of verification credentials of the gateway and/or the cloud platform.

In some embodiments, the sixth request message carries an identifier of the gateway and/or the cloud platform, and the device authentication platform obtains a verification credential of the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform.

Step S804-4, the device authentication platform sends the gateway and/or verification credentials of the cloud platform to the cloud platform.

In some embodiments, the device authentication platform generates a generic check credential (i.e., the check credential does not differentiate between the gateway or the specific cloud platform to which the gateway is attached, is generic to all legitimate gateways or cloud platforms to which the gateway is attached) or a check credential specific to the gateway/cloud platform (i.e., the check credential distinguishes between the gateway or the specific cloud platform to which the gateway is attached, different legitimate gateways or cloud platforms to which the gateway is attached use different check credentials) based on the identity of the gateway and/or cloud platform. For example, the verification credentials of the gateway/cloud platform generated by the device authentication platform are security certificates, the security certificates comprise unique identification information of the gateway and/or the cloud platform, the security certificates can only be used by the gateway/cloud platform to verify passing, and cloud platforms accessed by other gateways/gateways can not verify passing even if the security certificates are used, so that the security of access authentication is improved.

In some embodiments, after receiving the verification credentials of the gateway and/or the cloud platform returned by the device authentication platform, the cloud platform may locally store the verification credentials of the gateway and/or the cloud platform, and when the gateway and/or the cloud platform needs to be verified subsequently, the cloud platform directly obtains the verification credentials of the gateway and/or the cloud platform from the local, without obtaining the verification credentials of the gateway and/or the cloud platform from the device authentication platform, thereby simplifying the verification flow of the gateway and/or the cloud platform and reducing the verification delay.

Step S804-5, the cloud platform sends verification credentials of the gateway and/or the cloud platform to the gateway; and the gateway sends the verification certificate of the gateway and/or the cloud platform to the Bluetooth Mesh device.

The steps S804-1 to S804-5 are specific implementation processes for the gateway to obtain the verification credentials of the gateway and/or the cloud platform from the network side (the cloud platform and the device authentication platform).

The specific implementation process of the gateway obtaining the verification credentials of the gateway and/or the cloud platform may be that the gateway stores the verification credentials of the gateway and/or the cloud platform in advance; the verification credentials of the gateway and/or the cloud platform are pre-stored when the gateway leaves the factory or the gateway is powered on and activated.

In step S805, the bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform according to the received verification credentials of the gateway and/or the cloud platform, and feeds back the verification results of the gateway and/or the cloud platform to the gateway.

In some embodiments, in the case that the verification result of the bluetooth Mesh device on the gateway and/or the cloud platform is that the gateway and/or the cloud platform is legal, the bluetooth device access authentication method provided in the embodiments of the present application executes the following steps S806-S812:

step S806, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S807, the gateway sends verification credentials of the Bluetooth Mesh device to a cloud platform accessed by the gateway.

Step S808, the cloud platform accessed by the gateway requests the device authentication platform to check the legality of the Bluetooth Mesh device.

Step S809, the device authentication platform verifies the validity of the bluetooth Mesh device.

Step S810, the device authentication platform feeds back a verification result of the Bluetooth Mesh device to a cloud platform accessed by the gateway.

Step S811, the cloud platform accessed by the gateway feeds back a verification result of the Bluetooth Mesh device to the gateway.

Step S812, if the verification result of the Bluetooth Mesh device is legal, the gateway executes network access configuration of the Bluetooth Mesh device.

Taking the example that the verification result of the bluetooth Mesh device is legal, step S812 is performed. If the checking result of the Bluetooth Mesh device is illegal, the gateway terminates the network access configuration flow of the Bluetooth Mesh device.

Step S813, the gateway requests the cloud platform accessed by the gateway to add Bluetooth Mesh equipment.

Therefore, in the bluetooth device access authentication method shown in fig. 7, the validity of the gateway and/or the cloud platform is checked by the bluetooth Mesh device, and if the check result indicates that the gateway and/or the cloud platform are legal, the validity of the bluetooth Mesh device is checked by the gateway; and if the checking result indicates that the Bluetooth Mesh device is legal, executing network access configuration of the Bluetooth Mesh device. Compared with the processing flow of the bluetooth device access authentication method shown in fig. 6, the processing flow of the bluetooth device access authentication method shown in fig. 7 adds a step of checking the validity of the gateway and/or the cloud platform by the bluetooth Mesh device before the gateway checks the validity of the bluetooth Mesh device; the security of the Bluetooth Mesh network access authentication is further improved.

In the processing flow of the bluetooth device access authentication method shown in fig. 7, the validity of the gateway and/or the cloud platform is checked by the bluetooth Mesh device, and the gateway checks the validity of the bluetooth Mesh device when the check result indicates that the gateway and/or the cloud platform are legal. When the method is implemented in detail, the gateway can check the validity of the Bluetooth Mesh device, and the Bluetooth Mesh device checks the validity of the gateway and/or the cloud platform under the condition that the check result indicates that the Bluetooth Mesh device is legal; that is, after the steps S801 to S803 are performed, the steps S806 to S811 are performed first, and then the steps S804 to S805 are performed.

Taking the example that the gateway verifies the validity of the bluetooth device before completing the bluetooth Mesh distribution network and the bluetooth Mesh device verifies the validity of the device authentication platform, a third optional detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application is shown in fig. 8, and includes the following steps:

in step S901, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

Step S902-S903, the Bluetooth Mesh device and the gateway start a Bluetooth Mesh distribution network flow.

Step S904, the gateway obtains a verification certificate of the Bluetooth Mesh device.

Step S905, the gateway sends a verification credential of the bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S906, the cloud platform accessed by the gateway requests the device authentication platform to check the legality of the Bluetooth Mesh device.

In step S907, the device authentication platform verifies the validity of the bluetooth Mesh device.

Step S908, the device authentication platform feeds back a verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S909, the cloud platform accessed by the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

The detailed processing flows of steps S901 to S909 in the embodiment of the present application are the same as the processing flows of steps S601 to S609 in the above embodiment, and are not repeated here.

Step S910, the gateway sends a fourth request message to the cloud platform according to the check mark of the bluetooth device.

In some embodiments, the fourth request message is used to request to obtain a verification credential of a device authentication platform, where the verification credential of the device authentication platform is used for the bluetooth Mesh device to verify validity of the device authentication platform.

In some embodiments, the fourth request message may further include a CID, where the cloud platform is configured to determine, according to the DCI, a device authentication platform corresponding to the bluetooth Mesh device.

In step S911, the cloud platform sends a seventh request message to the device authentication platform.

In some embodiments, the seventh request message is for requesting acquisition of a verification credential of the device authentication platform.

In step S912, the device authentication platform sends the verification credentials of the device authentication platform to the cloud platform.

Step S913, the cloud platform sends the verification credentials of the device authentication platform to the gateway.

Step S914, the gateway sends the verification credentials of the device authentication platform to the bluetooth Mesh device.

In step S915, the bluetooth Mesh device verifies the validity of the device authentication platform.

In some embodiments, the bluetooth Mesh device may employ an asymmetric encryption or a symmetric encryption method to verify the legitimacy of the device authentication platform. For example, for the asymmetric encryption method, the device authentication platform pre-stores the public key of the bluetooth Mesh device, after the device authentication platform generates the verification certificate of the device authentication platform, the device authentication platform encrypts the verification certificate by using the public key of the bluetooth Mesh device, and the bluetooth Mesh device decrypts the verification certificate received by using its own private key, if the device authentication platform can decrypt normally, the device authentication platform proves to be a legal device authentication platform, and if the device authentication platform cannot decrypt normally, the device authentication platform proves to be an illegal device authentication platform. For the symmetric encryption method, the device authentication platform and the Bluetooth Mesh device share the same secret key (namely the pre-shared secret key), after the device authentication platform generates a verification certificate of the device authentication platform, the verification certificate is encrypted by the pre-shared secret key, the verification certificate received by the Bluetooth Mesh device is decrypted by the same pre-shared secret key, if the verification certificate can be decrypted normally, the device authentication platform is proved to be legal, and if the verification certificate cannot be decrypted normally, the device authentication platform is proved to be illegal.

Step S916, if the verification result of the Bluetooth Mesh device is legal and the verification result of the device authentication platform is legal, the gateway executes the network access configuration of the Bluetooth Mesh device.

In some embodiments, if the verification result of the bluetooth Mesh device is legal and the verification result of the device authentication platform is legal, the gateway starts the bluetooth Mesh access configuration data distribution, and sends configuration information such as a network address and a security key (such as a network key and/or a device key) to the bluetooth Mesh device, so as to complete the access configuration process of the bluetooth Mesh device.

Step S917, the gateway requests the cloud platform accessed by the gateway to add Bluetooth Mesh equipment.

Taking the verification result of the bluetooth Mesh device as legal as an example, steps S916 to S917 are performed. If at least one of the verification result of the Bluetooth Mesh device and the verification result of the device authentication platform is illegal, the gateway terminates the network access configuration flow of the Bluetooth Mesh device.

In the processing flow of the bluetooth device access authentication method shown in fig. 8, the gateway verifies the validity of the bluetooth Mesh device, and the bluetooth Mesh device verifies the validity of the device authentication platform when the verification result indicates that the bluetooth Mesh device is legal. In the implementation, the validity of the equipment authentication platform can be checked by the Bluetooth Mesh equipment, and the gateway can check the validity of the Bluetooth Mesh equipment under the condition that the checking result indicates that the equipment authentication platform is legal; that is, after the execution of steps S901 to S903, steps S910 to S915 are executed first, and then steps S904 to S909 are executed.

Based on the above-mentioned fig. 7, the validity of the bluetooth Mesh device is checked by the gateway, and the validity of the gateway/cloud platform is checked by the bluetooth Mesh device. Based on the above-mentioned fig. 8, the validity of the bluetooth Mesh device is checked by the gateway, and the validity of the device authentication platform is checked by the bluetooth Mesh device. In the specific implementation, the verification of the legality of the Bluetooth Mesh device by the gateway, the verification of the legality of the gateway/cloud platform by the Bluetooth Mesh device, and the verification of the legality of the device authentication platform by the Bluetooth Mesh device may all be performed; and the gateway checks the legality of the Bluetooth Mesh device, the legality of the gateway/cloud platform checked by the Bluetooth Mesh device, and the legality of the authentication platform checked by the Bluetooth Mesh device. Priority may exist between the validity of the bluetooth Mesh device checking gateway/cloud platform and the validity of the bluetooth Mesh device checking device authentication platform, for example, the priority of the validity of the bluetooth Mesh device checking gateway/cloud platform is higher than the priority of the validity of the bluetooth Mesh device checking device authentication platform, and then the bluetooth Mesh device preferentially checks the validity of the gateway/cloud platform.

The bluetooth device access authentication methods shown in fig. 6 to 8 are all to execute bluetooth Mesh device verification, gateway/cloud platform verification, or device authentication platform verification before completing bluetooth Mesh distribution network. In a further implementation, the embodiment of the application may further perform bluetooth Mesh device verification, gateway/cloud platform verification, or device authentication platform verification after completing bluetooth Mesh distribution.

Taking the following example of performing bluetooth Mesh device verification after completing bluetooth Mesh network allocation, a fourth detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application is shown in fig. 9, where the processing flow includes:

in step S1001, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

In some embodiments, the description of sending the unassigned broadcast packet to the gateway for the bluetooth Mesh device is the same as the above step S601, and will not be repeated here

Step S1002-S1003, the Bluetooth Mesh device and the gateway start a Bluetooth Mesh distribution network flow, and complete the Bluetooth Mesh distribution network flow.

The process of starting the bluetooth Mesh distribution network may include: calculating a security key, wherein the security key is used for encrypting/decrypting the check certificate between the Bluetooth Mesh device and the gateway; the security keys may include one or more of session keys, device keys, network keys, and application keys, among others.

The Bluetooth Mesh distribution flow comprises the following steps: the gateway starts the distribution of the Bluetooth Mesh network access configuration data, and sends configuration information such as a network address, a security key (such as a network key and/or a device key) and the like to the Bluetooth Mesh device to complete the network access configuration process of the Bluetooth Mesh device.

Step S1004, the gateway obtains a verification certificate of the Bluetooth Mesh device.

Step S1005, the gateway sends a verification certificate of the Bluetooth Mesh device to a cloud platform accessed by the gateway.

Step S1006, the cloud platform accessed by the gateway requests the device authentication platform to check the legality of the Bluetooth Mesh device.

Step S1007, the device authentication platform verifies the validity of the bluetooth Mesh device.

Step S1008, the device authentication platform feeds back a verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1009, the cloud platform accessed by the gateway feeds back the verification result of the bluetooth Mesh device to the gateway.

And step S1010, if the verification result of the Bluetooth Mesh device is legal, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

Taking the verification result of the bluetooth Mesh device as legal as an example, step S1010 is executed. And if the verification result of the Bluetooth Mesh device is illegal, deleting the Bluetooth Mesh device from the Bluetooth Mesh network.

Taking the example that after the bluetooth Mesh distribution network is completed, the gateway verifies the validity of the bluetooth device, and the bluetooth Mesh device verifies the validity of the gateway/cloud platform, a fifth optional detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application, as shown in fig. 10, includes the following steps:

in step S1101, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

Step S1102-S1103, the bluetooth Mesh device and the gateway start a bluetooth Mesh network configuration procedure.

In step S1104, the gateway sends the verification credentials of the gateway/platform to the bluetooth Mesh device.

In other embodiments, the bluetooth Mesh device may send a third request message to the gateway according to the check mark, where the third request message is used to request to obtain check credentials of the gateway and/or the cloud platform.

In step S1104-1, the gateway sends a second request message to the cloud platform, where the second request message is used to request to obtain verification credentials of the gateway and/or the cloud platform.

Step S1104-2, the cloud platform acquires the gateway and/or the device authentication platform information corresponding to the cloud platform.

Step S1104-3, the cloud platform requests the device authentication platform to acquire verification credentials of the gateway and/or the cloud platform.

In some embodiments, the cloud platform sends a sixth request message to the device authentication platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.

Step S1104-4, the device authentication platform sends the gateway and/or the verification credentials of the cloud platform to the cloud platform.

And step S1104-5, the cloud platform sends the verification credentials of the gateway and/or the cloud platform to the gateway.

The steps S1104-1 to S1104-5 are specific implementation processes for the gateway to acquire the verification credentials of the gateway and/or the cloud platform from the network side (the cloud platform and the device authentication platform).

In step S1105, the bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform according to the received verification credentials of the gateway and/or the cloud platform, and feeds back the verification results of the gateway and/or the cloud platform to the gateway.

In some embodiments, in the case that the verification result of the bluetooth Mesh device on the gateway and/or the cloud platform is that the gateway and/or the cloud platform is legal, the bluetooth device access authentication method provided in the embodiments of the present application executes the following steps S1106-S1112:

in step S1106, the gateway obtains a verification credential of the bluetooth Mesh device.

Step S1107, the gateway sends the verification certificate of the bluetooth Mesh device to the cloud platform.

In step S1108, the cloud platform requests the device authentication platform to verify the validity of the bluetooth Mesh device.

In step S1109, the device authentication platform verifies the validity of the bluetooth Mesh device.

Step S1110, the device authentication platform feeds back a verification result of the bluetooth Mesh device to the cloud platform accessed by the gateway.

And S1111, feeding back a verification result of the Bluetooth Mesh device to the gateway by the cloud platform accessed by the gateway.

Step S1112, if the verification result of the Bluetooth Mesh device is legal, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

Therefore, in the bluetooth device access authentication method shown in fig. 10, the validity of the gateway and/or the cloud platform is checked by the bluetooth Mesh device, and if the check result indicates that the gateway and/or the cloud platform are legal, the validity of the bluetooth Mesh device is checked by the gateway; and if the checking result indicates that the Bluetooth Mesh device is legal, executing network access configuration of the Bluetooth Mesh device. Compared with the processing flow of the bluetooth device access authentication method shown in fig. 9, the processing flow of the bluetooth device access authentication method shown in fig. 7 adds a step of checking the validity of the gateway and/or the cloud platform by the bluetooth Mesh device before the gateway checks the validity of the bluetooth Mesh device; the security of the Bluetooth Mesh network access authentication is further improved.

Taking the example that after the bluetooth Mesh distribution network is completed, the gateway verifies the validity of the bluetooth device and the bluetooth Mesh device verifies the validity of the device authentication platform, a sixth optional detailed processing flow of the bluetooth device access authentication method provided in the embodiment of the present application, as shown in fig. 11, includes the following steps:

in step S1201, the bluetooth Mesh device sends an unassigned broadcast packet to the gateway.

Step S1202-S1203, the Bluetooth Mesh device and the gateway start a Bluetooth Mesh distribution network flow.

And step S1204, the gateway sends a fourth request message to the cloud platform according to the verification mark of the Bluetooth device.

In step S1205, the cloud platform sends a seventh request message to the device authentication platform.

In step S1206, the device authentication platform sends verification credentials of the device authentication platform to the cloud platform.

In step S1207, the cloud platform sends the verification credentials of the device authentication platform to the gateway.

Step S1208, the gateway sends the verification credentials of the device authentication platform to the bluetooth Mesh device.

In step S1209, the bluetooth Mesh device verifies the validity of the device authentication platform.

In step S1210, the gateway obtains a verification credential of the bluetooth Mesh device.

Step S1211, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1212, the cloud platform accessed by the gateway requests the device authentication platform to check the validity of the bluetooth Mesh device.

In step S1213, the device authentication platform verifies the validity of the bluetooth Mesh device.

Step S1214, the device authentication platform feeds back a verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1215, the cloud platform accessed by the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S1216, if the verification result of the Bluetooth Mesh device is legal, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

Taking the verification result of the bluetooth Mesh device as legal as an example, step S1216 is executed. And if the verification result of the Bluetooth Mesh device is illegal, deleting the Bluetooth Mesh device from the Bluetooth Mesh network.

In the processing flow of the bluetooth device access authentication method shown in fig. 11, the validity of the device authentication platform is checked by the bluetooth Mesh device, and the gateway checks the validity of the bluetooth Mesh device when the checking result indicates that the device authentication platform is legal. When the method is implemented in detail, the gateway can check the validity of the Bluetooth Mesh device, and the Bluetooth Mesh device checks the validity of the device authentication platform under the condition that the check result indicates that the Bluetooth Mesh device is legal; that is, after the execution of steps S1201 to S1203, steps S1210 to S1215 are executed first, and then steps S1204 to 1209 are executed.

Based on the above-mentioned illustration of fig. 10, the validity of the bluetooth Mesh device is checked by the gateway, and the validity of the gateway/cloud platform is checked by the bluetooth Mesh device. Based on the above-mentioned illustration of fig. 11, the validity of the bluetooth Mesh device is checked by the gateway, and the validity of the device authentication platform is checked by the bluetooth Mesh device. In the specific implementation, the verification of the legality of the Bluetooth Mesh device by the gateway, the verification of the legality of the gateway/cloud platform by the Bluetooth Mesh device, and the verification of the legality of the device authentication platform by the Bluetooth Mesh device may all be performed; and the gateway checks the legality of the Bluetooth Mesh device, the legality of the gateway/cloud platform checked by the Bluetooth Mesh device, and the legality of the authentication platform checked by the Bluetooth Mesh device have no execution sequence. Priority may exist between the validity of the bluetooth Mesh device checking gateway/cloud platform and the validity of the bluetooth Mesh device checking device authentication platform, for example, the priority of the validity of the bluetooth Mesh device checking gateway/cloud platform is higher than the priority of the validity of the bluetooth Mesh device checking device authentication platform, and then the bluetooth Mesh device preferentially checks the validity of the gateway/cloud platform.

It should be noted that, the "bluetooth device" in the embodiment of the present application may also be a bluetooth Mesh device applied to a bluetooth Mesh network, and the "cloud platform" in the embodiment of the present application is a cloud platform accessed by a gateway.

It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.

In order to implement the bluetooth device access authentication method provided in the embodiments of the present application, the embodiments of the present application further provide a gateway, where an optional composition structure of the gateway 1300, as shown in fig. 12, includes:

a first processing unit 1301 configured to determine a verification credential of the bluetooth device;

the first sending unit 1302 is configured to send a verification credential of the bluetooth device to a cloud platform, where the verification credential of the bluetooth device is used by the cloud platform to determine validity of the bluetooth device.

In some embodiments, the first processing unit 1301 is configured to receive a verification credential of the bluetooth device sent by the bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to send a first request message to the bluetooth device, where the first request message is used to request to obtain the verification credential of the bluetooth device.

In some embodiments, the first processing unit 1301 is configured to receive a device check result sent by the cloud platform, where the device check result is used to indicate validity of the bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to determine a verification credential of the gateway and/or the cloud platform.

In some embodiments, the verification credentials of the gateway and/or the cloud platform are pre-stored.

In some embodiments, the first processing unit 1301 is configured to send a second request message to the cloud platform, where the second request message is used to request to obtain the verification credentials of the gateway and/or the cloud platform;

and receiving the gateway and/or the verification certificate of the cloud platform, which are sent by the cloud platform.

In some embodiments, the first sending unit 1302 is further configured to send a verification credential of the gateway and/or the cloud platform to the bluetooth device, where the verification credential of the gateway and/or the cloud platform is used for the bluetooth device to verify the validity of the gateway and/or the cloud platform.

In some embodiments, the first processing unit 1301 is further configured to receive a third request message sent by the bluetooth device, where the third request message is used to request to obtain a verification credential of the gateway and/or the cloud platform.

In some embodiments, the first processing unit 1301 is further configured to receive a gateway and/or the cloud platform verification result sent by the bluetooth device, where the gateway and/or the cloud platform verification result is used to indicate validity for the gateway and/or the cloud platform.

In some embodiments, the first sending unit 1302 is configured to send a fourth request message to the cloud platform according to the check mark of the bluetooth device, where the fourth request message is used to request to obtain a check credential of the device authentication platform;

the verification certificate of the equipment authentication platform is used for the Bluetooth equipment to verify the validity of the equipment authentication platform.

In some embodiments, the first processing unit 1301 is further configured to receive a verification credential of the device authentication platform sent by the cloud platform;

the first sending unit 1302 is further configured to send a verification credential of the device authentication platform to the bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to request the cloud platform to add the bluetooth device.

In some embodiments, the first processing unit 1301 is configured to send information of the bluetooth device to the cloud platform, where the information of the bluetooth device is used for the cloud platform to add the bluetooth device.

In some embodiments, the first sending unit 1302 is further configured to send configuration information to the bluetooth device, where the configuration information is used to perform a network access configuration of the bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to receive a check mark sent by the bluetooth device, where the check mark is used to indicate an object that needs to be checked.

In some embodiments, the check mark comprises at least one of: checking the Bluetooth device, checking the gateway and/or the cloud platform, and checking a device authentication platform.

In order to implement the bluetooth device access authentication method provided in the embodiments of the present application, the embodiments of the present application further provide a cloud platform, where an optional composition structure of the cloud platform 1400, as shown in fig. 13, includes:

a first receiving unit 1401 configured to receive a check certificate of the bluetooth device sent by the gateway;

a second processing unit 1402 configured to determine validity of the bluetooth device based on the verification credentials of the bluetooth device.

In some embodiments, the second processing unit 1402 is configured to send, if the bluetooth device is not a device corresponding to the cloud platform, a fifth request message carrying a verification credential of the bluetooth device to a device authentication platform; the fifth request message is used for requesting the device authentication platform to check the validity of the Bluetooth device;

And if the Bluetooth equipment is equipment corresponding to the cloud platform, verifying the legality of the Bluetooth equipment.

In some embodiments, the first receiving unit 1401 is further configured to receive a device check result sent by the device authentication platform, where the device check result is used to indicate validity of the bluetooth device.

In some embodiments, the second processing unit 1402 is further configured to send the device verification result to the gateway.

In some embodiments, the first receiving unit 1401 is further configured to receive a second request message sent by the gateway, where the second request message is used to request to obtain a verification credential of the gateway and/or the cloud platform;

the second processing unit 1402 is further configured to confirm the verification credentials of the gateway and/or the cloud platform.

In some embodiments, the second processing unit 1402 is configured to determine, if the bluetooth device is not a device corresponding to the cloud platform, a device authentication platform corresponding to the bluetooth device; sending a sixth request message to the device authentication platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.

The first receiving unit 1401 is configured to receive a verification credential of the gateway and/or the cloud platform, which is sent by the device authentication platform.

In some embodiments, the second processing unit 1402 is further configured to send a verification credential of the gateway and/or the cloud platform to the gateway.

In some embodiments, the first receiving unit 1401 is further configured to receive a fourth request message sent by the gateway, where the fourth request message is used to request to obtain a verification credential of the device authentication platform; and determining the verification credentials of the equipment authentication platform.

In some embodiments, the second processing unit 1402 is configured to send a seventh request message to the device authentication platform, where the seventh request message is used to request obtaining a verification credential of the device authentication platform;

the first receiving unit 1401 is configured to receive a verification credential of the device authentication platform, which is sent by the device authentication platform.

In some embodiments, the second processing unit 1402 is configured to send a verification credential of the device authentication platform to the gateway.

In some embodiments, the second processing unit 1402 is further configured to add the bluetooth device.

In some embodiments, the second processing unit 1402 is configured to receive information of the bluetooth device sent by the gateway; and adding the Bluetooth equipment according to the information of the Bluetooth equipment.

In order to implement the bluetooth device access authentication method provided in the embodiments of the present application, the embodiments of the present application further provide a device authentication platform, where an optional composition structure of the device authentication platform 1500, as shown in fig. 14, includes:

a second receiving unit 1501 configured to receive a fifth request message sent by the cloud platform; the fifth request message includes a check certificate of the Bluetooth device;

the third processing unit 1502 verifies the validity of the bluetooth device according to the verification certificate of the bluetooth device.

In some embodiments, the second receiving unit 1501 is further configured to receive a sixth request message sent by the cloud platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.

In some embodiments, the third processing unit 1502 is configured to generate a verification credential of the gateway and/or the cloud platform according to the identification of the gateway and/or the cloud platform;

And sending the gateway and/or the verification certificate of the cloud platform to the cloud platform.

In order to implement the bluetooth device access authentication method provided in the embodiments of the present application, the embodiments of the present application further provide a bluetooth device, where an optional composition structure of the bluetooth device 1600, as shown in fig. 15, includes:

a second sending unit 1601 is configured to send a verification credential of a bluetooth device to a gateway, where the verification credential of the bluetooth device is used to determine validity of the bluetooth device.

In some embodiments, the bluetooth device 1600 further comprises:

the fourth processing unit 1602 is configured to receive a first request message sent by the gateway, where the first request message is used to request to obtain a check credential of the bluetooth device.

In some embodiments, the bluetooth device 1600 further comprises:

a fifth processing unit 1603 is configured to receive verification credentials of the gateway and/or the cloud platform, where the verification credentials of the gateway and/or the cloud platform are used for the bluetooth device to verify the validity of the gateway and/or the cloud platform.

In some embodiments, the second sending unit 1601 is further configured to send a third request message to the gateway, where the third request message is used to request to obtain a verification credential of the gateway and/or the cloud platform.

In some embodiments, the fifth processing unit 1603 is configured to verify the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.

In some embodiments, the second sending unit 1601 is configured to send a gateway and/or the cloud platform verification result sent by the bluetooth device to the gateway, where the gateway and/or the cloud platform verification result is used to indicate validity for the gateway and/or the cloud platform.

In some embodiments, the bluetooth device 1600 further comprises: the sixth processing unit 1604 is configured to receive a verification credential of the device authentication platform sent by the gateway; and verifying the validity of the equipment authentication platform based on the verification certificate of the equipment authentication platform.

In some embodiments, the bluetooth device 1600 further comprises: and a third receiving unit 1605, configured to receive configuration information sent by the gateway, where the configuration information is used to perform network access configuration of the bluetooth device.

The embodiment of the application provides a gateway, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the Bluetooth equipment access authentication method executed by the gateway when the computer program runs.

The embodiment of the application provides a cloud platform, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the Bluetooth equipment access authentication method executed by the cloud platform when the computer program runs.

The embodiment of the application provides a device authentication platform, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of a Bluetooth device access authentication method executed by the device authentication platform when the computer program runs.

The embodiment of the application provides a Bluetooth device, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the Bluetooth device access authentication method executed by the Bluetooth device when the computer program runs.

The embodiment of the application also provides a chip, which comprises: and the processor is used for calling and running the computer program from the memory, so that the device provided with the chip executes the Bluetooth device access authentication method.

The embodiment of the application also provides a storage medium which stores an executable program, and when the executable program is executed by a processor, the Bluetooth equipment access authentication method is realized.

The embodiment of the application also provides a computer program product, which comprises computer program instructions, wherein the computer program instructions enable a computer to execute the Bluetooth device access authentication method.

The embodiment of the application also provides a computer program, which enables a computer to execute the Bluetooth equipment access authentication method.

Fig. 16 is a schematic diagram of a hardware composition structure of an electronic device (gateway, cloud platform, bluetooth device, or device authentication platform) according to an embodiment of the present application, where an electronic device 700 includes: at least one processor 701, memory 702, and at least one network interface 704. The various components in the electronic device 700 are coupled together by a bus system 705. It is appreciated that the bus system 705 is used to enable connected communications between these components. The bus system 705 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration, the various buses are labeled as bus system 705 in fig. 16.

It is to be appreciated that the memory 702 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Wherein the nonvolatile Memory may be ROM, programmable read-Only Memory (PROM, programmable Read-Only Memory), erasable programmable read-Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable read-Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk read-Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory 702 described in embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.

The memory 702 in the embodiments of the present application is used to store various types of data to support the operation of the electronic device 700. Examples of such data include: any computer program for operating on the electronic device 700, such as application 7022. A program implementing the method of the embodiment of the present application may be contained in the application program 7022.

The method disclosed in the embodiments of the present application may be applied to the processor 701 or implemented by the processor 701. The processor 701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in the processor 701 or by instructions in the form of software. The processor 701 may be a general purpose processor, a digital signal processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied in a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium in a memory 702. The processor 701 reads information in the memory 702 and, in combination with its hardware, performs the steps of the method as described above.

In an exemplary embodiment, the electronic device 700 can be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSP, programmable logic device (PLD, programmable Logic Device), complex programmable logic device (CPLD, complex Programmable Logic Device), FPGA, general purpose processor, controller, MCU, MPU, or other electronic components for performing the aforementioned methods.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It should be understood that the terms "system" and "network" are often used interchangeably herein. The term "and/or" in this application is merely an association relation describing an associated object, and indicates that three relations may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In this application, the character "/" generally indicates that the associated object is an or relationship.

The foregoing description of the preferred embodiments of the present application is not intended to limit the scope of the present application, but is intended to cover any modifications, equivalents, and alternatives falling within the spirit and principles of the present application.

Claims

A bluetooth device access authentication method, the method comprising:

the gateway determines a verification certificate of the Bluetooth device;

and the gateway sends the verification certificate of the Bluetooth device to a cloud platform, and the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform.
The method of claim 1, wherein the gateway determining the verification credentials of the bluetooth device comprises:

and the gateway receives the verification certificate of the Bluetooth device, which is sent by the Bluetooth device.
The method of claim 2, wherein the gateway determines a verification credential for a bluetooth device, further comprising:

the gateway sends a first request message to the Bluetooth device, wherein the first request message is used for requesting to acquire a verification certificate of the Bluetooth device.
A method according to any one of claims 1 to 3, wherein the method further comprises:

and the gateway receives a device verification result sent by the cloud platform, wherein the device verification result is used for indicating the validity of the Bluetooth device.
The method of any one of claims 1 to 4, wherein the method further comprises:

the gateway determines the verification credentials of the gateway and/or the cloud platform.
The method of claim 5, wherein the verification credentials of the gateway and/or the cloud platform are pre-stored.
The method of claim 5, wherein the gateway determining the verification credentials of the gateway and/or the cloud platform comprises:

the gateway sends a second request message to the cloud platform, wherein the second request message is used for requesting to acquire verification credentials of the gateway and/or the cloud platform;

and the gateway receives the verification credentials of the gateway and/or the cloud platform, which are sent by the cloud platform.
The method of any one of claims 5 to 7, wherein the method further comprises:

the gateway sends the verification certificate of the gateway and/or the cloud platform to the Bluetooth device, and the verification certificate of the gateway and/or the cloud platform is used for the Bluetooth device to verify the validity of the gateway and/or the cloud platform.
The method of claim 8, wherein the method further comprises:

and the gateway receives a third request message sent by the Bluetooth device, wherein the third request message is used for requesting to acquire verification credentials of the gateway and/or the cloud platform.
The method according to claim 8 or 9, wherein the method further comprises:

the gateway receives a gateway and/or cloud platform verification result sent by the Bluetooth device, wherein the gateway and/or the cloud platform verification result is used for indicating validity of the gateway and/or the cloud platform.
The method according to any one of claims 1 to 10, wherein the method further comprises:

the gateway sends a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, wherein the fourth request message is used for requesting to acquire a verification certificate of the device authentication platform;

the verification certificate of the equipment authentication platform is used for the Bluetooth equipment to verify the validity of the equipment authentication platform.
The method of claim 11, wherein the method further comprises:

the gateway receives a verification certificate of the equipment authentication platform, which is sent by the cloud platform;

and the gateway sends the verification certificate of the device authentication platform to the Bluetooth device.
The method of any one of claims 1 to 12, wherein the method further comprises:

and the gateway requests the cloud platform to add the Bluetooth device.
The method of claim 13, wherein the gateway requesting the cloud platform to add the bluetooth device comprises:

and the gateway sends the information of the Bluetooth device to the cloud platform, wherein the information of the Bluetooth device is used for adding the Bluetooth device to the cloud platform.
The method of any one of claims 1 to 14, wherein the method further comprises:

and the gateway sends configuration information to the Bluetooth equipment, wherein the configuration information is used for executing network access configuration of the Bluetooth equipment.
The method of any one of claims 1 to 15, wherein the method further comprises:

and the gateway receives a check mark sent by the Bluetooth device, wherein the check mark is used for indicating an object to be checked.
The method of claim 16, wherein the check mark comprises at least one of:

checking the Bluetooth device;

verifying the gateway and/or the cloud platform;

and verifying the equipment authentication platform.
A bluetooth device access authentication method, the method comprising:

the cloud platform receives a verification certificate of the Bluetooth device sent by the gateway;

and the cloud platform determines the legality of the Bluetooth device based on the verification certificate of the Bluetooth device.
The method of claim 18, wherein the cloud platform determining the validity of the bluetooth device based on the verification credentials of the bluetooth device comprises:

if the Bluetooth device is not the device corresponding to the cloud platform, the cloud platform sends a fifth request message carrying a verification credential of the Bluetooth device to a device authentication platform; the fifth request message is used for requesting the device authentication platform to check the validity of the Bluetooth device;

and if the Bluetooth device is the device corresponding to the cloud platform, the cloud platform checks the validity of the Bluetooth device.
The method of claim 19, wherein the method further comprises:

and the cloud platform receives a device verification result sent by the device authentication platform, wherein the device verification result is used for indicating the legality of the Bluetooth device.
The method of claim 20, wherein the method further comprises:

and the cloud platform sends the device verification result to the gateway.
The method of any one of claims 18 to 21, wherein the method further comprises:

the cloud platform receives a second request message sent by the gateway, wherein the second request message is used for requesting to acquire verification credentials of the gateway and/or the cloud platform;

And the cloud platform confirms the verification credentials of the gateway and/or the cloud platform.
The method of claim 22, wherein the cloud platform confirming the legitimacy of the gateway and/or the cloud platform comprises:

if the Bluetooth equipment is not equipment corresponding to the cloud platform, the cloud platform determines an equipment authentication platform corresponding to the Bluetooth equipment;

the cloud platform sends a sixth request message to the equipment authentication platform; the sixth request message carries the identifier of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform;

and the cloud platform receives the gateway and/or the verification certificate of the cloud platform, which are sent by the equipment authentication platform.
The method of claim 22 or 23, wherein the method further comprises:

and the cloud platform sends the gateway and/or the verification certificate of the cloud platform to the gateway.
The method of any one of claims 18 to 24, wherein the method further comprises:

the cloud platform receives a fourth request message sent by the gateway, wherein the fourth request message is used for requesting to acquire a verification certificate of the equipment authentication platform;

And the cloud platform determines the verification credentials of the equipment authentication platform.
The method of claim 25, wherein the cloud platform determining verification credentials for the device authentication platform comprises:

the cloud platform sends a seventh request message to the equipment authentication platform, wherein the seventh request message is used for requesting to acquire a verification certificate of the equipment authentication platform;

and the cloud platform receives the verification certificate of the equipment authentication platform, which is sent by the equipment authentication platform.
The method of claim 25 or 26, wherein the method further comprises:

and the cloud platform sends the verification certificate of the equipment authentication platform to the gateway.
The method of any one of claims 18 to 27, wherein the method further comprises:

and adding the Bluetooth device by the cloud platform.
The method of claim 28, wherein the cloud platform adds the bluetooth device, comprising:

the cloud platform receives the information of the Bluetooth device sent by the gateway;

and the cloud platform adds the Bluetooth equipment according to the information of the Bluetooth equipment.
A bluetooth device access authentication method, the method comprising:

The equipment authentication platform receives a fifth request message sent by the cloud platform; the fifth request message includes a check certificate of the Bluetooth device;

and the device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.
The method of claim 30, wherein the method further comprises:

the equipment authentication platform receives a sixth request message sent by the cloud platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.
The method of claim 31, wherein the method further comprises:

the equipment authentication platform generates a verification certificate of the gateway and/or the cloud platform according to the identification of the gateway and/or the cloud platform;

and the equipment authentication platform sends the gateway and/or the verification certificate of the cloud platform to the cloud platform.
A bluetooth device access authentication method, the method comprising:

the Bluetooth device sends a verification certificate of the Bluetooth device to the gateway, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device.
The method of claim 33, wherein the method further comprises:

the Bluetooth device receives a first request message sent by the gateway, wherein the first request message is used for requesting to acquire a verification certificate of the Bluetooth device.
The method of claim 33 or 34, wherein the method further comprises:

the Bluetooth device receives the verification certificate of the gateway and/or the cloud platform, and the verification certificate of the gateway and/or the cloud platform is used for the Bluetooth device to verify the validity of the gateway and/or the cloud platform.
The method of claim 35, wherein the method further comprises:

and the Bluetooth equipment sends a third request message to the gateway, wherein the third request message is used for requesting to acquire the verification credentials of the gateway and/or the cloud platform.
The method of claim 35 or 36, wherein the method further comprises:

and the Bluetooth equipment verifies the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.
The method of any one of claims 35 to 37, wherein the method further comprises:

the Bluetooth device sends a gateway and/or the cloud platform verification result sent by the Bluetooth device to the gateway, wherein the gateway and/or the cloud platform verification result is used for indicating validity aiming at the gateway and/or the cloud platform.
The method of any one of claims 33 to 38, wherein the method further comprises:

the Bluetooth equipment receives a verification certificate of an equipment authentication platform sent by the gateway;

and the Bluetooth equipment verifies the legality of the equipment authentication platform based on the verification certificate of the equipment authentication platform.
The method of any one of claims 33 to 39, wherein the method further comprises:

and the Bluetooth equipment receives the configuration information sent by the gateway, and the configuration information is used for executing network access configuration of the Bluetooth equipment.
A gateway, comprising:

a first processing unit configured to determine a verification credential of the bluetooth device;

the first sending unit is configured to send the verification certificate of the Bluetooth device to the cloud platform, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device by the cloud platform.
The gateway of claim 41, wherein the first processing unit is configured to receive a verification credential of the bluetooth device sent by the bluetooth device.
The gateway of claim 42, wherein,

the first processing unit is further configured to send a first request message to the bluetooth device, where the first request message is used to request to obtain a verification credential of the bluetooth device.
The gateway according to any one of claims 41 to 43, wherein the first processing unit is configured to receive a device check result sent by the cloud platform, where the device check result is used to indicate validity of the bluetooth device.
The gateway of any of claims 41 to 44, wherein,

the first processing unit is further configured to determine a verification credential of the gateway and/or the cloud platform.
The gateway of claim 45, wherein the gateway and/or the verification credentials of the cloud platform are pre-stored.
The gateway of claim 45, wherein,

the first processing unit is configured to send a second request message to the cloud platform, wherein the second request message is used for requesting to acquire verification credentials of the gateway and/or the cloud platform;

and receiving the gateway and/or the verification certificate of the cloud platform, which are sent by the cloud platform.
The gateway of any one of claims 45 to 47, wherein,

the first sending unit is further configured to send verification credentials of the gateway and/or the cloud platform to the bluetooth device, where the verification credentials of the gateway and/or the cloud platform are used for the bluetooth device to verify the validity of the gateway and/or the cloud platform.
The gateway of claim 48, wherein,

the first processing unit is further configured to receive a third request message sent by the bluetooth device, where the third request message is used to request to obtain verification credentials of the gateway and/or the cloud platform.
The gateway of claim 48 or 49, wherein,

the first processing unit is further configured to receive a gateway and/or the cloud platform verification result sent by the bluetooth device, where the gateway and/or the cloud platform verification result is used to indicate validity of the gateway and/or the cloud platform.
The gateway of any of claims 41 to 50, wherein,

the first sending unit is configured to send a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, wherein the fourth request message is used for requesting to acquire a verification certificate of the device authentication platform;

the verification certificate of the equipment authentication platform is used for the Bluetooth equipment to verify the validity of the equipment authentication platform.
The gateway of claim 51, wherein,

the first processing unit is further configured to receive a verification certificate of the equipment authentication platform, which is sent by the cloud platform;

The first sending unit is further configured to send a verification credential of the device authentication platform to the bluetooth device.
The gateway of any one of claims 41 to 52, wherein,

the first processing unit is further configured to request the cloud platform to add the bluetooth device.
The gateway of claim 53, wherein,

the first processing unit is configured to send information of the Bluetooth device to the cloud platform, and the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device.
The gateway of any one of claims 41 to 54, wherein,

the first sending unit is further configured to send configuration information to the bluetooth device, where the configuration information is used to perform network access configuration of the bluetooth device.
The gateway of any one of claims 41 to 55, wherein,

the first processing unit is further configured to receive a check mark sent by the Bluetooth device, wherein the check mark is used for indicating an object to be checked.
The gateway of claim 56, wherein said check mark comprises at least one of:

checking the Bluetooth device;

verifying the gateway and/or the cloud platform;

And verifying the equipment authentication platform.
A cloud platform, comprising:

the first receiving unit is configured to receive a verification certificate of the Bluetooth equipment sent by the gateway;

and the second processing unit is configured to determine the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.
The cloud platform of claim 58, wherein,

the second processing unit is configured to send a fifth request message carrying a verification credential of the bluetooth device to the device authentication platform if the bluetooth device is not a device corresponding to the cloud platform; the fifth request message is used for requesting the device authentication platform to check the validity of the Bluetooth device;

and if the Bluetooth equipment is equipment corresponding to the cloud platform, verifying the legality of the Bluetooth equipment.
The cloud platform of claim 59, wherein,

the first receiving unit is further configured to receive a device verification result sent by the device authentication platform, where the device verification result is used to indicate validity of the bluetooth device.
The cloud platform of claim 60, wherein,

the second processing unit is further configured to send the device verification result to the gateway.
The cloud platform of any of claims 58 to 61, wherein,

the first receiving unit is further configured to receive a second request message sent by the gateway, where the second request message is used for requesting to obtain verification credentials of the gateway and/or the cloud platform;

the second processing unit is further configured to confirm the verification credentials of the gateway and/or the cloud platform.
The cloud platform of claim 62, wherein,

the second processing unit is configured to determine, if the bluetooth device is not a device corresponding to the cloud platform, a device authentication platform corresponding to the bluetooth device; sending a sixth request message to the device authentication platform; the sixth request message carries the identifier of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform;

the first receiving unit is configured to receive verification credentials of the gateway and/or the cloud platform, which are sent by the device authentication platform.
The cloud platform of claim 62 or 63, wherein,

the second processing unit is further configured to send verification credentials of the gateway and/or the cloud platform to the gateway.
The cloud platform of any of claims 58 to 64, wherein,

the first receiving unit is further configured to receive a fourth request message sent by the gateway, where the fourth request message is used for requesting to obtain a verification credential of the equipment authentication platform; and determining the verification credentials of the equipment authentication platform.
The cloud platform of claim 65, wherein,

the second processing unit is configured to send a seventh request message to the equipment authentication platform, wherein the seventh request message is used for requesting to acquire a verification certificate of the equipment authentication platform;

the first receiving unit is configured to receive a verification certificate of the equipment authentication platform, which is sent by the equipment authentication platform.
The cloud platform of claim 65 or 66, wherein,

the second processing unit is configured to send a verification credential of the device authentication platform to the gateway.
The cloud platform of any of claims 58 to 67, wherein,

the second processing unit is further configured to add the bluetooth device.
The cloud platform of claim 68, wherein,

the second processing unit is configured to receive information of the Bluetooth device sent by the gateway; and adding the Bluetooth equipment according to the information of the Bluetooth equipment.
A device authentication platform, comprising:

the second receiving unit is configured to receive a fifth request message sent by the cloud platform; the fifth request message includes a check certificate of the Bluetooth device;

and the third processing unit is used for verifying the validity of the Bluetooth equipment according to the verification certificate of the Bluetooth equipment.
The device authentication platform of claim 70, wherein,

the second receiving unit is further configured to receive a sixth request message sent by the cloud platform; and the sixth request message carries the identification of the gateway and/or the cloud platform and is used for requesting to acquire the verification certificate of the gateway and/or the cloud platform.
The device authentication platform of claim 71, wherein,

the third processing unit is configured to generate a verification certificate of the gateway and/or the cloud platform according to the identification of the gateway and/or the cloud platform;

and sending the gateway and/or the verification certificate of the cloud platform to the cloud platform.
A bluetooth device, comprising:

and the second sending unit is configured to send the verification certificate of the Bluetooth device to the gateway, wherein the verification certificate of the Bluetooth device is used for determining the validity of the Bluetooth device.
The bluetooth device of claim 73, wherein the bluetooth device further comprises:

and the fourth processing unit is configured to receive a first request message sent by the gateway, wherein the first request message is used for requesting to acquire the verification certificate of the Bluetooth equipment.
The bluetooth device of claim 73 or 74, wherein the bluetooth device further comprises:

and the fifth processing unit is configured to receive verification credentials of the gateway and/or the cloud platform, wherein the verification credentials of the gateway and/or the cloud platform are used for the Bluetooth equipment to verify the validity of the gateway and/or the cloud platform.
The Bluetooth device of claim 75, wherein,

the second sending unit is further configured to send a third request message to the gateway, where the third request message is used to request to obtain verification credentials of the gateway and/or the cloud platform.
The bluetooth device according to claim 75 or 76, wherein,

the fifth processing unit is configured to verify the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.
The bluetooth device according to any of claims 75 to 77 wherein,

The second sending unit is configured to send a gateway and/or the cloud platform verification result sent by the bluetooth device to the gateway, where the gateway and/or the cloud platform verification result is used to indicate validity of the gateway and/or the cloud platform.
The bluetooth device of any of claims 73-78, wherein the bluetooth device further comprises:

the sixth processing unit is configured to receive a verification certificate of the equipment authentication platform sent by the gateway; and verifying the validity of the equipment authentication platform based on the verification certificate of the equipment authentication platform.
The bluetooth device of any of claims 73-79, wherein the bluetooth device further comprises:

the third receiving unit is configured to receive configuration information sent by the gateway, and the configuration information is used for executing network access configuration of the Bluetooth device.
A gateway comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor being configured to perform the steps of the bluetooth device access authentication method according to any one of claims 1 to 17 when the computer program is run.
A cloud platform comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

The processor being configured to perform the steps of the bluetooth device access authentication method of any one of claims 18 to 29 when the computer program is run.
A device authentication platform comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor being configured to perform the steps of the bluetooth device access authentication method of any one of claims 30 to 32 when the computer program is run.
A cloud platform comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor being configured to perform the steps of the bluetooth device access authentication method of any one of claims 33 to 40 when the computer program is run.
A storage medium storing an executable program which, when executed by a processor, implements the bluetooth device access authentication method according to any one of claims 1 to 17.
A storage medium storing an executable program which, when executed by a processor, implements the bluetooth device access authentication method according to any one of claims 18 to 29.
A storage medium storing an executable program which, when executed by a processor, implements the bluetooth device access authentication method according to any one of claims 30 to 32.
A storage medium storing an executable program which, when executed by a processor, implements the bluetooth device access authentication method according to any one of claims 33 to 40.
A computer program product comprising computer program instructions which cause a computer to perform the bluetooth device access authentication method according to any of claims 1 to 17.
A computer program product comprising computer program instructions which cause a computer to perform the bluetooth device access authentication method according to any of claims 18 to 29.
A computer program product comprising computer program instructions which cause a computer to perform the bluetooth device access authentication method according to any of claims 30 to 32.
A computer program product comprising computer program instructions which cause a computer to perform the bluetooth device access authentication method according to any of claims 33 to 40.
A computer program for causing a computer to perform the bluetooth device access authentication method according to any one of claims 1 to 17.
A computer program which causes a computer to perform the bluetooth device access authentication method according to any of claims 18 to 29.
A computer program for causing a computer to perform the bluetooth device access authentication method according to any one of claims 30 to 32.
A computer program for causing a computer to perform the bluetooth device access authentication method according to any one of claims 33 to 40.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device on which the chip is mounted performs the bluetooth device access authentication method according to any one of claims 1 to 17.
A chip, comprising: a processor for calling and running a computer program from a memory, causing a device on which the chip is mounted to perform the bluetooth device access authentication method according to any one of claims 18 to 29.
A chip, comprising: a processor for calling and running a computer program from a memory, causing a device on which the chip is mounted to perform the bluetooth device access authentication method according to any one of claims 30 to 32.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device on which the chip is mounted performs the bluetooth device access authentication method according to any one of claims 33 to 40.