CN116961936A - Security management method and device for Internet of things equipment, electronic equipment and medium - Google Patents

Security management method and device for Internet of things equipment, electronic equipment and medium Download PDF

Info

Publication number
CN116961936A
CN116961936A CN202210390618.8A CN202210390618A CN116961936A CN 116961936 A CN116961936 A CN 116961936A CN 202210390618 A CN202210390618 A CN 202210390618A CN 116961936 A CN116961936 A CN 116961936A
Authority
CN
China
Prior art keywords
internet
equipment
things
information
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210390618.8A
Other languages
Chinese (zh)
Inventor
宋坤
刘鹏达
许升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Haier Washing Machine Co Ltd
Haier Smart Home Co Ltd
Original Assignee
Qingdao Haier Washing Machine Co Ltd
Haier Smart Home Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Haier Washing Machine Co Ltd, Haier Smart Home Co Ltd filed Critical Qingdao Haier Washing Machine Co Ltd
Priority to CN202210390618.8A priority Critical patent/CN116961936A/en
Publication of CN116961936A publication Critical patent/CN116961936A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a security management method and device of Internet of things equipment, electronic equipment and a medium. The method comprises the following steps: acquiring a registration request sent by an Internet of things device, wherein the registration request comprises device information of the Internet of things device, and the device information comprises a Mac address and a local serial number of the Internet of things device; judging whether the Internet of things equipment is legal or not based on the equipment information; if the cloud resource of the Internet of things equipment is legal, generating cloud resources of the Internet of things equipment and key information for accessing the cloud resources, wherein the key information comprises equipment certificates and equipment identifiers; and sending a registration response to the Internet of things equipment, wherein the registration response comprises the key information. According to the method provided by the application, the risk of resource leakage of the Internet of things equipment deployed at the cloud is reduced, so that the safety of interaction between the Internet of things equipment and the cloud is improved.

Description

Security management method and device for Internet of things equipment, electronic equipment and medium
Technical Field
The present application relates to cloud security technologies, and in particular, to a security management method and apparatus for an internet of things device, an electronic device, and a medium.
Background
With the development of times and technologies, the technology of the internet of things has made great progress in the fields of smart cities, smart homes, smart industries, smart agriculture, smart transportation and the like, and brings great convenience to human life.
When the Internet of things equipment applied to the field is operated, a large amount of operation data can be generated, and the operation data are uploaded to the cloud through the Internet of things. For safety, when the internet of things equipment completes registration at the cloud, a private unique certificate is required to be imported for the internet of things equipment, or at least the same private unique certificate is imported for the internet of things equipment of the same model and the same batch. For the same type and batch of internet of things equipment, the registration of the internet of things equipment in the cloud end is often completed through an automatic registration deployment center in order to simplify the process that the internet of things equipment acquires certificates and completes registration in the cloud end.
In the process, if the registration deployment center is exposed to the outside, any Internet of things equipment can be deployed in the cloud through the registration deployment center, so that cloud resource leakage is easy to occur, and the security level of the cloud resource is reduced.
Disclosure of Invention
The application provides a safety management method, a device, electronic equipment and a medium of internet of things equipment, which are used for reducing risks of cloud resource leakage or malicious occupation of the cloud resource of the internet of things equipment, so that the safety level of interaction between the internet of things equipment and the cloud resource is improved.
In one aspect, the present application provides a method for security management of an internet of things device, where the method includes:
acquiring a registration request sent by an Internet of things device, wherein the registration request comprises device information of the Internet of things device, and the device information comprises a Mac address and a local serial number of the Internet of things device;
judging whether the Internet of things equipment is legal or not based on the equipment information;
if the cloud resource of the Internet of things equipment is legal, generating cloud resources of the Internet of things equipment and key information for accessing the cloud resources, wherein the key information comprises equipment certificates and equipment identifiers;
and sending a registration response to the Internet of things equipment, wherein the registration response comprises the key information.
In another possible implementation manner, the determining, based on the device information of the internet of things, whether the device of the internet of things is legal includes:
searching the equipment information in a first equipment list, wherein the first equipment list is used for storing the equipment information of the equipment of the internet of things which is not registered after leaving the factory;
and if the equipment information exists in the first equipment list, determining that the Internet of things equipment is legal.
In another possible implementation manner, after the generating the cloud resource of the internet of things device and the key information for accessing the cloud resource, the method further includes:
Deleting the device information in the first device list;
and storing the equipment information and the key information in a second equipment list in an associated mode, wherein the second equipment list is used for storing the equipment information of the factory registered internet of things equipment and the key information corresponding to the equipment information in an associated mode.
In another possible implementation manner, before searching the first device list for the device information, the method further includes:
searching the equipment information in the second equipment list;
if the equipment information exists in the second equipment list, determining that the equipment of the Internet of things is illegal;
and if the device information does not exist in the second device list, determining to execute the step of searching the first device list for the device information.
In another possible implementation manner, after the sending a registration response to the internet of things device, the method further includes:
acquiring a first connection request of the Internet of things equipment, wherein the first connection request comprises the key information and the equipment information of the Internet of things equipment;
searching whether the key information and the device information which are stored in a correlated way exist in the second device list;
If the key information and the equipment information which are stored in an associated mode exist, the fact that the Internet of things equipment is in a connectable state is determined, and connection between the Internet of things equipment and the cloud resource is established.
In another possible implementation, the method further includes:
acquiring a second connection request of the Internet of things equipment, wherein the second connection request comprises maintenance information, the maintenance information is used for indicating that the Internet of things equipment is maintained, and the maintenance information comprises equipment information of the Internet of things equipment;
searching equipment information of the Internet of things equipment in a maintenance equipment list, wherein the equipment information which is maintained and needs to replace cloud resources is stored in the maintenance equipment list;
if the equipment information of the Internet of things equipment exists in the maintenance equipment list, generating a new cloud resource and new key information for accessing the new cloud resource for the Internet of things equipment;
and transmitting the new key information to the Internet of things equipment.
In another possible implementation manner, the device information further includes a local address and a local environment, and if the device information of the internet of things device does not exist in the maintenance device list, the method further includes:
Based on the Mac address and the local serial number of the Internet of things device, determining the local address and the local environment of the Internet of things device stored in the second device list;
determining whether the local address and the local environment of the internet of things device change or not based on the stored local address and the local environment of the internet of things device and the current local address and the local environment of the internet of things device;
if so, updating the device information of the factory registered internet of things device in the second device list based on the current local address of the internet of things device and the local environment.
In another aspect, the present application provides a security management apparatus for an internet of things device, including:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a registration request sent by the Internet of things device, the registration request comprises device information of the Internet of things device, and the device information comprises a Mac address and a local serial number of the Internet of things device;
the judging module is used for judging whether the Internet of things equipment is legal or not based on the equipment information;
the first generation module is used for generating cloud resources of the Internet of things equipment and key information for accessing the cloud resources when the Internet of things equipment is legal, wherein the key information comprises equipment certificates and equipment identifiers;
And the sending module is used for sending a registration response to the internet of things equipment, wherein the registration response comprises the key information.
In another possible implementation manner, the judging module is specifically configured to:
searching the equipment information in a first equipment list, wherein the first equipment list is used for storing the equipment information of the equipment of the internet of things which is not registered after leaving the factory;
and if the equipment information exists in the first equipment list, determining that the Internet of things equipment is legal.
In another possible implementation manner, the apparatus further includes a deletion module and a storage module, where,
a deleting module, configured to delete the device information in the first device list;
the storage module is used for storing the equipment information and the key information in a second equipment list in an associated mode, and the second equipment list is used for storing the equipment information of the factory registered internet of things equipment and the key information corresponding to the equipment information in an associated mode.
In another possible implementation manner, the apparatus further includes a first search module, a first determination module, and a second determination module, where,
the first searching module is used for searching the equipment information in the second equipment list;
The first determining module is used for determining that the internet of things equipment is illegal when the equipment information exists in the second equipment list;
and the second determining module is used for determining to execute the step of searching the device information in the first device list when the device information does not exist in the second device list.
In another possible implementation manner, the apparatus further includes a second acquisition module, a second search module, and a third determination module, where,
the second acquisition module is used for acquiring a first connection request of the Internet of things equipment, wherein the first connection request comprises the key information and the equipment information of the Internet of things equipment;
the second searching module is used for searching whether the key information and the device information which are stored in a correlated way exist in the second device list;
and the third determining module is used for determining that the Internet of things equipment is in a connectable state when the key information and the equipment information which are stored in an associated mode exist, and establishing connection between the Internet of things equipment and the cloud resource.
In another possible implementation manner, the apparatus further includes a third acquisition module, a third search module, a second generation module, and a delivery module, where,
A third obtaining module, configured to obtain a second connection request of the internet of things device, where the second connection request includes maintenance information, where the maintenance information is used to indicate that the internet of things device has been maintained, and the maintenance information includes device information of the internet of things device;
the third searching module is used for searching the equipment information of the Internet of things equipment in a maintenance equipment list, wherein the equipment information which is maintained and needs to replace cloud resources is stored in the maintenance equipment list;
the second generation module is used for generating a new cloud resource for the Internet of things equipment and new key information for accessing the new cloud resource when the equipment information of the Internet of things equipment exists in the maintenance equipment list;
and the issuing module is used for issuing the new key information to the Internet of things equipment.
In another possible implementation manner, the apparatus further includes a fourth determining module, a fifth determining module, and an updating module, where,
a fourth determining module, configured to determine, based on the Mac address and the local serial number of the internet of things device, a local address and a local environment of the internet of things device that are already stored in the second device list;
A fifth determining module, configured to determine whether the local address and the local environment of the internet of things device change based on the stored local address and the local environment of the internet of things device and the current local address and the local environment of the internet of things device;
and the updating module is used for updating the equipment information of the factory registered internet of things equipment in the second equipment list based on the current local address and the local environment of the internet of things equipment when the local address and the local environment of the internet of things equipment are changed.
In a third aspect, the present invention provides an electronic device comprising:
at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing computer-executable instructions stored in the memory causes the at least one processor to perform the method of security management of an internet of things device as set forth in any one of the first aspects above.
In a fourth aspect, the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, which when executed by a processor, implement a method for security management of an internet of things device according to any one of the first aspects above.
The application provides a safety management method, a device, electronic equipment and a medium of Internet of things equipment, wherein the method provided by the application comprises the following steps: when the internet of things device needs to be registered in the cloud, firstly searching the internet of things device in the second device list, and if the internet of things device can be found in the second device list, indicating that the internet of things device is the factory registered internet of things device. If not, continuing to search the Internet of things equipment in the first equipment list, and if so, indicating that the Internet of things equipment is not registered after leaving the factory, and registering the Internet of things equipment at the moment. If the internet of things equipment cannot be produced, the internet of things equipment is not produced in the factory, and the registration request of the internet of things equipment is refused. Through the method, when the Internet of things device performs cloud registration through the electronic device, the Internet of things device is checked first, and the Internet of things device is registered only when the Internet of things device is checked to be legal, so that the risk that malicious devices are connected to the cloud is reduced.
When the internet of things device is successfully registered, the cloud generates key information for enabling the internet of things device to access the cloud, so that when the internet of things device sends a connection request to the cloud, the cloud checks the internet of things device based on the key information of the internet of things device and the second device list, connection is permitted after the checking is passed, the risk of cloud resource leakage is reduced, and the security level of the cloud resource is improved. In summary, the security level of the Internet of things equipment in interaction with the cloud is effectively improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of a scenario of security management of an internet of things device according to an embodiment of the present application;
fig. 2 is a schematic system diagram of security management of an internet of things device according to an embodiment of the present application;
fig. 3 is a flowchart of a method for security management of an internet of things device according to an embodiment of the present application;
fig. 4 is a flowchart of a method for security management of an internet of things device according to an embodiment of the present application;
fig. 5 is a flowchart III of a method for security management of an internet of things device according to an embodiment of the present application;
fig. 6 is a flowchart of a method for security management of an internet of things device according to an embodiment of the present application;
fig. 7 is a schematic diagram of an apparatus for security management of an internet of things device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of security management of an internet of things device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
Fig. 1 is a schematic view of a scenario of security management of an internet of things device according to an embodiment of the present application. As shown in fig. 1, the system provided by the embodiment of the present application includes a terminal 101 and a server 102, where the terminal 101 may be a device that can interact with a user, such as a washing machine 101, a dryer, a dishwasher, or the like. For example, the terminal 101 may be the washing machine 101 shown in fig. 1, where the washing machine 101 communicates with the server 102 through the internet of things.
Fig. 2 is a system schematic diagram of security management of an internet of things device according to an embodiment of the present application. As shown in fig. 2, the server 102 includes a registration center and a cloud end, and the washing machine 101 produced by the manufacturer completes registration of the washing machine 101 in the cloud end through the registration center, and generates key information and sends the key information to the washing machine 101.
In the above process, when the washing machines 101 produced by other manufacturers want to share the cloud, the registry cannot identify the washing machine 101, so that the washing machines 101 produced by other manufacturers are easily connected to the cloud at will, which causes the cloud resource leakage, and further reduces the cloud security level. Therefore, the application provides a safety management method of the Internet of things equipment to improve the safety level of cloud resources of the Internet of things equipment.
Specifically, as shown in fig. 2, the server 102 further includes a database and a management platform of the washing machine 101, and for this system, in a link of production by a manufacturer, information such as a Mac address and a local serial number of the washing machine 101 is entered into the database. When the washing machine 101 device needs to be connected to the cloud, the washing machine 101 device carries information such as a Mac address and a local serial number of the washing machine 101 device to request the registration center to register the information. The registration center judges whether the washing machine 101 equipment is legal or not based on the Mac address and the local serial number of the washing machine 101 equipment, generates key information and returns the key information to the washing machine 101 equipment when the washing machine 101 equipment is legal, and stores the key information corresponding to the washing machine 101 equipment, the Mac address, the local serial number and other information in a database. When the washing machine 101 device is connected to the cloud, key information is first sent to the cloud, and the cloud judges whether the washing machine 101 device can be connected to the cloud based on information stored in a database. When the washing machine 101 is sent for repair, a maintenance person can use the washing machine 101 management platform to correspondingly maintain the database.
Through the system, the risks of malicious invasion and theft of cloud resources can be effectively reduced, and the safety of interaction between the Internet of things equipment and the cloud is improved.
Fig. 3 is a flowchart of a method for security management of an internet of things device according to an embodiment of the present application. Some embodiments of the present application are described in detail below in conjunction with fig. 3. In the case where the embodiments do not conflict, the following embodiments and features in the embodiments may be combined with each other.
As shown in fig. 3, the method in the present embodiment may include step S301, step S302, step S303, and step S304, wherein,
step S301, a registration request sent by an internet of things device is obtained.
The registration request includes device information of the internet of things device, and the registration request may be that the internet of things device is automatically powered on for the first time or that the user controls the internet of things device to send. The equipment information comprises Mac addresses and local serial numbers of the Internet of things equipment, and the Mac addresses and the local serial numbers of the Internet of things equipment are databases which are recorded by manufacturers when the Internet of things equipment is produced.
Step S302, based on the device information, whether the Internet of things device is legal or not is judged.
Step S303, if the cloud resource is legal, cloud resource of the Internet of things equipment and key information for accessing the cloud resource are generated.
The key information comprises a device certificate and a device identifier, specifically, the device identifier is a deviceId of the device.
Step S304, a registration response is sent to the Internet of things device.
The registration response comprises key information, and the Internet of things device interacts with the cloud based on the key information.
According to the method provided by the embodiment, when the Internet of things equipment requests to register through the registration center, the legitimacy of the Internet of things equipment is checked at first, and after the legitimacy of the Internet of things equipment passes the check, the registration is permitted, and cloud resources and key information of the Internet of things equipment are permitted to be generated. When the Internet of things equipment interacts with the cloud, connection is established with the cloud through key information. Through the method, the risk that illegal Internet of things equipment shares the cloud due to leakage of the registry is effectively reduced, meanwhile, the Internet of things equipment is connected with the cloud through unique key information, the risk of cloud resource leakage is further reduced, and therefore the interaction safety level of the Internet of things equipment and the cloud is improved.
Fig. 4 is a flowchart second of a method for security management of an internet of things device according to an embodiment of the present application, where a specific implementation process of the embodiment of the present application is described in detail on the basis of fig. 3. As shown in fig. 4, the method includes:
Step S401, a registration request sent by an internet of things device is obtained, where the registration request includes device information of the internet of things device. The specific implementation manner of step S401 refers to step S301 in the foregoing embodiment, and is not described herein.
Step S402, it is determined whether the device information exists in the second device list. If yes, step S403 is executed, and if no, step S404 is executed.
Specifically, the second device list is used for storing device information of the internet of things device which is already registered in the factory and key information corresponding to the device information, and the storage logic of the second device list can be "device 1/Mac address/local serial number/key information/…; device 2/Mac address/native sequence number/key information/…; device 3/Mac address/native sequence number/key information/… … ". The mode of judging whether the device information exists in the second device list is as follows: the device information is looked up in a second device list.
Step S403, determining that the Internet of things equipment is illegal, and rejecting the registration request of the Internet of things equipment.
Specifically, when the device information exists in the second device list, it is indicated that the internet of things device has already been registered, and re-registration is not required, at this time, it is determined that the internet of things device is illegal, and the registration center can reject a registration request of the illegal internet of things device. When judging whether the Internet of things equipment is legal or not, firstly determining whether the Internet of things equipment is registered or not, and improving the registration efficiency of the Internet of things equipment.
Step S404, determining whether the device information exists in the first device list, if yes, executing step S405, and if not, executing step S403.
The method for judging whether the equipment information exists in the first equipment list is as follows: the device information is looked up in a first device list. The first device list is used for storing device information of the factory unregistered internet of things device, and the storage logic of the first device list can be' device 1/Mac address/local serial number/…; device 2/Mac address/native sequence number/…; the device 3/Mac address/local serial number/… …', namely, the device of the Internet of things is automatically numbered according to the storage sequence, and the device information of the device of the Internet of things is correspondingly stored under the number of any device of the Internet of things.
Specifically, if the device information of the internet of things device cannot be found in the second device list, the device information is found from the first device list.
Step S405 determines that the internet of things device is legal, and generates cloud resources of the internet of things device and key information for accessing the cloud resources.
Specifically, if the device information exists in the first device list, it is indicated that the internet of things device belongs to a device produced by the manufacturer, and the internet of things device is legal after the registration. At the moment, the registration center registers the Internet of things equipment, so that malicious invasion of the Internet of things equipment produced by non-manufacturer can be effectively reduced.
If the device information does not exist in the second device list or the first device list, the device information indicates that the internet of things device is not a device produced by the manufacturer, that is, the internet of things device is illegal, and the registration center refuses the registration request.
Step S406, deleting the device information in the first device list, and storing the device information in association with the key information in the second device list.
And when deleting the device information in the first device list, deleting the device number synchronously.
Specifically, after the registration of the internet of things device is completed, the registration state of the internet of things device is changed from 'factory unregistered' to 'factory registered', so that the device information of the internet of things device is deleted in a first device list, the device information and the key information corresponding to the device information are stored in a second device list again in a correlated manner, and the first device list and the second device list are updated in time, thereby achieving the effect of being beneficial to improving the efficiency of judging whether the internet of things device is legal or not.
Fig. 5 is a flowchart third of a method for security management of an internet of things device according to an embodiment of the present application, where a specific implementation process of the embodiment of the present application is described in detail on the basis of fig. 4. Specifically, the embodiment details a method for establishing connection between the registered internet of things device and the cloud, as shown in fig. 5, the method includes:
Step S501, a first connection request of an internet of things device is obtained.
The first connection request comprises key information and device information of the Internet of things device. The first connection request can be sent to the cloud end manually or automatically after being networked by the Internet of things device.
Step S502, based on the first connection request, determines whether there is key information and device information stored in association corresponding to the first connection request in the second device list. If yes, step S503 is executed, and if no, step S504 is executed.
Step S503, determining that the Internet of things device is in a connectable state, and establishing connection between the Internet of things device and cloud resources.
Step S504, refusing the connection request of the Internet of things equipment.
Specifically, based on the device information and the key information included in the first connection request, the associated stored key information and the device information corresponding to the first connection request are searched in a second device list, if the associated stored key information and the device information corresponding to the internet of things device exist in the second device list, the internet of things device is determined to be in a connectable state, and connection between the internet of things device and the cloud resource is established. If the second equipment list does not contain the associated stored key information and equipment information corresponding to the Internet of things equipment, the Internet of things equipment is illegal, and the connection request of the Internet of things equipment is refused at the moment so as to improve the security level of cloud resources.
According to the method provided by the embodiment, when the Internet of things equipment is required to be connected to the cloud, a first connection request of the Internet of things equipment is firstly obtained, then the equipment information and the key information included in the first connection request are searched in the second equipment list to judge whether the Internet of things equipment is a legal equipment which is registered after leaving a factory, and finally the connection between the Internet of things equipment and the cloud is established only when the Internet of things equipment is legal, so that the risk of cloud resource leakage is further reduced.
Fig. 6 is a flowchart of a method for security management of an internet of things device according to an embodiment of the present application, where a specific implementation process of the embodiment of the present application is described in detail on the basis of fig. 5. Specifically, the embodiment details a method for maintaining cloud resources of repair-sent internet of things equipment, as shown in fig. 6, the method includes:
step S601, obtaining a second connection request of the internet of things device.
The second connection request comprises maintenance information, the maintenance information is used for indicating that the Internet of things equipment is maintained, and the maintenance information comprises equipment information of the Internet of things equipment.
Step S602, judging whether equipment information of the Internet of things equipment exists in the maintenance list. If so, step S603 is performed, and if not, step S604 is performed.
Specifically, the device information that has been repaired and that needs to replace the cloud resource is stored in the repair device list. The mode of judging whether the equipment information of the Internet of things equipment exists in the maintenance list is as follows: and searching the equipment information of the Internet of things equipment in the maintenance equipment list.
Step S603, if the device information of the internet of things device exists in the maintenance device list, generating a new cloud resource and new key information for accessing the new cloud resource for the internet of things device, and issuing the new key information to the internet of things device.
Step S604, determining the local address and the local environment of the internet of things device stored in the second device list based on the Mac address and the local serial number of the internet of things device.
The local address and the local environment belong to equipment information of the Internet of things equipment, and Mac addresses and local serial numbers of the follow-up Internet of things equipment are stored in a first equipment list or a second equipment list. The local address is used for representing the current geographic position of the Internet of things equipment, the local environment comprises the current environment of the Internet of things equipment, the environment can specifically comprise information such as temperature, humidity and the like, and the environment is generally a range value. The local address and the local environment of the internet of things device can be obtained by means of a sensor on the internet of things device.
Step S605 determines whether the local address and the local environment of the internet of things device change based on the stored local address and the local environment of the internet of things device and the current local address and the current local environment of the internet of things device. If yes, go to step S606, if no, end the flow.
Step S606, updating the device information of the factory registered Internet of things device in the second device list based on the current local address and the local environment of the Internet of things device.
Specifically, when the service internet of things equipment owner needs to discard the original cloud resources and acquire new cloud resources, a maintainer inputs equipment information of the internet of things equipment into a maintenance equipment list through a washing machine management platform. When the internet of things device sends a second connection request to the cloud, firstly, equipment information of the internet of things device is searched in a maintenance equipment list, and at the moment, the equipment information of the internet of things device can be searched in the maintenance equipment list, and it is determined that the internet of things device needs to update cloud resources, namely new cloud resources are needed to be generated for the internet of things device to use, and new key information is generated for the internet of things device to access the new cloud resources.
When the service internet of things equipment owner needs to reserve the original cloud resources, the equipment information of the internet of things equipment cannot be found in the maintenance equipment list. At this time, the local address and the local environment of the internet of things device stored in the second device list need to be determined based on the Mac address and the local serial number of the internet of things device. And determining whether the local address and the local environment of the Internet of things device change or not based on the stored information in the second device list and the current local address and the local environment of the Internet of things device. And updating the second device list when a change occurs.
By the method provided by the embodiment, for the repair-sent internet of things equipment, the equipment information of the repair-sent internet of things equipment is updated in time in the second equipment list, so that when any internet of things equipment needs to be connected to the cloud, the legitimacy of the internet of things equipment is judged based on the latest second equipment list, and further malicious invasion of illegal equipment is further effectively reduced.
According to the method provided by the embodiment of the application, when any one of the Internet of things equipment requests the registration center to register the Internet of things equipment, the electronic equipment firstly judges whether the Internet of things equipment is the factory unregistered Internet of things equipment of the manufacturer based on the equipment information and the first equipment list of the Internet of things equipment, only when the Internet of things equipment is the factory unregistered Internet of things equipment of the manufacturer, the registration center is made to register the factory unregistered Internet of things equipment of the manufacturer, cloud resources are generated for the Internet of things equipment, and meanwhile key information for enabling the Internet of things equipment to access the cloud resources is returned to the Internet of things equipment. Meanwhile, when any one of the Internet of things devices requests to be connected to the cloud, key information of the Internet of things device is firstly obtained, the validity of the Internet of things device is determined based on the key information and a second device list, and only when the Internet of things device is legal, the access to the cloud is allowed. By the method, the risks of malicious access to the cloud and theft of cloud resources of the Internet of things equipment produced by non-factory are effectively reduced, and therefore the safety management level of the Internet of things equipment is improved.
In addition, to the thing networking equipment through maintenance, can make the maintenance personal update to the second equipment list according to the user's demand to make electronic equipment judge the legitimacy of thing networking equipment more accurately, and then further reduce the thing networking equipment of non-factory production and maliciously insert the high in the clouds, steal the risk of high in the clouds resource.
The above embodiments introduce a method for security management of an internet of things device from a method flow, and the following embodiments introduce a device for security management of an internet of things device from a virtual module or a virtual unit, which are specifically described in the following embodiments.
The embodiment of the application provides a security management device for internet of things equipment, as shown in fig. 7, the device comprises a first acquisition module 71, a judgment module 72, a first generation module 73 and a sending module 74, wherein,
a first obtaining module 71, configured to obtain a registration request sent by an internet of things device, where the registration request includes device information of the internet of things device, and the device information includes a Mac address and a local serial number of the internet of things device;
a judging module 72, configured to judge whether the internet of things device is legal based on the device information;
the first generating module 73 is configured to generate cloud resources of the internet of things device and key information for accessing the cloud resources when the internet of things device is legal, where the key information includes a device certificate and a device identifier;
The sending module 74 is configured to send a registration response to the internet of things device, where the registration response includes the key information.
In another possible implementation manner of the embodiment of the present application, the judging module 72 is specifically configured to:
searching device information in a first device list, wherein the first device list is used for storing device information of the factory unregistered internet of things device;
if the device information exists in the first device list, determining that the Internet of things device is legal.
In another possible implementation manner of the embodiment of the present application, the apparatus further includes a deletion module and a storage module, where,
a deleting module, configured to delete the device information in the first device list;
the storage module is used for storing the equipment information and the key information in a second equipment list in an associated mode, and the second equipment list is used for storing the equipment information of the factory registered internet of things equipment and the key information corresponding to the equipment information in an associated mode.
In another possible implementation manner of the embodiment of the present application, the apparatus further includes a first search module, a first determination module, and a second determination module, where,
the first searching module is used for searching the equipment information in the second equipment list;
the first determining module is used for determining that the equipment of the Internet of things is illegal when the equipment information exists in the second equipment list;
And the second determining module is used for determining to execute the step of searching the device information in the first device list when the device information does not exist in the second device list.
In another possible implementation manner of the embodiment of the present application, the apparatus further includes a second acquisition module, a second search module, and a third determination module, where,
the second acquisition module is used for acquiring a first connection request of the Internet of things equipment, wherein the first connection request comprises key information of the Internet of things equipment and equipment information of the Internet of things equipment;
the second searching module is used for searching whether the associated stored key information and the device information exist in the second device list;
and the third determining module is used for determining that the Internet of things equipment is in a connectable state when the associated stored key information and the equipment information exist, and establishing connection between the Internet of things equipment and cloud resources.
In another possible implementation manner of the embodiment of the present application, the apparatus further includes a third obtaining module, a third searching module, a second generating module, and an issuing module, where,
the third acquisition module is used for acquiring a second connection request of the Internet of things equipment, wherein the second connection request comprises maintenance information, the maintenance information is used for indicating that the Internet of things equipment is maintained, and the maintenance information comprises equipment information of the Internet of things equipment;
The third searching module is used for searching equipment information of the Internet of things equipment in a maintenance equipment list, wherein the equipment information which is maintained and needs to replace cloud resources is stored in the maintenance equipment list;
the second generation module is used for generating a new cloud resource and new key information for accessing the new cloud resource for the Internet of things equipment when the equipment information of the Internet of things equipment exists in the maintenance equipment list;
and the issuing module is used for issuing the new key information to the Internet of things equipment.
In another possible implementation manner of the embodiment of the present application, the apparatus further includes a fourth determining module, a fifth determining module, and an updating module, where,
the fourth determining module is used for determining the local address and the local environment of the internet of things device stored in the second device list based on the Mac address and the local serial number of the internet of things device;
a fifth determining module, configured to determine whether the local address and the local environment of the internet of things device change based on the stored local address and the local environment of the internet of things device and the current local address and the current local environment of the internet of things device;
and the updating module is used for updating the equipment information of the factory registered Internet of things equipment in the second equipment list based on the current local address and the local environment of the Internet of things equipment when the local address and the local environment of the Internet of things equipment are changed.
In the embodiment of the present application, the first acquisition module 71, the second acquisition module and the third acquisition module may be the same acquisition module, may be different acquisition modules, or may be partially the same acquisition module. The first generation module 73 and the second generation module may be the same generation module or may be different generation modules. The first search module, the second search module and the third search module may be the same search module, may be different search modules, or may be partially the same search module. The first determining module, the second determining module, the third determining module, the fourth determining module and the fifth determining module may be the same determining module, may be different determining modules, or may be partially the same determining module. The embodiments of the present application are not limited.
The security management device for the internet of things equipment provided by the embodiment of the application is applicable to the above method embodiment and is not described herein.
In an embodiment of the present application, as shown in fig. 8, an electronic device shown in fig. 8 includes: a processor 81 and a memory 82. Wherein the processor 81 is coupled to the memory 82, e.g. via a bus 83. Optionally, the electronic device may also include a transceiver 84. It should be noted that, in practical applications, the transceiver 84 is not limited to one, and the structure of the electronic device is not limited to the embodiment of the present application.
The processor 81 may be a central processing unit 81 (Central Processing Unit, CPU), a general purpose processor 81, a data signal processor 81 (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor 81 may also be a combination that implements computing functionality, such as a combination comprising one or more microprocessors 81, a combination of a DSP and a microprocessor 81, or the like.
Bus 83 may include a path to transfer information between the aforementioned components. The bus 83 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus 83 or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus 83, among others. The bus 83 may be divided into an address bus 83, a data bus 83, a control bus 83, and the like. For ease of illustration, only one thick line is shown in fig. 8, but not only one bus 83 or one type of bus 83.
The Memory 82 may be, but is not limited to, a Read Only Memory 82 (ROM) or other type of static storage device that can store static information and instructions, a random access Memory 82 (Random Access Memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable Read Only Memory 82 (Electrically Erasable Programmable Read Only Memory, EEPROM), a compact disc Read Only Memory (Compact Disc Read Only Memory, CD-ROM) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 82 is used for storing application program codes for executing the inventive arrangements and is controlled to be executed by the processor 81. The processor 81 is arranged to execute application code stored in the memory 82 for implementing what has been shown in the previous method embodiments.
Among them, electronic devices include, but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, personal Digital Assistants (PDAs), tablet computers (PADs), portable Multimedia Players (PMPs), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. But may also be a server or the like. The electronic device shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
Embodiments of the present application provide a computer-readable storage medium having a computer program stored thereon, which when run on a computer, causes the computer to perform the corresponding method embodiments described above.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. The safety management method of the Internet of things equipment is characterized by comprising the following steps of:
acquiring a registration request sent by an Internet of things device, wherein the registration request comprises device information of the Internet of things device, and the device information comprises a Mac address and a local serial number of the Internet of things device;
Judging whether the Internet of things equipment is legal or not based on the equipment information;
if the cloud resource of the Internet of things equipment is legal, generating cloud resources of the Internet of things equipment and key information for accessing the cloud resources, wherein the key information comprises equipment certificates and equipment identifiers;
and sending a registration response to the Internet of things equipment, wherein the registration response comprises the key information.
2. The method of claim 1, wherein the determining whether the internet of things device is legitimate based on the device information comprises:
searching the equipment information in a first equipment list, wherein the first equipment list is used for storing the equipment information of the equipment of the internet of things which is not registered after leaving the factory;
and if the equipment information exists in the first equipment list, determining that the Internet of things equipment is legal.
3. The method of claim 2, wherein after the generating the cloud resource of the internet of things device and the key information for accessing the cloud resource, the method further comprises:
deleting the device information in the first device list;
and storing the equipment information and the key information in a second equipment list in an associated mode, wherein the second equipment list is used for storing the equipment information of the factory registered internet of things equipment and the key information corresponding to the equipment information in an associated mode.
4. A method according to claim 3, wherein prior to looking up the device information in the first list of devices, the method further comprises:
searching the equipment information in the second equipment list;
if the equipment information exists in the second equipment list, determining that the equipment of the Internet of things is illegal;
and if the device information does not exist in the second device list, determining to execute the step of searching the first device list for the device information.
5. The method of claim 3, wherein after the sending the registration response to the internet of things device, the method further comprises:
acquiring a first connection request of the Internet of things equipment, wherein the first connection request comprises the key information and the equipment information of the Internet of things equipment;
searching whether the key information and the device information which are stored in a correlated way exist in the second device list;
if the key information and the equipment information which are stored in an associated mode exist, the fact that the Internet of things equipment is in a connectable state is determined, and connection between the Internet of things equipment and the cloud resource is established.
6. The method according to claim 4, wherein the method further comprises:
Acquiring a second connection request of the Internet of things equipment, wherein the second connection request comprises maintenance information, the maintenance information is used for indicating that the Internet of things equipment is maintained, and the maintenance information comprises equipment information of the Internet of things equipment;
searching equipment information of the Internet of things equipment in a maintenance equipment list, wherein the equipment information which is maintained and needs to replace cloud resources is stored in the maintenance equipment list;
if the equipment information of the Internet of things equipment exists in the maintenance equipment list, generating a new cloud resource and new key information for accessing the new cloud resource for the Internet of things equipment;
and transmitting the new key information to the Internet of things equipment.
7. The method of claim 6, wherein the device information further comprises a local address and a local environment, and if the device information of the internet of things device does not exist in the repair device list, the method further comprises:
based on the Mac address and the local serial number of the Internet of things device, determining the local address and the local environment of the Internet of things device stored in the second device list;
determining whether the local address and the local environment of the internet of things device change or not based on the stored local address and the local environment of the internet of things device and the current local address and the local environment of the internet of things device;
If so, updating the device information of the factory registered internet of things device in the second device list based on the current local address of the internet of things device and the local environment.
8. The utility model provides a safety arrangement of thing networking device which characterized in that includes:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a registration request sent by the Internet of things device, the registration request comprises device information of the Internet of things device, and the device information comprises a Mac address and a local serial number of the Internet of things device;
the judging module is used for judging whether the Internet of things equipment is legal or not based on the equipment information;
the first generation module is used for generating cloud resources of the Internet of things equipment and key information for accessing the cloud resources when the Internet of things equipment is legal, wherein the key information comprises equipment certificates and equipment identifiers;
and the sending module is used for sending a registration response to the internet of things equipment, wherein the registration response comprises the key information.
9. An electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
The at least one processor executing computer-executable instructions stored in the memory causes the at least one processor to perform the method of security management of an internet of things device as claimed in any one of claims 1-7.
10. A computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, and when executed by a processor, the computer executable instructions are configured to implement the security management method of the internet of things device according to any one of claims 1-7.
CN202210390618.8A 2022-04-14 2022-04-14 Security management method and device for Internet of things equipment, electronic equipment and medium Pending CN116961936A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210390618.8A CN116961936A (en) 2022-04-14 2022-04-14 Security management method and device for Internet of things equipment, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210390618.8A CN116961936A (en) 2022-04-14 2022-04-14 Security management method and device for Internet of things equipment, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN116961936A true CN116961936A (en) 2023-10-27

Family

ID=88443103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210390618.8A Pending CN116961936A (en) 2022-04-14 2022-04-14 Security management method and device for Internet of things equipment, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN116961936A (en)

Similar Documents

Publication Publication Date Title
CN107426169B (en) Service processing method and device based on permission
JP4525939B2 (en) Mobile terminal, resource access control system for mobile terminal, and resource access control method for mobile terminal
CN110121859B (en) Information verification method and related equipment
KR20190067194A (en) Methods, devices, and servers for account login
JP2014168219A (en) Access limiting device, on-vehicle communication system and communication limiting method
CN114257440B (en) Network function service discovery method, system and storage medium
US11107079B2 (en) Methods, systems, apparatuses and devices for verifying credibility of consortium blockchain
CN114666159B (en) Cloud service system, method, device, equipment and medium
CN107635221A (en) A kind of car-mounted terminal identifying processing method and device
CN110659019B (en) Parameter verification method, device and server
CN109088949B (en) Matching method of Internet of things services and MME
CN114756877A (en) Data management method, device, server and storage medium
US20230403254A1 (en) Decentralized identifier determination by a registry operator or registrar
WO2012174829A1 (en) Short message processing method and device
CN116961936A (en) Security management method and device for Internet of things equipment, electronic equipment and medium
CN108563514B (en) Method for accessing application configuration service, application and electronic equipment
CN115001889A (en) Device control method, electronic device, and storage medium
CN113055254B (en) Address configuration method, device, access server and storage medium
CN111988459B (en) Address book management method and device and computer storage medium
CN114640976A (en) NFC tag verification method and related equipment
CN114338060A (en) Authority verification method, device, system, equipment and storage medium
CN105991566B (en) Method, equipment and system for processing service
CN112995900B (en) SIM card distribution method, device, server and computer readable storage medium
CN113168323B (en) Resource adding method, management device and computer storage medium
CN112822022B (en) Multi-signature address updating method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination