CN117835370A - Networking method, node to be networked, gateway equipment and system - Google Patents
Networking method, node to be networked, gateway equipment and system Download PDFInfo
- Publication number
- CN117835370A CN117835370A CN202311869065.5A CN202311869065A CN117835370A CN 117835370 A CN117835370 A CN 117835370A CN 202311869065 A CN202311869065 A CN 202311869065A CN 117835370 A CN117835370 A CN 117835370A
- Authority
- CN
- China
- Prior art keywords
- network
- node
- identity
- network access
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 91
- 230000006855 networking Effects 0.000 title claims abstract description 68
- 230000004044 response Effects 0.000 claims abstract description 57
- 238000004891 communication Methods 0.000 claims abstract description 27
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 claims abstract 13
- 238000012795 verification Methods 0.000 claims description 51
- 230000001960 triggered effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 14
- 238000007726 management method Methods 0.000 description 35
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000008676 import Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101100172132 Mus musculus Eif3a gene Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Abstract
The application provides a networking method, a node to be networked, gateway equipment and a system, and relates to the field of communication, wherein the method comprises the following steps: receiving triggering operation of a user on a triggering device; responding to the triggering operation, and sending network access request information to gateway equipment; the network access request information is used for requesting to join the long-distance wireless communication LoRa network; receiving network access response information from gateway equipment; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information. The method is suitable for the LoRa node networking process and is used for ensuring the actual attribution authority of the nodes to be networked.
Description
Technical Field
The present disclosure relates to the field of communications, and in particular, to a networking method, a node to be networked, a gateway device, and a system.
Background
More and more internet of things devices are beginning to support long range wireless communication (LoRa) network technologies. The LoRa network mainly comprises two roles: gateway devices and nodes (e.g., the internet of things devices described above). The gateway device and the nodes are connected in star, that is, one gateway device can access a plurality of nodes, and the gateway device can collect data of all nodes.
However, the coverage area of the LoRa network is relatively wide, and the actual attribution authority (or control authority) of the node can not be ensured when the node is connected to the network.
Disclosure of Invention
Based on the technical problems, the application provides a networking method, a node to be networked, gateway equipment and a system, which can ensure the actual attribution authority of the node to be networked by using a trigger device arranged on the node to be networked.
In a first aspect, the present application provides a networking method, where the method is applied to a node to be networked; a triggering device is arranged on the node to be accessed to the network; the method comprises the following steps: receiving triggering operation of a user on a triggering device; responding to the triggering operation, and sending network access request information to gateway equipment; the network access request information is used for requesting to join the long-distance wireless communication LoRa network; receiving network access response information from gateway equipment; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information.
In the networking method provided by the application, the node to be networked is provided with the trigger device, and after receiving the trigger operation of the trigger device by the user, the node to be networked sends networking request information to the gateway equipment to perform the networking process. Only the user with the actual attribution authority of the node to be accessed can contact the trigger device, so that the network access process is initiated, other users without the actual attribution authority are prevented from initiating the network access process, and the actual attribution authority of the node to be accessed is ensured.
Optionally, the triggering device includes: a physical trigger control, a virtual trigger control, or a voice trigger control.
Optionally, the network access request information includes an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed to the network by using the first public key; the first identifier is used for identifying a public and private key pair where the first public key is located; after sending the network access request information to the gateway device, the method further comprises: sending network access verification information to gateway equipment so that the gateway equipment verifies the node to be accessed according to whether the identity obtained by decryption of the network access request information is matched with the identity indicated by the network access verification information; the network access verification information is used for indicating the identity of the node to be accessed to the network.
It should be understood that, in the application layer specification of the related art, when a node accesses the LoRa network, it is necessary to import the device serial number of the node in the gateway device in advance, then compare the device serial number sent by the node with the pre-imported device serial number, and if the comparison is successful, join the node into the LoRa network. In the networking method provided by the application, because the public and private key pairs can be recycled, when different nodes to be networked are networked, only the first identifier is required to be used for verifying whether the nodes have the networking authority, and if the sent first identifier is the public and private key pair identifier agreed with the gateway equipment, the gateway equipment can pass the verification to carry out networking; if the first identifier is the identifier other than the identifier of the public-private key pair agreed with the gateway equipment, the gateway equipment cannot pass the verification, so that networking is refused. Therefore, the method and the device for networking do not need to import the equipment serial numbers of the nodes to be networked into the gateway equipment when networking is carried out, simplify networking flow, and are more efficient and convenient to networking.
In addition, in the networking method provided by the application, the encrypted identity information in the networking request information is encrypted by adopting an encryption algorithm, and only the gateway equipment with the corresponding private key can decrypt to obtain the identity of the node to be networked, so that the networking method has good communication security.
Optionally, the encrypted identity and the first identity are burnt in firmware of the node to be accessed to the network; or the encrypted identity is obtained by encrypting the identity by the node to be network-connected by using the first public key, and the first identity is determined by the node to be network-connected according to the first public key.
In a second aspect, the present application provides a networking method, where the method is applied to a gateway device; the method comprises the following steps: receiving network access request information from a node to be accessed to the network; a triggering device is arranged on the node to be accessed to the network; after receiving a triggering device of a triggering device by a user, the network-to-be-accessed request information is sent in response to the triggering operation; the network access request information is used for requesting to join the long-distance wireless communication LoRa network; verifying the node to be accessed according to the access request information; sending network access response information to the node to be accessed; the network access response information is used to indicate agreement to join the LoRa network or refusal to join the LoRa network.
Optionally, the network access request information includes an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed to the network by using the first public key; the first identifier is used for identifying a public and private key pair where the first public key is located; according to the network access request information, verifying the node to be accessed to the network comprises the following steps: under the condition that the gateway equipment comprises a first private key, decrypting the encrypted identity by using the first private key to obtain the identity of the node to be accessed to the network; the first private key is a private key in a public-private key pair identified by the first identifier; receiving network access verification information from a node to be accessed to the network; the network access verification information is used for indicating the identity of the node to be accessed to the network; and verifying the node to be accessed according to whether the identity obtained by decrypting the access request information is matched with the identity indicated by the access verification information.
Optionally, the network access authentication information includes a first hash value; the first hash value is obtained by converting the identity of the node to be accessed into the network through a preset hash algorithm; the method for judging whether the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information comprises the following steps: if the reference hash value is the same as the first hash value, determining that the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information; if the reference hash value is different from the first hash value, the identity obtained by decrypting the network access request information is determined to be not matched with the identity indicated by the network access verification information.
Optionally, the method further comprises: sending network access request information to a management platform under the condition that the gateway equipment does not comprise a first private key; receiving an identity of a node to be accessed to a network, which is sent by a management platform; the identity of the node to be accessed to the network is obtained by decrypting the encrypted identity in the access request information by the management platform through the first private key.
Optionally, before sending the network access response information to the node to be accessed to the network, the method further includes: under the condition that the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information, sending the request information to a management platform; the request information comprises the identity of the node to be accessed to the network; receiving network access response information from a management platform; the network access response information is used for indicating that the network access is authorized or not authorized; the network access response information is generated by the management platform in response to a selection operation of the user.
In a third aspect, the present application provides a networking device comprising respective functional modules for use in the method of the second aspect above.
In a fourth aspect, the present application provides a node to be networked, including: triggering means and communication means; the triggering device is used for receiving triggering operation of a user; the communication device is used for responding to the triggering operation and sending network access request information to the gateway equipment according to the method described in the first method; the network access request information is used for requesting to join the long-distance wireless communication LoRa network; receiving network access response information from gateway equipment; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information.
In a fifth aspect, the present application provides a gateway device comprising a processor and a memory; the memory stores instructions executable by the processor; the processor is configured to execute the instructions to cause the gateway device to implement the method according to the second aspect described above.
In a sixth aspect, the present application provides a networking system, the system comprising: the node to be network-accessed of the fourth aspect and the gateway device of the fifth aspect.
The advantageous effects of the second aspect to the sixth aspect described above may be described with reference to the first aspect, and will not be repeated.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of a communication model of a LoRa network;
FIG. 2 is a schematic diagram of a star networking;
fig. 3 is a schematic diagram of a networking system according to an embodiment of the present disclosure;
fig. 4 is a schematic flow chart of a networking method according to an embodiment of the present application;
Fig. 5 is another flow chart of the networking method provided in the embodiment of the present application;
fig. 6 is a schematic flow chart of a networking method according to an embodiment of the present disclosure;
fig. 7 is a schematic diagram of a networking device according to an embodiment of the present disclosure;
fig. 8 is a schematic diagram of a gateway device according to an embodiment of the present application.
Detailed Description
Hereinafter, the terms "first," "second," and "third," etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first", "a second", or "a third", etc., may explicitly or implicitly include one or more such feature.
As the number of various sensor devices has risen, internet of things (internet of things, ioT) technology has stepped into the field of view of people and gradually incorporated into people's lives.
The internet of things technology is a network technology for connecting any object with the internet through a sensor according to a agreed protocol to exchange information and communicate, and based on the communication technology, the internet of things technology can realize interconnection and intercommunication of various sensors, systems, platforms and the like.
Therefore, the communication technology is very important for the Internet of things, and is equivalent to a bridge of the Internet of things. One communication technology that is currently very popular in the field of internet of things is named low power wide area network (low power wide area network, LPWAN). The LPWAN has the characteristics of low power consumption and slower communication rate, and can support the application of the Internet of things in a low-rate demand scene.
The mainstream LPWANs may include narrowband internet of things (IoT), NB-IoT, and LoRa networks. More and more internet of things devices are beginning to support the LoRa network technology.
Fig. 1 is a schematic diagram of a communication model of a LoRa network. As shown in fig. 1, the LoRa network includes an application layer (illustrated as APP in fig. 1), a network layer (illustrated as LoRa NWK in fig. 1), a data link layer (illustrated as LoRa MAC in fig. 1), and a physical layer (illustrated as LoRa module in fig. 1).
The application layer includes application software developed by a user, communication application programs and the like. The user can design an application framework through an application layer, perform network information management (such as multi-channel management and time slot management), data encryption and decryption, control and mutual control, heartbeat and state synchronization and the like.
The network layer is used to assign addresses (e.g., internet protocol (internet protocol, IP) addresses). The network layer can have the functions of star networking, ensuring the security of the network layer, analyzing the message, replying to waiting and retransmitting, and defining the network role.
The star networking refers to star networking between two roles (gateway equipment and nodes) mainly included in the LoRa network. Fig. 2 is a schematic diagram of a star networking. As shown in fig. 2, one gateway device may access a plurality of nodes (illustrated as node 1 to node N in fig. 2), and the gateway device may aggregate data of all nodes and access the subsequent management platform.
The data link layer is used to allocate media access control (medium access control, MAC) addresses on a physical layer basis. The data link layer also has the functions of selecting unicast or multicast, channel maintenance, slot handling, carrier sense multiple access (carrier sense mult iple access, CSMA), frame filtering, and integrity checking, etc.
The physical layer is mainly responsible for implementing wireless coded modulation of digital signals.
Frequency usage criteria for the communication of the LoRa network are also included below the physical layer. For example, EU 868 (868 MHz), EU 433 (433 MHz), US 915 (915 MHz), AS 430 (430 MHz), etc. may be utilized.
The LoRa network mainly comprises two roles: gateway devices and nodes (e.g., the internet of things devices described above). The gateway device and the nodes are connected in star, that is, one gateway device can access a plurality of nodes, and the gateway device can collect data of all nodes.
However, the coverage area of the LoRa network is relatively wide, and the actual attribution authority (or control authority) of the node can not be ensured when the node is connected to the network.
Based on this, the embodiment of the application provides a networking method, a node to be networked, gateway equipment and a system, which can ensure the actual attribution authority of the node to be networked by using a trigger device arranged on the node to be networked.
The following description is made with reference to the accompanying drawings.
Fig. 3 is a schematic diagram of a networking system according to an embodiment of the present application. As shown in fig. 3, the system includes: a node to be network-accessed 100 and a gateway device 200.
The node to be network-connected 100 may be a water meter, an electricity meter, a sensor, or other internet of things devices. The embodiment of the present application does not limit the specific form of the node to be network-accessed 100.
The node to be network-connected 100 may comprise a triggering means and a communication means.
The trigger means may be adapted to receive a trigger operation by a user.
Alternatively, the triggering device may include a physical triggering control, a virtual triggering control, a voice triggering control, or the like.
The physical triggering control may include a physical key, a physical knob, or a physical dial, and the corresponding triggering operation may include, for example, pressing a physical key, twisting a physical knob, or toggling a physical dial.
The virtual trigger control may include interface options. For example, the node to be logged in 100 may include a touch display screen, the virtual trigger control may be an interface option of "start to log in" displayed in the touch display screen, and the corresponding trigger operation may be a click operation on the virtual trigger control.
The voice trigger controls may include a microphone and a voice recognition algorithm. The node to be networked 100 may receive a trigger password (e.g., "start networking" or "start verification" etc.) sent by the user through a microphone and then recognize the trigger password through a voice recognition algorithm. In this case, the corresponding trigger operation can be understood as issuing a trigger password.
The communication means may be used to interact with gateway apparatus 200 to complete the network entry procedure. The specific interaction process may be described in the following method embodiments, which are not described herein.
Gateway device 200 may be a LoRaWAN gateway or other multi-channel transceiver device, etc. The embodiments of the present application are not limited in this regard.
Gateway apparatus 200 may be configured to access network node 100 to a LoRa network based on network access request information from network node 100. The specific process may be described in the networking method provided in the following embodiments, and will not be described herein.
In some embodiments, the networking system may further include a management platform 300.
The management platform 300 may be platform software provided in the electronic device, a gateway Web program, or the like. The embodiments of the present application are not limited in this regard.
The management platform 300 may be configured to interact with the gateway device 200 to access the network node 100 to be accessed to the LoRa network. The specific process may be described in the networking method provided in the following embodiments, and will not be described herein.
First, taking a node to be network-connected (for example, the node to be network-connected 100) as an example, a networking method provided in the embodiment of the present application will be described.
Fig. 4 is a flow chart of a networking method according to an embodiment of the present application. As shown in fig. 4, the method includes S101 to S103.
S101, receiving triggering operation of a triggering device by a user.
S101 may be described with reference to the system in fig. 2, and will not be described herein.
S102, sending network access request information to gateway equipment in response to the triggering operation.
The network access request information is used for requesting to join the LoRa network.
In some possible embodiments, the network access request information may include an identity of the node to be accessed. The gateway device may be pre-imported with a network-entering white list, and the gateway device may verify the node to be network-entered according to whether the identity in the network-entering request information is in the network-entering white list.
In other possible embodiments, the network access request information may also include an encrypted identity and a first identifier; the encrypted identity is obtained by encrypting the identity of the node to be network-accessed by using a first public key (for example, encrypting by using an asymmetric encryption algorithm or encrypting by using elliptic curve cryptography (Elliptic Curves Cryptography, CEE); the first identifier is used for identifying a public-private key pair where the first public key is located, and the node to be logged into the network may send another in-place verification information indicating the identity identifier to the gateway device to verify the identity, in this case, after S102, the method may further include the following steps:
and step 1, sending network access verification information to gateway equipment so that the gateway equipment verifies the node to be accessed according to whether the identity obtained by decryption of the network access request information is matched with the identity indicated by the network access verification information.
The network access verification information is used for indicating the identity of the node to be accessed to the network. The specific verification process of the gateway device may be described in the following networking method at the gateway device side, which is not described herein.
Optionally, the firmware of the node to be logged in may be burned with the identity, the encrypted identity, and the first identity. The node to be accessed to the network can receive the triggering operation of the user and then send the network access request information to the gateway equipment. In this case, the networking system may be considered as not requiring the node to be networked to have encrypted computing power.
Optionally, the node to be networked may also have encrypted computing power. The firmware of the node to be accessed to the network may be only burned with the identity, the first public key and the first identity. The node to be accessed to the network can receive the triggering operation of the user, encrypt the identity mark by using the first public key in response to the triggering operation to obtain the encrypted identity mark, and then generate the network access request information according to the identity mark, the encrypted identity mark and the first mark to send the network access request information to the gateway equipment. In this case, the first identity may be understood as being determined by the node to be network-connected from the first public key.
Optionally, the firmware of the node to be accessed to the network may be burned with an identity identifier and a public key library, where the public key library may include a plurality of public keys and a key pair identifier of a public-private key pair where each public key is located, the node to be accessed to the network may receive a triggering operation of a user, select a public key from the public key library to encrypt the identity identifier in response to the triggering operation, obtain an encrypted identity identifier, and use the key pair identifier of the public-private key pair where the selected public key is located as a first identifier, and generate access request information according to the identity identifier, the encrypted identity identifier, and the first identifier, and send the access request information to the gateway device. In this case, the first identification is also understood to be determined by the node to be network-connected on the basis of the first public key.
It should be understood that, in the application layer specification of the related art, when a node accesses the LoRa network, it is necessary to import the device serial number of the node in the gateway device in advance (for example, the above-mentioned network-entering whitelist), then compare the device serial number sent by the node with the pre-imported device serial number, and if the comparison is successful, add the node to the LoRa network. In the networking method provided by the embodiment of the application, since the public and private key pairs can be recycled, when different nodes to be networked are networked, only the first identifier is required to be used for verifying whether the nodes have the networking authority, and if the sent first identifier is the identifier of the public and private key pair agreed with the gateway equipment, the gateway equipment can pass the verification to carry out networking; if the first identifier is the identifier other than the identifier of the public-private key pair agreed with the gateway equipment, the gateway equipment cannot pass the verification, so that networking is refused. Therefore, the method and the device for networking do not need to import the equipment serial numbers of the nodes to be networked into the gateway equipment when networking is carried out, simplify networking flow, and are more efficient and convenient to networking.
In addition, in the networking method provided by the embodiment of the application, the encrypted identity information in the networking request information is encrypted by adopting an encryption algorithm, and only the gateway equipment with the corresponding private key can decrypt to obtain the identity of the node to be networked, so that the networking method has good communication security.
S103, receiving network access response information from the gateway equipment.
The network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information. The specific determination process of the response information may be described with reference to the following networking method on the gateway device side, which is not described herein.
In the networking method provided by the embodiment of the application, the node to be networked is provided with the trigger device, and after receiving the trigger operation of the trigger device by the user, the node to be networked sends networking request information to the gateway equipment to perform the networking process. Only the user with the actual attribution authority of the node to be accessed can contact the trigger device, so that the network access process is initiated, other users without the actual attribution authority are prevented from initiating the network access process, and the actual attribution authority of the node to be accessed is ensured.
The above description is given taking the side of the node to be network-connected as an example, and the networking method provided in the embodiment of the present application is described below taking the side of the gateway device (for example, the gateway device 200) as an example.
Fig. 5 is another flow chart of the networking method provided in the embodiment of the present application. As shown in fig. 5, the method may include S201 to S203.
S201, the gateway equipment receives network access request information from a node to be accessed to the network.
Wherein, as mentioned above, the node to be accessed to the network is provided with a triggering device; and after the network access request information is received by the network access node to the triggering device of the triggering device by the user, the network access request information is sent in response to the triggering operation. The network access request information is used to request to join the LoRa network.
S202, the gateway equipment verifies the node to be accessed according to the access request information.
In some possible embodiments, as described above, the network access request information may include an identity of the node to be accessed. The gateway device may be pre-imported with a network-entering white list, and the gateway device may verify the node to be network-entered according to whether the identity in the network-entering request information is in the network-entering white list.
In other possible embodiments, as described above, the network access request information may also include an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed to the network by using the first public key; the first identifier is used to identify a public-private key pair where the first public key is located, in which case, the step S202 may specifically include the following steps:
a1, under the condition that the gateway equipment comprises a first private key, decrypting the encrypted identity by using the first private key to obtain the identity of the node to be accessed to the network.
The first private key is a private key in a public-private key pair identified by the first identifier.
Optionally, a private key library may be preset in the gateway device, where the private key library may include a plurality of private keys and a key pair identifier of a public-private key pair where each private key is located. After receiving the network access request information, the gateway device may traverse the search private key library to determine whether the key pair identifier in the private key library includes the first identifier in the network access request information, and if so, the gateway device may use the private key of the public-private key pair identified by the first identifier in the private key library as the first private key, and decrypt the encrypted identity identifier by using the first private key to obtain the identity identifier of the node to be accessed to the network.
Illustratively, the private key store may be specifically as shown in Table 1 below:
TABLE 1
| Private key | Key pair identification |
| Private key 1 | Sign 1 |
| Private key 2 | Sign 2 |
| Private key 3 | Sign 3 |
As shown in table 1, the table may include a private key item and a key pair identification item. The private key item may include private key 1, private key 2, and private key 3, among others. The key pair identification item may include an identification 1, an identification 2, and an identification 3. The key pair identifier of the public and private key pair where the private key 1 is located is identifier 1, the key pair identifier of the public and private key pair where the private key 2 is located is identifier 2, and the key pair identifier of the public and private key pair where the private key 3 is located is identifier 3.
Alternatively, the encrypted identity may be decrypted by the management platform in case the gateway device does not comprise the first private key. In this case, the method may further comprise the steps of:
b1, sending network access request information to the management platform under the condition that the gateway equipment does not comprise the first private key.
And b2, receiving the identity of the node to be accessed to the network, which is sent by the management platform.
The identity of the node to be accessed to the network is obtained by decrypting the encrypted identity by the management platform through the first private key. The decryption process may be described in reference to the above point a1, and will not be described herein.
a2, the gateway equipment receives network access verification information from the node to be accessed to the network.
The network access verification information is used for indicating the identity of the node to be accessed to the network.
In one possible implementation, the network access authentication information may include an identity of the node to be accessed. I.e. the node to be network-accessed can directly send its own identity to the gateway device.
In another possible implementation, the network entry verification information may include a first hash value. The first hash value can be obtained by converting the identity by the node to be accessed to the network by using a preset hash algorithm.
The preset Hash algorithm may be SHA256, MD5, SHA-1, RIPE-MD, HAVAL, N-Hash, etc. The embodiment of the application does not limit the specific type of the preset hash algorithm.
and a3, verifying the node to be accessed according to whether the identity obtained by decrypting the access request information is matched with the identity indicated by the access verification information.
In one possible implementation, as described above, the network access authentication information may include an identity of the node to be accessed. In this case, the gateway device may determine whether the identity obtained by decrypting the network access request information is the same as the identity in the network access verification information, and if so, determine a match; if not, a mismatch is determined.
In another possible implementation, as described above, the network entry verification information may include a first hash value. In this case, the method for determining whether the identity obtained by decrypting the network access request information matches the identity indicated by the network access verification information in the above a3 may specifically include the following steps:
and a3.1, if the reference hash value is the same as the first hash value, the gateway equipment determines that the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information.
and a3.2, if the reference hash value is different from the first hash value, the gateway equipment determines that the identity obtained by decrypting the network access request information is not matched with the identity indicated by the network access verification information.
S203, the gateway equipment sends network access response information to the node to be network accessed.
The network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network.
In one possible implementation, the gateway device may directly generate the network access response information according to the verification result. That is, in the case that the identity obtained by decrypting the network access request information matches the identity indicated by the network access verification information, the gateway device may directly join the node to be network-accessed in the LoRa network.
In another possible implementation manner, as described above, the gateway device may be further connected to the management platform, and after determining that the identity obtained by decrypting the access request information matches the identity indicated by the access verification information, the gateway device may further send the request information to the management platform, and the user of the management platform selects whether to agree to access to the network. In this case, before the above S203, the method may further include the steps of:
And c1, under the condition that the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information, the gateway equipment sends the request information to the management platform.
The request information comprises the identity of the node to be accessed to the network.
And c2, the gateway equipment receives the network access response information from the management platform.
The network access response information is generated by the management platform in response to the selection operation of the user.
For example, the management platform may present a network access request interface after receiving the network access request information sent by the gateway device, where the interface may include an option to agree to access the network and an option to disagree with access to the network. The management platform can receive a selection operation of the user for agreeing to the network access option or disagreeing to the network access option, and generate network access response information in response to the selection operation.
Based on the understanding of the foregoing embodiments, fig. 6 is a schematic flow chart of a networking method provided in an embodiment of the present application. As shown in fig. 6, the method includes S301 to S309.
S301, triggering network access by touching a physical key by a user.
S302, the node to be accessed to the network sends first information to the gateway equipment.
The first information comprises an encrypted identity mark R and a first mark V.
S301 and S302 may be described with reference to S101, and are not described herein.
S303, if the gateway equipment comprises a first private key of the public-private key pair identified by the first identifier V, the gateway equipment decrypts the encrypted identity identifier R by using the first private key.
S303 may be described with reference to a1, and will not be described herein.
S304, if the gateway equipment does not comprise the first private key, the gateway equipment sends network access request information to the management platform, wherein the network access request information comprises the first information.
S304 may be described with reference to b1 above, and will not be described here again.
And S305, the management platform sends the decrypted identification of the node to be accessed to the network to the gateway equipment.
S305 may be described with reference to b2 above, and will not be described here again.
S306, the node to be network-accessed sends second information to the gateway device, where the second information includes the first hash value h=sha256 (M).
S306 may be described with reference to a2 above, and will not be described here again.
S307, the gateway equipment sends network access request information to the management platform under the condition that the identity mark M is determined to be matched according to the first hash value, wherein the network access request information comprises the identity mark M.
S307 may be described with reference to c1 above, and will not be described here again.
And S308, the management platform sends the network access response information to the gateway equipment to indicate that the network access is authorized.
S308 may be described with reference to c2 above, and will not be described here again.
S309, the gateway equipment sends network access response information to the node to be network accessed.
The foregoing description of the solution provided in the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. The technical aim may be to use different methods to implement the described functions for each particular application, but such implementation should not be considered beyond the scope of the present application.
In an exemplary embodiment, the embodiment of the present application further provides a networking device, where the device may be applied to the gateway device. Fig. 7 is a schematic diagram of a networking device according to an embodiment of the present application. As shown in fig. 7, the apparatus includes: a transceiver module 701 and a processing module 702.
A transceiver module 701, configured to receive network access request information from a node to be accessed to a network; a triggering device is arranged on the node to be accessed to the network; after receiving a triggering device of a triggering device by a user, the network-to-be-accessed request information is sent in response to the triggering operation; the network access request information is used to request to join the long-range wireless communication LoRa network.
And the processing module 702 is configured to verify the node to be network-accessed according to the network-access request information.
The transceiver module 701 is further configured to send network access response information to the node to be network accessed; the network access response information is used to indicate agreement to join the LoRa network or refusal to join the LoRa network.
In some possible embodiments, the network access request information includes an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed to the network by using the first public key; the first identifier is used for identifying a public and private key pair where the first public key is located; the processing module 702 is specifically configured to decrypt, with the first private key, the encrypted identity with the gateway device including the first private key, to obtain the identity of the node to be networked; the first private key is a private key in a public-private key pair identified by the first identifier; receiving network access verification information from a node to be accessed to the network; the network access verification information is used for indicating the identity of the node to be accessed to the network; and verifying the node to be accessed according to whether the identity obtained by decrypting the access request information is matched with the identity indicated by the access verification information.
In other possible embodiments, the network entry verification information includes a first hash value; the first hash value is obtained by converting the identity of the node to be accessed into the network through a preset hash algorithm; the processing module 702 is specifically configured to determine that the identity obtained by decrypting the network access request information matches the identity indicated by the network access verification information if the reference hash value is the same as the first hash value; if the reference hash value is different from the first hash value, the identity obtained by decrypting the network access request information is determined to be not matched with the identity indicated by the network access verification information.
In still other possible embodiments, the transceiver module 701 is further configured to send, in a case where the gateway device does not include the first private key, network access request information to the management platform; receiving an identity of a node to be accessed to a network, which is sent by a management platform; the identity of the node to be accessed to the network is obtained by decrypting the encrypted identity in the access request information by the management platform through the first private key.
In still other possible embodiments, the transceiver module 701 is further configured to, before sending the network access response information to the node to be accessed, send the request information to the management platform if the identity obtained by decrypting the network access request information matches the identity indicated by the network access verification information; the request information comprises the identity of the node to be accessed to the network; receiving network access response information from a management platform; the network access response information is used for indicating that the network access is authorized or not authorized; the network access response information is generated by the management platform in response to a selection operation of the user.
It should be noted that the division of the modules in fig. 7 is schematic, and is merely a logic function division, and other division manners may be implemented in practice. For example, two or more functions may also be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional units.
In an exemplary embodiment, the embodiment of the application further provides a gateway device. Fig. 8 is a schematic diagram of a gateway device according to an embodiment of the present application. As shown in fig. 8, the gateway apparatus includes: a processor 10 and a memory 20.
The processor 10 is configured to execute the instructions stored in the memory 20 to implement the networking method provided in the foregoing embodiments of the present application. The processor 10 may be a CPU, general purpose processor network processor (network processor, NP), digital signal processor (digital s ignal process ing, DSP), microprocessor, microcontroller (micro control unit, MCU), programmable logic device (programmable logic device, PLD), or any combination thereof. The processor 10 may also be any other apparatus having a processing function, such as a circuit, a device, or a software module, which is not limited in this embodiment.
Memory 20 for storing instructions. For example, the instructions may be a computer program. Alternatively, memory 20 may be a read-only memory (ROM) or other type of static storage device that may store static information and/or instructions, an access memory (random access memory, RAM) or other type of dynamic storage device that may store information and/or instructions, an electrically erasable programmable read-only memory (electrical ly erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM) or other optical storage, optical storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media, or other magnetic storage devices, etc., as examples of which are not limited in this application.
It should be noted that, the memory 20 may exist separately from the processor 10 or may be integrated with the processor 10. The memory 20 may be located inside the electronic device or outside the electronic device, which is not limited in this embodiment of the present application.
In an exemplary embodiment, the present application also provides a readable storage medium comprising software instructions that, when run on a gateway device, cause the gateway device to perform any of the methods provided by the above embodiments.
In an exemplary embodiment, the present application also provides a computer program product comprising computer-executable instructions that, when run on a gateway device, cause the gateway device to perform any of the methods provided by the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer-executable instructions. When the computer-executable instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer-executable instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, from one website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc. that can be integrated with the media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), a solid state disk, etc.
Although the present application has been described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the figures, the disclosure, and the appended claims. In the claims, the word "Comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the present application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the present application. It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. The networking method is characterized in that the method is applied to nodes to be networked; the node to be network-accessed is provided with a triggering device; the method comprises the following steps:
receiving triggering operation of a user on the triggering device;
responding to the triggering operation, and sending network access request information to gateway equipment; the network access request information is used for requesting to join a long-distance wireless communication LoRa network;
receiving network access response information from the gateway equipment; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; and the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information.
2. The method of claim 1, wherein the triggering device comprises: a physical trigger control, a virtual trigger control, or a voice trigger control.
3. The method according to claim 1 or 2, wherein the network access request information comprises an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed by using a first public key; the first identifier is used for identifying a public and private key pair where the first public key is located;
after the sending the network access request information to the gateway device, the method further comprises:
sending network access verification information to the gateway equipment so that the gateway equipment verifies a node to be accessed according to whether an identity obtained by decryption of the network access request information is matched with an identity indicated by the network access verification information; the network access verification information is used for indicating the identity of the node to be accessed.
4. A method according to claim 3, wherein the encrypted identity and the first identity are burned in firmware of the node to be networked; or the encrypted identity is obtained by encrypting the identity by the node to be network-connected by using the first public key, and the first identity is determined by the node to be network-connected according to the first public key.
5. A networking method, characterized in that the method is applied to gateway equipment; the method comprises the following steps:
receiving network access request information from a node to be accessed to the network; the node to be network-accessed is provided with a triggering device; after the network-to-be-accessed request information is received by the network-to-be-accessed node and the triggering device of the triggering device is triggered by a user, the network-to-be-accessed request information is responded to the triggering operation and sent; the network access request information is used for requesting to join a long-distance wireless communication LoRa network;
verifying the node to be accessed according to the access request information;
sending network access response information to the node to be network accessed; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network.
6. The method of claim 5, wherein the network access request information includes an encrypted identity and a first identity; the encrypted identity is obtained by encrypting the identity of the node to be accessed by using a first public key; the first identifier is used for identifying a public and private key pair where the first public key is located; the step of verifying the node to be network-accessed according to the network-access request information comprises the following steps:
Under the condition that the gateway equipment comprises a first private key, decrypting the encrypted identity by using the first private key to obtain the identity of the node to be accessed to the network; the first private key is a private key in a public-private key pair identified by the first identifier;
receiving network access verification information from the node to be network accessed; the network access verification information is used for indicating the identity of the node to be accessed;
and verifying the node to be accessed according to whether the identity obtained by decrypting the access request information is matched with the identity indicated by the access verification information.
7. The method of claim 6, wherein the network entry verification information comprises a first hash value; the first hash value is obtained by converting the identity of the node to be accessed into the network through a preset hash algorithm;
the method for judging whether the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information comprises the following steps:
if the reference hash value is the same as the first hash value, determining that an identity obtained by decrypting the network access request information is matched with an identity indicated by the network access verification information;
And if the reference hash value is different from the first hash value, determining that the identity obtained by decrypting the network access request information is not matched with the identity indicated by the network access verification information.
8. The method of claim 6, wherein the method further comprises:
sending the network access request information to a management platform under the condition that the gateway equipment does not comprise the first private key;
receiving an identity of the node to be accessed to the network, which is sent by the management platform; and the identity of the node to be accessed to the network is obtained by decrypting the encrypted identity in the access request information by the management platform through the first private key.
9. The method of claim 6, wherein prior to said sending network entry response information to said node to be network entered, said method further comprises:
under the condition that the identity obtained by decrypting the network access request information is matched with the identity indicated by the network access verification information, sending request information to a management platform; the request information comprises the identity of the node to be accessed to the network;
receiving the network access response information from the management platform; the network access response information is used for indicating that network access is agreed or not agreed; the network access response information is generated by the management platform in response to a selection operation of a user.
10. A node to be networked comprising: triggering means and communication means;
the triggering device is used for receiving triggering operation of a user;
the communication device is configured to send network access request information to a gateway device according to the method of any one of claims 1 to 4 in response to the triggering operation; the network access request information is used for requesting to join a long-distance wireless communication LoRa network; receiving network access response information from the gateway equipment; the network access response information is used for indicating agreement to join the LoRa network or refusal to join the LoRa network; and the network access response information is transmitted by the gateway equipment after the gateway equipment verifies the node to be accessed according to the network access request information.
11. A gateway device, comprising: a processor and a memory;
the memory stores instructions executable by the processor;
the processor is configured to, when executing the instructions, cause the gateway device to implement the method of any of claims 5-9.
12. A networking system, comprising: a node to be networked according to claim 10 and a gateway device according to claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311869065.5A CN117835370A (en) | 2023-12-29 | 2023-12-29 | Networking method, node to be networked, gateway equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311869065.5A CN117835370A (en) | 2023-12-29 | 2023-12-29 | Networking method, node to be networked, gateway equipment and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117835370A true CN117835370A (en) | 2024-04-05 |
Family
ID=90511191
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311869065.5A Pending CN117835370A (en) | 2023-12-29 | 2023-12-29 | Networking method, node to be networked, gateway equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117835370A (en) |
-
2023
- 2023-12-29 CN CN202311869065.5A patent/CN117835370A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3550783B1 (en) | Internet of things device burning verification method and apparatus | |
| CN111771390B (en) | Self-organizing network | |
| KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
| US11451614B2 (en) | Cloud authenticated offline file sharing | |
| EP1536609B1 (en) | Systems and methods for authenticating communications in a network | |
| EP2622357B1 (en) | Utility device management | |
| US8572387B2 (en) | Authentication of a peer in a peer-to-peer network | |
| WO2016115807A1 (en) | Wireless router access processing method and device, and wireless router access method and device | |
| CN111182545B (en) | Micro base station authentication method and terminal | |
| Li et al. | A secure sign-on protocol for smart homes over named data networking | |
| CN102624744B (en) | Authentication method, device and system of network device and network device | |
| CN112019503A (en) | Method for obtaining equipment identification, communication entity, communication system and storage medium | |
| Khasawneh et al. | A secure and efficient authentication mechanism applied to cognitive radio networks | |
| CN111654481B (en) | Identity authentication method, identity authentication device and storage medium | |
| JP2016536678A (en) | Network management security authentication method, apparatus, system, and computer storage medium | |
| CN111314269B (en) | Address automatic allocation protocol security authentication method and equipment | |
| KR20060104838A (en) | Method and sensor certification system being suitable to sensor network environment | |
| Zhu et al. | Private and secure service discovery via progressive and probabilistic exposure | |
| US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN117835370A (en) | Networking method, node to be networked, gateway equipment and system | |
| WO2014207929A1 (en) | Information processing device, terminal, information processing system, and information processing method | |
| Caballero‐Gil et al. | Self‐organizing life cycle management of mobile ad hoc networks | |
| KR20240066773A (en) | authentication method of user equipments IN zero-trust and electronic device supporting the same | |
| CN114760037A (en) | Identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |