CN117650903A - Controlled device, device authorization management method, and storage medium - Google Patents

Controlled device, device authorization management method, and storage medium Download PDF

Info

Publication number
CN117650903A
CN117650903A CN202310620727.9A CN202310620727A CN117650903A CN 117650903 A CN117650903 A CN 117650903A CN 202310620727 A CN202310620727 A CN 202310620727A CN 117650903 A CN117650903 A CN 117650903A
Authority
CN
China
Prior art keywords
equipment
main control
information
authorization
control equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310620727.9A
Other languages
Chinese (zh)
Inventor
刘美玉
付东
庞秀娟
肖成创
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Visual Technology Co Ltd
Original Assignee
Hisense Visual Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Visual Technology Co Ltd filed Critical Hisense Visual Technology Co Ltd
Priority to CN202310620727.9A priority Critical patent/CN117650903A/en
Publication of CN117650903A publication Critical patent/CN117650903A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present disclosure relates to a controlled device and a device authorization management method, and a storage medium. The controlled device includes: a controller configured to: receiving a first authorized connection request sent by a main control device; and based on the first device information, the first user information, the first connection code and the first authentication code, after the verification is determined to pass, sending a verification success instruction to the master control device so as to indicate that the master control device and the controlled device are successfully authorized to be connected. According to the embodiment of the disclosure, under the condition that the authorization flexibility of the main control equipment is ensured, the safety of communication interaction is improved.

Description

Controlled device, device authorization management method, and storage medium
Technical Field
The disclosure relates to the field of multi-screen interaction, and in particular relates to a controlled device, a device authorization management method, a device and a computer readable storage medium.
Background
Along with the rapid development of the intelligent home industry, great convenience is brought to the life of people. Controlling intelligent household appliances, the relation between control and controlled needs to be established between the devices, and message intercommunication between the devices can be realized by utilizing an MQTT (Message Queuing Telemetry Transport, message queue telemetry transport) protocol.
In the prior art, in the connection process of the MQTT protocol, user identification information and a user password are sent to a controlled device through a main control device, so that the controlled device is connected with the main control device for the first time based on the user identification information and the user password, after the first connection is successful, an authorization request sent by the main control device is responded, an authorization interface is popped up to enable a user to select whether to authorize the main control device, if the user selects to agree with authorization, device information of the main control device is stored in a white list, and an authorization success message is sent to the main control device, so that the main control device and the controlled device can perform subsequent service interaction. The user is usually authorized once, the device ID is stored in the white list, and the next time the user is reconnected, whether the device ID is stored in the white list is compared, the comparison is successful, and the connection is required to be re-authorized if the comparison is not passed. However, the authorization mode is fixed, and the master control equipment is permanently effective only by storing the equipment information of the master control equipment once, so that the long-term unnecessary authorization equipment cannot be dynamically cleared; and, when the authorized master device is hacked, the controlled device is always controlled, thereby reducing security. Therefore, under the condition of ensuring the authorization flexibility of the master control device, how to improve the security of the master control device is a technical problem to be solved currently.
Disclosure of Invention
In order to solve the technical problems or at least partially solve the technical problems, the present disclosure provides a controlled device and a device authorization management method, which not only can ensure the authorization flexibility of a master device, but also avoid the defect that the master device is permanently effective, resulting in the occupation of resources of the controlled device; moreover, after the main control equipment is hacked, the situation that the controlled equipment is mistakenly a trusted client of the main control equipment and continues to communicate with the main control equipment can be avoided, and the safety of information interaction is improved.
In a first aspect, the present disclosure provides a controlled device comprising:
a controller configured to:
receiving a first authorized connection request sent by a main control device;
wherein the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; the first connection code is generated by the controlled device according to first device information, second device information, an authorization time stamp and a first effective authorization time length after receiving a connection code acquisition request sent by the main control device, and is sent to the main control device, wherein the first effective authorization time length is the effective authority time length of the main control device selected based on user wish for controlling the controlled device; the first authentication code is generated based on the first device information, the MAC address of the master device, the current time stamp, a preset salt value and a preset algorithm after the master device receives the first connection code, the first effective authorization duration and the MAC address of the master device, which are sent by the controlled device;
And based on the first device information, the first user information, the first connection code and the first authentication code, after the verification is determined to pass, sending a verification success instruction to the master control device so as to indicate that the master control device and the controlled device are successfully authorized to be connected.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
and storing the first device information, the MAC address of the master control device, the first authentication code and the first effective authorization time length in a white list.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
deleting the main control equipment in an equipment management page in response to the deleting operation of a user on the target main control equipment;
or;
responding to a trigger instruction for displaying the equipment management page, and judging whether the target main control equipment is within a valid authorization time length;
if the target main control equipment is not in the effective authorization time, deleting the target main control equipment in the equipment management page;
or;
responding to an authorized connection request sent by the target main control equipment, and judging whether a target connection code corresponding to the target main control equipment is valid or not;
And if the target connection code is invalid, deleting the target master control equipment in the equipment management page.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
before the master control device receives the first connection code, the first valid authorization duration and the MAC address of the master control device, the method further includes:
based on an address resolution protocol, acquiring the MAC address of the main control equipment;
acquiring a current time stamp and a preset salt value;
and generating an initial authentication code based on the first device information, the MAC address of the master control device, the current timestamp, the preset salt value and a preset algorithm.
As an optional implementation manner of the embodiment of the present invention, the controller is specifically configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code includes:
analyzing the first connection code to acquire first equipment information, second equipment information, an authorization time stamp and a first effective authorization duration;
and if the difference value between the decryption time stamp and the authorization time stamp is smaller than or equal to the first effective authorization time length, determining that the main control equipment is effective authorization equipment.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the initial authentication code is consistent with the first authentication code or not;
and if the initial authentication code is consistent with the first authentication code, determining that the main control equipment is not replaced by other equipment.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the first equipment information exists in the white list;
and if the first equipment information exists in the white list, determining that the main control equipment is not deleted.
As an alternative implementation of the embodiment of the present invention, the controller is further configured to:
before receiving the first authorized connection request sent by the master control device, the method further comprises:
receiving a first connection request sent by the main control equipment, wherein the first connection request carries first equipment information, a first user identifier and a user password;
Checking according to the first user identifier and the user password, and after the checking is passed, sending a first connection success instruction to the main control equipment so as to indicate that the main control equipment and the controlled equipment are successfully connected;
receiving a first authorization request sent by the main control equipment;
responding to the first authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and a first effective authorization time length, and sending a first authorization success instruction to the master control equipment when the authorization success is determined so as to indicate that the master control equipment and the controlled equipment are successfully authorized;
receiving a connection code acquisition request sent by the main control equipment;
and responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
In a second aspect, there is provided a device authorization management method, the method comprising:
receiving a first authorized connection request sent by a main control device;
wherein the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; the first connection code is generated by the controlled device according to first device information, second device information, an authorization time stamp and a first effective authorization time length after receiving a connection code acquisition request sent by the main control device, and is sent to the main control device, wherein the first effective authorization time length is the effective authority time length of the main control device selected based on user wish for controlling the controlled device;
And based on the first device information, the first user information, the first connection code and the first authentication code, after the verification is determined to pass, sending a verification success instruction to the master control device so as to indicate that the master control device and the controlled device are successfully authorized to be connected.
As an optional implementation manner of the embodiment of the present invention, the method further includes:
and storing the first device information, the MAC address of the master control device, the first authentication code and the first effective authorization time length in a white list.
As an optional implementation manner of the embodiment of the present invention, the method further includes:
deleting the main control equipment in an equipment management page in response to the deleting operation of a user on the target main control equipment;
or;
responding to a trigger instruction for displaying the equipment management page, and judging whether the target main control equipment is within a valid authorization time length;
if the target main control equipment is not in the effective authorization time, deleting the target main control equipment in the equipment management page;
or;
responding to an authorized connection request sent by the target main control equipment, and judging whether a target connection code corresponding to the target main control equipment is valid or not;
And if the target connection code is invalid, deleting the target master control equipment in the equipment management page.
As an optional implementation manner of the embodiment of the present invention, before the master device receives the first connection code, the first valid authorization duration, and the MAC address of the master device, the method further includes:
based on an address resolution protocol, acquiring the MAC address of the main control equipment;
acquiring a current time stamp and a preset salt value;
and generating an initial authentication code based on the first device information, the MAC address of the master control device, the current timestamp, the preset salt value and a preset algorithm.
As an optional implementation manner of the embodiment of the present invention, the verifying based on the first device information, the first user information, the first connection code, and the first authentication code includes:
analyzing the first connection code to acquire first equipment information, second equipment information, an authorization time stamp and a first effective authorization duration;
and if the difference value between the decryption time stamp and the authorization time stamp is smaller than or equal to the first effective authorization time length, determining that the main control equipment is effective authorization equipment.
As an optional implementation manner of the embodiment of the present invention, the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the initial authentication code is consistent with the first authentication code or not;
and if the initial authentication code is consistent with the first authentication code, determining that the main control equipment is not replaced by other equipment.
As an optional implementation manner of the embodiment of the present invention, the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the first equipment information exists in the white list;
and if the first equipment information exists in the white list, determining that the main control equipment is not deleted.
As an optional implementation manner of the embodiment of the present invention, before receiving the first authorized connection request sent by the master device, the method further includes:
receiving a first connection request sent by the main control equipment, wherein the first connection request carries first equipment information, a first user identifier and a user password;
checking according to the first user identifier and the user password, and after the checking is passed, sending a first connection success instruction to the main control equipment so as to indicate that the main control equipment and the controlled equipment are successfully connected;
Receiving a first authorization request sent by the main control equipment;
responding to the first authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and a first effective authorization time length, and sending a first authorization success instruction to the master control equipment when the authorization success is determined so as to indicate that the master control equipment and the controlled equipment are successfully authorized;
receiving a connection code acquisition request sent by the main control equipment;
and responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
In a third aspect, there is provided a computer readable storage medium comprising: the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the device authorization management method as shown in the second aspect.
In a fourth aspect, there is provided a computer program product comprising: the computer program product, when run on a computer, causes the computer to implement the device authorization management method as shown in the second aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: receiving a first authorized connection request sent by a main control device, wherein the first authorized connection request comprises: first device information, first user information, a first connection code, and a first authentication code; and after the verification is determined to pass, a verification success instruction is sent to the master control equipment so as to indicate that the master control equipment and the controlled equipment are successfully authorized to be connected.
The first connection code is generated and sent to the master control equipment according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length after the master control equipment receives the connection code acquisition request sent by the master control equipment, wherein the first equipment information is identification information corresponding to the master control equipment, the second equipment information is identification information corresponding to the master control equipment, and the first effective authorization time length is effective authorization time length for controlling the master control equipment based on the master control equipment selected by a user will, so that the authorization flexibility of the master control equipment can be ensured, and the defect that the master control equipment is permanently effective and the resources of the master control equipment are occupied is avoided. And because the first authentication code is generated based on the first equipment information, the MAC address of the main control equipment, the current timestamp, the preset salt value and the preset algorithm after the main control equipment receives the first connection code, the first effective authorization time and the MAC address of the main control equipment, which are sent by the controlled equipment, the first authentication code can be checked to confirm whether the main control equipment is a trusted client, so that the situation that the controlled equipment is mistakenly the trusted client after the main control equipment is hacked is avoided, and communication with the main control equipment is continued is further improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1A is an application scenario schematic diagram of a device authorization management method of a controlled device according to an embodiment of the present disclosure;
FIG. 1B is a schematic diagram of an authorization method for an intelligent device according to the prior art;
FIG. 1C is a schematic diagram of a dominant authorization method provided in the prior art;
FIG. 2 is a block diagram of a hardware configuration of an electronic device according to one or more embodiments of the present disclosure;
FIG. 3A is a software configuration schematic of an electronic device according to one or more embodiments of the present disclosure;
FIG. 3B is a schematic illustration of an icon control page display of an application of an electronic device in accordance with one or more embodiments of the present disclosure;
Fig. 4A is a flow chart of a device authorization management method according to an embodiment of the present disclosure;
fig. 4B is an interaction schematic diagram of a device authorization management method according to an embodiment of the present disclosure;
fig. 5A is an interface schematic diagram of a dominant authorization method provided in an embodiment of the disclosure;
FIG. 5B is an interface diagram of another explicit authorization method provided by embodiments of the present disclosure;
fig. 6A is a flowchart of another device authorization management method according to an embodiment of the present disclosure;
fig. 6B is an interaction schematic diagram of another device authorization management method according to an embodiment of the disclosure;
fig. 7 is a flowchart of another device authorization management method according to an embodiment of the present disclosure;
fig. 8 is a flowchart of another device authorization management method according to an embodiment of the present disclosure;
fig. 9 is a flowchart of another device authorization management method according to an embodiment of the disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
The terms "first," second, "" third and the like in the description and in the claims and in the above-described figures are used for distinguishing between similar or similar objects or entities and not necessarily for limiting a particular order or sequence, unless otherwise indicated. It is to be understood that the terms so used are interchangeable under appropriate circumstances.
The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements is not necessarily limited to all elements explicitly listed, but may include other elements not expressly listed or inherent to such product or apparatus.
With the development of the intelligent home industry, a whole set of intelligent home is selected and used in many home decoration, so that great convenience is brought to living. In order to control these intelligent appliances, a relationship between control and control needs to be established between intelligent devices, and message intercommunication between the devices can be achieved by using MQTT (Message Queuing Telemetry Transport, message queue telemetry transport) protocol.
The MQTT is a message publishing/subscribing transmission protocol based on a client-server, and devices requiring message intercommunication can be connected to the MQTT server as clients, and the server forwards messages to specified clients according to publishing/subscribing. For example, in television control, the mobile phone is used as a virtual remote controller to control the television, so that the mobile phone device is used as a client of the MQTT, the television device is used as a server of the MQTT, and after the mobile phone device and the server of the MQTT are connected, the mobile phone device and the MQTT client of other modules in the television are in message intercommunication.
As shown in fig. 1A, fig. 1A is a schematic application scenario diagram of a device authorization management method of a controlled device according to an embodiment of the present disclosure, and in fig. 1A, a user may operate a display device 200 (e.g., a smart tv) through a terminal device 100 (e.g., a mobile phone). That is, the terminal device 100 is a master device, and the display device 200 is a slave device. When the mobile terminal apparatus 100 wants to control the display apparatus 200, the display apparatus 200 performs authorized connection authentication on the mobile terminal apparatus 100, thereby determining whether to allow the mobile terminal apparatus 100 to control the display apparatus 200. For example, the terminal device 100 in this scenario may be, but not limited to, a smart center screen, a smart phone, a smart tablet, etc., and the display device 200 may be, but not limited to, a smart home appliance such as a smart television, a smart washing machine, etc.
In some embodiments, the display device 200 may be controlled using the terminal device 100 (e.g., a mobile terminal, etc.). For example, the display device 200 is controlled using an application running on the terminal device 100. The terminal device 100 may install a software application with the display device 200, implement connection communication through a network communication protocol, and achieve the purpose of one-to-one control operation and data communication. The semantic understanding content displayed on the terminal device 100 may also be transmitted to the display device 200, so as to implement a synchronous display function.
Fig. 1B is a schematic diagram of an authorization method of an intelligent device provided in the prior art. The method comprises the steps that a master control device sends an authorized connection request to a controlled device, the controlled device responds to the authorized connection request sent by the master control device, consults a locally stored white list, searches whether information of the master control device such as a device identifier exists in the white list to determine whether the master control device is authorized trust equipment of the controlled device, when the information of the master control device exists in the white list, the master control device is determined to be authorized trust equipment of the controlled device, a message that the authorized connection passes is sent to the master control device, the master control device information is stored in the white list, and at the moment, the master control device can control the controlled device after receiving the message that the authorized connection passes.
Fig. 1C is a schematic diagram of a dominant authorization method provided in the prior art. Taking fig. 1C as an example, the user is given authorization through an active pop-up interface, such as pop-up "do device 1 attempt to connect your television, do you agree to authorization? The prompt of' and then the user can select whether to receive the access of the client equipment according to the actual needs; if the user selects "agree", the device 1 (e.g. a mobile phone or a central control screen) is used as a trusted device and stored in a white list, and the white list can be stored in a physical storage space of the television, so that when the subsequent device 1 needs to control the television, whether the current device 1 is a trusted device can be determined by searching the white list; if the user selects 'reject', the controlled device sends a message to the master device authorizing the connection failure. However, the authorization mode is fixed, and the master control equipment is permanently effective only by storing the equipment information of the master control equipment once, so that the long-term unnecessary authorization equipment cannot be dynamically cleared; and, when the authorized master device is hacked, the controlled device is always controlled, thereby reducing security.
Based on the above-mentioned problem, in an embodiment of the present disclosure, a first authorized connection request sent by a master device is received, where the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; and after the verification is determined to pass, a verification success instruction is sent to the master control equipment so as to indicate that the master control equipment and the controlled equipment are successfully authorized to be connected. The first connection code is generated and sent to the master control equipment according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length after the master control equipment receives the connection code acquisition request sent by the master control equipment, wherein the first equipment information is identification information corresponding to the master control equipment, the second equipment information is identification information corresponding to the master control equipment, and the first effective authorization time length is effective authorization time length for controlling the master control equipment based on the master control equipment selected by a user will, so that the authorization flexibility of the master control equipment can be ensured, and the defect that the master control equipment is permanently effective and the resources of the master control equipment are occupied is avoided. And because the first authentication code is generated based on the first equipment information, the MAC address of the main control equipment, the current timestamp, the preset salt value and the preset algorithm after the main control equipment receives the first connection code, the first effective authorization time and the MAC address of the main control equipment, which are sent by the controlled equipment, the first authentication code can be checked to confirm whether the main control equipment is a trusted client, so that the situation that the controlled equipment is mistakenly the trusted client after the main control equipment is hacked is avoided, and communication with the main control equipment is continued is further improved.
The device authorization management method provided by the embodiment of the disclosure can be realized based on the electronic device or a functional module or a functional entity in the electronic device.
The electronic device may be a personal computer (personal computer, PC), a server, a mobile phone, a tablet computer, a notebook computer, a mainframe computer, etc., which is not particularly limited in the embodiments of the present disclosure.
By way of example, fig. 2 is a block diagram of a hardware configuration of an electronic device in accordance with one or more embodiments of the present disclosure. As shown in fig. 2, the electronic device includes: at least one of a modem 210, a communicator 220, a detector 230, an external device interface 240, a controller 250, a display 260, an audio output interface 270, a memory, a power supply, a user interface 280. Among them, the controller 250 includes at least one of a central processing unit (Central Processing Unit, CPU), a video processor, an audio processor, a graphic processor (Graphics Processing Unit, GPU), RAM Random Access Memory, RAM), ROM (Read-Only Memory, ROM), first to nth interfaces for input/output, a communication Bus (Bus), and the like. The display 260 may be at least one of a liquid crystal display, an OLED display, a touch display, and a projection display, and may also be a projection device and a projection screen. The modem 210 receives broadcast television signals through a wired or wireless reception manner and demodulates an audio-video signal, such as an EPG audio-video data signal, from a plurality of wireless or wired broadcast television signals. The communicator 220 is a component for communicating with external devices or servers according to various communication protocol types. For example: the communicator may include at least one of a Wifi module, a bluetooth module, a wired ethernet module, or other network communication protocol chip or a near field communication protocol chip, and an infrared receiver. The electronic device may establish transmission and reception of control signals and data signals with a server or a local control device through the communicator 220. The detector 230 is used to collect signals of the external environment or interaction with the outside. For example, detector 230 includes a light receiver, a sensor for capturing the intensity of ambient light; alternatively, the detector 230 includes an image collector such as a camera, which may be used to collect external environmental scenes, user attributes, or user interaction gestures, or alternatively, the detector 230 includes a sound collector such as a microphone, or the like, which is used to receive external sounds. The external device interface 240 may include, but is not limited to, the following: high Definition Multimedia Interface (HDMI), analog or data high definition component input interface (component), composite video input interface (CVBS), USB input interface (USB), RGB port, etc. The input/output interface may be a composite input/output interface formed by a plurality of interfaces. The controller 250 and the modem 210 may be located in separate devices, i.e., the modem 210 may also be located in an external device to the main device in which the controller 250 is located, such as an external set-top box.
In some embodiments, the controller 250 controls the operation of the electronic device and responds to user operations by various software control programs stored on the memory. The controller 250 controls the overall operation of the electronic device. The user may input a user command through a Graphical User Interface (GUI) displayed on the display 260, and the user input interface receives the user input command through the Graphical User Interface (GUI). Alternatively, the user may input the user command by inputting a specific sound or gesture, and the user input interface recognizes the sound or gesture through the sensor to receive the user input command.
In some embodiments, the display 260 includes a display screen component for presenting a picture, and a driving component for driving an image display, for receiving image signals from the controller output, for displaying video content, image content, and a menu manipulation interface, and for manipulating a UI interface by a user. For example, the display may be at least one of a liquid crystal display, an OLED (Organic Light-Emitting Diode) display, a touch display, and a projection display, and may also be a projection device and a projection screen. A user may input a user command through a graphical user interface (Graphic User Interface, GUI) displayed on the display 260, and the user input interface receives the user input command through the graphical user interface. Alternatively, the user may input the user command by inputting a specific sound or gesture, and the user input interface recognizes the sound or gesture through the sensor to receive the user input command. A "user interface" is a media interface for interaction and exchange of information between an application or operating system and a user, which enables conversion between an internal form of information and a user-acceptable form. A commonly used presentation form of a user interface is a graphical user interface, which refers to a user interface related to computer operations that is displayed in a graphical manner. For example, it may be an interface element such as an icon, window, control, etc., displayed in a display of the electronic device, where the control may include visual interface elements such as icons, buttons, menus, tabs, text boxes, dialog boxes, status bars, navigation bars, etc. A user interface operable to receive control signals of the terminal device 100, such as an infrared remote control or the like.
Fig. 3A is a schematic software configuration diagram of an electronic device according to one or more embodiments of the present disclosure, where the system is divided into four layers, namely, an application layer (application layer), an application framework layer (Application Framework layer), an Android run layer and a system library layer (system runtime layer), and a kernel layer from top to bottom, according to one or more embodiments of the present disclosure.
Fig. 3B is a schematic diagram of an icon control interface display of an application program included in a smart device (mainly a smart play device, such as a smart tv, a digital cinema system, or an audio-visual server) according to one or more embodiments of the present disclosure, where, as shown in fig. 3B, an application program layer includes at least one icon control that an application program may display in a display, for example: a live television application icon control, a video on demand VOD application icon control, a media center application icon control, an application center icon control, a game application icon control, and the like. Live television applications can provide live television through different signal sources. Video on demand VOD applications may provide video from different storage sources. Unlike live television applications, video-on-demand provides video displays from some storage sources. The media center application may provide various applications for playing multimedia content. An application center may be provided to store various applications.
The device authorization management method provided by the embodiment of the disclosure can be realized based on the electronic device.
For more detailed description of the present solution, the following description will be given by way of example with reference to fig. 4A, and it will be understood that the steps involved in fig. 4A may include more steps or fewer steps when actually implemented, and the order between these steps may also be different, so as to enable the device authorization management method applied to the controlled device side provided in the embodiment of the present application to be implemented.
Fig. 4A is a flowchart of a device authorization management method according to an embodiment of the present disclosure. Fig. 4B is an interaction schematic diagram of a device authorization management method according to an embodiment of the present disclosure, where the embodiment is applied to a controlled device. As shown in fig. 4A, the method specifically includes the following steps:
s41, receiving a first authorized connection request sent by the master control equipment.
Wherein the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code. The first connection code is generated by the controlled device according to the first device information, the second device information, the authorization time stamp and the first effective authorization time length after receiving the connection code acquisition request sent by the main control device, and is sent to the main control device. The first effective authorization duration is the effective authority duration of the master control equipment which is selected based on the user will to control the controlled equipment. The first authentication code is generated based on the first device information, the MAC address of the master device, the current time stamp, the preset salt value and the preset algorithm after the master device receives the first connection code, the first effective authorization duration and the MAC address of the master device, which are sent by the controlled device.
The master control device is an intelligent device for controlling the controlled device in the scene of interaction among a plurality of intelligent devices, for example, the master control device can be, but is not limited to, a mobile terminal, a tablet computer, an intelligent central control screen and the like. The controlled device is an intelligent device controlled by the master device in the interaction scene of a plurality of intelligent devices, for example, the master device can be but not limited to intelligent home such as an intelligent television, an intelligent refrigerator, an intelligent air conditioner and the like, and a personal computer and the like. In the embodiment of the present disclosure, the master device and the slave device are not particularly limited.
The first device information is identification information corresponding to the master device, and may include, for example, but not limited to, a device ID, a device type, a device name, and the like of the master device.
The first user information represents information corresponding to a user using the master device, and may be, but not limited to, a user phone number, a user mailbox, a user nickname, etc.
The second device information is identification information corresponding to the controlled device, and may include, for example, but not limited to, a device ID, a device type, a device name, and the like of the controlled device.
The authorization timestamp, which represents the initial time of user authorization, may be, for example, 2023, 05, 20, 10:00:55, just as an example, without specific limitation.
The first valid authorization time period may be a default authorization time period or a permanent authorization. The default authorization time period may be 7 days, 15 days, 30 days, etc., and is not particularly limited herein. For example, referring to fig. 5A, fig. 5A is an interface schematic diagram of a dominant authorization method according to an embodiment of the disclosure; when the user selects 'agree', a default authorization time period set for the system, for example, 7 days; referring to fig. 5B, fig. 5B is an interface schematic diagram of another explicit authorization method according to an embodiment of the disclosure; when the user clicks the selection box of "permanent consent", it is permanently valid.
The first connection code is an encrypted character string, and the encrypted character string is generated by combining information such as first equipment information, second equipment information, an authorization time stamp, effective authorization time selected by a user and the like according to a certain rule and then encrypting by a high-level encryption algorithm. The encryption algorithm may use a symmetric encryption algorithm or an asymmetric encryption algorithm. For example, when the master control device is a mobile phone and the controlled device is a television, the first connection code is generated by combining mobile phone terminal device information, television terminal device information, an authorization time stamp and effective authorization time according to a certain rule and through a symmetric encryption algorithm.
Considering that using only a connection code check may present a security risk, for example, assuming that the device 2 steals the device information of the device 1 and the connection code, masquerading as the device 1 sends a message to the controlled device, the controlled device does a check only based on the message sent by the device 2, and does not authenticate whether this device 2 is trusted or not, which may result in that the device 2 may also pass the check, an identification, i.e. a first authentication code, has to be added, by which it is confirmed that the device is a trusted device.
The MAC (Media Access Control Address, medium access control address, also called lan address) of the master device is a hardware address for confirming the address of the network device location, which is written in the hardware when produced by the network device manufacturer, cannot be forged in the software layer, cannot steal other device information, so that the MAC address can meet the requirement of the first authentication code, but the MAC address has the requirement that the user privacy cannot be directly used, and the first authentication code which must be ensured each time is different even the same device for enhancing the security, so that the first authentication code is generated according to a certain rule by the MAC address of the master device, the device information of the master device, the current time stamp, and the predetermined salt value. The device information of the master control device may be a device ID, which may ensure that the data is unique, adding a time stamp to ensure that the first authentication code generated each time is different, and adding a preset salt value to increase the anti-burst coefficient.
In some embodiments, before the master device receives the first connection code, the first valid authorization duration, and the MAC address of the master device sent by the slave device, the slave device performs the following steps to generate an initial authentication code:
a. and acquiring the MAC address of the master control equipment based on an address resolution protocol.
Specifically, the MAC address of the master device is obtained in the lan by using ARP (Address Resolution Protocol ) through the connected socket. For example, firstly, acquiring the softfd of the connected master device; then, constructing an arpreq structure; the calling interface ioctl (sockfd, SIOCGARP, & arpreq) acquires the MAC address.
The controlled device obtains the MAC address of the main control device through network connection instead of using the message actively sent by the main control device, so that the problem of communication security reduction caused by the fact that the sent message is a disguised message sent by the attack device can be avoided.
b. The current time stamp and the preset salt value are obtained.
The current timestamp is generated based on the current system time of the controlled device.
The preset salt value is a character string generated by adding various special characters, numbers and letters, is a preset salt value reinforcing password rule between the controlled equipment and the main control equipment, and can be understood as a preset rule of a data acquirer and a data supplier.
c. And generating an initial authentication code based on the first device information, the MAC address of the master control device, the current timestamp, the preset salt value and a preset algorithm.
The preset algorithm may include, but is not limited to: MD5 (Message-Digest algorism 5, message-Digest Algorithm 5) for ensuring complete consistency of information transmission.
Specifically, an authentication code is generated according to an MD5 algorithm based on the device ID of the master device, the MAC address of the master device, the current timestamp and the preset salt value. It should be noted that the preset algorithm may be other algorithms capable of ensuring the strength of the algorithm.
For example, assume that the preset algorithm takes the first 8 bits for MD5 (odd bit connection of master id+even bit connection of MAC address+each bit number of timestamp+10 followed by summing up and taking the remainder+salt value); master id=68:3e:34:d0:50:57; current timestamp = 1621833487; MAC address=00:0c:29:01:98:27; the salt value is set as: * And TG123. The odd bit connection of the computing master device ID is: 683450; the even bit connections of the MAC address are: 0C0127; the sum is then taken after each bit number of the timestamp is +10: ((1+6+2+1+8+3+3+4+8+7) +10×10)% 10=3.
Thus, MD5 (683450+0c0127+3+ & TG 123) =58d94 CA7A2B41358. Taking the first 8 bits = 58D94CA7, the initial authentication code that is ultimately generated is 58D94CA7.
In some embodiments, the first device information, the MAC address of the master device, the first authentication code, the first valid authorization duration are stored in a whitelist.
The first device information comprises information which can be displayed to a user such as a device ID, a device name and a device type of the main control device, and the first effective authorization time length corresponds to the effective authorization time length in the connection code of the main control device one by one.
Specifically, the device ID, the device name, the device type, and the MAC address of the master device are stored in the white list in an encrypted manner, with the first authentication code and the first valid authorization duration. The white list may be stored in a controlled device (e.g. a television) in the form of a file, and in order to ensure security, the file content is stored in an encrypted form, and when a device management page is presented to a user, the device information is read from the white list.
For the authorization equipment frequently used by the user, the corresponding authorization time length is automatically updated according to the effective authorization time length, so that the user cannot be authorized again, and the user experience is improved.
S42, checking based on the first device information, the first user information, the first connection code and the first authentication code, and after the checking is confirmed to pass, sending a check success instruction to the master control device so as to indicate that the master control device and the controlled device are authorized to be successfully connected.
The verification success instruction is used for indicating that the master control equipment and the controlled equipment are successfully authorized to be connected.
Specifically, after receiving a first authorized connection request sent by the master control device, the controlled device responds to the first authorized connection request, performs verification according to the first device information, the first user information, the first connection code and the first authentication code, and after the verification is passed, sends a verification success instruction to the master control device to indicate that the master control device and the controlled device are successfully authorized to be connected, and then the master control device can send a control instruction to the controlled device to control the controlled device.
The verification process is as follows:
(1) Firstly, the controlled device checks whether the device ID of the master device is legal or not, and the legal meaning is that the master device must fill the device ID according to a preset rule.
(2) Secondly, whether the user name is legal or not is checked, and the legal meaning is that the main control equipment is required to fill the user name information according to preset rules.
(3) The controlled device decrypts the connection code sent by the main control device, acquires the effective authorization time length, and checks whether the main control device is within the effective authorization time length.
(4) The controlled device obtains the MAC address of the main control device through network connection, generates an initial authentication code by using an authentication code generation algorithm, and judges whether the initial authentication code is consistent with a first authentication code sent by the main control device.
(5) And the controlled device searches whether the related information of the main control device is recorded in the white list through the device ID of the main control device, and judges whether the information recorded in the white list is consistent with the information sent by the main control device.
And when all the above checks pass, returning to the master control equipment to authorize the connection to succeed. That is, the master control device can control the controlled device only after the master control device and the controlled device are successfully connected, so that further service interaction is realized.
In some embodiments, the step S42 (verified based on the first device information, the first user information, the first connection code, and the first authentication code) may be implemented as follows:
analyzing the first connection code to acquire first equipment information, second equipment information, an authorization time stamp and a first effective authorization duration;
and if the difference value between the decryption time stamp and the authorization time stamp is smaller than or equal to the first effective authorization time length, determining that the main control equipment is effective authorization equipment.
The authorization timestamp refers to a time when the master control device sends a connection code acquisition request to the controlled device, the controlled device receives the connection code acquisition request and responds to the connection code acquisition request to generate a first connection code, and the time can be determined according to a system clock in the controlled device. The decryption timestamp refers to a time corresponding to decoding of the first connection code when the controlled device receives the first authorized connection request sent by the master control device and verifies the first authorized connection request.
Since the first connection code is a character string encrypted by the encryption rule, in order to obtain information contained in the first connection code, the first connection code needs to be decrypted, so as to obtain the first device information, the second device information, the authorization time stamp and the first effective authorization duration.
Specifically, if the difference between the decryption timestamp and the authorization timestamp is less than or equal to the first valid authorization time length, the main control device is indicated to be still in the valid period, that is, the main control device is determined to be the valid authorization device.
For example, assuming that the first valid authorization time period is 7 days, that is, 7x24=168 hours, if the authorization time stamp of the controlled device is 2023, 5, 1, 8 am and the decryption time stamp is 2022, 5, 6, 9 am, the difference between the authorization time stamp and the decryption time stamp is 121 hours, and the difference is smaller than the first valid authorization time period, it is determined that the master device is still within the valid period.
In some embodiments, the step S42 (verified based on the first device information, the first user information, the first connection code, and the first authentication code) may be further implemented as follows:
judging whether the initial authentication code is consistent with the first authentication code or not;
And if the initial authentication code is consistent with the first authentication code, determining that the main control equipment is not replaced by other equipment.
The initial authentication code is generated at the controlled device end before the main control device receives the first connection code, the first effective authorization time length and the MAC address of the main control device, and the first authentication code is generated at the main control device end after the main control device receives the first connection code, the first effective authorization time length and the MAC address of the main control device, which are sent by the controlled device, so that when checking, whether the initial authentication code is consistent with the first authentication code is judged, and if the initial authentication code is consistent with the first authentication code, the main control device is determined not to be replaced by other attack devices.
By checking the authentication code, the credibility of the master control equipment can be ensured, even if a hacker attacks the master control equipment to acquire the connection code, the attack equipment cannot pass the authentication, and the attack equipment needs to further pass the authentication code.
In some embodiments, the step S42 (verified based on the first device information, the first user information, the first connection code, and the first authentication code) may be further implemented as follows:
Judging whether the first equipment information exists in the white list;
and if the first equipment information exists in the white list, determining that the main control equipment is not deleted.
Wherein the first device information includes information that a device ID, a device name, a device type, etc. of the master device can be displayed to the user.
Specifically, the controlled device searches whether the related information of the main control device is recorded in the white list through the device ID or the device name of the main control device, and if the first device information exists in the white list, the main control device is not deleted.
In an embodiment of the present disclosure, a first authorized connection request sent by a master device is received, where the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; and after the verification is determined to pass, a verification success instruction is sent to the master control equipment so as to indicate that the master control equipment and the controlled equipment are successfully authorized to be connected. The first connection code is generated and sent to the master control equipment according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length after the master control equipment receives the connection code acquisition request sent by the master control equipment, wherein the first equipment information is identification information corresponding to the master control equipment, the second equipment information is identification information corresponding to the master control equipment, and the first effective authorization time length is effective authorization time length for controlling the master control equipment based on the master control equipment selected by a user will, so that the authorization flexibility of the master control equipment can be ensured, and the defect that the master control equipment is permanently effective and the resources of the master control equipment are occupied is avoided. And because the first authentication code is generated based on the first equipment information, the MAC address of the main control equipment, the current timestamp, the preset salt value and the preset algorithm after the main control equipment receives the first connection code, the first effective authorization time and the MAC address of the main control equipment, which are sent by the controlled equipment, the first authentication code can be checked to confirm whether the main control equipment is a trusted client, so that the situation that the controlled equipment is mistakenly the trusted client after the main control equipment is hacked is avoided, and communication with the main control equipment is continued is further improved.
For user experience, the user cannot be authorized every time a client device is accessed, and only when a new device is connected, a prompt interface is popped up for the user to select, so that the device which is authorized before does not need repeated authorization. However, this one-time authorization method may become, for some temporarily connected devices, zombie devices in the whitelist, where the zombie devices stored in the whitelist not only occupy resources, but also reduce security, and although there is explicit authorization of the user, only the first explicit authorization, if the client device is hacked, the hacker may borrow the client device to control the smart device (e.g. television), and the user can only solve the problem by resetting the system.
In order to solve the problem that the device cannot dynamically delete and manage, the embodiment of the disclosure proposes the following three deletion modes to dynamically manage the authorized devices in the whitelist.
In some embodiments, deleting the master device at a device management page in response to a user delete operation for a target master device;
or;
responding to a trigger instruction for displaying the equipment management page, and judging whether the target main control equipment is within a valid authorization time length;
If the target main control equipment is not in the effective authorization time, deleting the target main control equipment in the equipment management page;
or;
responding to an authorized connection request sent by the target main control equipment, and judging whether a target connection code corresponding to the target main control equipment is valid or not;
and if the target connection code is invalid, deleting the target master control equipment in the equipment management page.
The device management page is used for showing the device type and the device MAC address of each device. The device type is sent to the controlled device by the master device, and the device MAC address is obtained through network connection. The device type and the device MAC address are displayed on the device management page, so that a user can know the specific type of the device conveniently.
Specifically, the deleting method of the device information recorded in the white list includes: (1) and displaying the equipment management page to the user, and deleting the target master control equipment in the equipment management page in response to the deleting operation of the user on the target master control equipment in the equipment management page. (2) When a user opens the equipment management page, responding to a trigger instruction of the display equipment management page, judging whether the target main control equipment is in the effective authorization time according to the effective authorization time of the target equipment stored in the white list, and deleting the target main control equipment in the equipment management page if the target main control equipment is not in the effective authorization time. (3) When an authorized connection request sent by target main control equipment is received again after a preset time interval, judging whether a target connection code corresponding to the target main control equipment is valid or not in response to the authorized connection request sent by the target main control equipment, decrypting the target connection code to obtain a target effective authorized time interval, and if the difference value between a target decryption time stamp and the target authorized time stamp is smaller than or equal to the target effective authorized time interval, indicating that the main control equipment is still in the effective time interval, namely, determining that the main control equipment is effective authorized equipment; otherwise, determining that the authorization of the master control device has expired, and deleting the target master control device in the device management page.
In addition, the authorization valid time length of each authorization device recorded in the white list can be updated.
An update method is as follows: and in the first authorization time period, if the controlled device receives the connection code acquisition request sent by the main control device again, after verification is passed, sending a target connection code to the main control device.
The target connection code is generated according to the first device information, the second authorization time stamp and the second effective authorization time length.
Specifically, in the first effective authorization duration, when the controlled device receives the connection code acquisition request sent by the main control device again, and after verification passes, the target connection code is sent to the main control device again, the whitelist is updated according to a second effective authorization duration in the target connection code, where the second effective authorization duration may be a default effective duration, for example, 7 days, 15 days, 30 days, and so on.
Another way of updating is:
determining a target timestamp according to the authorization timestamp and the first effective authorization duration within the first authorization effective duration;
and when the difference value between the current system time stamp and the target time stamp is smaller than a first preset duration, receiving a connection code acquisition request sent by the main control equipment, and after verification is passed, sending a second connection code to the main control equipment.
The first preset duration may be set according to actual requirements, for example, one day away from the target timestamp, or one fifth of the first authorized duration away from the target timestamp, or other reasonable duration setting manners, which are not specifically limited herein.
Specifically, the master control device monitors the first authorized effective duration, and determines a target timestamp according to the authorized timestamp and the first effective duration. When the difference value between the current system time stamp and the target time stamp is smaller than the first preset time length, receiving a connection code acquisition request sent by the main control equipment, and after verification is passed, sending the target connection code to the main control equipment again, and updating the white list according to the second effective authorization time length of the target connection code, so that the main control equipment is always kept effective, and the main control equipment frequently used by a user is not required to be authorized again at intervals.
For example, assuming an authorization time stamp of 2023, 5, 1, 8 am, a first valid authorization time period of 7 days, the target authorization time stamp is: the current system time stamp is 2023, 5, 8 and 8 am, i.e. when the valid authorization time of the master control device is still one day, a connection code acquisition request is sent to the controlled device. The controlled device receives the connection code acquisition request sent by the main control device, performs verification, and after the verification passes, re-sends the target connection code to the main control device.
In addition, for the main control equipment (such as zombie equipment) used by the user for a long time, the connection code is not refreshed again, and the connection code automatically fails after the preset validity period is exceeded and is deleted from the white list. For the master control device with 'permanent consent' selected by the user, the master control device is permanently valid, cannot expire, cannot be automatically deleted, cannot update the validity period, and if the user does not want to continuously authorize the device, the device can be manually deleted from the device management page, so that the security level is further improved.
Based on the method for deleting the authorized device, a visual device management interface can be provided for the user, the device which is authorized currently is displayed, and the user can delete the device according to own wish. Further, the validity periods of the authorization devices are not permanently authorized to be valid, but are automatically prolonged by re-using the authorization devices within a certain authorization time period based on the selection of a user, and if the authorization devices are used frequently, the authorization devices are not invalid all the time; only the equipment which is out of use for a long time after the expiration date is used, the equipment can be automatically removed from the white list, and the problem that the zombie equipment occupies resources is solved.
Fig. 6A is a flowchart of another device authorization management method according to an embodiment of the present disclosure. Fig. 6B is an interaction schematic diagram of another device authorization management method according to an embodiment of the disclosure. Optionally, the embodiment of the present disclosure is applied to the controlled device side, as shown in fig. 6A, before executing the receiving of the first authorized connection request sent by the master device, and further includes the following steps:
S61, receiving a first connection request sent by the master control equipment.
The first connection request carries first equipment information, a first user identifier and a user password;
s62, checking according to the first user identifier and the user password, and after the checking is passed, sending a first connection success instruction to the main control equipment.
The first connection success instruction is used for indicating that the main control equipment and the controlled equipment are successfully connected.
S63, receiving a first authorization request sent by the master control equipment.
S64, responding to the first authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and a first effective authorization time length, and sending a first authorization success instruction to the master control equipment when the success of the authorization is determined so as to indicate the success of the authorization of the master control equipment and the controlled equipment;
s65, receiving a connection code acquisition request sent by the main control equipment.
And S66, responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
In step S61-S66, connection between the master control device and the controlled device is performed based on the MQTT protocol, after the connection is successful, the master control device is further authorized, and after the authorization is successful, the first connection code is obtained, so that in the process that the slave control device is controlled by using the master control device, a subsequent user can perform authorized connection based on the first connection code, and the security of the MQTT connection is ensured.
Fig. 7 is a flowchart of another device authorization management method according to an embodiment of the disclosure. In some embodiments, the master control device connects to the controlled device again within the first authorization valid period, and the specific implementation steps are as follows:
s71, receiving a second authorized connection request sent by the master control equipment.
Wherein the second authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code.
And S72, checking based on the first equipment information, the first user information, the first connection code and the first authentication code, and after the checking is confirmed to pass, sending a check success instruction to the main control equipment so as to indicate that the main control equipment and the controlled equipment are authorized to be successfully connected.
The specific implementation of steps S71-S72 is the same as steps S41-S42. And will not be described in detail here.
Fig. 8 is a flowchart of another device authorization management method according to an embodiment of the disclosure. In some embodiments, when the first authorization valid duration is exceeded, the master control device connects to the controlled device again, and the specific implementation steps are as follows:
s81, receiving a third authorized connection request sent by the master control equipment.
Wherein the third authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code.
S82, checking based on the first device information, the first user information, the first connection code and the first authentication code, and after determining that the checking fails, sending a checking failure instruction to the master control device so as to indicate that the master control device and the controlled device are authorized to be connected to fail.
Specifically, when receiving the message that the connection between the master control device and the controlled device fails, the master control device needs to request authorization again, so that the connection request is sent to the controlled device again. Accordingly, the controlled device performs steps S83-S88.
S83, receiving a second connection request sent by the master control equipment.
The second connection request carries first equipment information, a first user identifier and a user password;
s84, checking according to the first user identifier and the user password, and after the checking is passed, sending a second connection success instruction to the main control equipment.
The second connection success instruction is used for indicating that the master control equipment and the controlled equipment are successfully connected.
S85, receiving a second authorization request sent by the master control equipment.
S86, responding to the second authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and the first effective authorization time length, and sending a second authorization success instruction to the master control equipment when the authorization success is determined so as to indicate that the master control equipment and the controlled equipment are successfully authorized;
s87, receiving a connection code acquisition request sent by the main control equipment.
And S88, responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
The specific implementation of steps S83-S88 is the same as steps S61-S66. And will not be described in detail here. After step S88 is performed, S41-S42 may be performed.
Fig. 9 is a flowchart of another device authorization management method according to an embodiment of the disclosure. In some embodiments, after the user deletes the master device from the device management page, after a period of time, the master device connects to the controlled device again, which specifically includes the following implementation steps:
s91, receiving a fourth authorized connection request sent by the master control equipment.
Wherein the fourth request for authorization connection includes: first device information, first user information, a first connection code, and a first authentication code.
And S92, checking based on the first device information, the first user information, the first connection code and the first authentication code, and after determining that the checking fails, sending a checking failure instruction to the master control device so as to indicate that the master control device and the controlled device are authorized to be connected to fail.
S93, receiving a third connection request sent by the master control equipment.
The third connection request carries first equipment information, a first user identifier and a user password;
And S94, checking according to the first user identifier and the user password, and after the checking is passed, sending a third connection success instruction to the main control equipment.
The third connection success instruction is used for indicating that the master control equipment and the controlled equipment are successfully connected.
S95, receiving a third authorization request sent by the master control equipment.
S96, responding to the third authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and the first effective authorization time length, and sending a third authorization success instruction to the master control equipment when the success of the authorization is determined so as to indicate the success of the authorization of the master control equipment and the controlled equipment;
s97, receiving a connection code acquisition request sent by the main control equipment.
And S98, responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
The specific implementation of steps S91 to S92 is the same as steps S81 to S82. The specific implementation of steps S93-S98 is the same as steps S61-S66. And will not be described in detail here. After executing step S98, S41-S42 may be executed.
In an embodiment of the present disclosure, a first authorized connection request sent by a master device is received, where the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; and after the verification is determined to pass, a verification success instruction is sent to the master control equipment so as to indicate that the master control equipment and the controlled equipment are successfully authorized to be connected.
The first connection code is generated and sent to the master control equipment according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length after the master control equipment receives the connection code acquisition request sent by the master control equipment, wherein the first equipment information is identification information corresponding to the master control equipment, the second equipment information is identification information corresponding to the master control equipment, and the first effective authorization time length is effective authorization time length for controlling the master control equipment based on the master control equipment selected by a user will, so that the authorization flexibility of the master control equipment can be ensured, and the defect that the master control equipment is permanently effective and the resources of the master control equipment are occupied is avoided. And because the first authentication code is generated based on the first equipment information, the MAC address of the main control equipment, the current timestamp, the preset salt value and the preset algorithm after the main control equipment receives the first connection code, the first effective authorization time and the MAC address of the main control equipment, which are sent by the controlled equipment, the first authentication code can be checked to confirm whether the main control equipment is a trusted client, so that the situation that the controlled equipment is mistakenly the trusted client after the main control equipment is hacked is avoided, and communication with the main control equipment is continued is further improved.
The embodiments of the present disclosure further provide a storage medium containing computer executable instructions that, when executed by a computer processor, implement each process performed by the method provided in any of the embodiments above, and achieve the same technical effects, and are not repeated herein.
The computer readable storage medium may be a Read-Only disk or optical disc.
The foregoing description, for purposes of explanation, has been presented in conjunction with specific embodiments. However, the above discussion in some examples is not intended to be exhaustive or to limit the embodiments to the precise forms disclosed above. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles and the practical application, to thereby enable others skilled in the art to best utilize the embodiments and various embodiments with various modifications as are suited to the particular use contemplated.

Claims (10)

1. A controlled device, comprising:
a controller configured to:
receiving a first authorized connection request sent by a main control device;
wherein the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; the first connection code is generated by the controlled device according to first device information, second device information, an authorization time stamp and a first effective authorization time length after receiving a connection code acquisition request sent by the main control device, and is sent to the main control device, wherein the first effective authorization time length is the effective authority time length of the main control device selected based on user wish for controlling the controlled device; the first authentication code is generated based on the first device information, the MAC address of the master device, the current time stamp, a preset salt value and a preset algorithm after the master device receives the first connection code, the first effective authorization duration and the MAC address of the master device, which are sent by the controlled device;
And based on the first device information, the first user information, the first connection code and the first authentication code, after the verification is determined to pass, sending a verification success instruction to the master control device so as to indicate that the master control device and the controlled device are successfully authorized to be connected.
2. The controlled device of claim 1, wherein the controller is further configured to:
and storing the first device information, the MAC address of the master control device, the first authentication code and the first effective authorization time length in a white list.
3. The controlled device of claim 1, wherein the controller is further configured to:
deleting the main control equipment in an equipment management page in response to the deleting operation of a user on the target main control equipment;
or;
responding to a trigger instruction for displaying the equipment management page, and judging whether the target main control equipment is within a valid authorization time length;
if the target main control equipment is not in the effective authorization time, deleting the target main control equipment in the equipment management page;
or;
responding to an authorized connection request sent by the target main control equipment, and judging whether a target connection code corresponding to the target main control equipment is valid or not;
And if the target connection code is invalid, deleting the target master control equipment in the equipment management page.
4. The controlled device of claim 1, wherein the controller is further configured to:
before the master control device receives the first connection code, the first valid authorization duration and the MAC address of the master control device, the method further includes:
based on an address resolution protocol, acquiring the MAC address of the main control equipment;
acquiring a current time stamp and a preset salt value;
and generating an initial authentication code based on the first device information, the MAC address of the master control device, the current timestamp, the preset salt value and a preset algorithm.
5. The controlled device of claim 1, wherein the controller is specifically configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code includes:
analyzing the first connection code to acquire first equipment information, second equipment information, an authorization time stamp and a first effective authorization duration;
and if the difference value between the decryption time stamp and the authorization time stamp is smaller than or equal to the first effective authorization time length, determining that the main control equipment is effective authorization equipment.
6. The controlled device of claim 4, wherein the controller is further configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the initial authentication code is consistent with the first authentication code or not;
and if the initial authentication code is consistent with the first authentication code, determining that the main control equipment is not replaced by other equipment.
7. The controlled device of claim 2, wherein the controller is further configured to:
the verifying based on the first device information, the first user information, the first connection code, and the first authentication code further includes:
judging whether the first equipment information exists in the white list;
and if the first equipment information exists in the white list, determining that the main control equipment is not deleted.
8. The controlled device of claim 1, wherein the controller is further configured to:
before receiving the first authorized connection request sent by the master control device, the method further comprises:
receiving a first connection request sent by the main control equipment, wherein the first connection request carries first equipment information, a first user identifier and a user password;
Checking according to the first user identifier and the user password, and after the checking is passed, sending a first connection success instruction to the main control equipment so as to indicate that the main control equipment and the controlled equipment are successfully connected;
receiving a first authorization request sent by the main control equipment;
responding to the first authorization request sent by the master control equipment, authorizing according to the first equipment information, the second equipment information and a first effective authorization time length, and sending a first authorization success instruction to the master control equipment when the authorization success is determined so as to indicate that the master control equipment and the controlled equipment are successfully authorized;
receiving a connection code acquisition request sent by the main control equipment;
and responding to a connection code acquisition request sent by the main control equipment, generating a first connection code according to the first equipment information, the second equipment information, the authorization time stamp and the first effective authorization time length, and sending the first connection code to the main control equipment.
9. A device authorization management method, applied to a controlled device, the method comprising:
receiving a first authorized connection request sent by a main control device;
Wherein the first authorized connection request includes: first device information, first user information, a first connection code, and a first authentication code; the first connection code is generated by the controlled device according to first device information, second device information, an authorization time stamp and a first effective authorization time length after receiving a connection code acquisition request sent by the main control device, and is sent to the main control device, wherein the first effective authorization time length is the effective authority time length of the main control device selected based on user wish for controlling the controlled device; the first authentication code is generated based on the first device information, the MAC address of the master device, the current time stamp, a preset salt value and a preset algorithm after the master device receives the first connection code, the first effective authorization duration and the MAC address of the master device, which are sent by the controlled device;
and based on the first device information, the first user information, the first connection code and the first authentication code, after the verification is determined to pass, sending a verification success instruction to the master control device so as to indicate that the master control device and the controlled device are successfully authorized to be connected.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the device authorization management method according to claim 9.
CN202310620727.9A 2023-05-29 2023-05-29 Controlled device, device authorization management method, and storage medium Pending CN117650903A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310620727.9A CN117650903A (en) 2023-05-29 2023-05-29 Controlled device, device authorization management method, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310620727.9A CN117650903A (en) 2023-05-29 2023-05-29 Controlled device, device authorization management method, and storage medium

Publications (1)

Publication Number Publication Date
CN117650903A true CN117650903A (en) 2024-03-05

Family

ID=90048293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310620727.9A Pending CN117650903A (en) 2023-05-29 2023-05-29 Controlled device, device authorization management method, and storage medium

Country Status (1)

Country Link
CN (1) CN117650903A (en)

Similar Documents

Publication Publication Date Title
US11991160B2 (en) Systems and methods for providing secure services
KR102046094B1 (en) Electronic device and Method for registering personal cloud apparatus in user portal server thereof
US9596431B2 (en) Transmission system and program
US10187800B2 (en) Secure device pairing
EP3089466A1 (en) Method and device for same-screen interaction
US8737615B2 (en) Content transmission system, communication device, and content transmission method
CA2931889C (en) Distributed white list for security renewability
WO2016202200A1 (en) Data verification method and apparatus, and smart television system
JP2017068596A (en) Management system, communication system, transmission control method, and program
US10305905B2 (en) Access control device, communication system, program, and method for controlling access
US20150074826A1 (en) Authorization information management system, electronic device and method for managing authorization information
KR101698856B1 (en) Image display apparatus for conducting wireless communicatoin among devices and image displaying method thereof
CN117650903A (en) Controlled device, device authorization management method, and storage medium
CN112134855B (en) Cookie encryption method and display device
KR20080066126A (en) Home server and method for performing authentication procedure thereof
KR102133903B1 (en) Electronic device and Method for registering personal cloud apparatus in user portal server thereof
CN114885193A (en) Display device, terminal device and screen projection method
CN111818368B (en) Method for managing display device authority, mobile terminal and server
JP2001337917A (en) Gui device terminal device, resource control device, network system, medium, and information aggregate
CN117411651A (en) Display device, server and service credential writing method
CN115459903A (en) Access authentication method and device of equipment and electronic equipment
KR102102780B1 (en) Electronic device and Method for registering personal cloud apparatus in user portal server thereof
CN113347501B (en) Video playing method and device
CN115643046A (en) Authorization method of smart device and computer-readable storage medium
CN109819445B (en) Method for configuring WiFi (Wireless Fidelity) for screen-less equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination