CN116248310A - Authentication method and device for edge equipment, storage medium and electronic equipment - Google Patents
Authentication method and device for edge equipment, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN116248310A CN116248310A CN202211530982.6A CN202211530982A CN116248310A CN 116248310 A CN116248310 A CN 116248310A CN 202211530982 A CN202211530982 A CN 202211530982A CN 116248310 A CN116248310 A CN 116248310A
- Authority
- CN
- China
- Prior art keywords
- target
- cloud platform
- equipment
- key
- edge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses an edge device authentication method, an edge device authentication device, a storage medium and electronic equipment. The method comprises the following steps: receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. By the target edge equipment authentication method, the safety management of the edge equipment is more standard and safer.
Description
Technical Field
The present invention relates to the field of internet of things, and in particular, to an edge device authentication method, an edge device authentication device, a storage medium, and an electronic device.
Background
The most basic mode adopted by the current internet of things platform for equipment authentication is to provide a key for equipment authentication, and to sub-equipment connected through a gateway, the sub-equipment is safely controlled by providing an API or SDK and other modes, and the equipment authentication is automatically realized by a third party, so that the safety management of edge equipment is not standard, the edge gateway cannot execute authentication under the condition of network disconnection, and data uploading and data issuing cannot be performed.
Disclosure of Invention
In view of the above, the present invention provides an edge device authentication method, an apparatus, a storage medium and an electronic device, and aims to solve the problem that the security management of an edge device is not standard due to the fact that a third party realizes device authentication by itself.
In order to solve the above problems, the present application provides an edge device authentication method, applied to an edge gateway, including:
receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
judging the connection state with the target cloud platform;
when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result;
And when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform.
Optionally, before receiving the message data sent by the target edge device, the method further includes:
acquiring a mapping relation between equipment identifiers corresponding to the edge equipment and a first key, which are issued by a target cloud platform;
storing each mapping relation in a first preset storage area.
Optionally, the authenticating the target edge device based on the target mapping relationship corresponding to the target edge device, the target device identifier and the second key stored in the first preset storage area includes:
searching each mapping relation pre-stored in a preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment;
acquiring a first key corresponding to the target edge equipment based on the target mapping relation;
judging whether the first key is identical to the second key;
and when the judgment result is that the first secret key is the same as the second secret key, obtaining an authentication success result.
Optionally, the method further comprises: updating each first key according to a preset key updating condition, including:
receiving key update request information sent by a target cloud platform;
forwarding the key update request information to target edge equipment;
and receiving an updated target key sent by target edge equipment, updating a first key which is stored in a first preset storage area in advance and corresponds to the target edge equipment into a target key, and forwarding the target key to a target cloud platform.
Optionally, the target edge gateway receives the target cloud platform issuing instruction data and forwards the message data sent by the target edge device to the target cloud platform for transmission through a data channel of a TLS encryption algorithm.
Optionally, the method further comprises: the method for carrying out security control on the edge equipment with successful authentication comprises the following steps:
acquiring each security protocol issued by a target cloud platform;
analyzing the data traffic of the target edge equipment and determining the current data traffic state of the target edge equipment;
and when the data traffic state of the target edge equipment is abnormal, performing exception processing on the target edge equipment based on a security protocol corresponding to the exception type to obtain a security control result.
Optionally, the forwarding the message data to a target cloud platform to obtain an authentication result issued by the cloud platform includes:
forwarding the message data to a target cloud platform;
and receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a second preset storage area and correspond to the target edge equipment.
In order to solve the above problems, the present application provides an edge device authentication device, which is applied to an edge gateway, and includes:
and a receiving module: the message data is used for receiving message data sent by the target edge equipment, and the message data carries a target equipment identifier of the target edge equipment and a second key;
and a judging module: the method is used for judging the connection state with the target cloud platform;
and an authentication module: the method comprises the steps that when a judgment result is that the target cloud platform is disconnected, authentication processing is conducted on target edge equipment based on a target mapping relation, a target equipment identifier and a second key, wherein the target mapping relation corresponds to the target edge equipment, and the target mapping relation is stored in a first preset storage area, and an authentication result is obtained;
the obtaining module is as follows: and the message data is forwarded to the target cloud platform when the judging result is that the message data is communicated with the target cloud platform, and an authentication result issued by the cloud platform is obtained.
To solve the above-mentioned problems, the present application provides a storage medium storing a computer program which, when executed by a processor, implements the steps of the above-mentioned edge device authentication method.
In order to solve the above problems, the present application provides an electronic device, at least including a memory, and a processor, where the memory stores a computer program, and the processor implements the steps of the target edge device authentication method when executing the computer program on the memory.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries target equipment identification and a second key of the target edge equipment; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. According to the method and the device, the first key carried in the message data sent by the target edge device and the second key which is stored in the first preset storage area in advance and corresponds to the target edge device are used for carrying out target edge device authentication processing, and the edge device is not required to be safely managed and controlled in the modes of providing an API or an SDK and the like, so that the safety management of the edge device is more standard.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a flowchart of an authentication method of an edge device according to an embodiment of the present application;
fig. 2 is a flowchart of an authentication method of an edge device according to another embodiment of the present application;
fig. 3 is a block diagram of an authentication apparatus for an edge device according to another embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the accompanying drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of this application will occur to those skilled in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the present application has been described with reference to some specific examples, those skilled in the art can certainly realize many other equivalent forms of the present application.
The foregoing and other aspects, features, and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application with unnecessary or excessive detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely serve as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments as per the application.
The embodiment of the application provides an edge device authentication method, which is applied to an internet of things cloud platform, as shown in fig. 1, and comprises the following steps:
step S101: receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
in the implementation process of the step, the target edge device may be an internet of things edge device such as a temperature sensor and a humidity sensor. In a specific application, when each edge device is connected to the internet of things cloud platform, each edge device to be connected is created on the internet of things cloud platform, a key corresponding to each device to be connected is randomly generated, each edge device corresponds to a unique key, a mapping relation between each key and device identification information is created, the mapping relation is stored in a second preset storage area of the internet of things cloud platform, and meanwhile, the key corresponding to each device to be connected is stored in configuration information of each device to be connected. The cloud platform of the internet of things transmits the mapping relation between the equipment identification information of the edge equipment connected with the target edge gateway and the secret key corresponding to the edge equipment to a first preset storage area of the target edge gateway, so that the target edge gateway authenticates the edge equipment based on the mapping relation. The edge gateway receives message data sent by the target edge device, wherein the message data carries device identification information of the target edge device and a second key, and a foundation is laid for subsequent authentication of the target edge device based on the first key and the second key.
Step S102: judging the connection state with the target cloud platform;
in the implementation process, the connection state of the edge gateway and the target cloud platform is a disconnection state or a connection state, and the edge device authentication method in the application can also realize edge terminal autonomy when the edge gateway and the target cloud platform are disconnected, and the edge gateway authenticates the target edge device based on the mapping relation between the device identifier and the first key stored in the first preset storage area in advance and the second key. When the edge gateway is in a communication state with the target cloud platform, the edge gateway forwards the message data to the target cloud platform; and the edge gateway receives an authentication result obtained by the target cloud platform performing authentication processing on the target edge device based on a target mapping relation corresponding to the target edge device, the target device identifier and a second key stored in a second preset storage area.
Step S103: when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result;
In the specific implementation process, searching each mapping relation pre-stored in a first preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment; acquiring a first key corresponding to the target edge equipment based on the target mapping relation; judging whether the first key is identical to the second key; and when the judgment result is that the first secret key is the same as the second secret key, obtaining an authentication success result, and when the judgment result is that the first secret key is different from the second secret key, obtaining an authentication failure result. According to the method and the device, the mapping relation between the equipment identification information and the secret key of each edge device connected with the target edge gateway is stored in the first preset storage area of the target edge gateway, when the cloud platform of the Internet of things is disconnected with the edge network, the edge gateway does not influence the management and control of each edge device connected with the cloud platform of the Internet of things, the edge gateway can still independently and normally operate, authentication and authentication of the devices, a security policy and the like are executed, and therefore the security of the edge device is guaranteed.
Step S104: and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform.
In the specific implementation process, firstly, the message data is forwarded to a target cloud platform; and then receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a second preset storage area and correspond to the target edge equipment.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries target equipment identification and a second key of the target edge equipment; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. According to the method and the device, the first key carried in the message data sent by the target edge device and the second key which is stored in the first preset storage area in advance and corresponds to the target edge device are used for carrying out target edge device authentication processing, and the edge device is not required to be safely managed and controlled in the modes of providing an API or an SDK and the like, so that the safety management of the edge device is more standard.
In yet another embodiment of the present application, an authentication method of a target edge device is provided, as shown in fig. 2, including:
step S201: acquiring a mapping relation between equipment identifiers corresponding to the edge equipment and a first key, which are issued by a target cloud platform;
in the specific implementation process, firstly, creating all edge devices to be accessed on a target cloud platform; specifically, the cloud platform of the internet of things creates each edge device, and sets information such as a name, an equipment ID and the like of each edge device, for example: the first edge equipment directly connected with the internet of things cloud platform comprises equipment 1, equipment 2 and the like, and equipment name is set: device1 is named Device1 and Device2 is named Device2; each second edge device connected to the target edge gateway includes: device3, device4, etc., device3 being named Device3, device4 being named Device4; device ID: the ID of device1 is 1111ee 000000oo 2220000ee, and the ID of device2 is: 50 cast 1fxxxxxxxxe55dae27b479165, device3 ID 222eeee7777999bbbbxxx78945, device4 ID 3456www 6789oo 222 and so on; the Device identification information corresponding to the Device1 is Device1 and 1111ee 000000oo 2220000 ee; the Device identification information of the Device2 is Device2, 50caop1 fxxxxxxxe 55dae27b479165; the equipment identification information corresponding to the equipment 3 is equipment 3 and 222eeee7777999 bbbbbbxxx 78945; the Device identification information corresponding to the Device4 is Device4, 3456www 6789ooo 222; the device identification information for each device is unique. Then randomly matching the secret keys corresponding to the edge devices; specifically, the cloud platform of the internet of things randomly generates a key corresponding to each edge device, for example: the key corresponding to the random generation device1 is z224345s2, the key ac216sfqox corresponding to the random generation device2, the key ab11796abc corresponding to the random generation device3, the key 77369 zzoff corresponding to the random generation device4, and so on. And a foundation is laid for subsequent authentication based on the secret key. Establishing a mapping relation between the equipment identification information of each edge equipment and each key; for example: the mapping relation between the Device identification information of the Device1 and the secret key is Device1, 1111ee 000000oo 2220000eee, z224345s2; the mapping relation between the equipment identification information of the equipment 2 and the secret key is equipment 2, 50caop1 fxxxxxxe 55dae27b479165 and ac216sfqox; the mapping relation between the equipment identification information of the equipment 3 and the secret key is equipment 3, 222eeee7777999bbbbxxx78945 and ab11796abc; the mapping relationship between the Device identification information of the Device4 and the key is Device4, 3456www 6789ooo 222, 77369 zzoff, and the like. And finally, storing each mapping relation in a second preset storage area of the cloud platform of the Internet of things. The edge gateway obtains mapping relations corresponding to all edge devices connected with the edge gateway and stored in the second preset storage area and issued by the cloud platform, and the mapping relations are stored in a first preset storage area of the edge gateway, for example: the device1 and the device2 are edge devices directly connected with the target cloud platform, and the device3 and the device4 are edge devices connected with the edge gateway, so that mapping relations corresponding to the device3 and the device4 are obtained and stored in a first preset storage area of the edge gateway. And a foundation is laid for the edge gateway to authenticate the target edge device based on each mapping relation, the first key and the second key stored in the first preset storage area under the condition that the target cloud platform is disconnected with the edge network. In the method, the first preset storage area of the straight edge gateway is issued through the mapping relation between the equipment identification information of the edge equipment connected with the target edge gateway and the secret key by the Internet of things cloud platform, the edge equipment connected with the edge gateway is authenticated and safely managed and controlled through the edge gateway, the influence of the connection state of the Internet of things cloud platform and the edge gateway is avoided, and when the Internet of things cloud platform and the target edge network are disconnected, the target edge gateway can manage and control the edge equipment based on the mapping relation of the current first preset storage area, so that autonomy of the edge end is realized.
Step S202: receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
in the implementation process of the step, the target edge device may be an internet of things edge device such as a temperature sensor and a humidity sensor. The message data is the service data of the cloud platform reported by the target edge equipment, and the message data carries the equipment identification information and the second key of the target edge equipment, so that a foundation is laid for subsequent searching of a first key prestored in a first preset storage area based on the equipment identification information of the target edge equipment and authentication based on the first key and the second key. The target edge device in the application uploads the message data of the internet of things cloud platform and the instruction data issued by the internet of things cloud platform to be transmitted through a secure transport layer protocol (Transport Layer Security is called TSL for short).
Step S203: judging the connection state with the target cloud platform;
in the implementation process, the connection state of the edge gateway and the target cloud platform is a disconnection state or a connection state, and the edge device authentication method in the application can also realize edge terminal autonomy when the edge gateway and the target cloud platform are disconnected, and the edge gateway authenticates the target edge device based on the mapping relation between the device identifier and the first key stored in the first preset storage area in advance and the second key. When the edge gateway is in a communication state with the target cloud platform, the edge gateway forwards the message data to the target cloud platform; and the edge gateway receives an authentication result obtained by the target cloud platform performing authentication processing on the target edge device based on a target mapping relation corresponding to the target edge device, the target device identifier and a second key stored in a second preset storage area.
Step S204: when the judgment result is that the target cloud platform is disconnected, searching each mapping relation pre-stored in a first preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment;
in the specific implementation process, under the condition that the judgment result is that the target cloud platform is disconnected, authentication of target edge equipment is achieved based on the edge gateway, specifically, each mapping relation in a first preset storage area is searched based on the target equipment identification, and the target mapping relation corresponding to the target edge equipment is obtained, so that a foundation is laid for subsequent authentication processing of the target edge equipment based on a second secret key carried by the target equipment and a first secret key stored in the first preset storage area and corresponding to the target equipment.
Step S205: acquiring a first key corresponding to the target edge equipment based on the target mapping relation;
step S206: judging whether the first secret key is the same as the second secret key or not to obtain an authentication result of the target edge device;
in the specific implementation process, when the judgment result is that the first secret key is the same as the second secret key, an authentication success result is obtained, and the edge gateway controls the target edge equipment based on the authentication success result, wherein the step comprises the steps of carrying out safety control on the equipment with the authentication success, and specifically, obtaining each safety protocol issued by the target cloud platform; analyzing the data traffic of the target edge equipment and determining the current data traffic state of the target edge equipment; and when the data traffic state of the target edge equipment is abnormal, performing exception processing on the target edge equipment based on a security protocol corresponding to the exception type to obtain a security control result. For example: when the abnormality type is that the equipment has the loopholes, the abnormal flow of the equipment is processed based on a preset equipment loophole protocol, when the abnormality type is that the equipment protocol is abnormal, the current abnormal flow is processed based on a preset protocol loophole rule, and the like. And when the first secret key is different from the second secret key, obtaining an authentication failure result, and rejecting message data reported by the target edge equipment.
Step S207: and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform.
In the specific implementation process, firstly, the message data is forwarded to a target cloud platform; and then, receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge device based on a target mapping relation, the target device identifier and a second key, which are stored in a second preset storage area and correspond to the target edge device. Specifically, after receiving message data forwarded by an edge gateway, the cloud platform searches mapping relations of all device identifications and first keys stored in a second preset storage area of the cloud platform in advance based on device identifications carried by the message data to obtain a first key corresponding to the target edge device, then judges whether the first key is identical with the second key to obtain an authentication result of the target edge device, then sends the authentication result to the edge gateway, and the edge gateway controls the target edge device based on the authentication result.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries target equipment identification and a second key of the target edge equipment; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. According to the method and the device, the first key carried in the message data sent by the target edge device and the second key which is stored in the first preset storage area in advance and corresponds to the target edge device are used for carrying out target edge device authentication processing, and the edge device is not required to be safely managed and controlled in the modes of providing an API or an SDK and the like, so that the safety management of the edge device is more standard.
In still another embodiment of the present application, a target edge device authentication device is provided, which is applied to an internet of things cloud platform, as shown in fig. 3, and includes:
receiving module 1: the message data is used for receiving message data sent by the target edge equipment, and the message data carries a target equipment identifier of the target edge equipment and a second key;
and a judging module 2: the method is used for judging the connection state with the target cloud platform;
authentication module 3: the method comprises the steps that when a judgment result is that the target cloud platform is disconnected, authentication processing is conducted on target edge equipment based on a target mapping relation, a target equipment identifier and a second key, wherein the target mapping relation corresponds to the target edge equipment, and the target mapping relation is stored in a first preset storage area, and an authentication result is obtained;
obtaining a module 4: and the message data is forwarded to the target cloud platform when the judging result is that the message data is communicated with the target cloud platform, and an authentication result issued by the cloud platform is obtained.
In a specific implementation process, the target edge device authentication device further includes: the device comprises an acquisition module, wherein the acquisition module is specifically used for: acquiring a mapping relation between equipment identifiers corresponding to the edge equipment and a first key, which are issued by a target cloud platform;
Storing each mapping relation in a first preset storage area.
In a specific implementation process, the authentication module 3 is specifically configured to: searching each mapping relation pre-stored in a first preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment; acquiring a first key corresponding to the target edge equipment based on the target mapping relation; judging whether the first key is identical to the second key; and obtaining an authentication result of the target edge equipment based on the judgment result.
In a specific implementation process, the target edge device authentication device further includes: and an updating module: the updating module is specifically configured to: receiving key update request information sent by a target cloud platform; forwarding the key update request information to target edge equipment; and receiving an updated target key sent by target edge equipment, updating a first key which is stored in a first preset storage area in advance and corresponds to the target edge equipment into a target key, and forwarding the target key to a target cloud platform.
In a specific implementation process, the target edge device authentication device further includes: the transmission module is specifically used for: the target edge gateway receives the target cloud platform issuing instruction data and forwards the message data sent by the target edge device to the target cloud platform for transmission through a TLS secure transmission layer protocol channel.
In a specific implementation process, the target edge device authentication device further includes: and a safety control module: the safety control module is specifically used for: acquiring each security protocol issued by a target cloud platform; analyzing the data traffic of the target edge equipment and determining the current data traffic state of the target edge equipment; and when the data traffic state of the target edge equipment is abnormal, performing exception processing on the target edge equipment based on a security protocol corresponding to the exception type to obtain a security control result.
In a specific implementation, the obtaining module 4 is specifically configured to: forwarding the message data to a target cloud platform; and receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a second preset storage area and correspond to the target edge equipment.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries target equipment identification and a second key of the target edge equipment; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. According to the method and the device, the first key carried in the message data sent by the target edge device and the second key which is stored in the first preset storage area in advance and corresponds to the target edge device are used for carrying out target edge device authentication processing, and the edge device is not required to be safely managed and controlled in the modes of providing an API or an SDK and the like, so that the safety management of the edge device is more standard.
Another embodiment of the present application provides a storage medium storing a computer program which, when executed by a processor, performs the method steps of:
step one, receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
judging the connection state with the target cloud platform;
step three, when the judgment result is that the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result;
and step four, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform when the judgment result is that the message data is communicated with the target cloud platform.
In a specific implementation process, before the computer program is executed by the processor to implement the message data sent by the receiving target edge device, the method further includes: acquiring a mapping relation between equipment identifiers corresponding to the edge equipment and a first key, which are issued by a target cloud platform; storing each mapping relation in a first preset storage area.
In a specific implementation process, the computer program is executed by a processor to implement authentication processing on the target edge device based on the target mapping relationship stored in the first preset storage area and corresponding to the target edge device, the target device identifier, and the second key, where the authentication processing includes: searching each mapping relation pre-stored in a first preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment; acquiring a first key corresponding to the target edge equipment based on the target mapping relation; judging whether the first key is identical to the second key; and obtaining an authentication result of the target edge equipment based on the judgment result.
In a specific implementation process, the computer program is executed by a processor to implement the steps, and further includes: updating each first key according to a preset key updating condition, including: receiving key update request information sent by a target cloud platform; forwarding the key update request information to target edge equipment; and receiving an updated target key sent by target edge equipment, updating a first key which is stored in a first preset storage area in advance and corresponds to the target edge equipment into a target key, and forwarding the target key to a target cloud platform.
In a specific implementation process, the computer program is executed by the processor to realize the steps, and the method further comprises the steps that the target edge gateway receives the target cloud platform issuing instruction data and forwards the message data sent by the target edge device to the target cloud platform for transmission through a TLS secure transmission layer protocol channel.
In the specific implementation process, the computer program is executed by the processor to realize the steps, and the method further comprises the steps of obtaining each security protocol issued by the target cloud platform; analyzing the data traffic of the target edge equipment and determining the current data traffic state of the target edge equipment; and when the data traffic state of the target edge equipment is abnormal, performing exception processing on the target edge equipment based on a security protocol corresponding to the exception type to obtain a security control result.
In a specific implementation process, the computer program is executed by a processor to forward the message data to a target cloud platform, and an authentication result issued by the cloud platform is obtained, including: forwarding the message data to a target cloud platform; and receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a second preset storage area and correspond to the target edge equipment.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions.
The specific implementation process of the above method steps may refer to the embodiment of the above arbitrary target edge device authentication method, and this embodiment is not repeated here.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries equipment identification information of the target edge equipment and a first secret key; searching a second key corresponding to the target edge device in a target storage area based on the device identification information, wherein the target storage area comprises: the cloud platform comprises a first storage area preset by an Internet of things cloud platform and used for searching based on equipment identification information of first target edge equipment, and a second storage area preset by a target edge gateway and used for searching based on equipment identification information of second target edge equipment, and authentication processing is carried out on the target edge equipment based on the first secret key and the second secret key to obtain an authentication result of the target edge equipment. According to the method and the device, the authentication processing of the target edge device is carried out through the first key carried in the message data sent by the target edge device and the second key stored in the target storage area in advance and corresponding to the target edge device, and the safety management of the edge device is more standard without providing an API (application program interface) or SDK (software development kit) and other modes.
Another embodiment of the present application provides an electronic device, which may be a server, that includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes non-volatile and/or volatile storage media and internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the electronic device is used for communicating with an external client through a network connection. The electronic device program, when executed by the processor, implements a function or step of a server side of a target edge device authentication method.
In one embodiment, an electronic device is provided, which may be a client. The electronic device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the electronic device is used for communicating with an external server through a network connection. The electronic device program, when executed by a processor, performs a function or step on the client side of a target edge device authentication method.
Another embodiment of the present application provides an electronic device, at least including a memory, and a processor, where the memory stores a computer program, and the processor when executing the computer program on the memory implements the following method steps:
step one, receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
judging the connection state with the target cloud platform;
step three, when the judgment result is that the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result;
and step four, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform when the judgment result is that the message data is communicated with the target cloud platform.
The specific implementation process of the above method steps may refer to the embodiment of the above arbitrary target edge device authentication method, and this embodiment is not repeated here.
The method comprises the steps of receiving message data sent by target edge equipment, wherein the message data carries target equipment identification and a second key of the target edge equipment; judging the connection state with the target cloud platform; when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result; and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform. According to the method and the device, the first key carried in the message data sent by the target edge device and the second key which is stored in the first preset storage area in advance and corresponds to the target edge device are used for carrying out target edge device authentication processing, and the edge device is not required to be safely managed and controlled in the modes of providing an API or an SDK and the like, so that the safety management of the edge device is more standard.
The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements may be made to the present application by those skilled in the art, which modifications and equivalents are also considered to be within the scope of the present application.
Claims (10)
1. An edge device authentication method applied to an edge gateway is characterized by comprising the following steps:
receiving message data sent by target edge equipment, wherein the message data carries a target equipment identifier of the target edge equipment and a second key;
judging the connection state with the target cloud platform;
when the judgment result is that the connection with the target cloud platform is disconnected, performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a first preset storage area and correspond to the target edge equipment, so as to obtain an authentication result;
and when the judging result is that the message is communicated with the target cloud platform, forwarding the message data to the target cloud platform to obtain an authentication result issued by the cloud platform.
2. The method of claim 1, wherein prior to receiving message data sent by the target edge device, the method further comprises:
Acquiring a mapping relation between equipment identifiers corresponding to the edge equipment and a first key, which are issued by a target cloud platform;
storing each mapping relation in a first preset storage area.
3. The method of claim 1, wherein the authenticating the target edge device based on the target mapping relationship corresponding to the target edge device, the target device identifier, and the second key stored in the first preset storage area comprises:
searching each mapping relation pre-stored in a first preset storage area based on a target equipment identifier of the target edge equipment to obtain a target mapping relation corresponding to the target edge equipment;
acquiring a first key corresponding to the target edge equipment based on the target mapping relation;
judging whether the first key is identical to the second key;
and obtaining an authentication result of the target edge equipment based on the judgment result.
4. The method of claim 1, wherein the method further comprises: updating each first key according to a preset key updating condition, including:
receiving key update request information sent by a target cloud platform;
Forwarding the key update request information to target edge equipment;
and receiving an updated target key sent by target edge equipment, updating a first key which is stored in a first preset storage area in advance and corresponds to the target edge equipment into a target key, and forwarding the target key to a target cloud platform.
5. The method of claim 4, wherein the target edge gateway receives target cloud platform downstream command data and forwards message data sent by the target edge device to the target cloud platform for transmission over a TLS secure transport layer protocol channel.
6. The method of claim 1, wherein the method further comprises: the method for carrying out security control on the edge equipment with successful authentication comprises the following steps:
acquiring each security protocol issued by a target cloud platform;
analyzing the data traffic of the target edge equipment and determining the current data traffic state of the target edge equipment;
and when the data traffic state of the target edge equipment is abnormal, performing exception processing on the target edge equipment based on a security protocol corresponding to the exception type to obtain a security control result.
7. The method of claim 1, wherein the forwarding the message data to a target cloud platform to obtain an authentication result issued by the cloud platform comprises:
Forwarding the message data to a target cloud platform;
and receiving an authentication result obtained by the target cloud platform performing authentication processing on the target edge equipment based on a target mapping relation, the target equipment identifier and a second key, which are stored in a second preset storage area and correspond to the target edge equipment.
8. An edge device authentication device applied to a target edge gateway, comprising:
and a receiving module: the message data is used for receiving message data sent by the target edge equipment, and the message data carries a target equipment identifier of the target edge equipment and a second key;
and a judging module: the method is used for judging the connection state with the target cloud platform;
and an authentication module: the method comprises the steps that when a judgment result is that the target cloud platform is disconnected, authentication processing is conducted on target edge equipment based on a target mapping relation, a target equipment identifier and a second key, wherein the target mapping relation corresponds to the target edge equipment, and the target mapping relation is stored in a first preset storage area, and an authentication result is obtained;
the obtaining module is as follows: and the message data is forwarded to the target cloud platform when the judging result is that the message data is communicated with the target cloud platform, and an authentication result issued by the cloud platform is obtained.
9. A storage medium storing a computer program which, when executed by a processor, implements the steps of the edge device authentication method of any one of the preceding claims 1-7.
10. An electronic device comprising at least a memory, a processor, said memory having stored thereon a computer program, said processor, when executing the computer program on said memory, implementing the steps of the edge device authentication method according to any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211530982.6A CN116248310A (en) | 2022-12-01 | 2022-12-01 | Authentication method and device for edge equipment, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211530982.6A CN116248310A (en) | 2022-12-01 | 2022-12-01 | Authentication method and device for edge equipment, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116248310A true CN116248310A (en) | 2023-06-09 |
Family
ID=86628406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211530982.6A Pending CN116248310A (en) | 2022-12-01 | 2022-12-01 | Authentication method and device for edge equipment, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116248310A (en) |
-
2022
- 2022-12-01 CN CN202211530982.6A patent/CN116248310A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111010382B (en) | Method and apparatus for processing data requests in a blockchain network | |
| US9237021B2 (en) | Certificate grant list at network device | |
| US10348721B2 (en) | User authentication | |
| CN113132402B (en) | Single sign-on method and system | |
| CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| US20140215207A1 (en) | Provisioning and managing certificates for accessing secure services in network | |
| CN110856174A (en) | Access authentication system, method, device, computer equipment and storage medium | |
| CN112468442B (en) | Double-factor authentication method and device, computer equipment and storage medium | |
| FI128171B (en) | Network authentication | |
| JP7476366B2 (en) | Relay method, relay system, and relay program | |
| US20200136893A1 (en) | Systems and methods for maintaining communication links | |
| CN111092878B (en) | Method, device and equipment for testing hijacking of man-in-the-middle and readable storage medium | |
| CN113872990B (en) | VPN network certificate authentication method and device based on SSL protocol and computer equipment | |
| CN106789987B (en) | Method and system for single sign-on of multi-service interconnection APP (application) of mobile terminal | |
| KR101824562B1 (en) | Gateway and method for authentication | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| US11412369B2 (en) | Method for obtaining a command relating to a profile for accessing a network | |
| CN116248310A (en) | Authentication method and device for edge equipment, storage medium and electronic equipment | |
| GB2582180A (en) | Distributed authentication | |
| US20190208489A1 (en) | Registration management method and device | |
| CN115190483B (en) | Method and device for accessing network | |
| CN115277234B (en) | Security authentication method and system based on Internet of things platform micro-service | |
| EP4207682A1 (en) | Device, method and system of handling access control | |
| US11805117B2 (en) | Onboarding for remote management | |
| CN115550927A (en) | Cloud mobile phone access control method, device, system and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |