CN116436667A - Authority authentication method, system, device, terminal and computer readable storage medium - Google Patents

Authority authentication method, system, device, terminal and computer readable storage medium Download PDF

Info

Publication number
CN116436667A
CN116436667A CN202310383913.5A CN202310383913A CN116436667A CN 116436667 A CN116436667 A CN 116436667A CN 202310383913 A CN202310383913 A CN 202310383913A CN 116436667 A CN116436667 A CN 116436667A
Authority
CN
China
Prior art keywords
identification information
target
preset
information
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310383913.5A
Other languages
Chinese (zh)
Inventor
丁林超
朱龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Huacheng Software Technology Co Ltd
Original Assignee
Hangzhou Huacheng Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Huacheng Software Technology Co Ltd filed Critical Hangzhou Huacheng Software Technology Co Ltd
Priority to CN202310383913.5A priority Critical patent/CN116436667A/en
Publication of CN116436667A publication Critical patent/CN116436667A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a permission authentication method, a permission authentication system, a permission authentication device, a permission authentication terminal and a computer readable storage medium, wherein the permission authentication method comprises the following steps: the edge server obtains the authority application of the target equipment; comparing the identification information of the target equipment with preset identification information stored in an edge server; determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information; and determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information. According to the method and the device, the identification information of the target device is not required to be sent to the center server for comparison through the edge server, the authentication path is shortened, the time consumption for forwarding from the edge server to the center server is reduced, and therefore the real-time performance of authority authentication is improved.

Description

Authority authentication method, system, device, terminal and computer readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a permission authentication method, system, device, terminal, and computer readable storage medium.
Background
The internet of things (Internet of things, ioT) is an important component of the new generation of information technology and is also an important development stage of the information age. The internet of things is the internet connected with things, and specifically comprises two layers of meanings, wherein the core and the foundation of the internet of things are still the internet, and the internet is an extended and expanded network based on the internet; and secondly, the information exchange and communication are carried out between any article and any article by extension. The internet of things is widely applied to the fusion of networks through communication sensing technologies such as intelligent sensing and recognition technologies.
The existing control technology of the internet of things focuses on the aspects of uniformity, safety and the like of a data transmission protocol, various operations and safety authorities are often managed and controlled through a central area, but the real-time property of authority authentication in a multi-area distributed internet of things platform along with the access of mass equipment is not considered.
Disclosure of Invention
The invention mainly solves the technical problem of providing a permission authentication method, a permission authentication system, a permission authentication device, a permission authentication terminal and a permission authentication computer readable storage medium, and solves the problem of poor real-time performance of permission authentication in the prior art.
In order to solve the technical problems, the first technical scheme adopted by the invention is as follows: provided is a rights authentication method, including:
the method comprises the steps that an edge server obtains a permission application of target equipment, wherein the permission application comprises identification information of the target equipment and target permission information;
comparing the identification information of the target equipment with preset identification information stored in an edge server;
determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information;
and determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information.
Determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, to obtain preset authority information corresponding to the preset identification information, including:
and responding to the matching of the identification information of the target equipment and the preset identification information stored in the edge server, and taking the authority information corresponding to the preset identification information stored in the edge server as preset authority information.
Determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, to obtain preset authority information corresponding to the preset identification information, including:
responding to the fact that the identification information of the target equipment is not matched with the preset identification information stored in the edge server, and sending an identification information verification request to the center server;
and in response to the fact that the preset identification information consistent with the identification information of the target equipment is detected in the central server, taking the authority information corresponding to the preset identification information stored in the central server as preset authority information.
The authority application comprises identity authentication information of the target equipment; the preset identification information is associated with preset identity information;
based on the matching result of the target authority information and the preset authority information, the step of determining whether to grant the target authority corresponding to the target authority information to the target device further comprises the following steps:
comparing the identity authentication information of the target equipment with preset identity information;
and judging whether the target authority information accords with the preset authority information or not in response to the fact that the identity authentication information of the target equipment is consistent with the preset identity information.
Wherein the preset authority information comprises at least one preset authority item;
based on the matching result of the target authority information and the preset authority information, determining whether to grant the target authority corresponding to the target authority information to the target device comprises the following steps:
and responding to the matching of the target authority information and the preset authority items, and granting the target authority corresponding to the preset authority items matched with the target authority information to the target equipment.
In order to solve the technical problems, a second technical scheme adopted by the invention is as follows: the authority authentication system comprises a center server, an edge server and target equipment, wherein the edge server is in communication connection with the center server, and the target equipment is connected with the edge server;
the target device is used for sending a permission application to the edge server, wherein the permission application comprises identification information of the target device and target permission information;
the edge server is used for receiving the authority application of the target equipment and comparing the identification information of the target equipment with preset identification information stored in the edge server; determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information; and determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information.
The center server is used for searching preset identification information consistent with the identification information of the target equipment when the identification information of the target equipment is not matched with the preset identification information stored in the edge server.
The edge server is used for responding to the fact that the identification information of the target device is matched with the preset identification information stored in the edge server, and then permission information corresponding to the preset identification information stored in the edge server is used as preset permission information.
Wherein the authority authentication system also comprises a client, the client is in communication connection with the target equipment, the central server comprises a service module and a data module, the service module is in communication connection with the data module,
the service module is used for managing the authority information between each device and the client and sending the authority information to the edge server; the data module is used for storing preset identification information and preset authority information of each device.
The edge server comprises at least one equipment management module, the equipment management module comprises at least one equipment management service unit, and the target equipment is in communication connection with the equipment management service unit.
The target device is directly in communication connection with the device management service unit, or the target device is in communication connection with the device management service unit through the gateway.
In order to solve the technical problems, a third technical scheme adopted by the invention is as follows: provided is a rights authentication device including:
the acquisition module is used for acquiring a permission application of the target equipment by the edge server, wherein the permission application comprises identification information of the target equipment and target permission information;
the comparison module is used for comparing the identification information of the target equipment with preset identification information stored in the edge server;
the analysis module is used for determining whether to initiate an identification information verification request to the center server or not based on the comparison result of the identification information of the target device and the preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information;
the determining module is used for determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information.
In order to solve the technical problems, a fourth technical scheme adopted by the invention is as follows: there is provided a terminal comprising a memory, a processor and a computer program stored in the memory and running on the processor, the processor being adapted to execute program data to carry out the steps of the rights authentication method as described above.
In order to solve the technical problems, a fifth technical scheme adopted by the invention is as follows: there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the rights authentication method as described above.
The beneficial effects of the invention are as follows: different from the prior art, the provided authority authentication method, system, device, terminal and computer readable storage medium, the authority authentication method comprises: the method comprises the steps that an edge server obtains a permission application of target equipment, wherein the permission application comprises identification information of the target equipment and target permission information; comparing the identification information of the target equipment with preset identification information stored in an edge server; determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information; and determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information. According to the method, the device and the system, the obtained identification information of the target equipment is compared with the preset identification information stored in the edge server in a cooperative mode of the edge server, whether the identification information of the target equipment is stored in the edge server is determined, when the identification information of the target equipment is stored in the edge server, the target authority information of the target equipment is authenticated through the edge server, the identification information of the target equipment is not required to be sent to the center server again through the edge server for comparison, the authentication path is shortened, the time consumption for forwarding from the edge server to the center server is reduced, and the real-time performance of authority authentication is further improved; when the identification information corresponding to the target equipment is not stored in the edge server, the identification information of the target equipment is compared with preset identification information stored in the center server, so that the authentication of the target equipment is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a rights authentication method provided by the invention;
FIG. 2 is a flowchart of an embodiment of a rights authentication method according to the present invention;
FIG. 3 is a schematic diagram of a rights authentication system provided by the present invention;
FIG. 4 is a schematic diagram of a rights authentication device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a frame of an embodiment of a terminal provided by the present invention;
fig. 6 is a schematic diagram of a computer readable storage medium according to an embodiment of the present invention.
Detailed Description
The following describes the embodiments of the present application in detail with reference to the drawings.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, interfaces, techniques, etc., in order to provide a thorough understanding of the present application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship. Further, "a plurality" herein means two or more than two.
In order to enable those skilled in the art to better understand the technical scheme of the present invention, a permission authentication method provided by the present invention is described in further detail below with reference to the accompanying drawings and the detailed description.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic flow chart of a rights authentication method provided by the present invention; fig. 2 is a flowchart of an embodiment of a rights authentication method provided by the present invention.
The embodiment provides a permission authentication method, which is applicable to a scenario in which distributed devices are deployed in a central area and an edge area. The authority authentication method includes the following steps.
S1: the edge server acquires a permission application of the target device, wherein the permission application comprises identification information of the target device and target permission information.
S2: and comparing the identification information of the target equipment with preset identification information stored in the edge server.
S3: and determining whether to initiate an identification information verification request to the center server or not based on a comparison result of the identification information of the target device and the preset identification information stored in the edge server, and obtaining preset authority information corresponding to the preset identification information.
S4: and determining whether to grant the target authority corresponding to the target authority information to the target equipment based on a matching result of the target authority information and the preset authority information.
The internet of things platform provided by the embodiment is provided with a central server, a plurality of edge areas are arranged on the periphery of the central server, and each edge area is provided with an edge server. Each edge server is communicatively connected to the central server. The edge area is distributed with a plurality of devices which are respectively connected with an edge server of the edge area in a communication way.
And the user initiates a permission application to an edge server in the edge area where the target equipment is located through the client. The client in this embodiment includes, but is not limited to, a user operation interface such as a mobile APP, a PC client, and a WEB client. In one embodiment, a client installed by a user on a target device initiates a rights application, and the target device initiates a rights application to a nearby edge server. The nearby edge server refers to an edge server of an edge area where the target device is located, or an edge server of the shortest distance from the target device.
The target device is communicatively coupled directly to the edge server. For example, the target device is directly connected to an edge server of the internet of things platform through accessing the internet.
The target device is indirectly communicatively coupled to the edge server. For example, the target device is directly connected to the intermediate gateway through zigbee, bluetooth, local area network wifi and other protocols, and the gateway is connected to an edge server of the internet of things platform through the internet, so that the target device is indirectly connected to the internet of things platform.
Specifically, the specific steps for the edge server to acquire the rights application of the target device in step S1 are as follows.
In one embodiment, an edge server receives a rights application for a target device. The rights application includes identification information of the target device and target rights information. The identification information of the target device includes, but is not limited to, a device serial number, etc. The rights application also includes identification information of the user. The user's identification information includes, but is not limited to, platform user ID, user handset, user mailbox, etc. The identification information of the user and the identification information of the target device in this embodiment are both unique.
Specifically, the specific step of comparing the identification information of the target device with the preset identification information stored in the edge server in step S2 is as follows.
In an embodiment, the edge server compares the received identification information of the target device with preset identification information stored in the edge server, and determines whether the edge server can directly authenticate the authority information of the target device.
Specifically, in step S3, based on the comparison result of the identification information of the target device and the preset identification information stored in the edge server, it is determined whether to initiate an identification information verification request to the central server, and specific steps for obtaining preset authority information corresponding to the preset identification information are as follows.
And responding to the matching of the identification information of the target equipment and the preset identification information stored in the edge server, and taking the authority information corresponding to the preset identification information stored in the edge server as preset authority information.
In one embodiment, the rights application includes identity authentication information of the target device; the preset identification information is associated with preset identity information.
In order to perform validity verification on the target equipment, authentication of at least two dimensions, specifically identity authentication information and target authority authentication, is performed on the authority application of the target equipment.
Comparing the identity authentication information of the target equipment with preset identity information; and judging whether the target authority information accords with the preset authority information or not in response to the fact that the identity authentication information of the target equipment is consistent with the preset identity information. The identity authentication information of the target device includes, but is not limited to, a user password, a platform generated user unique authentication token (token), and the like. In one embodiment, the identity authentication information of the target device is authenticated by a hash algorithm.
In another embodiment, in response to the identification information of the target device not matching the preset identification information stored in the edge server, an identification information verification request is issued to the central server. Searching preset identification information corresponding to the target equipment in a database stored in the central server through the central server.
And in response to the fact that the preset identification information consistent with the identification information of the target equipment is detected in the central server, taking preset authority information corresponding to the preset identification information stored in the central server and the target authority information as preset authority information.
Specifically, the specific step of determining whether to grant the target authority corresponding to the target authority information to the target device based on the matching result of the target authority information and the preset authority information in step S4 is as follows.
The preset authority information comprises at least one preset authority item; and responding to the matching of the target authority information and the preset authority items, and granting the target authority corresponding to the preset authority items matched with the target authority information to the target equipment. The preset authority information comprises, but is not limited to, restarting equipment, controlling equipment, viewing real-time video, voice intercom, logging out authority matters such as account numbers and the like.
In a specific embodiment, whether the target permission information is matched with any preset permission item in the preset permission information list is judged, and if the target permission item is matched with a preset permission item, the target permission corresponding to the preset permission item matched with the target permission item information is granted to the target device.
The method has the advantages that the goal device is accessed to the edge server nearby through the mode of cooperation of the center server and the edge server, and the local quick authority authentication of the edge server is realized through the mode that the edge server caches relevant authority information such as preset identification information, preset identity information, preset authority information and the like, so that the response speed safety improvement of the device control operation signaling is further realized.
In a specific embodiment, after a user initiates a request for viewing a real-time video on a target device through a client, an edge server of an edge area where the target device is located or an edge server of an edge area closest to the target device receives the request for viewing the real-time video sent by the target device, and the edge server also receives identification information and identity authentication information of the target device sent by the target device. The edge server compares the identification information of the target device with preset identification information stored in the edge server.
When the preset identification information stored in the edge server is matched with the identification information of the target equipment, the edge server directly compares the preset identity information corresponding to the preset identification information stored in the edge server with the identity authentication information of the target equipment. When the preset identity information stored in the edge server is matched with the identity authentication information of the target device, judging whether a request for checking the real-time video sent by the target device exists in a preset authority information list corresponding to the preset identification information stored in the edge server. When a request for viewing the real-time video sent by the target device exists in a preset authority information list stored in the edge server, the edge server grants the authority for viewing the real-time video to the target device.
When all preset identification information stored in the edge server is not matched with the identification information of the target equipment, the edge server sends a verification request about the identification information of the target equipment to the center server. The center server compares the received identification information of the target device with preset identification information stored in the center server, and the center server sends the stored preset identification information, preset identity information associated with the preset identification information and preset authority information to the edge server in response to the fact that the identification information of the target device is consistent with the preset identification information stored in the center server. The edge server receives and stores preset identification information sent by the center server, and preset identity information and preset authority information associated with the preset identification information. The edge server verifies whether the identity authentication information of the target device is matched with preset identity information associated with preset identification information received by the edge server. And responding to the fact that the identity authentication information of the target equipment is matched with preset identity information related to preset identification information sent by the center server, judging whether a request for checking the real-time video sent by the target equipment exists in a preset authority information list corresponding to the preset identification information sent by the center server or not. When a request for viewing the real-time video sent by the target device exists in a preset authority information list sent by the central server, the edge server grants the authority for viewing the real-time video to the target device.
In an embodiment, when the preset identification information, the preset identity information and the preset authority information stored in the central server are changed, the edge server subscribes to the stored information in the central server at intervals of preset time to the central server in advance, so that the stored information in the edge server is updated. Specifically, when the information stored in the central server is changed, the central server actively transmits update information to the edge server, so that the edge server can update data.
In the method for actively inquiring, subscribing and caching the authority information of the user and the target equipment through the edge server, after the authority of the user and the target equipment is effectively checked, the control signaling of the client equipment is transmitted through the shortest platform transmission link based on the premise of safe and reliable authentication, the time consumption for forwarding from the center server to the edge server is reduced, and the response speed of the control operation signaling of the equipment is safely improved.
The authority authentication method provided by the embodiment comprises the following steps: the method comprises the steps that an edge server obtains a permission application of target equipment, wherein the permission application comprises identification information of the target equipment and target permission information; comparing the identification information of the target equipment with preset identification information stored in an edge server; responding to the matching of the identification information of the target equipment and the preset identification information stored in the edge server, and comparing preset authority information corresponding to the preset identification information stored in the edge server with the target authority information; and determining whether to grant the target permission corresponding to the target permission information to the target equipment based on a comparison result between the preset permission information corresponding to the preset identification information and the target permission information. According to the method and the device, the obtained identification information of the target device is compared with the preset identification information stored in the edge server through the edge server, whether the identification information of the target device is stored in the edge server is determined, when the identification information of the target device is stored in the edge server, the target authority information of the target device is authenticated through the edge server, the identification information of the target device is not required to be sent to the center server again through the edge server for comparison, the authentication path is shortened, the time consumption for forwarding from the edge server to the center server is reduced, and the timeliness of authority authentication is improved.
Referring to fig. 3, fig. 3 is a schematic diagram of a frame of a rights authentication system according to the present invention.
In this embodiment, a rights authentication system 50 is provided, where the rights authentication system 50 includes a central server 51, an edge server 52, and a target device 53. In this embodiment, the permission authentication system 50 is specifically an internet of things system.
The edge server 52 is communicatively connected to the center server 51, and the target device 53 is connected to the edge server 52.
The target device 53 is configured to send a rights application to the edge server 52, where the rights application includes identification information of the target device 53 and target rights information.
The edge server 52 is configured to receive a permission application of the target device 53, and compare the identification information of the target device 53 with preset identification information stored in the edge server 52.
The edge server 52 is configured to determine whether to initiate an identification information verification request to the central server 51 based on a comparison result of the identification information of the target device 53 and preset identification information stored in the edge server 52, so as to obtain preset authority information corresponding to the preset identification information; based on the result of matching the target authority information with the preset authority information, it is determined whether or not to grant the target authority corresponding to the target authority information to the target device 53.
Specifically, in response to the matching of the identification information of the target device 53 with the preset identification information stored in the edge server 52, the preset authority information corresponding to the preset identification information stored in the edge server 52 is compared with the target authority information; based on the comparison result between the preset authority information corresponding to the preset identification information and the target authority information, it is determined whether to grant the target authority corresponding to the target authority information to the target device 53.
In an embodiment, the central server 51 is configured to search for preset identification information consistent with the identification information of the target device 53 in response to the identification information of the target device 53 not matching the preset identification information stored in the edge server 52.
In one embodiment, the authority authentication system 50 further includes a client 54, where the client 54 is communicatively connected to the target device 53, the central server 51 includes a service module 511 and a data module 512, the service module 511 is communicatively connected to the data module 512, and the service module 511 is configured to manage authority information between each device 53 and the client 54, and send the authority information to the edge server 52. The data module 512 is configured to store preset identification information and preset authority information of each device.
In one embodiment, the business module 511 includes at least one business service unit 5111. For example, the service module 511 includes three service units 5111. The service module 511 is used to provide rights management for the user with the target device 53. Specifically, the rights management includes the establishment of the relationship between the user and the rights, sharing, etc. of the target device 53, and the management of adding and deleting the rights of the target device 53; the authority notification includes notifying the edge server 52 of the edge area by a subscription method when the authority information is changed.
In one embodiment, the data module 512 is embodied as a business data center. The data module 512 is used to provide persistent storage of the relationship between the user and the target device 53.
In one embodiment, the edge server 52 includes at least one device management module 521, the device management module 521 including at least one device management service unit 5211, and the target device 53 communicatively coupled to the device management service unit 5211. The device management service unit 5211 is specifically configured to maintain a long-term connection with the target device 53, and is configured to cache preset authority information, perform authority authentication, and the like. Specifically, the long-term connection is maintained, specifically, the device management service unit 5211 is maintained in communication connection with the target device 53 to facilitate the control operation of the target device 53. The device management service unit 5211 is configured to store preset identification information, preset identity information, and preset authority information. The device management service unit 5211 is further configured to actively subscribe to the central server 51 for permission information change events, and refresh the memory cache. The device management service unit 5211 is used for validity authentication of the identity information of the target device 53 and verification of the operation device authority.
In an embodiment, the target device 53 is communicatively coupled directly to the device management service unit 5211, or the target device 53 is communicatively coupled to the device management service unit 5211 through the gateway 55.
According to the authority authentication system provided by the embodiment, the edge server is used for comparing the acquired identification information of the target equipment with the preset identification information stored in the edge server to determine whether the identification information of the target equipment is stored in the edge server, when the identification information of the target equipment is stored in the edge server, the edge server is used for authenticating the target authority information of the target equipment, the edge server is not required to be used for transmitting the identification information of the target equipment to the center server again for comparison, the authentication path is shortened, the time consumption for forwarding from the edge server to the center server is reduced, and the instantaneity of authority authentication is further improved.
Referring to fig. 4, fig. 4 is a schematic diagram of a frame of an embodiment of a rights authentication device according to the present invention. The present embodiment provides a rights authentication device 60, the rights authentication device 60 includes an acquisition module 61, a comparison module 62, an analysis module 63, and a determination module 64.
The obtaining module 61 is configured to obtain, by using an edge server, a rights application of the target device, where the rights application includes identification information of the target device and target rights information.
The comparison module 62 is configured to compare the identification information of the target device with preset identification information stored in the edge server;
the analysis module 63 is configured to determine whether to initiate an identification information verification request to the central server based on a comparison result of the identification information of the target device and the preset identification information stored in the edge server, so as to obtain preset authority information corresponding to the preset identification information;
the determining module 64 is configured to determine whether to grant the target authority corresponding to the target authority information to the target device based on a matching result of the target authority information and the preset authority information.
According to the permission authentication device provided by the embodiment, the edge server is used for comparing the acquired identification information of the target equipment with the preset identification information stored in the edge server to determine whether the identification information of the target equipment is stored in the edge server, when the identification information of the target equipment is stored in the edge server, the edge server is used for authenticating the target permission information of the target equipment, the edge server is not required to be used for transmitting the identification information of the target equipment to the center server again for comparison, the authentication path is shortened, the time consumption for forwarding from the edge server to the center server is reduced, and the instantaneity of permission authentication is further improved.
Referring to fig. 5, fig. 5 is a schematic diagram of a frame of an embodiment of a terminal according to the present invention. The terminal 80 comprises a memory 81 and a processor 82 coupled to each other, the processor 82 being adapted to execute program instructions stored in the memory 81 for implementing the steps of any of the rights authentication method embodiments described above. In one particular implementation scenario, terminal 80 may include, but is not limited to: the microcomputer, server, and the terminal 80 may also include mobile devices such as a notebook computer and a tablet computer, which are not limited herein.
In particular, the processor 82 is configured to control itself and the memory 81 to implement the steps of any of the rights authentication method embodiments described above. The processor 82 may also be referred to as a CPU (Central Processing Unit ). The processor 82 may be an integrated circuit chip having signal processing capabilities. The processor 82 may also be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the processor 82 may be commonly implemented by an integrated circuit chip.
Referring to fig. 6, fig. 6 is a schematic diagram of a frame of an embodiment of a computer readable storage medium according to the present invention. The computer readable storage medium 90 stores program instructions 901 executable by a processor, the program instructions 901 for implementing the steps of any one of the rights authentication method embodiments described above.
In some embodiments, functions or modules included in an apparatus provided by the embodiments of the present disclosure may be used to perform a method described in the foregoing method embodiments, and specific implementations thereof may refer to descriptions of the foregoing method embodiments, which are not repeated herein for brevity.
The foregoing description of various embodiments is intended to highlight differences between the various embodiments, which may be the same or similar to each other by reference, and is not repeated herein for the sake of brevity.
In the several embodiments provided in the present application, it should be understood that the disclosed methods and apparatus may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical, or other forms.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all or part of the technical solution contributing to the prior art or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is only the embodiments of the present invention, and therefore, the patent protection scope of the present invention is not limited thereto, and all equivalent structures or equivalent flow changes made by the content of the present specification and the accompanying drawings, or direct or indirect application in other related technical fields, are included in the patent protection scope of the present invention.

Claims (14)

1. A rights authentication method, comprising:
the method comprises the steps that an edge server obtains a permission application of target equipment, wherein the permission application comprises identification information and target permission information of the target equipment;
comparing the identification information of the target equipment with preset identification information stored in the edge server;
determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and the preset identification information stored in the edge server so as to obtain preset authority information corresponding to the preset identification information;
and determining whether to grant the target permission corresponding to the target permission information to the target equipment based on a matching result of the target permission information and the preset permission information.
2. The rights authentication method according to claim 1, wherein,
the determining whether to initiate an identification information verification request to a central server based on the comparison result of the identification information of the target device and the preset identification information stored in the edge server so as to obtain preset authority information corresponding to the preset identification information comprises the following steps:
and responding to the fact that the identification information of the target equipment is matched with the preset identification information stored in the edge server, and taking authority information corresponding to the preset identification information stored in the edge server as the preset authority information.
3. The rights authentication method according to claim 1, wherein,
the determining whether to initiate an identification information verification request to a central server based on the comparison result of the identification information of the target device and the preset identification information stored in the edge server so as to obtain preset authority information corresponding to the preset identification information comprises the following steps:
responding to the fact that the identification information of the target equipment is not matched with the preset identification information stored in the edge server, and sending an identification information verification request to the center server;
and responding to the detection of the preset identification information consistent with the identification information of the target equipment in the central server, and taking the authority information corresponding to the preset identification information stored in the central server as the preset authority information.
4. A rights authentication method according to any of claims 1-3, characterized in that the rights application comprises identity authentication information of the target device; the preset identification information is associated with preset identity information;
the step of determining whether to grant the target authority corresponding to the target authority information to the target device based on the matching result of the target authority information and the preset authority information further comprises the following steps:
comparing the identity authentication information of the target equipment with the preset identity information;
and judging whether the target authority information accords with the preset authority information or not in response to the fact that the identity authentication information of the target equipment is consistent with the preset identity information.
5. The authority authentication method according to claim 1, wherein the preset authority information includes at least one preset authority item;
the determining whether to grant the target authority corresponding to the target authority information to the target device based on the matching result of the target authority information and the preset authority information includes:
and responding to the target authority information matched with the preset authority item, and granting the target authority corresponding to the preset authority item matched with the target authority information to the target equipment.
6. The authority authentication system is characterized by comprising a center server, an edge server and target equipment, wherein the edge server is in communication connection with the center server, and the target equipment is connected with the edge server;
the target device is used for sending a permission application to the edge server, wherein the permission application comprises identification information of the target device and target permission information;
the edge server is used for receiving the authority application of the target equipment and comparing the identification information of the target equipment with preset identification information stored in the edge server; determining whether to initiate an identification information verification request to a central server based on a comparison result of the identification information of the target device and the preset identification information stored in the edge server so as to obtain preset authority information corresponding to the preset identification information; and determining whether to grant the target permission corresponding to the target permission information to the target equipment based on a matching result of the target permission information and the preset permission information.
7. The authentication system of claim 6, wherein the central server is configured to search for the preset identification information consistent with the identification information of the target device in response to the identification information of the target device not matching the preset identification information stored in the edge server.
8. The permission authentication system of claim 6, wherein the edge server is configured to, in response to the identification information of the target device matching the preset identification information stored in the edge server, take permission information corresponding to the preset identification information stored in the edge server as the preset permission information.
9. The rights authentication system of claim 6, further comprising a client communicatively coupled to the target device, the central server comprising a business module and a data module communicatively coupled to the business module,
the service module is used for managing the authority information between each device and the client and sending the authority information to the edge server; the data module is used for storing preset identification information and preset authority information of each device.
10. The rights authentication system of claim 6, wherein the edge server includes at least one device management module, the device management module including at least one device management service unit, the target device being communicatively coupled to the device management service unit.
11. The rights authentication system of claim 10, wherein the target device is communicatively coupled directly to the device management service unit or the target device is communicatively coupled to the device management service unit through a gateway.
12. A rights authentication device, characterized by comprising:
the system comprises an acquisition module, a target device and an edge server, wherein the acquisition module is used for acquiring a permission application of the target device by the edge server, and the permission application comprises identification information and target permission information of the target device;
the comparison module is used for comparing the identification information of the target equipment with preset identification information stored in the edge server;
the analysis module is used for determining whether to initiate an identification information verification request to a central server or not based on a comparison result of the identification information of the target device and the preset identification information stored in the edge server so as to obtain preset authority information corresponding to the preset identification information;
and the determining module is used for determining whether to grant the target permission corresponding to the target permission information to the target equipment based on a matching result of the target permission information and the preset permission information.
13. A terminal comprising a memory, a processor and a computer program stored in the memory and running on the processor, the processor being adapted to execute program data to carry out the steps of the rights authentication method according to any of claims 1 to 5.
14. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the rights authentication method according to any of claims 1 to 5.
CN202310383913.5A 2023-04-11 2023-04-11 Authority authentication method, system, device, terminal and computer readable storage medium Pending CN116436667A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310383913.5A CN116436667A (en) 2023-04-11 2023-04-11 Authority authentication method, system, device, terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310383913.5A CN116436667A (en) 2023-04-11 2023-04-11 Authority authentication method, system, device, terminal and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN116436667A true CN116436667A (en) 2023-07-14

Family

ID=87080994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310383913.5A Pending CN116436667A (en) 2023-04-11 2023-04-11 Authority authentication method, system, device, terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN116436667A (en)

Similar Documents

Publication Publication Date Title
US11347833B2 (en) Method and apparatus for optimized access of security credentials via mobile edge-computing systems
US20230154262A1 (en) Decentralized virtual trustless database for access control
US11178134B2 (en) Method and apparatus for allocating device identifiers
US10764743B1 (en) Providing a service with location-based authorization
CN113272805B (en) Proximity-based unlocking of public computing devices
US11463241B2 (en) Transmitting or receiving blockchain information
KR102321781B1 (en) Processing electronic tokens
US10728244B2 (en) Method and system for credential management
US10575347B2 (en) Delivery of shared WiFi credentials
CN108337677B (en) Network authentication method and device
US20200265438A1 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
US20230161898A1 (en) Accessing information based on privileges
EP2924944B1 (en) Network authentication
WO2014031399A1 (en) Systems and methods for lock access management using wireless signals
WO2012117253A1 (en) An authentication system
CN109561429B (en) Authentication method and device
US20220255929A1 (en) Systems and methods for preventing unauthorized network access
US20160269381A1 (en) Apparatus, system and method of dynamically controlling access to a cloud service
KR101879843B1 (en) Authentication mehtod and system using ip address and short message service
US11176238B2 (en) Credential for a service
US10542569B2 (en) Community-based communication network services
CN107396295B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
CN116436667A (en) Authority authentication method, system, device, terminal and computer readable storage medium
US20210150837A1 (en) Decentralized virtual trustless database for access control
CN117176354A (en) Data processing method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination